From 182c9e8a82e963cd5bf3e1ca6b72f11b3d5df12c Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 11:55:23 +1000
Subject: [PATCH 001/127] refactor call to a statement & add unreachable and
 return jumps

---
 src/main/scala/analysis/Cfg.scala             | 137 ++++++++++--------
 src/main/scala/analysis/IDEAnalysis.scala     |   4 +-
 .../analysis/InterLiveVarsAnalysis.scala      |   6 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 src/main/scala/analysis/VSA.scala             |  10 +-
 .../scala/analysis/solvers/IDESolver.scala    |  36 ++---
 src/main/scala/ir/IRCursor.scala              |  63 ++++----
 src/main/scala/ir/Interpreter.scala           |  99 +++++++------
 src/main/scala/ir/Program.scala               |  74 ++++------
 src/main/scala/ir/Statement.scala             |  42 +++---
 src/main/scala/ir/Visitor.scala               |  31 +---
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   9 +-
 src/main/scala/ir/dsl/DSL.scala               |  29 ++--
 .../scala/ir/transforms/ReplaceReturn.scala   |  52 +++++++
 src/main/scala/translating/BAPToIR.scala      |  21 +--
 src/main/scala/translating/GTIRBToIR.scala    |  54 ++++---
 src/main/scala/translating/ILtoIL.scala       |   4 +-
 src/main/scala/translating/IRToBoogie.scala   |  55 +++----
 src/main/scala/util/RunUtils.scala            |  98 +++++++------
 19 files changed, 441 insertions(+), 387 deletions(-)
 create mode 100644 src/main/scala/ir/transforms/ReplaceReturn.scala

diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala
index d508353c1..59d512cd2 100644
--- a/src/main/scala/analysis/Cfg.scala
+++ b/src/main/scala/analysis/Cfg.scala
@@ -174,7 +174,7 @@ class CfgStatementNode(
 /** CFG's representation of a jump. This is used as a general jump node, for both indirect and direct calls.
   */
 class CfgJumpNode(
-    val data: Jump,
+    val data: Jump | DirectCall | IndirectCall,
     val block: Block,
     val parent: CfgFunctionEntryNode
 ) extends CfgCommandNode:
@@ -486,6 +486,72 @@ class ProgramCfgFactory:
         cfg.addEdge(prevNode, firstNode)
         visitedBlocks += (block -> firstNode) // This is guaranteed to be entrance to block if we are here
 
+        val statements = List.from(stmts).map(s => s match {
+          case d: DirectCall => CfgJumpNode(d, block, funcEntryNode)
+          case d: IndirectCall => CfgJumpNode(d, block, funcEntryNode)
+          case o => CfgStatementNode(o, block, funcEntryNode)
+        })
+        val succs = if (statements.nonEmpty) then statements.zip(statements.tail ++ List(CfgJumpNode(statements.head.data.parent.jump, block, funcEntryNode))) else List()
+
+        for ((s,nexts) <- succs) {
+          s.data match {
+          case dCall: DirectCall =>
+
+            var precNode = prevNode
+
+            val targetProc: Procedure = dCall.target
+            funcEntryNode.callers.add(procToCfg(targetProc)._1)
+
+            val callNode = CfgJumpNode(dCall, block, funcEntryNode)
+
+            // Branch to this call
+            cfg.addEdge(precNode, callNode)
+
+            procToCalls(proc) += callNode
+            procToCallers(targetProc) += callNode
+            callToNodes(funcEntryNode) += callNode
+
+            // Record call association
+
+            // Jump to return location
+            val returnTarget = nexts
+                // Add intermediary return node (split call into call and return)
+            val callRet = CfgCallReturnNode()
+            cfg.addEdge(callNode, callRet)
+            cfg.addEdge(callRet, returnTarget)
+          case iCall: IndirectCall =>
+            Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
+            var precNode = prevNode
+
+            val jmpNode = CfgJumpNode(iCall, block, funcEntryNode)
+            // Branch to this call
+            cfg.addEdge(precNode, jmpNode)
+
+            // Record call association
+            procToCalls(proc) += jmpNode
+            callToNodes(funcEntryNode) += jmpNode
+
+            // R30 is the link register - this stores the address to return to.
+            //  For now just add a node expressing that we are to return to the previous context.
+            if (iCall.target == Register("R30", 64)) {
+              val returnNode = CfgProcedureReturnNode()
+              cfg.addEdge(jmpNode, returnNode)
+              cfg.addEdge(returnNode, funcExitNode)
+            }
+
+            val callRet = CfgCallReturnNode()
+            cfg.addEdge(jmpNode, callRet)
+            val returnTarget = nexts
+            cfg.addEdge(callRet, jmpNode)
+          case h: Halt =>  {
+            assert(false);
+            // not possible since s is only Statement.
+          }
+          case _ => ()
+          }
+        }
+
+
         if (stmts.size == 1) {
           return firstNode
         }
@@ -548,42 +614,10 @@ class ProgramCfgFactory:
                 visitBlock(targetBlock, precNode)
               }
             }
-          case dCall: DirectCall =>
-            val targetProc: Procedure = dCall.target
-            funcEntryNode.callers.add(procToCfg(targetProc)._1)
-
-            val callNode = CfgJumpNode(dCall, block, funcEntryNode)
-
-            // Branch to this call
-            cfg.addEdge(precNode, callNode)
-
-            procToCalls(proc) += callNode
-            procToCallers(targetProc) += callNode
-            callToNodes(funcEntryNode) += callNode
-
-            // Record call association
-
-            // Jump to return location
-            dCall.returnTarget match {
-              case Some(retBlock) =>
-                // Add intermediary return node (split call into call and return)
-                val callRet = CfgCallReturnNode()
-
-                cfg.addEdge(callNode, callRet)
-                if (visitedBlocks.contains(retBlock)) {
-                  val retBlockEntry: CfgCommandNode = visitedBlocks(retBlock)
-                  cfg.addEdge(callRet, retBlockEntry)
-                } else {
-                  visitBlock(retBlock, callRet)
-                }
-              case None =>
-                val noReturn = CfgCallNoReturnNode()
-                cfg.addEdge(callNode, noReturn)
-                cfg.addEdge(noReturn, funcExitNode)
-            }
-          case iCall: IndirectCall =>
-            Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
-
+          case h: Halt =>  {
+            cfg.addEdge(jmpNode, funcExitNode)
+          }
+          case r: Return => 
             // Branch to this call
             cfg.addEdge(precNode, jmpNode)
 
@@ -591,32 +625,9 @@ class ProgramCfgFactory:
             procToCalls(proc) += jmpNode
             callToNodes(funcEntryNode) += jmpNode
 
-            // R30 is the link register - this stores the address to return to.
-            //  For now just add a node expressing that we are to return to the previous context.
-            if (iCall.target == Register("R30", 64)) {
-              val returnNode = CfgProcedureReturnNode()
-              cfg.addEdge(jmpNode, returnNode)
-              cfg.addEdge(returnNode, funcExitNode)
-              return
-            }
-
-            // Jump to return location
-            iCall.returnTarget match {
-              case Some(retBlock) => // Add intermediary return node (split call into call and return)
-                val callRet = CfgCallReturnNode()
-                cfg.addEdge(jmpNode, callRet)
-
-                if (visitedBlocks.contains(retBlock)) {
-                  val retBlockEntry = visitedBlocks(retBlock)
-                  cfg.addEdge(callRet, retBlockEntry)
-                } else {
-                  visitBlock(retBlock, callRet)
-                }
-              case None =>
-                val noReturn = CfgCallNoReturnNode()
-                cfg.addEdge(jmpNode, noReturn)
-                cfg.addEdge(noReturn, funcExitNode)
-            }
+            val returnNode = CfgProcedureReturnNode()
+            cfg.addEdge(jmpNode, returnNode)
+            cfg.addEdge(returnNode, funcExitNode)
         } // `jmps.head` match
       } // `visitJumps` function
     } // `visitBlocks` function
diff --git a/src/main/scala/analysis/IDEAnalysis.scala b/src/main/scala/analysis/IDEAnalysis.scala
index 8f2a7001c..e77627717 100644
--- a/src/main/scala/analysis/IDEAnalysis.scala
+++ b/src/main/scala/analysis/IDEAnalysis.scala
@@ -55,6 +55,6 @@ trait IDEAnalysis[E, EE, C, R, D, T, L <: Lattice[T]] {
 }
 
 // IndirectCall in these is because they are returns so that can be further tightened in future
-trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, IndirectCall, DirectCall, GoTo, D, T, L]
+trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, IndirectCall, DirectCall, Command, D, T, L]
 
-trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[IndirectCall, Procedure, GoTo, DirectCall, D, T, L]
+trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[IndirectCall, Procedure, Command, DirectCall, D, T, L]
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index 93a34d076..b20edf478 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -19,7 +19,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
   val edgelattice: EdgeFunctionLattice[TwoElement, TwoElementLattice] = EdgeFunctionLattice(valuelattice)
   import edgelattice.{IdEdge, ConstEdge}
 
-  def edgesCallToEntry(call: GoTo, entry: IndirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToEntry(call: Command, entry: IndirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     Map(d -> IdEdge())
   }
 
@@ -27,7 +27,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
     Map(d -> IdEdge())
   }
 
-  def edgesCallToAfterCall(call: GoTo, aftercall: DirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToAfterCall(call: Command, aftercall: DirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     d match
       case Left(value) => Map() // maps all variables before the call to bottom
       case Right(_) => Map(d -> IdEdge())
@@ -70,7 +70,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
             expr.variables.foldLeft(Map[DL, EdgeFunction[TwoElement]](d -> IdEdge())) {
               (mp, expVar) => mp + (Left(expVar) -> ConstEdge(TwoElementTop))
             }
-      case IndirectCall(variable, _, _) =>
+      case IndirectCall(variable, _) =>
         d match
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index 1624dcdfb..f3f322321 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -15,7 +15,7 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case MemoryAssign(_, index, value, _, _, _) => s ++ index.variables ++ value.variables
       case Assume(expr, _, _, _) => s ++ expr.variables
       case Assert(expr, _, _) => s ++ expr.variables
-      case IndirectCall(variable, _, _) => s + variable
+      case IndirectCall(variable, _) => s + variable
       case c: DirectCall => s
       case g: GoTo => s
       case _ => ???
@@ -25,4 +25,4 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
 class IntraLiveVarsAnalysis(program: Program)
   extends LivenessAnalysis(program)
     with SimpleWorklistFixpointSolver[CFGPosition, Set[Variable], PowersetLattice[Variable]]
-    with IRIntraproceduralBackwardDependencies
\ No newline at end of file
+    with IRIntraproceduralBackwardDependencies
diff --git a/src/main/scala/analysis/VSA.scala b/src/main/scala/analysis/VSA.scala
index 03ef8ff60..f7d9a55e7 100644
--- a/src/main/scala/analysis/VSA.scala
+++ b/src/main/scala/analysis/VSA.scala
@@ -121,7 +121,7 @@ trait ValueSetAnalysis(program: Program,
                     m = m + (localAssign.lhs -> m(r))
                     m
               case None =>
-                Logger.warn("could not find region for " + localAssign)
+                Logger.debug("could not find region for " + localAssign)
                 m
           case e: Expr =>
             evaluateExpression(e, constantProp(n)) match {
@@ -129,7 +129,7 @@ trait ValueSetAnalysis(program: Program,
                 m = m + (localAssign.lhs -> Set(getValueType(bv)))
                 m
               case None =>
-                Logger.warn("could not evaluate expression" + e)
+                Logger.debug("could not evaluate expression" + e)
                 m
             }
       case memAssign: MemoryAssign =>
@@ -154,11 +154,11 @@ trait ValueSetAnalysis(program: Program,
                         m = m + (r -> m(v))
                         m
                       case _ =>
-                        Logger.warn(s"Too Complex: $storeValue") // do nothing
+                        Logger.debug(s"Too Complex: $storeValue") // do nothing
                         m
                     }
               case None =>
-                Logger.warn("could not find region for " + memAssign)
+                Logger.debug("could not find region for " + memAssign)
                 m
           case _ =>
             m
@@ -207,4 +207,4 @@ class ValueSetAnalysisSolver(
       case _ => super.funsub(n, x)
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index 5773ba047..0dd981b30 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -1,7 +1,7 @@
 package analysis.solvers
 
 import analysis.{BackwardIDEAnalysis, Dependencies, EdgeFunction, EdgeFunctionLattice, ForwardIDEAnalysis, IDEAnalysis, IRInterproceduralBackwardDependencies, IRInterproceduralForwardDependencies, Lambda, Lattice, MapLattice}
-import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, InterProcIRCursor, Procedure, Program, end, isAfterCall}
+import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, InterProcIRCursor, Procedure, Program, end, isAfterCall, Halt, Statement, Jump}
 import util.Logger
 
 import scala.collection.immutable.Map
@@ -12,7 +12,7 @@ import scala.collection.mutable
  * Adapted from Tip
  * https://github.com/cs-au-dk/TIP/blob/master/src/tip/solvers/IDESolver.scala
  */
-abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C <: DirectCall | GoTo, R <: DirectCall | GoTo, D, T, L <: Lattice[T]](val program: Program, val startNode: CFGPosition)
+abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C <: Command, R <: Command, D, T, L <: Lattice[T]](val program: Program, val startNode: CFGPosition)
   extends IDEAnalysis[E, EE, C, R, D, T, L], Dependencies[CFGPosition] {
 
   protected def entryToExit(entry: E): EE
@@ -204,22 +204,25 @@ abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C
 
 
 abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[Procedure, IndirectCall, DirectCall, GoTo, D, T, L](program, program.mainProcedure),
+  extends IDESolver[Procedure, IndirectCall, DirectCall, Command, D, T, L](program, program.mainProcedure),
     ForwardIDEAnalysis[D, T, L], IRInterproceduralForwardDependencies {
 
   protected def entryToExit(entry: Procedure): IndirectCall = entry.end.asInstanceOf[IndirectCall]
 
   protected def exitToEntry(exit: IndirectCall): Procedure = IRWalk.procedure(exit)
 
-  protected def callToReturn(call: DirectCall): GoTo = call.parent.fallthrough.get
+  protected def callToReturn(call: DirectCall): Command = call.successor
 
-  protected def returnToCall(ret: GoTo): DirectCall = ret.parent.jump.asInstanceOf[DirectCall]
+  protected def returnToCall(ret: Command): DirectCall = ret match {
+    case ret: Statement => ret.parent.statements.getPrev(ret).asInstanceOf[DirectCall]
+    case r: Jump => ret.parent.statements.last.asInstanceOf[DirectCall]
+  }
 
   protected def getCallee(call: DirectCall): Procedure = call.target
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall if directCall.returnTarget.isDefined && directCall.target.returnBlock.isDefined => true
+      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Halt]) => true
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
@@ -228,33 +231,32 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
       case command: Command => IRWalk.procedure(command).end == command
       case _ => false
 
-  protected def getAfterCalls(exit: IndirectCall): Set[GoTo] =
-    InterProcIRCursor.succ(exit).foreach(s => assert(s.isInstanceOf[GoTo]))
-    InterProcIRCursor.succ(exit).filter(_.isInstanceOf[GoTo]).map(_.asInstanceOf[GoTo])
+  protected def getAfterCalls(exit: IndirectCall): Set[Command] =
+    InterProcIRCursor.succ(exit).filter(_.isInstanceOf[Command]).map(_.asInstanceOf[Command])
 
 }
 
 
 abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[IndirectCall, Procedure, GoTo, DirectCall, D, T, L](program, program.mainProcedure.end),
+  extends IDESolver[IndirectCall, Procedure, Command, DirectCall, D, T, L](program, program.mainProcedure.end),
     BackwardIDEAnalysis[D, T, L], IRInterproceduralBackwardDependencies {
 
   protected def entryToExit(entry: IndirectCall): Procedure = IRWalk.procedure(entry)
 
   protected def exitToEntry(exit: Procedure): IndirectCall = exit.end.asInstanceOf[IndirectCall]
 
-  protected def callToReturn(call: GoTo): DirectCall = call.parent.jump.asInstanceOf[DirectCall]
+  protected def callToReturn(call: Command): DirectCall = call match {
+    case ret: Statement => ret.parent.statements.getPrev(ret).asInstanceOf[DirectCall]
+    case r: Jump => r.parent.statements.last.asInstanceOf[DirectCall]
+  }
 
-  protected def returnToCall(ret: DirectCall): GoTo = ret.parent.fallthrough.get
+  protected def returnToCall(ret: DirectCall): Command = ret.successor
 
-  protected def getCallee(call: GoTo): IndirectCall = callToReturn(call).target.end.asInstanceOf[IndirectCall]
+  protected def getCallee(call: Command): IndirectCall = callToReturn(call: Command).target.end.asInstanceOf[IndirectCall]
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case goto: GoTo if goto.isAfterCall =>
-        goto.parent.jump match
-          case directCall: DirectCall => directCall.returnTarget.isDefined && directCall.target.returnBlock.isDefined
-          case _ => false
+      case directCall: DirectCall => (!directCall.successor.isInstanceOf[Halt])
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 2b5d3123e..0e1dc9d93 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -52,11 +52,11 @@ object IRWalk:
     }
   }
 
-extension (p: Jump)
+extension (p: Command)
   def isAfterCall : Boolean = {
     p match {
-      case g: GoTo => g.parent.fallthrough.contains(g)
-      case _ => false
+      case g: Jump => g.parent.statements.lastOption.map(_.isInstanceOf[Call]).getOrElse(false)
+      case g: Statement => g.parent.statements.prevOption(g).map(_.isInstanceOf[Call]).getOrElse(false)
     }
   }
 
@@ -82,9 +82,10 @@ trait IntraProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
     pos match {
       case proc: Procedure => proc.entryBlock.toSet
       case b: Block        => Set(b.statements.headOption.getOrElse(b.jump))
-      case s: Statement    =>  Set(s.succ().getOrElse(s.parent.jump))
+      case s: Statement    =>  Set(s.successor)
       case n: GoTo         => n.targets.asInstanceOf[Set[CFGPosition]]
-      case c: Call         => c.parent.fallthrough.toSet
+      case h: Halt         => Set()
+      case h: Return       => Set()
     }
   }
 
@@ -143,43 +144,43 @@ trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
   IntraProcIRCursor.succ(pos) ++
     (pos match
       case c: DirectCall if c.target.blocks.nonEmpty  => Set(c.target)
-      case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().flatMap(_.parent.fallthrough.toSet).toSet
+      case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
       case _ =>  Set.empty)
   }
 
   final def pred(pos: CFGPosition): Set[CFGPosition] = {
     IntraProcIRCursor.pred(pos) ++
     (pos match
+      case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
       case c: Procedure       => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
-      case b: GoTo if b.isAfterCall => b.parent.jump match {
-        case DirectCall(t,_, _) if t.blocks.nonEmpty => t.returnBlock.toSet
-        case _ => Set(b)
-      }
       case _ => Set.empty)
   }
 }
 
-trait InterProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
+// less meaningful with call statements 
+
+// trait InterProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
+// 
+//   final def succ(pos: CFGPosition): Set[Block] = {
+//     IntraProcBlockIRCursor.succ(pos) ++
+//     (pos match {
+//       case s: DirectCall if s.target.blocks.nonEmpty  => s.target.entryBlock.toSet
+//       case b: Block if b.isProcReturn => b.parent.incomingCalls().map(_.parent).toSet
+//       case _               => Set.empty 
+//     })
+//   }
+// 
+//   final def pred(pos: CFGPosition): Set[Block] = {
+//     IntraProcBlockIRCursor.pred(pos) ++
+//     (pos match {
+//       case b: Block if b.isAfterCall => b.incomingJumps.collect {_.parent.jump match 
+//           case d: DirectCall => d.target }.flatMap(_.returnBlock).toSet
+//       case b: Block if b.isProcEntry => b.parent.incomingCalls().map(_.parent).toSet
+//       case _ => Set.empty 
+//     })
+//   }
+// }
 
-  final def succ(pos: CFGPosition): Set[Block] = {
-    IntraProcBlockIRCursor.succ(pos) ++
-    (pos match {
-      case s: DirectCall if s.target.blocks.nonEmpty  => s.target.entryBlock.toSet
-      case b: Block if b.isProcReturn => b.parent.incomingCalls().map(_.parent).toSet
-      case _               => Set.empty 
-    })
-  }
-
-  final def pred(pos: CFGPosition): Set[Block] = {
-    IntraProcBlockIRCursor.pred(pos) ++
-    (pos match {
-      case b: Block if b.isAfterCall => b.incomingJumps.collect {_.parent.jump match 
-          case d: DirectCall => d.target }.flatMap(_.returnBlock).toSet
-      case b: Block if b.isProcEntry => b.parent.incomingCalls().map(_.parent).toSet
-      case _ => Set.empty 
-    })
-  }
-}
 object InterProcIRCursor extends InterProcIRCursor
 
 trait CallGraph extends IRWalk[Procedure, Procedure] {
@@ -190,7 +191,7 @@ trait CallGraph extends IRWalk[Procedure, Procedure] {
 
 object CallGraph extends CallGraph
 
-object InterProcBlockIRCursor extends InterProcBlockIRCursor
+// object InterProcBlockIRCursor extends InterProcBlockIRCursor
 
 /** Computes the reachability transitive closure of the CFGPositions in initial under the successor relation defined by
   * walker.
diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/Interpreter.scala
index f5437015b..de470d5d9 100644
--- a/src/main/scala/ir/Interpreter.scala
+++ b/src/main/scala/ir/Interpreter.scala
@@ -11,8 +11,8 @@ class Interpreter() {
   private val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
   private val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
   private val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-  private var nextBlock: Option[Block] = None
-  private val returnBlock: mutable.Stack[Block] = mutable.Stack()
+  private var nextCmd: Option[Command] = None
+  private val returnCmd: mutable.Stack[Command] = mutable.Stack()
 
   def eval(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BitVecLiteral = {
     exp match {
@@ -220,23 +220,15 @@ class Interpreter() {
 
     // Procedure.Block
     p.entryBlock match {
-      case Some(block) => nextBlock = Some(block)
-      case None        => nextBlock = Some(returnBlock.pop())
+      case Some(block) => nextCmd = Some(block.statements.headOption.getOrElse(block.jump))
+      case None        => nextCmd = Some(returnCmd.pop())
     }
   }
 
-  private def interpretBlock(b: Block): Unit = {
-    Logger.debug(s"Block:${b.label} ${b.address}")
-    // Block.Statement
-    for ((statement, index) <- b.statements.zipWithIndex) {
-      Logger.debug(s"statement[$index]:")
-      interpretStatement(statement)
-    }
-
-    // Block.Jump
+  private def interpretJump(j: Jump) : Unit = {
+    Logger.debug(s"jump:")
     breakable {
-      Logger.debug(s"jump:")
-      b.jump match {
+      j match {
         case gt: GoTo =>
           Logger.debug(s"$gt")
           for (g <- gt.targets) {
@@ -244,40 +236,28 @@ class Interpreter() {
             condition match {
               case Some(e) => evalBool(e, regs) match {
                 case TrueLiteral =>
-                  nextBlock = Some(g)
+                  nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
                   break
                 case _ =>
               }
               case None =>
-                nextBlock = Some(g)
+                nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
                 break
             }
           }
-        case dc: DirectCall =>
-          Logger.debug(s"$dc")
-          if (dc.returnTarget.isDefined) {
-            returnBlock.push(dc.returnTarget.get)
-          }
-          interpretProcedure(dc.target)
-          break
-        case ic: IndirectCall =>
-          Logger.debug(s"$ic")
-          if (ic.target == Register("R30", 64) && ic.returnTarget.isEmpty) {
-            if (returnBlock.nonEmpty) {
-              nextBlock = Some(returnBlock.pop())
-            } else {
-              //Exit Interpreter
-              nextBlock = None
-            }
-            break
-          } else {
-            ???
-          }
+        case r: Return => {
+          nextCmd = Some(returnCmd.pop())
+        }
+        case h: Halt => {
+          Logger.debug("Halt")
+          nextCmd = None
+        }
       }
     }
   }
 
   private def interpretStatement(s: Statement): Unit = {
+    Logger.debug(s"statement[$s]:")
     s match {
       case assign: Assign =>
         Logger.debug(s"LocalAssign ${assign.lhs} = ${assign.rhs}")
@@ -300,14 +280,42 @@ class Interpreter() {
           case BitVecLiteral(value, size) =>
             Logger.debug(s"MemoryAssign ${assign.mem} := 0x${value.toString(16)}[u$size]\n")
         }
-      case _ : NOP =>
+      case _ : NOP => ()
       case assert: Assert =>
-        Logger.debug(assert)
         // TODO
-
+        Logger.debug(assert)
+        evalBool(assert.body, regs) match {
+          case TrueLiteral => ()
+          case FalseLiteral => throw Exception(s"Assertion failed ${assert}")
+        }
       case assume: Assume =>
-        Logger.debug(assume)
         // TODO, but already taken into effect if it is a branch condition
+        Logger.debug(assume)
+        evalBool(assume.body, regs) match {
+          case TrueLiteral => ()
+          case FalseLiteral => {
+            nextCmd = None
+            Logger.debug(s"Assumption not satisfied: $assume")
+          }
+        }
+      case dc: DirectCall =>
+        Logger.debug(s"$dc")
+        returnCmd.push(dc.successor)
+        interpretProcedure(dc.target)
+        break
+      case ic: IndirectCall =>
+        Logger.debug(s"$ic")
+        if (ic.target == Register("R30", 64)) {
+          if (returnCmd.nonEmpty) {
+            nextCmd = Some(returnCmd.pop())
+          } else {
+            //Exit Interpreter
+            nextCmd = None
+          }
+          break
+        } else {
+          ???
+        }
     }
   }
 
@@ -334,10 +342,13 @@ class Interpreter() {
 
     // Program.Procedure
     interpretProcedure(IRProgram.mainProcedure)
-    while (nextBlock.isDefined) {
-      interpretBlock(nextBlock.get)
+    while (nextCmd.isDefined) {
+      nextCmd.get match  {
+        case c: Statement => interpretStatement(c) 
+        case c: Jump => interpretJump(c)
+      }
     }
 
     regs
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 5668607aa..577666e9f 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -141,7 +141,7 @@ class Program(var procedures: ArrayBuffer[Procedure],
 
       stack.pushAll(n match {
         case p: Procedure => p.blocks
-        case b: Block => Seq() ++ b.statements ++ Seq(b.jump) ++ b.fallthrough.toSet
+        case b: Block => Seq() ++ b.statements ++ Seq(b.jump)
         case s: Command => Seq()
       })
       n
@@ -289,30 +289,28 @@ class Procedure private (
     block
   }
 
-  /**
-   * Remove blocks with the semantics of replacing them with a noop. The incoming jumps to this are replaced
-   * with a jump(s) to this blocks jump target(s). If this block ends in a call then only its statements are removed.
-   * @param blocks the block/blocks to remove
-   */
-  def removeBlocksInline(blocks: Iterable[Block]): Unit = {
-    for (elem <- blocks) {
-      elem.jump match {
-        case g: GoTo =>
-          // rewrite all the jumps to include our jump targets
-          elem.incomingJumps.foreach(_.removeTarget(elem))
-          elem.incomingJumps.foreach(_.addAllTargets(g.targets))
-          removeBlocks(elem)
-        case c: Call =>
-          // just remove statements, keep call
-          elem.statements.clear()
-      }
-    }
-  }
-
-
-  def removeBlocksInline(blocks: Block*): Unit = {
-    removeBlocksInline(blocks.toSeq)
-  }
+// unused
+//   /**
+//    * Remove blocks with the semantics of replacing them with a noop. The incoming jumps to this are replaced
+//    * with a jump(s) to this blocks jump target(s). If this block ends in a call then only its statements are removed.
+//    * @param blocks the block/blocks to remove
+//    */
+//   def removeBlocksInline(blocks: Iterable[Block]): Unit = {
+//     for (elem <- blocks) {
+//       elem.jump match {
+//         case g: GoTo =>
+//           // rewrite all the jumps to include our jump targets
+//           elem.incomingJumps.foreach(_.removeTarget(elem))
+//           elem.incomingJumps.foreach(_.addAllTargets(g.targets))
+//           removeBlocks(elem)
+//       }
+//     }
+//   }
+// 
+// 
+//   def removeBlocksInline(blocks: Block*): Unit = {
+//     removeBlocksInline(blocks.toSeq)
+//   }
 
   /**
    * Remove block(s) and all jumps that target it
@@ -380,7 +378,6 @@ class Block private (
  val statements: IntrusiveList[Statement],
  private var _jump: Jump,
  private val _incomingJumps: mutable.HashSet[GoTo],
- var _fallthrough: Option[GoTo],
 ) extends HasParent[Procedure] {
   _jump.setParent(this)
   statements.foreach(_.setParent(this))
@@ -389,23 +386,11 @@ class Block private (
   statements.onRemove = x => x.deParent()
 
   def this(label: String, address: Option[Int] = None, statements: IterableOnce[Statement] = Set.empty, jump: Jump = GoTo(Set.empty)) = {
-    this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty, None)
+    this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty)
   }
 
   def jump: Jump = _jump
 
-  def fallthrough: Option[GoTo] = _fallthrough
-
-  def fallthrough_=(g: Option[GoTo]): Unit = {
-    /*
-     * Fallthrough is only set if Jump is a call, this is maintained maintained at the 
-     * linkParent implementation on FallThrough of Call.
-     */
-    _fallthrough.foreach(_.deParent())
-    g.foreach(x => x.parent = this)
-    _fallthrough = g
-  }
-
   private def jump_=(j: Jump): Unit = {
     require(!j.hasParent)
     if (j ne _jump) {
@@ -434,7 +419,9 @@ class Block private (
     assert(!incomingJumps.contains(g))
   }
 
-  def calls: Set[Procedure] = _jump.calls
+  def calls: Set[Procedure] = statements.toSet.collect {
+    case d: DirectCall => d.target
+  }
 
   def modifies: Set[Global] = statements.flatMap(_.modifies).toSet
   //def locals: Set[Variable] = statements.flatMap(_.locals).toSet ++ jumps.flatMap(_.locals).toSet
@@ -454,10 +441,7 @@ class Block private (
   def nextBlocks: Iterable[Block] = {
     jump match {
       case c: GoTo => c.targets
-      case c: Call => fallthrough match {
-        case Some(x) => x.targets
-        case _ => Seq()
-      }
+      case _ => Seq()
     }
   }
 
@@ -504,7 +488,7 @@ class Block private (
 
 object Block {
   def procedureReturn(from: Procedure): Block = {
-    Block(from.name + "_basil_return", None, List(), IndirectCall(Register("R30", 64)))
+    Block(from.name + "_basil_return", None, List(), Return())
   }
 }
 
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 8d89a9726..74aaa18b5 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -23,6 +23,9 @@ sealed trait Statement extends Command, IntrusiveListElement[Statement] {
   def acceptVisit(visitor: Visitor): Statement = throw new Exception(
     "visitor " + visitor + " unimplemented for: " + this
   )
+
+  def successor: Command = parent.statements.nextOption(this).getOrElse(parent.jump)
+
 }
 
 // invariant: rhs contains at most one MemoryLoad
@@ -76,10 +79,18 @@ object Assume:
 sealed trait Jump extends Command {
   def modifies: Set[Global] = Set()
   //def locals: Set[Variable] = Set()
-  def calls: Set[Procedure] = Set()
   def acceptVisit(visitor: Visitor): Jump = throw new Exception("visitor " + visitor + " unimplemented for: " + this)
 }
 
+class Halt(override val label: Option[String] = None) extends Jump {
+  override def acceptVisit(visitor: Visitor): Jump = this
+}
+
+class Return(override val label: Option[String] = None) extends Jump {
+  override def acceptVisit(visitor: Visitor): Jump = this
+}
+
+
 class GoTo private (private val _targets: mutable.LinkedHashSet[Block], override val label: Option[String]) extends Jump {
 
   def this(targets: Iterable[Block], label: Option[String] = None) = this(mutable.LinkedHashSet.from(targets), label)
@@ -125,30 +136,18 @@ object GoTo:
   def unapply(g: GoTo): Option[(Set[Block], Option[String])] = Some(g.targets, g.label)
 
 
-sealed trait Call extends Jump {
-  val returnTarget: Option[Block]
-
-  // moving a call between blocks
-  override def linkParent(p: Block): Unit = {
-    returnTarget.foreach(t => parent.fallthrough = Some(GoTo(Set(t))))
-  }
-
-  override def unlinkParent(): Unit = {
-    parent.fallthrough = None
-  }
-}
+sealed trait Call extends Statement
 
 class DirectCall(val target: Procedure,
-                 override val returnTarget: Option[Block] = None,
                  override val label: Option[String] = None
                 ) extends Call {
   /* override def locals: Set[Variable] = condition match {
     case Some(c) => c.locals
     case None => Set()
   } */
-  override def calls: Set[Procedure] = Set(target)
-  override def toString: String = s"${labelStr}DirectCall(${target.name}, ${returnTarget.map(_.label)})"
-  override def acceptVisit(visitor: Visitor): Jump = visitor.visitDirectCall(this)
+  def calls: Set[Procedure] = Set(target)
+  override def toString: String = s"${labelStr}DirectCall(${target.name})"
+  override def acceptVisit(visitor: Visitor): Statement = visitor.visitDirectCall(this)
 
   override def linkParent(p: Block): Unit = {
     super.linkParent(p)
@@ -163,19 +162,18 @@ class DirectCall(val target: Procedure,
 }
 
 object DirectCall:
-  def unapply(i: DirectCall): Option[(Procedure, Option[Block], Option[String])] = Some(i.target, i.returnTarget, i.label)
+  def unapply(i: DirectCall): Option[(Procedure, Option[String])] = Some(i.target, i.label)
 
 class IndirectCall(var target: Variable,
-                   override val returnTarget: Option[Block] = None,
                    override val label: Option[String] = None
                   ) extends Call {
   /* override def locals: Set[Variable] = condition match {
     case Some(c) => c.locals + target
     case None => Set(target)
   } */
-  override def toString: String = s"${labelStr}IndirectCall($target, ${returnTarget.map(_.label)})"
-  override def acceptVisit(visitor: Visitor): Jump = visitor.visitIndirectCall(this)
+  override def toString: String = s"${labelStr}IndirectCall($target)"
+  override def acceptVisit(visitor: Visitor): Statement = visitor.visitIndirectCall(this)
 }
 
 object IndirectCall:
-  def unapply(i: IndirectCall): Option[(Variable, Option[Block], Option[String])] = Some(i.target, i.returnTarget, i.label)
\ No newline at end of file
+  def unapply(i: IndirectCall): Option[(Variable, Option[String])] = Some(i.target, i.label)
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index b9fd91b3e..1cc9c1b40 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -39,11 +39,11 @@ abstract class Visitor {
     node
   }
 
-  def visitDirectCall(node: DirectCall): Jump = {
+  def visitDirectCall(node: DirectCall): Statement = {
     node
   }
 
-  def visitIndirectCall(node: IndirectCall): Jump = {
+  def visitIndirectCall(node: IndirectCall): Statement = {
     node.target = visitVariable(node.target)
     node
   }
@@ -199,11 +199,11 @@ abstract class ReadOnlyVisitor extends Visitor {
     node
   }
 
-  override def visitDirectCall(node: DirectCall): Jump = {
+  override def visitDirectCall(node: DirectCall): Statement = {
     node
   }
 
-  override def visitIndirectCall(node: IndirectCall): Jump = {
+  override def visitIndirectCall(node: IndirectCall): Statement = {
     visitVariable(node.target)
     node
   }
@@ -281,14 +281,12 @@ abstract class IntraproceduralControlFlowVisitor extends Visitor {
     node
   }
 
-  override def visitDirectCall(node: DirectCall): Jump = {
-    node.returnTarget.foreach(visitBlock)
+  override def visitDirectCall(node: DirectCall): Statement = {
     node
   }
 
-  override def visitIndirectCall(node: IndirectCall): Jump = {
+  override def visitIndirectCall(node: IndirectCall): Statement = {
     node.target = visitVariable(node.target)
-    node.returnTarget.foreach(visitBlock)
     node
   }
 }
@@ -431,20 +429,3 @@ class VariablesWithoutStoresLoads extends ReadOnlyVisitor {
   }
 
 }
-
-class ConvertToSingleProcedureReturn extends Visitor {
-  override def visitJump(node: Jump): Jump = {
-    node match
-      case c: IndirectCall =>
-        val returnBlock = node.parent.parent.returnBlock match {
-          case Some(b) => b
-          case None =>
-            val b = Block.procedureReturn(node.parent.parent)
-            node.parent.parent.returnBlock = b
-            b
-        }
-        // if we are return outside the return block then replace with a goto to the return block
-        if c.target.name == "R30" && c.returnTarget.isEmpty && !c.parent.isProcReturn then GoTo(Seq(returnBlock)) else node
-      case _ => node
-  }
-}
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index a405d4fa1..5583b12da 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -95,6 +95,11 @@ class CILVisitorImpl(val v: CILVisitor) {
 
   def visit_stmt(s: Statement): List[Statement] = {
     def continue(n: Statement) = n match {
+      case d: DirectCall => d
+      case i: IndirectCall => {
+        i.target = visit_var(i.target)
+        i
+      }
       case m: MemoryAssign => {
         m.mem = visit_mem(m.mem)
         m.index = visit_expr(m.index)
@@ -131,7 +136,6 @@ class CILVisitorImpl(val v: CILVisitor) {
         }
       })
       b.replaceJump(visit_jump(b.jump))
-      b.fallthrough = visit_fallthrough(b.fallthrough)
       b
     }
 
@@ -153,7 +157,7 @@ class CILVisitorImpl(val v: CILVisitor) {
     doVisitList(v, v.vproc(p), p, continue)
   }
 
-  def visit_proc(p: Program): Program = {
+  def visit_prog(p: Program): Program = {
     def continue(p: Program) = {
       p.procedures = p.procedures.flatMap(visit_proc)
       p
@@ -164,6 +168,7 @@ class CILVisitorImpl(val v: CILVisitor) {
 
 def visit_block(v: CILVisitor, b: Block): Block = CILVisitorImpl(v).visit_block(b)
 def visit_proc(v: CILVisitor, b: Procedure): List[Procedure] = CILVisitorImpl(v).visit_proc(b)
+def visit_prog(v: CILVisitor, b: Program): Program = CILVisitorImpl(v).visit_prog(b)
 def visit_stmt(v: CILVisitor, e: Statement): List[Statement] = CILVisitorImpl(v).visit_stmt(e)
 def visit_jump(v: CILVisitor, e: Jump): Jump = CILVisitorImpl(v).visit_jump(e)
 def visit_expr(v: CILVisitor, e: Expr): Expr = CILVisitorImpl(v).visit_expr(e)
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 7fdd8bdaa..3c55e2dfc 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -35,24 +35,31 @@ case class DelayNameResolve(ident: String) {
   }
 }
 
+trait EventuallyStatement {
+  def resolve(p: Program): Statement
+}
+
+case class ResolvableStatement(s: Statement) extends EventuallyStatement {
+  override def resolve(p: Program) = s
+}
+
 trait EventuallyJump {
   def resolve(p: Program): Jump
 }
 
-case class EventuallyIndirectCall(target: Variable, fallthrough: Option[DelayNameResolve]) extends EventuallyJump {
+case class EventuallyIndirectCall(target: Variable, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
   override def resolve(p: Program): IndirectCall = {
-    IndirectCall(target, fallthrough.flatMap(_.resolveBlock(p)))
+    IndirectCall(target)
   }
 }
 
-case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNameResolve]) extends EventuallyJump {
+case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
   override def resolve(p: Program): DirectCall = {
     val t = target.resolveProc(p) match {
       case Some(x) => x
       case None => throw Exception("can't resolve proc " + p)
     }
-    val ft = fallthrough.flatMap(_.resolveBlock(p))
-    DirectCall(t, ft)
+    DirectCall(t)
   }
 }
 
@@ -79,18 +86,20 @@ def indirectCall(tgt: Variable, fallthrough: Option[String]): EventuallyIndirect
 // def directcall(tgt: String) = EventuallyCall(DelayNameResolve(tgt), None)
 
 
-case class EventuallyBlock(label: String, sl: Seq[Statement], j: EventuallyJump) {
-  val tempBlock: Block = Block(label, None, sl, GoTo(List.empty))
+case class EventuallyBlock(label: String, sl: Seq[EventuallyStatement], j: EventuallyJump) {
+  val tempBlock: Block = Block(label, None, List(), GoTo(List.empty))
 
   def resolve(prog: Program): Block = {
+    tempBlock.statements.addAll(sl.map(_.resolve(prog)))
     tempBlock.replaceJump(j.resolve(prog))
     tempBlock
   }
 }
 
-def block(label: String, sl: (Statement | EventuallyJump)*): EventuallyBlock = {
-  val statements = sl.collect {
-    case s: Statement => s
+def block(label: String, sl: (Statement | EventuallyStatement | EventuallyJump)*): EventuallyBlock = {
+  val statements : Seq[EventuallyStatement] = sl.collect {
+    case s: Statement => ResolvableStatement(s)
+    case o: EventuallyStatement => o
   }
   val jump = sl.collectFirst {
     case j: EventuallyJump => j
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
new file mode 100644
index 000000000..61b276833
--- /dev/null
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -0,0 +1,52 @@
+package ir.transforms
+
+import util.Logger
+import ir.cilvisitor._
+import ir._
+
+
+class ReplaceReturns extends CILVisitor {
+  /**
+   * Assumes IR with 1 call per block which appears as the last statement.
+   */
+  override def vstmt(j: Statement): VisitAction[List[Statement]] = {
+    j match {
+      case IndirectCall(Register("R30", _), _) => {
+        assert(j.parent.statements.lastOption.contains(j))
+        if (j.parent.jump.isInstanceOf[Halt | Return]) {
+          j.parent.replaceJump(Return())
+          ChangeTo(List())
+        } else {
+          SkipChildren()
+        }
+      }
+      case _ => SkipChildren()
+    }
+  }
+
+  override def vjump(j: Jump) = SkipChildren()
+}
+
+
+def addReturnBlocks(p: Program) = {
+  p.procedures.foreach(p => {
+    val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
+    if (containsReturn) {
+      p.returnBlock = p.addBlocks(Block(label=p.name + "_return",jump=Return()))
+    }
+  })
+}
+
+
+class ConvertSingleReturn extends CILVisitor {
+  /**
+   * Assumes procedures have defined return blocks if they contain a return statement.
+   */
+  override def vjump(j: Jump) = j match {
+    case r: Return if !(j.parent.parent.returnBlock.contains(j.parent)) => ChangeTo(GoTo(Seq(j.parent.parent.returnBlock.get)))
+    case _ => SkipChildren()
+  }
+
+  override def vstmt(s: Statement) = SkipChildren()
+}
+
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index 85ed82f21..90ba61335 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -48,8 +48,9 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
         for (st <- b.statements) {
           block.statements.append(translate(st))
         }
-        val (jump, newBlocks) = translate(b.jumps, block)
+        val (call, jump, newBlocks) = translate(b.jumps, block)
         procedure.addBlocks(newBlocks)
+        call.foreach(c => block.statements.append(c))
         block.replaceJump(jump)
         assert(jump.hasParent)
       }
@@ -85,7 +86,7 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
     * Translates a list of jumps from BAP into a single Jump at the IR level by moving any conditions on jumps to
     * Assume statements in new blocks
     * */
-  private def translate(jumps: List[BAPJump], block: Block): (Jump, ArrayBuffer[Block]) = {
+  private def translate(jumps: List[BAPJump], block: Block): (Option[Call], Jump, ArrayBuffer[Block]) = {
     if (jumps.size > 1) {
       val targets = ArrayBuffer[Block]()
       val conditions = ArrayBuffer[BAPExpr]()
@@ -130,26 +131,28 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
           case _ => throw Exception("translation error, call where not expected: " + jumps.mkString(", "))
         }
       }
-      (GoTo(targets, Some(line)), newBlocks)
+      (None, GoTo(targets, Some(line)), newBlocks)
     } else {
       jumps.head match {
         case b: BAPDirectCall =>
-          val call = DirectCall(nameToProcedure(b.target), b.returnTarget.map(t => labelToBlock(t)), Some(b.line))
-          (call, ArrayBuffer())
+          val call = Some(DirectCall(nameToProcedure(b.target),Some(b.line)))
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          (call, ft, ArrayBuffer())
         case b: BAPIndirectCall =>
-          val call = IndirectCall(b.target.toIR, b.returnTarget.map(t => labelToBlock(t)), Some(b.line))
-          (call, ArrayBuffer())
+          val call = IndirectCall(b.target.toIR, Some(b.line))
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          (Some(call), ft, ArrayBuffer())
         case b: BAPGoTo =>
           val target = labelToBlock(b.target)
           b.condition match {
             // condition is true
             case l: BAPLiteral if l.value > BigInt(0) =>
-              (GoTo(ArrayBuffer(target), Some(b.line)), ArrayBuffer())
+              (None, GoTo(ArrayBuffer(target), Some(b.line)), ArrayBuffer())
             // non-true condition
             case _ =>
               val condition = convertConditionBool(b.condition, false)
               val newBlock = newBlockCondition(block, target, condition)
-              (GoTo(ArrayBuffer(newBlock), Some(b.line)), ArrayBuffer(newBlock))
+              (None, GoTo(ArrayBuffer(newBlock), Some(b.line)), ArrayBuffer(newBlock))
           }
       }
     }
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index fceb07692..f7589905c 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -182,12 +182,13 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
             throw Exception(s"block ${block.label} in subroutine ${procedure.name} has no outgoing edges")
           }
 
-          val jump = if (outgoingEdges.size == 1) {
+          val (calls, jump) = if (outgoingEdges.size == 1) {
             val edge = outgoingEdges.head
             handleSingleEdge(block, edge, procedure, procedures)
           } else {
             handleMultipleEdges(block, outgoingEdges, procedure)
           }
+          calls.foreach(c => block.statements.append(c))
           block.replaceJump(jump)
 
           if (block.statements.nonEmpty) {
@@ -363,8 +364,6 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // need to copy jump as it can't have multiple parents
       val jumpCopy = currentBlock.jump match {
         case GoTo(targets, label) => GoTo(targets, label)
-        case IndirectCall(target, returnTarget, label) => IndirectCall(target, returnTarget, label)
-        case DirectCall(target, returnTarget, label) => DirectCall(target, returnTarget, label)
         case _ => throw Exception("this shouldn't be reachable")
       }
       trueBlock.replaceJump(currentBlock.jump)
@@ -377,7 +376,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
   }
 
   // Handles the case where a block has one outgoing edge using gtirb cfg labelling
-  private def handleSingleEdge(block: Block, edge: Edge, procedure: Procedure, procedures: ArrayBuffer[Procedure]): Jump = {
+  private def handleSingleEdge(block: Block, edge: Edge, procedure: Procedure, procedures: ArrayBuffer[Procedure]): (Option[Call], Jump) = {
     edge.getLabel match {
       case EdgeLabel(false, false, Type_Branch, _) =>
         // indirect jump, possibly to external subroutine, possibly to another block in procedure
@@ -391,7 +390,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               case _ => throw Exception(s"no assignment to program counter found before indirect call in block ${block.label}")
             }
             block.statements.remove(block.statements.last) // remove _PC assignment
-            IndirectCall(target, None)
+            (Some(IndirectCall(target)), Halt())
           } else if (proxySymbols.size > 1) {
             // TODO requires further consideration once encountered
             throw Exception(s"multiple uuidToSymbol ${proxySymbols.map(_.name).mkString(", ")} associated with proxy block ${byteStringToString(edge.targetUuid)}, target of indirect call from block ${block.label}")
@@ -407,14 +406,14 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               proc
             }
             removePCAssign(block)
-            DirectCall(target, None)
+            (Some(DirectCall(target)), Halt())
           }
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           // resolved indirect jump
           // TODO consider possibility this can go to another procedure?
           val target = uuidToBlock(edge.targetUuid)
           removePCAssign(block)
-          GoTo(mutable.Set(target))
+          (None, GoTo(mutable.Set(target)))
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known block or proxy block")
         }
@@ -425,23 +424,23 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           // direct jump to start of own subroutine is treated as GoTo, not DirectCall
           // should probably investigate recursive cases to determine if this happens/is correct
           val jump = if (procedure == targetProc) {
-            GoTo(mutable.Set(uuidToBlock(edge.targetUuid)))
+            (None, GoTo(mutable.Set(uuidToBlock(edge.targetUuid))))
           } else {
-            DirectCall(targetProc, None)
+            (Some(DirectCall(targetProc)), Halt())
           }
           removePCAssign(block)
           jump
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           val target = uuidToBlock(edge.targetUuid)
           removePCAssign(block)
-          GoTo(mutable.Set(target))
+          (None, GoTo(mutable.Set(target)))
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known block")
         }
       case EdgeLabel(false, _, Type_Return, _) =>
         // return statement, value of 'direct' is just whether DDisasm has resolved the return target
         removePCAssign(block)
-        IndirectCall(Register("R30", 64), None)
+        (Some(IndirectCall(Register("R30", 64), None)), Halt())
       case EdgeLabel(false, true, Type_Fallthrough, _) =>
         // end of block that doesn't end in a control flow instruction and falls through to next
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
@@ -449,10 +448,10 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           // probably doesn't actually happen in practice since it seems to be after brk instructions?
           val targetProc = entranceUUIDtoProcedure(edge.targetUuid)
           // assuming fallthrough won't fall through to start of own procedure
-          DirectCall(targetProc, None)
+          (Some(DirectCall(targetProc)), Halt())
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           val target = uuidToBlock(edge.targetUuid)
-          GoTo(mutable.Set(target))
+          (None, GoTo(mutable.Set(target)))
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known block")
         }
@@ -462,7 +461,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
           val target = entranceUUIDtoProcedure(edge.targetUuid)
           removePCAssign(block)
-          DirectCall(target, None)
+          (Some(DirectCall(target)), Halt())
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known procedure entrance")
         }
@@ -473,14 +472,13 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
     }
   }
 
-  def handleMultipleEdges(block: Block, outgoingEdges: mutable.Set[Edge], procedure: Procedure): Jump = {
+  def handleMultipleEdges(block: Block, outgoingEdges: mutable.Set[Edge], procedure: Procedure): (Option[Call], Jump) = {
     val edgeLabels = outgoingEdges.map(_.getLabel)
 
     if (edgeLabels.forall { (e: EdgeLabel) => !e.conditional && e.direct && e.`type` == Type_Return }) {
       // multiple resolved returns, translate as single return
       removePCAssign(block)
-      IndirectCall(Register("R30", 64), None)
-
+      (None, Return())
     } else if (edgeLabels.forall { (e: EdgeLabel) => !e.conditional && !e.direct && e.`type` == Type_Branch }) {
       // resolved indirect call with multiple blocks as targets
       val targets = mutable.Set[Block]()
@@ -495,7 +493,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       }
       // TODO add assertion that target register is low
       removePCAssign(block)
-      GoTo(targets)
+      (None, GoTo(targets))
       // TODO possibility not yet encountered: resolved indirect call that goes to multiple procedures?
 
     } else if (outgoingEdges.size == 2) {
@@ -519,9 +517,9 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           handleIndirectCallWithReturn(edge1, edge0, block)
         // conditional branch
         case (EdgeLabel(true, true, Type_Fallthrough, _), EdgeLabel(true, true, Type_Branch, _)) =>
-          handleConditionalBranch(edge0, edge1, block, procedure)
+          (None, handleConditionalBranch(edge0, edge1, block, procedure))
         case (EdgeLabel(true, true, Type_Branch, _), EdgeLabel(true, true, Type_Fallthrough, _)) =>
-          handleConditionalBranch(edge1, edge0, block, procedure)
+          (None, handleConditionalBranch(edge1, edge0, block, procedure))
         case _ =>
           throw Exception(s"cannot resolve outgoing edges from block ${block.label}")
       }
@@ -542,7 +540,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       if (fallthroughs.size != 1 || indirectCallTargets.isEmpty) {
         throw Exception(s"cannot resolve outgoing edges from block ${block.label}")
       }
-      handleIndirectCallMultipleResolvedTargets(fallthroughs.head, indirectCallTargets, block, procedure)
+      (None, handleIndirectCallMultipleResolvedTargets(fallthroughs.head, indirectCallTargets, block, procedure))
     } else {
       throw Exception(s"cannot resolve outgoing edges from block ${block.label}")
     }
@@ -564,18 +562,18 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       }
 
       val target = entranceUUIDtoProcedure(call.targetUuid)
-      val resolvedCall = DirectCall(target, Some(returnTarget))
+      val resolvedCall = DirectCall(target)
 
       val assume = Assume(BinaryExpr(BVEQ, targetRegister, BitVecLiteral(target.address.get, 64)))
       val label = block.label + "$" + target.name
-      newBlocks.append(Block(label, None, ArrayBuffer(assume), resolvedCall))
+      newBlocks.append(Block(label, None, ArrayBuffer(assume, resolvedCall), GoTo(returnTarget)))
     }
     removePCAssign(block)
     procedure.addBlocks(newBlocks)
     GoTo(newBlocks)
   }
 
-  private def handleIndirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): Call = {
+  private def handleIndirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): (Option[Call], GoTo) = {
     if (!uuidToBlock.contains(fallthrough.targetUuid)) {
       throw Exception(s"block ${block.label} has fallthrough edge to ${byteStringToString(fallthrough.targetUuid)} that does not point to a known block")
     }
@@ -586,16 +584,16 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       val target = getPCTarget(block)
       removePCAssign(block)
 
-      IndirectCall(target, Some(returnTarget))
+      (Some(IndirectCall(target)), GoTo(Set(returnTarget)))
     } else {
       // resolved indirect call
       val target = entranceUUIDtoProcedure(call.targetUuid)
       removePCAssign(block)
-      DirectCall(target, Some(returnTarget))
+      (Some(DirectCall(target)), GoTo(Set(returnTarget)))
     }
   }
 
-  private def handleDirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): DirectCall = {
+  private def handleDirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): (Option[Call], GoTo) = {
     if (!entranceUUIDtoProcedure.contains(call.targetUuid)) {
       throw Exception(s"block ${block.label} has direct call edge to ${byteStringToString(call.targetUuid)} that does not point to a known procedure")
     }
@@ -607,7 +605,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
     val target = entranceUUIDtoProcedure(call.targetUuid)
     val returnTarget = uuidToBlock(fallthrough.targetUuid)
     removePCAssign(block)
-    DirectCall(target, Some(returnTarget))
+    (Some(DirectCall(target)), GoTo(Set(returnTarget)))
   }
 
   private def handleConditionalBranch(fallthrough: Edge, branch: Edge, block: Block, procedure: Procedure): GoTo = {
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index b34100704..99b64bc6e 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -74,7 +74,7 @@ private class ILSerialiser extends ReadOnlyVisitor {
   }
 
 
-  override def visitDirectCall(node: DirectCall): Jump = {
+  override def visitDirectCall(node: DirectCall): Statement = {
     program ++= "DirectCall("
     program ++= procedureIdentifier(node.target)
     program ++= ", "
@@ -82,7 +82,7 @@ private class ILSerialiser extends ReadOnlyVisitor {
     node
   }
 
-  override def visitIndirectCall(node: IndirectCall): Jump = {
+  override def visitIndirectCall(node: IndirectCall): Statement = {
     program ++= "IndirectCall("
     visitVariable(node.target)
     program ++= ", "
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 9f45918a4..b654fa031 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -632,39 +632,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       }
     )
   }
-
   def translate(j: Jump): List[BCmd] = j match {
-    case d: DirectCall =>
-      val call = BProcedureCall(d.target.name)
-      val returnTarget = d.returnTarget match {
-        case Some(r) => GoToCmd(Seq(r.label))
-        case None => BAssume(FalseBLiteral, Some("no return target"))
-      }
-
-      (config.procedureRely match {
-        case Some(ProcRelyVersion.Function) =>
-          if (libRelies.contains(d.target.name) && libGuarantees.contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) {
-            val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem))
-            val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1))
-            val libRGAssert = libRelies(d.target.name).map(r => BAssert(r.resolveSpecInv))
-            List(invCall1, invCall2) ++ libRGAssert
-          } else {
-            List()
-          }
-        case Some(ProcRelyVersion.IfCommandContradiction) => relyfun(d.target.name).toList
-        case None => List()
-      }) ++ List(call, returnTarget)
-    case i: IndirectCall =>
-      // TODO put this elsewhere
-      if (i.target.name == "R30") {
-        List(ReturnCmd)
-      } else {
-        val unresolved: List[BCmd] = List(Comment(s"UNRESOLVED: call ${i.target.name}"), BAssert(FalseBLiteral))
-        i.returnTarget match {
-          case Some(r) => unresolved :+ GoToCmd(Seq(r.label))
-          case None    => unresolved ++ List(Comment("no return target"), BAssume(FalseBLiteral))
-        }
-      }
     case g: GoTo =>
       // collects all targets of the goto with a branch condition that we need to check the security level for
       // and collects the variables for that
@@ -681,9 +649,32 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       }
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
+    case r: Return => List(ReturnCmd)
+    case r: Halt => List(BAssert(FalseBLiteral))
+  }
+
+  def translate(j: Call): List[BCmd] = j match {
+    case d: DirectCall =>
+      val call = BProcedureCall(d.target.name)
+
+      (config.procedureRely match {
+        case Some(ProcRelyVersion.Function) =>
+          if (libRelies.contains(d.target.name) && libGuarantees.contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) {
+            val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem))
+            val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1))
+            val libRGAssert = libRelies(d.target.name).map(r => BAssert(r.resolveSpecInv))
+            List(invCall1, invCall2) ++ libRGAssert
+          } else {
+            List()
+          }
+        case Some(ProcRelyVersion.IfCommandContradiction) => relyfun(d.target.name).toList
+        case None => List()
+      }) ++ List(call)
+    case i: IndirectCall => List(Comment(s"UNRESOLVED: call ${i.target.name}"), BAssert(FalseBLiteral))
   }
 
   def translate(s: Statement): List[BCmd] = s match {
+    case d: Call => translate(d)
     case m: NOP => List.empty
     case m: MemoryAssign =>
       val lhs = m.mem.toBoogie
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 6badc3cfe..b7fb1d7b1 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -29,6 +29,7 @@ import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
 import util.intrusive_list.IntrusiveList
 import analysis.CfgCommandNode
+import cilvisitor._
 
 import scala.annotation.tailrec
 import scala.collection.mutable
@@ -197,11 +198,13 @@ object IRTransform {
     }
     val externalRemover = ExternalRemover(externalNamesLibRemoved.toSet)
     val renamer = Renamer(boogieReserved)
-    val returnUnifier = ConvertToSingleProcedureReturn()
+
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
+    transforms.addReturnBlocks(ctx.program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
 
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
-    returnUnifier.visitProgram(ctx.program)
     ctx
   }
 
@@ -274,8 +277,8 @@ object IRTransform {
                   modified = true
 
                   // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-                  val newCall = DirectCall(targets.head, indirectCall.returnTarget, indirectCall.label)
-                  block.replaceJump(newCall)
+                  val newCall = DirectCall(targets.head, indirectCall.label)
+                  block.statements.replace(indirectCall, newCall) 
                 } else if (targets.size > 1) {
                   modified = true
                   val procedure = c.parent.data
@@ -283,10 +286,14 @@ object IRTransform {
                   for (t <- targets) {
                     val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
                     val newLabel: String = block.label + t.name
-                    val directCall = DirectCall(t, indirectCall.returnTarget)
+                    val directCall = DirectCall(t)
                     directCall.parent = indirectCall.parent
 
-                    newBlocks.append(Block(newLabel, None, ArrayBuffer(assume), directCall))
+                    // assume indircall is the last statement in block
+                    assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+                    val fallthrough = indirectCall.parent.jump
+
+                    newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
                   }
                   procedure.addBlocks(newBlocks)
                   val newCall = GoTo(newBlocks, indirectCall.label)
@@ -429,8 +436,8 @@ object IRTransform {
               modified = true
 
               // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-              val newCall = DirectCall(targets.head, indirectCall.returnTarget, indirectCall.label)
-              block.replaceJump(newCall)
+              val newCall = DirectCall(targets.head, indirectCall.label)
+              block.statements.replace(indirectCall, newCall)
             } else if (targets.size > 1) {
               modified = true
               val procedure = c.parent.data
@@ -448,17 +455,20 @@ object IRTransform {
                 addressExprs ::= addressExpr
                 val assume = Assume(addressExpr)
                 val newLabel: String = block.label + t.name
-                val directCall = DirectCall(t, indirectCall.returnTarget)
+                val directCall = DirectCall(t)
                 directCall.parent = indirectCall.parent
-                newBlocks.append(Block(newLabel, None, ArrayBuffer(assume), directCall))
+
+                assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+                val fallthrough = indirectCall.parent.jump
+                newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
               }
               procedure.addBlocks(newBlocks)
               val newCall = GoTo(newBlocks, indirectCall.label)
               val addressExprOr = addressExprs.tail.foldLeft(addressExprs.head) {
                 (a: BinaryExpr, b: BinaryExpr) => BinaryExpr(BoolOR, a, b)
               }
-              val assert = Assert(addressExprOr, Some("check indirect call underapproximation"))
-              block.statements.append(assert)
+              val assertion = Assert(addressExprOr, Some("check indirect call underapproximation"))
+              block.statements.append(assertion)
               block.replaceJump(newCall)
             }
           case _ =>
@@ -500,42 +510,40 @@ object IRTransform {
                   ): Unit = {
     
     // iterate over all commands - if call is to pthread_create, look up?
-    for (p <- program.procedures) {
-      for (b <- p.blocks) {
-        b.jump match {
-          case d: DirectCall if d.target.name == "pthread_create" =>
-
-            // R2 should hold the function pointer of the function that begins the thread
-            // look up R2 value using points to results
-            val R2 = Register("R2", 64)
-            val b = reachingDefs(d)
-            val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
-            val threadTargets = pointsTo(R2Wrapper)
-
-            if (threadTargets.size > 1) {
-              // currently can't handle case where the thread created is ambiguous
-              throw Exception("can't handle thread creation with more than one possible target")
-            }
+    program.foreach(c =>
+      c match {
+        case d: DirectCall if d.target.name == "pthread_create" =>
+
+          // R2 should hold the function pointer of the function that begins the thread
+          // look up R2 value using points to results
+          val R2 = Register("R2", 64)
+          val b = reachingDefs(d)
+          val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
+          val threadTargets = pointsTo(R2Wrapper)
+
+          if (threadTargets.size > 1) {
+            // currently can't handle case where the thread created is ambiguous
+            throw Exception("can't handle thread creation with more than one possible target")
+          }
 
-            if (threadTargets.size == 1) {
+          if (threadTargets.size == 1) {
 
-              // not trying to untangle the very messy region resolution at present, just dealing with simplest case
-              threadTargets.head match {
-                case data: DataRegion =>
-                  val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
-                    case Some(proc) => proc
-                    case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
-                  }
-                  val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
-                  program.threads.addOne(thread)
-                case _ =>
-                  throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
-              }
+            // not trying to untangle the very messy region resolution at present, just dealing with simplest case
+            threadTargets.head match {
+              case data: DataRegion =>
+                val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
+                  case Some(proc) => proc
+                  case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
+                }
+                val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
+                program.threads.addOne(thread)
+              case _ =>
+                throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
             }
-          case _ =>
-        }
-      }
-    }
+          }
+        case _ =>
+      })
+  
 
     if (program.threads.nonEmpty) {
       val mainThread = ProgramThread(program.mainProcedure, mutable.LinkedHashSet(program.mainProcedure), None)

From 3711e4d4de9c6f43227ba984990f26ae82a7bfb9 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 11:56:49 +1000
Subject: [PATCH 002/127] move transforms out of RunUtils.scala

---
 src/main/scala/analysis/Cfg.scala             |   4 +-
 src/main/scala/analysis/IDEAnalysis.scala     |   6 +-
 .../analysis/InterLiveVarsAnalysis.scala      |  10 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 src/main/scala/analysis/VSA.scala             |   2 +-
 .../scala/analysis/solvers/IDESolver.scala    |  40 +-
 src/main/scala/ir/IRCursor.scala              | 171 ++++-----
 src/main/scala/ir/Program.scala               |  38 +-
 src/main/scala/ir/Statement.scala             |   8 +-
 src/main/scala/ir/dsl/DSL.scala               |  39 +-
 .../ir/invariant/EarlyCallStatement.scala     |  15 +
 .../transforms/IndirectCallResolution.scala   | 295 +++++++++++++++
 .../scala/ir/transforms/ReplaceReturn.scala   |  10 +-
 .../scala/ir/transforms/SplitThreads.scala    |  84 +++++
 src/main/scala/translating/GTIRBToIR.scala    |   4 +-
 src/main/scala/translating/IRToBoogie.scala   |   2 +-
 src/main/scala/util/RunUtils.scala            | 356 +-----------------
 src/test/scala/IndirectCallsTests.scala       |  87 +++--
 src/test/scala/LiveVarsAnalysisTests.scala    | 129 ++++---
 src/test/scala/PointsToTest.scala             |  24 +-
 src/test/scala/ir/IRTest.scala                |  90 ++---
 src/test/scala/ir/SingleCallInvariant.scala   |  83 ++++
 22 files changed, 829 insertions(+), 672 deletions(-)
 create mode 100644 src/main/scala/ir/invariant/EarlyCallStatement.scala
 create mode 100644 src/main/scala/ir/transforms/IndirectCallResolution.scala
 create mode 100644 src/main/scala/ir/transforms/SplitThreads.scala
 create mode 100644 src/test/scala/ir/SingleCallInvariant.scala

diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala
index 59d512cd2..8807f2d2a 100644
--- a/src/main/scala/analysis/Cfg.scala
+++ b/src/main/scala/analysis/Cfg.scala
@@ -502,7 +502,7 @@ class ProgramCfgFactory:
             val targetProc: Procedure = dCall.target
             funcEntryNode.callers.add(procToCfg(targetProc)._1)
 
-            val callNode = CfgJumpNode(dCall, block, funcEntryNode)
+            val callNode : CfgJumpNode = s.asInstanceOf[CfgJumpNode]
 
             // Branch to this call
             cfg.addEdge(precNode, callNode)
@@ -523,7 +523,7 @@ class ProgramCfgFactory:
             Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
             var precNode = prevNode
 
-            val jmpNode = CfgJumpNode(iCall, block, funcEntryNode)
+            val jmpNode = s.asInstanceOf[CfgJumpNode]
             // Branch to this call
             cfg.addEdge(precNode, jmpNode)
 
diff --git a/src/main/scala/analysis/IDEAnalysis.scala b/src/main/scala/analysis/IDEAnalysis.scala
index e77627717..c7ce74559 100644
--- a/src/main/scala/analysis/IDEAnalysis.scala
+++ b/src/main/scala/analysis/IDEAnalysis.scala
@@ -1,6 +1,6 @@
 package analysis
 
-import ir.{CFGPosition, Command, DirectCall, GoTo, IndirectCall, Procedure, Program}
+import ir.{CFGPosition, Command, DirectCall, GoTo, Return, IndirectCall, Procedure, Program}
 
 final case class Lambda()
 
@@ -55,6 +55,6 @@ trait IDEAnalysis[E, EE, C, R, D, T, L <: Lattice[T]] {
 }
 
 // IndirectCall in these is because they are returns so that can be further tightened in future
-trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, IndirectCall, DirectCall, Command, D, T, L]
+trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, Return, DirectCall, Command, D, T, L]
 
-trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[IndirectCall, Procedure, Command, DirectCall, D, T, L]
+trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Return, Procedure, Command, DirectCall, D, T, L]
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index b20edf478..7a93266e8 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.BackwardIDESolver
-import ir.{Assert, Assume, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Procedure, Program, Variable, toShortString}
+import ir.{Assert, Assume, Block, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Halt, Return, Procedure, Program, Variable, toShortString}
 
 /**
  * Micro-transfer-functions for LiveVar analysis
@@ -19,7 +19,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
   val edgelattice: EdgeFunctionLattice[TwoElement, TwoElementLattice] = EdgeFunctionLattice(valuelattice)
   import edgelattice.{IdEdge, ConstEdge}
 
-  def edgesCallToEntry(call: Command, entry: IndirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToEntry(call: Command, entry: Return)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     Map(d -> IdEdge())
   }
 
@@ -74,7 +74,11 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
         d match
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
-      case _ => Map(d -> IdEdge())
+      case r: Return => Map(d -> IdEdge())
+      case h: Halt => Map(d -> IdEdge())
+      case c: DirectCall => Map(d -> IdEdge())
+      case c: Block => Map(d -> IdEdge())
+      case c: GoTo => Map(d -> IdEdge())
 
   }
 }
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index f3f322321..75fa1dbb0 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.SimpleWorklistFixpointSolver
-import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable}
+import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable, Return, Halt}
 
 abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
   val lattice: MapLattice[CFGPosition, Set[Variable], PowersetLattice[Variable]] = MapLattice(PowersetLattice())
@@ -18,6 +18,8 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case IndirectCall(variable, _) => s + variable
       case c: DirectCall => s
       case g: GoTo => s
+      case r: Return => s
+      case r: Halt => s
       case _ => ???
     }
   }
diff --git a/src/main/scala/analysis/VSA.scala b/src/main/scala/analysis/VSA.scala
index f7d9a55e7..734f9bf11 100644
--- a/src/main/scala/analysis/VSA.scala
+++ b/src/main/scala/analysis/VSA.scala
@@ -172,7 +172,7 @@ trait ValueSetAnalysis(program: Program,
     if (IRWalk.procedure(n) == n) {
       mmm.pushContext(n.asInstanceOf[Procedure].name)
       s
-    } else if (IRWalk.procedure(n).end == n) {
+    } else if (IRWalk.lastInProc(IRWalk.procedure(n)) == n) {
       mmm.popContext()
       s
     } else n match
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index 0dd981b30..7a581dbe4 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -1,7 +1,7 @@
 package analysis.solvers
 
 import analysis.{BackwardIDEAnalysis, Dependencies, EdgeFunction, EdgeFunctionLattice, ForwardIDEAnalysis, IDEAnalysis, IRInterproceduralBackwardDependencies, IRInterproceduralForwardDependencies, Lambda, Lattice, MapLattice}
-import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, InterProcIRCursor, Procedure, Program, end, isAfterCall, Halt, Statement, Jump}
+import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, Return, InterProcIRCursor, Procedure, Program, isAfterCall, Halt, Statement, Jump}
 import util.Logger
 
 import scala.collection.immutable.Map
@@ -204,10 +204,10 @@ abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C
 
 
 abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[Procedure, IndirectCall, DirectCall, Command, D, T, L](program, program.mainProcedure),
+  extends IDESolver[Procedure, Return, DirectCall, Command, D, T, L](program, program.mainProcedure),
     ForwardIDEAnalysis[D, T, L], IRInterproceduralForwardDependencies {
 
-  protected def entryToExit(entry: Procedure): IndirectCall = entry.end.asInstanceOf[IndirectCall]
+  protected def entryToExit(entry: Procedure): Return = IRWalk.lastInProc(entry).asInstanceOf[Return]
 
   protected def exitToEntry(exit: IndirectCall): Procedure = IRWalk.procedure(exit)
 
@@ -218,7 +218,10 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
     case r: Jump => ret.parent.statements.last.asInstanceOf[DirectCall]
   }
 
-  protected def getCallee(call: DirectCall): Procedure = call.target
+  protected def getCallee(call: DirectCall): Procedure = {
+    require(isCall(call))
+    call.target
+  }
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
@@ -228,41 +231,46 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
       // only looking at functions with statements
-      case command: Command => IRWalk.procedure(command).end == command
+      case command: Command => IRWalk.lastInProc(IRWalk.procedure(command)) == command
       case _ => false
 
   protected def getAfterCalls(exit: IndirectCall): Set[Command] =
     InterProcIRCursor.succ(exit).filter(_.isInstanceOf[Command]).map(_.asInstanceOf[Command])
-
 }
 
 
 abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[IndirectCall, Procedure, Command, DirectCall, D, T, L](program, program.mainProcedure.end),
+  extends IDESolver[Return, Procedure, Command, DirectCall, D, T, L](program, IRWalk.lastInProc(program.mainProcedure)),
     BackwardIDEAnalysis[D, T, L], IRInterproceduralBackwardDependencies {
 
-  protected def entryToExit(entry: IndirectCall): Procedure = IRWalk.procedure(entry)
+  protected def entryToExit(entry: Return): Procedure = IRWalk.procedure(entry)
 
-  protected def exitToEntry(exit: Procedure): IndirectCall = exit.end.asInstanceOf[IndirectCall]
+  protected def exitToEntry(exit: Procedure): Return = exit.returnBlock.get.jump.asInstanceOf[Return]
 
-  protected def callToReturn(call: Command): DirectCall = call match {
-    case ret: Statement => ret.parent.statements.getPrev(ret).asInstanceOf[DirectCall]
-    case r: Jump => r.parent.statements.last.asInstanceOf[DirectCall]
+  protected def callToReturn(call: Command): DirectCall =  {
+    IRWalk.prevCommandInBlock(call) match {
+      case Some(x : DirectCall) => x
+      case p => throw Exception(s"Not a return/aftercall node $call  .... prev = $p")
+    }
   }
 
   protected def returnToCall(ret: DirectCall): Command = ret.successor
 
-  protected def getCallee(call: Command): IndirectCall = callToReturn(call: Command).target.end.asInstanceOf[IndirectCall]
+  protected def getCallee(call: Command): Return = {
+    require(isCall(call))
+    val procCalled = callToReturn(call).target
+    procCalled.returnBlock.getOrElse(throw Exception(s"No return node for procedure ${procCalled}")).jump.asInstanceOf[Return]
+  }
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall => (!directCall.successor.isInstanceOf[Halt])
+      case c : Command => isAfterCall(c) && IRWalk.prevCommandInBlock(c).map(_.isInstanceOf[DirectCall]).getOrElse(false)
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
-      case procedure: Procedure => procedure.blocks.nonEmpty
+      case procedure: Procedure => true
       case _ => false
 
-  protected def getAfterCalls(exit: Procedure): Set[DirectCall] = InterProcIRCursor.pred(exit).filter(_.isInstanceOf[DirectCall]).map(_.asInstanceOf[DirectCall])
+  protected def getAfterCalls(exit: Procedure): Set[DirectCall] = exit.incomingCalls().toSet
 }
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 0e1dc9d93..690b57dea 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -14,12 +14,19 @@ import scala.annotation.tailrec
  */
 type CFGPosition = Procedure | Block | Command
 
+def isAfterCall(c: Command) = {
+  (IRWalk.prevCommandInBlock(c)) match {
+    case Some(c: Call) => true
+    case _             => false
+  }
+}
+
 extension (p: CFGPosition)
   def toShortString: String =
     p match
       case procedure: Procedure => procedure.toString
-      case block: Block => s"Block ${block.label}"
-      case command: Command => command.toString
+      case block: Block         => s"Block ${block.label}"
+      case command: Command     => command.toString
 
 // todo: we could just use the dependencies trait directly instead to avoid the instantiation issue
 trait IRWalk[IN <: CFGPosition, NT <: CFGPosition & IN] {
@@ -28,75 +35,79 @@ trait IRWalk[IN <: CFGPosition, NT <: CFGPosition & IN] {
 }
 
 object IRWalk:
-  def procedure(pos: CFGPosition) : Procedure = {
+
+  def prevCommandInBlock(c: Command): Option[Command] = c match {
+    case s: Statement => c.parent.statements.prevOption(s)
+    case j: Jump      => c.parent.statements.lastOption
+  }
+
+  def nextCommandInBlock(c: Command): Option[Command] = c match {
+    case s: Statement => Some(s.successor)
+    case j: Jump      => None
+  }
+
+  def procedure(pos: CFGPosition): Procedure = {
     pos match {
       case p: Procedure => p
-      case b: Block => b.parent
-      case c: Command => c.parent.parent
+      case b: Block     => b.parent
+      case c: Command   => c.parent.parent
     }
   }
 
-  def blockBegin(pos: CFGPosition) : Option[Block] = {
+  def blockBegin(pos: CFGPosition): Option[Block] = {
     pos match {
       case p: Procedure => p.entryBlock
-      case b: Block => Some(b)
-      case c: Command => Some(c.parent)
+      case b: Block     => Some(b)
+      case c: Command   => Some(c.parent)
     }
   }
 
-  def commandBegin(pos: CFGPosition) : Option[Command] = {
+  def commandBegin(pos: CFGPosition): Option[Command] = {
     pos match {
       case p: Procedure => p.entryBlock.map(b => b.statements.headOption.getOrElse(b.jump))
-      case b: Block => Some(b.statements.headOption.getOrElse(b.jump))
-      case c: Command => Some(c)
-    }
-  }
-
-extension (p: Command)
-  def isAfterCall : Boolean = {
-    p match {
-      case g: Jump => g.parent.statements.lastOption.map(_.isInstanceOf[Call]).getOrElse(false)
-      case g: Statement => g.parent.statements.prevOption(g).map(_.isInstanceOf[Call]).getOrElse(false)
+      case b: Block     => Some(b.statements.headOption.getOrElse(b.jump))
+      case c: Command   => Some(c)
     }
   }
 
-extension (p: Block) 
-  def isProcEntry : Boolean =  p.parent.entryBlock.contains(p)
-  def isProcReturn : Boolean = p.parent.returnBlock.contains(p)
-  // TODO: this method doesn't require aftercall blocks only have 1 incoming jump 
-  def isAfterCall : Boolean = p.incomingJumps.nonEmpty && p.incomingJumps.forall(_.isAfterCall)
+  def lastInBlock(p: Block): Command = p.jump
+  def firstInBlock(p: Block): Command = p.statements.headOption.getOrElse(p.jump)
 
-  def begin: CFGPosition = p
-  def end: CFGPosition = p.jump
+  def firstInProc(p: Procedure): Command = firstInBlock(p.entryBlock.get)
+  def lastInProc(p: Procedure): Command = lastInBlock(p.returnBlock.get)
 
-extension (p: Procedure)
-  def begin: CFGPosition = p
-  def end: CFGPosition = p.returnBlock.map(_.end).getOrElse(p)
+// extension (p: Block)
+//   def isProcEntry: Boolean = p.parent.entryBlock.contains(p)
+//   def isProcReturn: Boolean = p.parent.returnBlock.contains(p)
+// 
+//   def begin: CFGPosition = p
+//   def end: CFGPosition = p.jump
+// 
+// extension (p: Procedure)
+//   def begin: CFGPosition = p
+//   def end: CFGPosition = p.returnBlock.map(_.end).getOrElse(p)
 
-/**
- * Does not include edges between procedures.
- */
+/** Does not include edges between procedures.
+  */
 trait IntraProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
 
   def succ(pos: CFGPosition): Set[CFGPosition] = {
     pos match {
       case proc: Procedure => proc.entryBlock.toSet
-      case b: Block        => Set(b.statements.headOption.getOrElse(b.jump))
-      case s: Statement    =>  Set(s.successor)
+      case b: Block        => b.statements.headOption.orElse(Some(b.jump)).toSet
       case n: GoTo         => n.targets.asInstanceOf[Set[CFGPosition]]
       case h: Halt         => Set()
       case h: Return       => Set()
+      case c: Statement    => IRWalk.nextCommandInBlock(c).toSet
     }
   }
 
   def pred(pos: CFGPosition): Set[CFGPosition] = {
     pos match {
-      case s: Statement => Set(s.pred().getOrElse(s.parent))
-      case j: GoTo if j.isAfterCall  => Set(j.parent.jump)
-      case j: Jump => Set(j.parent.statements.lastOption.getOrElse(j.parent))
-      case b: Block if b.isProcEntry => Set(b.parent)
-      case b: Block => b.incomingJumps.asInstanceOf[Set[CFGPosition]]
-      case proc: Procedure => Set() // intraproc
+      case c: Command                => Set(IRWalk.prevCommandInBlock(c).getOrElse(c.parent))
+      case b: Block if b.isEntry     => Set(b.parent)
+      case b: Block                  => b.incomingJumps.asInstanceOf[Set[CFGPosition]]
+      case proc: Procedure           => Set() // intraproc
     }
   }
 }
@@ -117,70 +128,44 @@ trait IntraProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
   @tailrec
   final def pred(pos: CFGPosition): Set[Block] = {
     pos match {
-      case b: Block if b.isProcEntry => Set.empty
-      case b: Block  => b.incomingJumps.map(_.parent).toSet
-      case j: Command   => pred(j.parent)
-      case s: Procedure => Set.empty
+      case b: Block if b.isEntry     => Set.empty
+      case b: Block                  => b.incomingJumps.map(_.parent).toSet
+      case j: Command                => pred(j.parent)
+      case s: Procedure              => Set.empty
     }
   }
 }
 object IntraProcBlockIRCursor extends IntraProcBlockIRCursor
 
-/**
- * Includes all intraproc edges as well as edges between procedures.
- *
- * forwards:
- * Direct call -> target
- * return indirect Call -> the procedure return block for all possible direct-call sites
- *
- * backwards:
- * Procedure -> all possible direct-call sites
- * Call-return block -> return Call of the procedure called
- *
- */
+/** Includes all intraproc edges as well as edges between procedures.
+  *
+  * forwards: Direct call -> target return indirect Call -> the procedure return block for all possible direct-call
+  * sites
+  *
+  * backwards: Procedure -> all possible direct-call sites Call-return block -> return Call of the procedure called
+  */
 trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
 
   final def succ(pos: CFGPosition): Set[CFGPosition] = {
-  IntraProcIRCursor.succ(pos) ++
-    (pos match
-      case c: DirectCall if c.target.blocks.nonEmpty  => Set(c.target)
-      case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
-      case _ =>  Set.empty)
+    IntraProcIRCursor.succ(pos) ++
+      (pos match
+        case c: DirectCall if c.target.blocks.nonEmpty => Set(c.target)
+        // case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
+        case c: Return => c.parent.parent.incomingCalls().map(_.successor).toSet
+        case _         => Set.empty
+      )
   }
 
   final def pred(pos: CFGPosition): Set[CFGPosition] = {
     IntraProcIRCursor.pred(pos) ++
-    (pos match
-      case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
-      case c: Procedure       => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
-      case _ => Set.empty)
+      (pos match
+        case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
+        case c: Procedure                              => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
+        case _                                         => Set.empty
+      )
   }
 }
 
-// less meaningful with call statements 
-
-// trait InterProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
-// 
-//   final def succ(pos: CFGPosition): Set[Block] = {
-//     IntraProcBlockIRCursor.succ(pos) ++
-//     (pos match {
-//       case s: DirectCall if s.target.blocks.nonEmpty  => s.target.entryBlock.toSet
-//       case b: Block if b.isProcReturn => b.parent.incomingCalls().map(_.parent).toSet
-//       case _               => Set.empty 
-//     })
-//   }
-// 
-//   final def pred(pos: CFGPosition): Set[Block] = {
-//     IntraProcBlockIRCursor.pred(pos) ++
-//     (pos match {
-//       case b: Block if b.isAfterCall => b.incomingJumps.collect {_.parent.jump match 
-//           case d: DirectCall => d.target }.flatMap(_.returnBlock).toSet
-//       case b: Block if b.isProcEntry => b.parent.incomingCalls().map(_.parent).toSet
-//       case _ => Set.empty 
-//     })
-//   }
-// }
-
 object InterProcIRCursor extends InterProcIRCursor
 
 trait CallGraph extends IRWalk[Procedure, Procedure] {
@@ -268,17 +253,17 @@ def toDot[T <: CFGPosition](
 
   def getArrow(s: CFGPosition, n: CFGPosition) = {
     if (IRWalk.procedure(n) eq IRWalk.procedure(s)) {
-      DotRegularArrow(dotNodes(s),dotNodes(n))
+      DotRegularArrow(dotNodes(s), dotNodes(n))
     } else {
-      DotInterArrow(dotNodes(s),dotNodes(n))
+      DotInterArrow(dotNodes(s), dotNodes(n))
     }
   }
 
   for (node <- domain) {
     node match {
       case s =>
-        iterator.succ(s).foreach(n => dotArrows.addOne(getArrow(s,n)))
- //       iterator.pred(s).foreach(n => dotArrows.addOne(getArrow(s,n)))
+        iterator.succ(s).foreach(n => dotArrows.addOne(getArrow(s, n)))
+      //       iterator.pred(s).foreach(n => dotArrows.addOne(getArrow(s,n)))
     }
   }
 
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 577666e9f..ed61cba4f 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -5,6 +5,7 @@ import scala.collection.{IterableOnceExtensionMethods, View, immutable, mutable}
 import boogie.*
 import analysis.BitVectorEval
 import util.intrusive_list.*
+import translating.serialiseIL
 
 class Program(var procedures: ArrayBuffer[Procedure],
               var mainProcedure: Procedure,
@@ -13,6 +14,10 @@ class Program(var procedures: ArrayBuffer[Procedure],
 
   val threads: ArrayBuffer[ProgramThread] = ArrayBuffer()
 
+  override def toString(): String = {
+    serialiseIL(this)
+  }
+
   // This shouldn't be run before indirect calls are resolved
   def stripUnreachableFunctions(depth: Int = Int.MaxValue): Unit = {
     val procedureCalleeNames = procedures.map(f => f.name -> f.calls.map(_.name)).toMap
@@ -141,7 +146,7 @@ class Program(var procedures: ArrayBuffer[Procedure],
 
       stack.pushAll(n match {
         case p: Procedure => p.blocks
-        case b: Block => Seq() ++ b.statements ++ Seq(b.jump)
+        case b: Block => Seq() ++ b.statements.toSeq ++ Seq(b.jump)
         case s: Command => Seq()
       })
       n
@@ -209,7 +214,7 @@ class Procedure private (
 
   def returnBlock_=(value: Block): Unit = {
     if (!returnBlock.contains(value)) {
-      removeBlocks(_returnBlock)
+      _returnBlock.foreach(removeBlocks(_))
       _returnBlock = Some(addBlocks(value))
     }
   }
@@ -218,7 +223,7 @@ class Procedure private (
 
   def entryBlock_=(value: Block): Unit = {
     if (!entryBlock.contains(value)) {
-      removeBlocks(_entryBlock)
+      _entryBlock.foreach(removeBlocks(_))
       _entryBlock = Some(addBlocks(value))
     }
   }
@@ -228,9 +233,6 @@ class Procedure private (
     if (!_blocks.contains(block)) {
       block.parent = this
       _blocks.add(block)
-      if (entryBlock.isEmpty) {
-        entryBlock = block
-      }
     }
     block
   }
@@ -289,28 +291,6 @@ class Procedure private (
     block
   }
 
-// unused
-//   /**
-//    * Remove blocks with the semantics of replacing them with a noop. The incoming jumps to this are replaced
-//    * with a jump(s) to this blocks jump target(s). If this block ends in a call then only its statements are removed.
-//    * @param blocks the block/blocks to remove
-//    */
-//   def removeBlocksInline(blocks: Iterable[Block]): Unit = {
-//     for (elem <- blocks) {
-//       elem.jump match {
-//         case g: GoTo =>
-//           // rewrite all the jumps to include our jump targets
-//           elem.incomingJumps.foreach(_.removeTarget(elem))
-//           elem.incomingJumps.foreach(_.addAllTargets(g.targets))
-//           removeBlocks(elem)
-//       }
-//     }
-//   }
-// 
-// 
-//   def removeBlocksInline(blocks: Block*): Unit = {
-//     removeBlocksInline(blocks.toSeq)
-//   }
 
   /**
    * Remove block(s) and all jumps that target it
@@ -389,6 +369,8 @@ class Block private (
     this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty)
   }
 
+  def isEntry: Boolean = parent.entryBlock.contains(this)
+
   def jump: Jump = _jump
 
   private def jump_=(j: Jump): Unit = {
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 74aaa18b5..2dea68f46 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -83,6 +83,7 @@ sealed trait Jump extends Command {
 }
 
 class Halt(override val label: Option[String] = None) extends Jump {
+  /* Terminate / No successors / assume false */
   override def acceptVisit(visitor: Visitor): Jump = this
 }
 
@@ -136,7 +137,12 @@ object GoTo:
   def unapply(g: GoTo): Option[(Set[Block], Option[String])] = Some(g.targets, g.label)
 
 
-sealed trait Call extends Statement
+sealed trait Call extends Statement {
+  def returnTarget: Option[Command] = successor match {
+    case h: Halt => None
+    case o => Some(o)
+  }
+}
 
 class DirectCall(val target: Procedure,
                  override val label: Option[String] = None
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 3c55e2dfc..6a1b96742 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -14,7 +14,7 @@ val R7: Register = Register("R7", 64)
 val R29: Register = Register("R29", 64)
 val R30: Register = Register("R30", 64)
 val R31: Register = Register("R31", 64)
-val ret: EventuallyIndirectCall = EventuallyIndirectCall(Register("R30", 64), None)
+
 
 
 def bv32(i: Int): BitVecLiteral = BitVecLiteral(i, 32)
@@ -40,21 +40,21 @@ trait EventuallyStatement {
 }
 
 case class ResolvableStatement(s: Statement) extends EventuallyStatement {
-  override def resolve(p: Program) = s
+  override def resolve(p: Program) : Statement = s
 }
 
 trait EventuallyJump {
   def resolve(p: Program): Jump
 }
 
-case class EventuallyIndirectCall(target: Variable, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
-  override def resolve(p: Program): IndirectCall = {
+case class EventuallyIndirectCall(target: Variable) extends EventuallyStatement {
+  override def resolve(p: Program): Statement = {
     IndirectCall(target)
   }
 }
 
-case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
-  override def resolve(p: Program): DirectCall = {
+case class EventuallyCall(target: DelayNameResolve) extends EventuallyStatement {
+  override def resolve(p: Program): Statement = {
     val t = target.resolveProc(p) match {
       case Some(x) => x
       case None => throw Exception("can't resolve proc " + p)
@@ -63,12 +63,19 @@ case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNam
   }
 }
 
+
 case class EventuallyGoto(targets: List[DelayNameResolve]) extends EventuallyJump {
   override def resolve(p: Program): GoTo = {
     val tgs = targets.flatMap(tn => tn.resolveBlock(p))
     GoTo(tgs)
   }
 }
+case class EventuallyReturn() extends EventuallyJump {
+  override def resolve(p: Program) = Return()
+}
+case class EventuallyHalt() extends EventuallyJump  {
+  override def resolve(p: Program) = Halt()
+}
 
 def goto(): EventuallyGoto = EventuallyGoto(List.empty)
 
@@ -76,13 +83,16 @@ def goto(targets: String*): EventuallyGoto = {
   EventuallyGoto(targets.map(p => DelayNameResolve(p)).toList)
 }
 
+def ret: EventuallyReturn = EventuallyReturn()
+def halt: EventuallyHalt= EventuallyHalt()
+
 def goto(targets: List[String]): EventuallyGoto = {
   EventuallyGoto(targets.map(p => DelayNameResolve(p)))
 }
 
-def directCall(tgt: String, fallthrough: Option[String]): EventuallyCall = EventuallyCall(DelayNameResolve(tgt), fallthrough.map(x => DelayNameResolve(x)))
+def directCall(tgt: String): EventuallyCall = EventuallyCall(DelayNameResolve(tgt))
 
-def indirectCall(tgt: Variable, fallthrough: Option[String]): EventuallyIndirectCall = EventuallyIndirectCall(tgt, fallthrough.map(x => DelayNameResolve(x)))
+def indirectCall(tgt: Variable): EventuallyIndirectCall = EventuallyIndirectCall(tgt)
 // def directcall(tgt: String) = EventuallyCall(DelayNameResolve(tgt), None)
 
 
@@ -90,16 +100,20 @@ case class EventuallyBlock(label: String, sl: Seq[EventuallyStatement], j: Event
   val tempBlock: Block = Block(label, None, List(), GoTo(List.empty))
 
   def resolve(prog: Program): Block = {
-    tempBlock.statements.addAll(sl.map(_.resolve(prog)))
+    val resolved = sl.map(_.resolve(prog))
+    tempBlock.statements.addAll(resolved)
     tempBlock.replaceJump(j.resolve(prog))
     tempBlock
   }
 }
 
 def block(label: String, sl: (Statement | EventuallyStatement | EventuallyJump)*): EventuallyBlock = {
-  val statements : Seq[EventuallyStatement] = sl.collect {
-    case s: Statement => ResolvableStatement(s)
-    case o: EventuallyStatement => o
+  val statements : Seq[EventuallyStatement] = sl.flatMap {
+    case s: Statement => Some(ResolvableStatement(s))
+    case o: EventuallyStatement => Some(o)
+    case o: EventuallyCall => Some(o)
+    case o: EventuallyIndirectCall => Some(o)
+    case g: EventuallyJump => None
   }
   val jump = sl.collectFirst {
     case j: EventuallyJump => j
@@ -113,6 +127,7 @@ case class EventuallyProcedure(label: String, blocks: Seq[EventuallyBlock]) {
   val jumps: Map[Block, EventuallyJump] = blocks.map(b => b.tempBlock -> b.j).toMap
 
   def resolve(prog: Program): Procedure = {
+    blocks.foreach(b => b.resolve(prog))
     jumps.map((b, j) => b.replaceJump(j.resolve(prog)))
     tempProc
   }
diff --git a/src/main/scala/ir/invariant/EarlyCallStatement.scala b/src/main/scala/ir/invariant/EarlyCallStatement.scala
new file mode 100644
index 000000000..bb4504343
--- /dev/null
+++ b/src/main/scala/ir/invariant/EarlyCallStatement.scala
@@ -0,0 +1,15 @@
+package ir.invariant
+import ir._
+
+
+def singleCallBlockEnd(p: Program) : Boolean = {
+  p.forall {
+    case b: Block => {
+      val calls = (b.statements.collect {
+        case c: Call => b.statements.lastOption.contains(c)
+      })
+      (calls.size <= 1) && calls.headOption.getOrElse(true)
+    }
+    case _ => true
+  }
+}
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
new file mode 100644
index 000000000..e9c9fddf7
--- /dev/null
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -0,0 +1,295 @@
+package ir.transforms
+
+
+
+import scala.collection.mutable.ListBuffer
+import scala.collection.mutable.ArrayBuffer
+import analysis.solvers.*
+import analysis.*
+import bap.*
+import ir.*
+import translating.*
+import util.Logger
+import util.intrusive_list.IntrusiveList
+import analysis.CfgCommandNode
+import scala.collection.mutable
+import cilvisitor._
+
+
+/** Resolve indirect calls to an address-conditional choice between direct calls using the Value Set Analysis results.
+ *  Dead code, and currently broken by statement calls 
+ *
+def resolveIndirectCalls(
+    cfg: ProgramCfg,
+    valueSets: Map[CfgNode, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]],
+    IRProgram: Program
+): Boolean = {
+  var modified: Boolean = false
+  val worklist = ListBuffer[CfgNode]()
+  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
+
+  val visited = mutable.Set[CfgNode]()
+  while (worklist.nonEmpty) {
+    val node = worklist.remove(0)
+    if (!visited.contains(node)) {
+      process(node)
+      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
+      visited.add(node)
+    }
+  }
+
+  def process(n: CfgNode): Unit = n match {
+    /*
+    case c: CfgStatementNode =>
+      c.data match
+
+      //We do not want to insert the VSA results into the IR like this
+        case localAssign: Assign =>
+          localAssign.rhs match
+            case _: MemoryLoad =>
+              if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size == 1) {
+                val extractedValue = extractExprFromValue(valueSets(n).get(localAssign.lhs).head.head)
+                localAssign.rhs = extractedValue
+                Logger.info(s"RESOLVED: Memory load ${localAssign.lhs} resolved to ${extractedValue}")
+              } else if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size > 1) {
+                Logger.info(s"RESOLVED: WARN Memory load ${localAssign.lhs} resolved to multiple values, cannot replace")
+
+                /*
+                // must merge into a single memory variable to represent the possible values
+                // Make a binary OR of all the possible values takes two at a time (incorrect to do BVOR)
+                val values = valueSets(n).get(localAssign.lhs).head
+                val exprValues = values.map(extractExprFromValue)
+                val result = exprValues.reduce((a, b) => BinaryExpr(BVOR, a, b)) // need to express nondeterministic
+                                                                                 // choice between these specific options
+                localAssign.rhs = result
+     */
+              }
+            case _ =>
+     */
+    case c: CfgJumpNode =>
+      val block = c.block
+      c.data match
+        case indirectCall: IndirectCall =>
+          if (block.jump != indirectCall) {
+            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
+            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
+            // to replace.
+            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
+            return
+          }
+          valueSets(n) match {
+            case Lift(valueSet) =>
+              val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted
+              val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head)
+
+              if (targets.size == 1) {
+                modified = true
+
+                // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
+                val newCall = DirectCall(targets.head, indirectCall.label)
+                block.statements.replace(indirectCall, newCall) 
+              } else if (targets.size > 1) {
+                modified = true
+                val procedure = c.parent.data
+                val newBlocks = ArrayBuffer[Block]()
+                for (t <- targets) {
+                  val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
+                  val newLabel: String = block.label + t.name
+                  val directCall = DirectCall(t)
+                  directCall.parent = indirectCall.parent
+
+                  // assume indircall is the last statement in block
+                  assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+                  val fallthrough = indirectCall.parent.jump
+
+                  newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
+                }
+                procedure.addBlocks(newBlocks)
+                val newCall = GoTo(newBlocks, indirectCall.label)
+                block.replaceJump(newCall)
+              }
+            case LiftedBottom =>
+          }
+        case _ =>
+    case _ =>
+  }
+
+  def nameExists(name: String): Boolean = {
+    IRProgram.procedures.exists(_.name.equals(name))
+  }
+
+  def addFakeProcedure(name: String): Unit = {
+    IRProgram.procedures += Procedure(name)
+  }
+
+  def resolveAddresses(valueSet: Set[Value]): Set[AddressValue] = {
+    var functionNames: Set[AddressValue] = Set()
+    valueSet.foreach {
+      case globalAddress: GlobalAddress =>
+        if (nameExists(globalAddress.name)) {
+          functionNames += globalAddress
+          Logger.info(s"RESOLVED: Call to Global address ${globalAddress.name} rt statuesolved.")
+        } else {
+          addFakeProcedure(globalAddress.name)
+          functionNames += globalAddress
+          Logger.info(s"Global address ${globalAddress.name} does not exist in the program.  Added a fake function.")
+        }
+      case localAddress: LocalAddress =>
+        if (nameExists(localAddress.name)) {
+          functionNames += localAddress
+          Logger.info(s"RESOLVED: Call to Local address ${localAddress.name}")
+        } else {
+          addFakeProcedure(localAddress.name)
+          functionNames += localAddress
+          Logger.info(s"Local address ${localAddress.name} does not exist in the program. Added a fake function.")
+        }
+      case _ =>
+    }
+    functionNames
+  }
+
+  modified
+}
+
+  */
+
+def resolveIndirectCallsUsingPointsTo(
+   cfg: ProgramCfg,
+   pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
+   regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
+   reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
+   IRProgram: Program
+ ): Boolean = {
+  var modified: Boolean = false
+  val worklist = ListBuffer[CfgNode]()
+  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
+
+  val visited = mutable.Set[CfgNode]()
+  while (worklist.nonEmpty) {
+    val node = worklist.remove(0)
+    if (!visited.contains(node)) {
+      process(node)
+      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
+      visited.add(node)
+    }
+  }
+
+  def searchRegion(region: MemoryRegion): mutable.Set[String] = {
+    val result = mutable.Set[String]()
+    region match {
+      case stackRegion: StackRegion =>
+        if (regionContents.contains(stackRegion)) {
+          for (c <- regionContents(stackRegion)) {
+            c match {
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case memoryRegion: MemoryRegion =>
+                result.addAll(searchRegion(memoryRegion))
+            }
+          }
+        }
+        result
+      case dataRegion: DataRegion =>
+        if (!regionContents.contains(dataRegion) || regionContents(dataRegion).isEmpty) {
+          result.add(dataRegion.regionIdentifier)
+        } else {
+          result.add(dataRegion.regionIdentifier) // TODO: may need to investigate if we should add the parent region
+          for (c <- regionContents(dataRegion)) {
+            c match {
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case memoryRegion: MemoryRegion =>
+                result.addAll(searchRegion(memoryRegion))
+            }
+          }
+        }
+        result
+    }
+  }
+
+  def addFakeProcedure(name: String): Procedure = {
+    val newProcedure = Procedure(name)
+    IRProgram.procedures += newProcedure
+    newProcedure
+  }
+
+  def resolveAddresses(variable: Variable, i: IndirectCall): mutable.Set[String] = {
+    val names = mutable.Set[String]()
+    val variableWrapper = RegisterVariableWrapper(variable, getUse(variable, i, reachingDefs))
+    pointsTos.get(variableWrapper) match {
+      case Some(value) =>
+        value.map {
+          case v: RegisterVariableWrapper => names.addAll(resolveAddresses(v.variable, i))
+          case m: MemoryRegion => names.addAll(searchRegion(m))
+        }
+        names
+      case None => names
+    }
+  }
+
+  def process(n: CfgNode): Unit = n match {
+    case c: CfgJumpNode =>
+      val block = c.block
+      c.data match
+        // don't try to resolve returns
+        case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
+          if (!indirectCall.hasParent) {
+            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
+            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
+            // to replace.
+            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
+            return
+          }
+          assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+
+          val targetNames = resolveAddresses(indirectCall.target, indirectCall)
+          Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
+          Logger.debug(IRProgram.procedures)
+          val targets: mutable.Set[Procedure] = targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
+
+          if (targets.size > 1) {
+            Logger.info(s"Resolved indirect call $indirectCall")
+          }
+
+
+          if (targets.size == 1) {
+            modified = true
+
+            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
+            val newCall = DirectCall(targets.head, indirectCall.label)
+            block.statements.replace(indirectCall, newCall)
+          } else if (targets.size > 1) {
+
+            val oft = indirectCall.parent.jump
+
+            modified = true
+            val procedure = c.parent.data
+            val newBlocks = ArrayBuffer[Block]()
+            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
+            for (t <- targets) {
+              Logger.debug(targets)
+              val address = t.address.match {
+                case Some(a) => a
+                case None => throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
+              }
+              val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
+              val newLabel: String = block.label + t.name
+              val directCall = DirectCall(t)
+
+              /* copy the goto node resulting */
+              val fallthrough = oft match {
+                case g: GoTo => GoTo(g.targets, g.label)
+                case h: Halt => Halt()
+                case r: Return => Return()
+              }
+              newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
+            }
+            block.statements.remove(indirectCall)
+            procedure.addBlocks(newBlocks)
+            val newCall = GoTo(newBlocks, indirectCall.label)
+            block.replaceJump(newCall)
+          }
+        case _ =>
+    case _ =>
+  }
+
+  modified
+}
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index 61b276833..91681ab8e 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -28,11 +28,15 @@ class ReplaceReturns extends CILVisitor {
 }
 
 
-def addReturnBlocks(p: Program) = {
+def addReturnBlocks(p: Program, toAll: Boolean = false) = {
   p.procedures.foreach(p => {
     val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
-    if (containsReturn) {
-      p.returnBlock = p.addBlocks(Block(label=p.name + "_return",jump=Return()))
+    if (toAll && p.blocks.isEmpty && p.entryBlock.isEmpty && p.returnBlock.isEmpty) {
+      Logger.info(s"proc ${p.name} ${p.entryBlock}, ${p.returnBlock}")
+      p.returnBlock = (Block(label=p.name + "_basil_return",jump=Return()))
+      p.entryBlock = (Block(label=p.name + "_basil_entry",jump=GoTo(p.returnBlock.get)))
+    } else if (p.returnBlock.isEmpty && (toAll || containsReturn)) {
+      p.returnBlock = p.addBlocks(Block(label=p.name + "_basil_return",jump=Return()))
     }
   })
 }
diff --git a/src/main/scala/ir/transforms/SplitThreads.scala b/src/main/scala/ir/transforms/SplitThreads.scala
new file mode 100644
index 000000000..7f36fdb3c
--- /dev/null
+++ b/src/main/scala/ir/transforms/SplitThreads.scala
@@ -0,0 +1,84 @@
+package ir.transforms
+
+import scala.collection.mutable.ListBuffer
+import scala.collection.mutable.ArrayBuffer
+import analysis.solvers.*
+import analysis.*
+import bap.*
+import ir.*
+import translating.*
+import util.Logger
+import java.util.Base64
+import spray.json.DefaultJsonProtocol.*
+import util.intrusive_list.IntrusiveList
+import analysis.CfgCommandNode
+import scala.collection.mutable
+import cilvisitor._
+
+// identify calls to pthread_create
+// use analysis result to determine the third parameter's value (the function pointer)
+// split off that procedure into new thread
+// do reachability analysis
+// also need a bit in the IR where it creates separate files
+def splitThreads(program: Program,
+                 pointsTo: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
+                 regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
+                 reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+                ): Unit = {
+  
+  // iterate over all commands - if call is to pthread_create, look up?
+  program.foreach(c =>
+    c match {
+      case d: DirectCall if d.target.name == "pthread_create" =>
+
+        // R2 should hold the function pointer of the function that begins the thread
+        // look up R2 value using points to results
+        val R2 = Register("R2", 64)
+        val b = reachingDefs(d)
+        val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
+        val threadTargets = pointsTo(R2Wrapper)
+
+        if (threadTargets.size > 1) {
+          // currently can't handle case where the thread created is ambiguous
+          throw Exception("can't handle thread creation with more than one possible target")
+        }
+
+        if (threadTargets.size == 1) {
+
+          // not trying to untangle the very messy region resolution at present, just dealing with simplest case
+          threadTargets.head match {
+            case data: DataRegion =>
+              val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
+                case Some(proc) => proc
+                case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
+              }
+              val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
+              program.threads.addOne(thread)
+            case _ =>
+              throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
+          }
+        }
+      case _ =>
+    })
+
+
+  if (program.threads.nonEmpty) {
+    val mainThread = ProgramThread(program.mainProcedure, mutable.LinkedHashSet(program.mainProcedure), None)
+    program.threads.addOne(mainThread)
+
+    val programProcs = program.procedures
+
+    // do reachability for all threads
+    for (thread <- program.threads) {
+      val reachable = thread.entry.reachableFrom
+
+      // add procedures to thread in way that maintains original ordering
+      for (p <- programProcs) {
+        if (reachable.contains(p)) {
+          thread.procedures.add(p)
+        }
+      }
+
+    }
+  }
+}
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index f7589905c..ad090eb90 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -364,6 +364,8 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // need to copy jump as it can't have multiple parents
       val jumpCopy = currentBlock.jump match {
         case GoTo(targets, label) => GoTo(targets, label)
+        case h: Halt => Halt()
+        case r: Return => Return() 
         case _ => throw Exception("this shouldn't be reachable")
       }
       trueBlock.replaceJump(currentBlock.jump)
@@ -440,7 +442,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       case EdgeLabel(false, _, Type_Return, _) =>
         // return statement, value of 'direct' is just whether DDisasm has resolved the return target
         removePCAssign(block)
-        (Some(IndirectCall(Register("R30", 64), None)), Halt())
+        (None, Return())
       case EdgeLabel(false, true, Type_Fallthrough, _) =>
         // end of block that doesn't end in a control flow instruction and falls through to next
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index b654fa031..e37f9ce92 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -650,7 +650,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
     case r: Return => List(ReturnCmd)
-    case r: Halt => List(BAssert(FalseBLiteral))
+    case r: Halt => List(BAssume(FalseBLiteral))
   }
 
   def translate(j: Call): List[BCmd] = j match {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index b7fb1d7b1..059701ab2 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -200,7 +200,7 @@ object IRTransform {
     val renamer = Renamer(boogieReserved)
 
     cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
-    transforms.addReturnBlocks(ctx.program)
+    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
 
     externalRemover.visitProgram(ctx.program)
@@ -208,276 +208,6 @@ object IRTransform {
     ctx
   }
 
-  /** Resolve indirect calls to an address-conditional choice between direct calls using the Value Set Analysis results.
-    */
-  def resolveIndirectCalls(
-      cfg: ProgramCfg,
-      valueSets: Map[CfgNode, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]],
-      IRProgram: Program
-  ): Boolean = {
-    var modified: Boolean = false
-    val worklist = ListBuffer[CfgNode]()
-    cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-    val visited = mutable.Set[CfgNode]()
-    while (worklist.nonEmpty) {
-      val node = worklist.remove(0)
-      if (!visited.contains(node)) {
-        process(node)
-        node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
-        visited.add(node)
-      }
-    }
-
-    def process(n: CfgNode): Unit = n match {
-      /*
-      case c: CfgStatementNode =>
-        c.data match
-
-        //We do not want to insert the VSA results into the IR like this
-          case localAssign: Assign =>
-            localAssign.rhs match
-              case _: MemoryLoad =>
-                if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size == 1) {
-                  val extractedValue = extractExprFromValue(valueSets(n).get(localAssign.lhs).head.head)
-                  localAssign.rhs = extractedValue
-                  Logger.info(s"RESOLVED: Memory load ${localAssign.lhs} resolved to ${extractedValue}")
-                } else if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size > 1) {
-                  Logger.info(s"RESOLVED: WARN Memory load ${localAssign.lhs} resolved to multiple values, cannot replace")
-
-                  /*
-                  // must merge into a single memory variable to represent the possible values
-                  // Make a binary OR of all the possible values takes two at a time (incorrect to do BVOR)
-                  val values = valueSets(n).get(localAssign.lhs).head
-                  val exprValues = values.map(extractExprFromValue)
-                  val result = exprValues.reduce((a, b) => BinaryExpr(BVOR, a, b)) // need to express nondeterministic
-                                                                                   // choice between these specific options
-                  localAssign.rhs = result
-       */
-                }
-              case _ =>
-       */
-      case c: CfgJumpNode =>
-        val block = c.block
-        c.data match
-          case indirectCall: IndirectCall =>
-            if (block.jump != indirectCall) {
-              // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-              // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-              // to replace.
-              // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-              return
-            }
-            valueSets(n) match {
-              case Lift(valueSet) =>
-                val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted
-                val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head)
-
-                if (targets.size == 1) {
-                  modified = true
-
-                  // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-                  val newCall = DirectCall(targets.head, indirectCall.label)
-                  block.statements.replace(indirectCall, newCall) 
-                } else if (targets.size > 1) {
-                  modified = true
-                  val procedure = c.parent.data
-                  val newBlocks = ArrayBuffer[Block]()
-                  for (t <- targets) {
-                    val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
-                    val newLabel: String = block.label + t.name
-                    val directCall = DirectCall(t)
-                    directCall.parent = indirectCall.parent
-
-                    // assume indircall is the last statement in block
-                    assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-                    val fallthrough = indirectCall.parent.jump
-
-                    newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-                  }
-                  procedure.addBlocks(newBlocks)
-                  val newCall = GoTo(newBlocks, indirectCall.label)
-                  block.replaceJump(newCall)
-                }
-              case LiftedBottom =>
-            }
-          case _ =>
-      case _ =>
-    }
-
-    def nameExists(name: String): Boolean = {
-      IRProgram.procedures.exists(_.name.equals(name))
-    }
-
-    def addFakeProcedure(name: String): Unit = {
-      IRProgram.procedures += Procedure(name)
-    }
-
-    def resolveAddresses(valueSet: Set[Value]): Set[AddressValue] = {
-      var functionNames: Set[AddressValue] = Set()
-      valueSet.foreach {
-        case globalAddress: GlobalAddress =>
-          if (nameExists(globalAddress.name)) {
-            functionNames += globalAddress
-            Logger.info(s"RESOLVED: Call to Global address ${globalAddress.name} rt statuesolved.")
-          } else {
-            addFakeProcedure(globalAddress.name)
-            functionNames += globalAddress
-            Logger.info(s"Global address ${globalAddress.name} does not exist in the program.  Added a fake function.")
-          }
-        case localAddress: LocalAddress =>
-          if (nameExists(localAddress.name)) {
-            functionNames += localAddress
-            Logger.info(s"RESOLVED: Call to Local address ${localAddress.name}")
-          } else {
-            addFakeProcedure(localAddress.name)
-            functionNames += localAddress
-            Logger.info(s"Local address ${localAddress.name} does not exist in the program. Added a fake function.")
-          }
-        case _ =>
-      }
-      functionNames
-    }
-
-    modified
-  }
-
-  def resolveIndirectCallsUsingPointsTo(
-     cfg: ProgramCfg,
-     pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
-     regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
-     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
-     IRProgram: Program
-   ): Boolean = {
-    var modified: Boolean = false
-    val worklist = ListBuffer[CfgNode]()
-    cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-    val visited = mutable.Set[CfgNode]()
-    while (worklist.nonEmpty) {
-      val node = worklist.remove(0)
-      if (!visited.contains(node)) {
-        process(node)
-        node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
-        visited.add(node)
-      }
-    }
-
-    def searchRegion(region: MemoryRegion): mutable.Set[String] = {
-      val result = mutable.Set[String]()
-      region match {
-        case stackRegion: StackRegion =>
-          if (regionContents.contains(stackRegion)) {
-            for (c <- regionContents(stackRegion)) {
-              c match {
-                case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
-                case memoryRegion: MemoryRegion =>
-                  result.addAll(searchRegion(memoryRegion))
-              }
-            }
-          }
-          result
-        case dataRegion: DataRegion =>
-          if (!regionContents.contains(dataRegion) || regionContents(dataRegion).isEmpty) {
-            result.add(dataRegion.regionIdentifier)
-          } else {
-            result.add(dataRegion.regionIdentifier) // TODO: may need to investigate if we should add the parent region
-            for (c <- regionContents(dataRegion)) {
-              c match {
-                case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
-                case memoryRegion: MemoryRegion =>
-                  result.addAll(searchRegion(memoryRegion))
-              }
-            }
-          }
-          result
-      }
-    }
-
-    def addFakeProcedure(name: String): Procedure = {
-      val newProcedure = Procedure(name)
-      IRProgram.procedures += newProcedure
-      newProcedure
-    }
-
-    def resolveAddresses(variable: Variable, i: IndirectCall): mutable.Set[String] = {
-      val names = mutable.Set[String]()
-      val variableWrapper = RegisterVariableWrapper(variable, getUse(variable, i, reachingDefs))
-      pointsTos.get(variableWrapper) match {
-        case Some(value) =>
-          value.map {
-            case v: RegisterVariableWrapper => names.addAll(resolveAddresses(v.variable, i))
-            case m: MemoryRegion => names.addAll(searchRegion(m))
-          }
-          names
-        case None => names
-      }
-    }
-
-    def process(n: CfgNode): Unit = n match {
-      case c: CfgJumpNode =>
-        val block = c.block
-        c.data match
-          // don't try to resolve returns
-          case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
-            if (block.jump != indirectCall) {
-              // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-              // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-              // to replace.
-              // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-              return
-            }
-            val targetNames = resolveAddresses(indirectCall.target, indirectCall)
-            Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
-            Logger.debug(IRProgram.procedures)
-            val targets: mutable.Set[Procedure] = targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
-
-            if (targets.size == 1) {
-              modified = true
-
-              // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-              val newCall = DirectCall(targets.head, indirectCall.label)
-              block.statements.replace(indirectCall, newCall)
-            } else if (targets.size > 1) {
-              modified = true
-              val procedure = c.parent.data
-              val newBlocks = ArrayBuffer[Block]()
-              // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-              var addressExprs = List[BinaryExpr]()
-              for (t <- targets) {
-                Logger.debug(targets)
-                // TODO handle external procedures without a set address but this requires more information than the analysis gives at present
-                val address = t.address.match {
-                  case Some(a) => a
-                  case None => throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
-                }
-                val addressExpr = BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64))
-                addressExprs ::= addressExpr
-                val assume = Assume(addressExpr)
-                val newLabel: String = block.label + t.name
-                val directCall = DirectCall(t)
-                directCall.parent = indirectCall.parent
-
-                assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-                val fallthrough = indirectCall.parent.jump
-                newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-              }
-              procedure.addBlocks(newBlocks)
-              val newCall = GoTo(newBlocks, indirectCall.label)
-              val addressExprOr = addressExprs.tail.foldLeft(addressExprs.head) {
-                (a: BinaryExpr, b: BinaryExpr) => BinaryExpr(BoolOR, a, b)
-              }
-              val assertion = Assert(addressExprOr, Some("check indirect call underapproximation"))
-              block.statements.append(assertion)
-              block.replaceJump(newCall)
-            }
-          case _ =>
-      case _ =>
-    }
-
-    modified
-  }
-
   /** Cull unneccessary information that does not need to be included in the translation, and infer stack regions, and
     * add in modifies from the spec.
     */
@@ -496,75 +226,9 @@ object IRTransform {
 
     val specModifies = ctx.specification.subroutines.map(s => s.name -> s.modifies).toMap
     ctx.program.setModifies(specModifies)
+    assert(invariant.singleCallBlockEnd(ctx.program))
   }
 
-  // identify calls to pthread_create
-  // use analysis result to determine the third parameter's value (the function pointer)
-  // split off that procedure into new thread
-  // do reachability analysis
-  // also need a bit in the IR where it creates separate files
-  def splitThreads(program: Program,
-                   pointsTo: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
-                   regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
-                   reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
-                  ): Unit = {
-    
-    // iterate over all commands - if call is to pthread_create, look up?
-    program.foreach(c =>
-      c match {
-        case d: DirectCall if d.target.name == "pthread_create" =>
-
-          // R2 should hold the function pointer of the function that begins the thread
-          // look up R2 value using points to results
-          val R2 = Register("R2", 64)
-          val b = reachingDefs(d)
-          val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
-          val threadTargets = pointsTo(R2Wrapper)
-
-          if (threadTargets.size > 1) {
-            // currently can't handle case where the thread created is ambiguous
-            throw Exception("can't handle thread creation with more than one possible target")
-          }
-
-          if (threadTargets.size == 1) {
-
-            // not trying to untangle the very messy region resolution at present, just dealing with simplest case
-            threadTargets.head match {
-              case data: DataRegion =>
-                val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
-                  case Some(proc) => proc
-                  case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
-                }
-                val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
-                program.threads.addOne(thread)
-              case _ =>
-                throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
-            }
-          }
-        case _ =>
-      })
-  
-
-    if (program.threads.nonEmpty) {
-      val mainThread = ProgramThread(program.mainProcedure, mutable.LinkedHashSet(program.mainProcedure), None)
-      program.threads.addOne(mainThread)
-
-      val programProcs = program.procedures
-
-      // do reachability for all threads
-      for (thread <- program.threads) {
-        val reachable = thread.entry.reachableFrom
-
-        // add procedures to thread in way that maintains original ordering
-        for (p <- programProcs) {
-          if (reachable.contains(p)) {
-            thread.procedures.add(p)
-          }
-        }
-
-      }
-    }
-  }
 
 }
 
@@ -700,18 +364,20 @@ object StaticAnalysis {
     val memoryRegionContents = steensgaardSolver.getMemoryRegionContents
     mmm.logRegions(memoryRegionContents)
 
+    // turn fake procedures into diamonds
+    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     Logger.info("[!] Running VSA")
     val vsaSolver =
       ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
     Logger.info("[!] Running Interprocedural Live Variables Analysis")
-    //val interLiveVarsResults = InterLiveVarsAnalysis(IRProgram).analyze()
-    val interLiveVarsResults = Map[CFGPosition, Map[Variable, TwoElement]]()
+    val interLiveVarsResults = InterLiveVarsAnalysis(IRProgram).analyze()
+    // val interLiveVarsResults = Map[CFGPosition, Map[Variable, TwoElement]]()
 
     Logger.info("[!] Running Parameter Analysis")
-    //val paramResults = ParamAnalysis(IRProgram).analyze()
-    val paramResults = Map[Procedure, Set[Variable]]()
+    val paramResults = ParamAnalysis(IRProgram).analyze()
+    // val paramResults = Map[Procedure, Set[Variable]]()
 
     StaticAnalysisContext(
       cfg = cfg,
@@ -926,6 +592,7 @@ object RunUtils {
       val boogieTranslator = IRToBoogie(ctx.program, ctx.specification, None, q.outputPrefix)
       ArrayBuffer(boogieTranslator.translate(q.boogieTranslation))
     }
+    assert(invariant.singleCallBlockEnd(ctx.program))
 
     BASILResult(ctx, analysis, boogiePrograms)
   }
@@ -941,7 +608,7 @@ object RunUtils {
       val result = StaticAnalysis.analyse(ctx, config, iteration)
       analysisResult.append(result)
       Logger.info("[!] Replacing Indirect Calls")
-      modified = IRTransform.resolveIndirectCallsUsingPointsTo(result.cfg,
+      modified = transforms.resolveIndirectCallsUsingPointsTo(result.cfg,
         result.steensgaardResults,
         result.memoryRegionContents,
         result.reachingDefs,
@@ -956,7 +623,7 @@ object RunUtils {
     // should later move this to be inside while (modified) loop and have splitting threads cause further iterations
 
     if (config.threadSplit) {
-      IRTransform.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.memoryRegionContents, analysisResult.last.reachingDefs)
+      transforms.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.memoryRegionContents, analysisResult.last.reachingDefs)
     }
 
     config.analysisDotPath.foreach { s =>
@@ -964,6 +631,7 @@ object RunUtils {
       writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG.dot")
     }
 
+    assert(invariant.singleCallBlockEnd(ctx.program))
     Logger.info(s"[!] Finished indirect call resolution after $iteration iterations")
     analysisResult.last
   }
diff --git a/src/test/scala/IndirectCallsTests.scala b/src/test/scala/IndirectCallsTests.scala
index 60f7fdd67..15c635fc9 100644
--- a/src/test/scala/IndirectCallsTests.scala
+++ b/src/test/scala/IndirectCallsTests.scala
@@ -3,7 +3,7 @@ import ir.Endian.LittleEndian
 import org.scalatest.*
 import org.scalatest.funsuite.*
 import specification.*
-import util.{BASILConfig, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext}
+import util.{BASILConfig, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult}
 
 import java.io.IOException
 import java.nio.file.*
@@ -76,14 +76,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         // Traverse the statements in the main function
         result.ir.program.mainProcedure.blocks.foreach {
             block =>
-                block.jump match {
-                  case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+                block.statements.lastOption match {
+                  case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
                       val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
                       assert(callTransform._1 == directCall.target.name)
                       expectedCallTransform.remove(directCall.label.getOrElse(""))
-                  case _ =>
+                  case _ => 
                 }
         }
+        println(result.ir.program)
         assert(expectedCallTransform.isEmpty)
   }
 
@@ -113,14 +114,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
       result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -150,14 +152,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -193,14 +196,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -236,14 +240,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
       result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -278,14 +283,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -321,14 +327,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
       result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -341,7 +348,7 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         dumpIL = Some(tempPath + testName),
       ),
       outputPrefix = tempPath + testName,
-      staticAnalysis = Some(StaticAnalysisConfig(None, None, None)),
+      staticAnalysis = Some(StaticAnalysisConfig(Some("functionpointer"), None, None)),
     )
     val result = loadAndTranslate(basilConfig)
       /* in this example we must find:
@@ -356,17 +363,19 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         "l000004f3set_seven" -> ("set_seven", "R0")
       )
 
+    println("prev " + result.ir.program)
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(block.label) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(block.label) =>
               val callTransform = expectedCallTransform(block.label)
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(block.label)
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -397,14 +406,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(block.label) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(block.label) =>
               val callTransform = expectedCallTransform(block.label)
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(block.label)
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -431,18 +441,19 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         "l0000044dset_two" -> ("set_two", "R0"),
         "l0000044dset_seven" -> ("set_seven", "R0")
       )
+      result.ir.program.mainProcedure.blocks.foreach {
+          block =>
+            block.statements.lastOption match {
+              case Some(directCall: DirectCall) if expectedCallTransform.contains(block.label) =>
+                val callTransform = expectedCallTransform(block.label)
+                assert(callTransform._1 == directCall.target.name)
+                expectedCallTransform.remove(block.label)
+              case _ =>
+            }
+        }
 
       // Traverse the statements in the main function
-      result.ir.program.mainProcedure.blocks.foreach {
-        block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(block.label) =>
-              val callTransform = expectedCallTransform(block.label)
-              assert(callTransform._1 == directCall.target.name)
-              expectedCallTransform.remove(block.label)
-            case _ =>
-          }
-      }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -470,8 +481,8 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
       block =>
-        block.jump match {
-          case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+        block.statements.lastOption match {
+          case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
             val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
             assert(callTransform._1 == directCall.target.name)
             expectedCallTransform.remove(directCall.label.getOrElse(""))
@@ -505,8 +516,8 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
       block =>
-        block.jump match {
-          case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+        block.statements.lastOption match {
+          case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
             val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
             assert(callTransform._1 == directCall.target.name)
             expectedCallTransform.remove(directCall.label.getOrElse(""))
@@ -540,8 +551,8 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
       block =>
-        block.jump match {
-          case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+        block.statements.lastOption match {
+          case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
             val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
             assert(callTransform._1 == directCall.target.name)
             expectedCallTransform.remove(directCall.label.getOrElse(""))
@@ -550,4 +561,4 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     }
     assert(expectedCallTransform.isEmpty)
   }
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/LiveVarsAnalysisTests.scala b/src/test/scala/LiveVarsAnalysisTests.scala
index 443dc011f..e1b142001 100644
--- a/src/test/scala/LiveVarsAnalysisTests.scala
+++ b/src/test/scala/LiveVarsAnalysisTests.scala
@@ -1,12 +1,14 @@
 import analysis.{InterLiveVarsAnalysis, TwoElementTop}
 import ir.dsl.*
-import ir.{BitVecLiteral, BitVecType, ConvertToSingleProcedureReturn, dsl, Assign, LocalVar, Program, Register, Statement, Variable}
+import ir.{BitVecLiteral, BitVecType, dsl, Assign, LocalVar, Program, Register, Statement, Variable, transforms, cilvisitor, Procedure}
+import util.{Logger, LogLevel}
 import org.scalatest.funsuite.AnyFunSuite
 import test_util.TestUtil
 import util.BASILResult
 
 
 class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
+  Logger.setLevel(LogLevel.ERROR)
 
   def createSimpleProc(name: String, statements: Seq[Statement | EventuallyJump]): EventuallyProcedure = {
     proc(name,
@@ -31,10 +33,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         block("first_call",
           r0ConstantAssign,
           r1ConstantAssign,
-          directCall("callee1", Some("second_call"))
+          directCall("callee1"),
+          goto("second_call")
         ),
         block("second_call",
-          directCall("callee2", Some("returnBlock"))
+          directCall("callee2"),
+          goto("returnBlock")
         ),
         block("returnBlock",
           ret
@@ -44,15 +48,21 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       createSimpleProc("callee2", Seq(r2r1Assign))
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
 
+    // fix for DSA pairs of results?
     val procs = program.procs
-    assert(liveVarAnalysisResults(procs("main")) == Map(R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
+    println(liveVarAnalysisResults.filter((k,n) => k match {
+      case p => true
+      case _ => false
+    }))
+    // assert(liveVarAnalysisResults(procs("main")) == Map(R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop))
+    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop))
   }
 
 
@@ -69,10 +79,10 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         block("first_call",
           r0ConstantAssign,
           r1ConstantAssign,
-          directCall("callee1", Some("second_call"))
+          directCall("callee1"), goto("second_call")
         ),
         block("second_call",
-          directCall("callee2", Some("returnBlock"))
+          directCall("callee2"), goto("returnBlock")
         ),
         block("returnBlock",
           ret
@@ -82,15 +92,16 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       createSimpleProc("callee2", Seq(r2r1Assign))
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
 
     val procs = program.procs
-    assert(liveVarAnalysisResults(procs("main")) == Map(R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
+    // assert(liveVarAnalysisResults(procs("main")) == Map())
+    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop))
+    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop))
   }
 
   def twoCallers(): Unit = {
@@ -104,10 +115,10 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
       proc("main",
         block("main_first_call",
-          directCall("wrapper1", Some("main_second_call"))
+          directCall("wrapper1"), goto("main_second_call")
         ),
         block("main_second_call",
-          directCall("wrapper2", Some("main_return"))
+          directCall("wrapper2"), goto("main_return")
         ),
         block("main_return", ret)
       ),
@@ -117,30 +128,31 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       proc("wrapper1",
         block("wrapper1_first_call",
           Assign(R1, constant1),
-          directCall("callee", Some("wrapper1_second_call"))
+          directCall("callee"), goto("wrapper1_second_call")
         ),
         block("wrapper1_second_call",
-          directCall("callee2", Some("wrapper1_return"))),
+          directCall("callee2"), goto("wrapper1_return")),
         block("wrapper1_return", ret)
       ),
       proc("wrapper2",
         block("wrapper2_first_call",
           Assign(R2, constant1),
-          directCall("callee", Some("wrapper2_second_call"))
+          directCall("callee"), goto("wrapper2_second_call")
         ),
         block("wrapper2_second_call",
-          directCall("callee3", Some("wrapper2_return"))),
+          directCall("callee3"), goto("wrapper2_return")),
         block("wrapper2_return", ret)
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
-    assert(liveVarAnalysisResults(blocks("wrapper1_first_call").jump) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("wrapper2_first_call").jump) == Map(R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("wrapper1_first_call").jump) == Map(R1 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("wrapper2_first_call").jump) == Map(R2 -> TwoElementTop))
 
   }
 
@@ -148,7 +160,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
       proc("main",
         block("lmain",
-          directCall("killer", Some("aftercall"))
+          directCall("killer"), goto("aftercall")
         ),
         block("aftercall",
           Assign(R0, R1),
@@ -158,14 +170,15 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       createSimpleProc("killer", Seq(Assign(R1, bv64(1))))
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
 
-    assert(liveVarAnalysisResults(blocks("aftercall")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("lmain")) == Map(R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("aftercall")) == Map(R1 -> TwoElementTop))
+    // assert(liveVarAnalysisResults(blocks("lmain")) == Map())
   }
 
   def simpleBranch(): Unit = {
@@ -193,15 +206,16 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val blocks = program.blocks
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
 
-    assert(liveVarAnalysisResults(blocks("branch1")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("branch2")) == Map(R2 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("lmain")) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("branch1")) == Map(R1 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("branch2")) == Map(R2 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("lmain")) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop))
 
   }
 
@@ -212,7 +226,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         block(
           "lmain",
           Assign(R0, R1),
-          directCall("main", Some("return"))
+          directCall("main"), goto("return")
         ),
         block("return",
           Assign(R0, R2),
@@ -221,13 +235,14 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
 
-    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop))
   }
 
   def recursionBaseCase(): Unit = {
@@ -240,7 +255,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         ),
         block(
           "recursion",
-          directCall("main", Some("assign"))
+          directCall("main"), goto("assign")
         ),
         block("assign",
           Assign(R0, R2),
@@ -256,13 +271,14 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
 
-    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop))
   }
 
   test("differentCalleesBothAlive") {
@@ -299,7 +315,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // main has a parameter, R0 should be alive
-    assert(analysisResults(blocks("lmain")) == Map(R0 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lmain")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("function") {
@@ -309,9 +325,8 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
 
     // checks function call blocks
     assert(analysisResults(blocks("lmain")) == Map(R29 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("lget_two")) == Map(R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lget_two")) == Map(R31 -> TwoElementTop))
     assert(analysisResults(blocks("l00000946")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // aftercall block
-    assert(analysisResults(blocks("main_basil_return")) == Map(R30 -> TwoElementTop))
   }
 
 
@@ -323,9 +338,9 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
 
     // main has parameter, callee (zero) has return and no parameter
     assert(analysisResults(blocks("lmain")) == Map(R0 -> TwoElementTop, R29 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("lzero")) == Map(R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lzero")) == Map(R31 -> TwoElementTop))
     assert(analysisResults(blocks("l00000323")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // aftercall block
-    assert(analysisResults(blocks("zero_basil_return")) == Map(R0 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("zero_basil_return")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("function1") {
@@ -334,12 +349,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // main has no parameters, get_two has three and a return
-    assert(analysisResults(blocks("lmain")) == Map(R29 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("l000003ec")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
-    assert(analysisResults(blocks("l00000430")) == Map(R31 -> TwoElementTop)) // printf aftercall
-    assert(analysisResults(blocks("main_basil_return")) == Map(R30 -> TwoElementTop))
-    assert(analysisResults(blocks("lget_two")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("get_two_basil_return")) == Map(R0 -> TwoElementTop,  R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lmain").jump) == Map(R29 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("l000003ec").jump) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
+    assert(analysisResults(blocks("l00000430").jump) == Map(R31 -> TwoElementTop)) // printf aftercall
+    assert(analysisResults(blocks("main_basil_return").jump) == Map(R30 -> TwoElementTop))
+    assert(analysisResults(blocks("lget_two").jump) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("get_two_basil_return").jump) == Map(R0 -> TwoElementTop,  R30 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("ifbranches") {
@@ -348,11 +363,11 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // block after branch
-    assert(analysisResults(blocks("l00000342")) == Map(R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("l00000342")) == Map(R31 -> TwoElementTop))
     // branch blocks
     assert(analysisResults(blocks("lmain_goto_l00000330")) == Map(Register("ZF", 1) -> TwoElementTop,
-      R30 -> TwoElementTop, R31 -> TwoElementTop))
+      R31 -> TwoElementTop))
     assert(analysisResults(blocks("lmain_goto_l00000369")) == Map(Register("ZF", 1) -> TwoElementTop,
-      R30 -> TwoElementTop, R31 -> TwoElementTop))
+      R31 -> TwoElementTop))
   }
 }
diff --git a/src/test/scala/PointsToTest.scala b/src/test/scala/PointsToTest.scala
index 32131ed46..9534053a3 100644
--- a/src/test/scala/PointsToTest.scala
+++ b/src/test/scala/PointsToTest.scala
@@ -70,8 +70,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -99,8 +99,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
         )
       )
     )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -168,7 +168,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
           goto("0x1")
         ),
         block("0x1",
-          directCall("p2", Some("returntarget"))
+          directCall("p2"), goto("returntarget")
         ),
         block("returntarget",
           ret
@@ -186,8 +186,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -217,7 +217,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
           goto("0x1")
         ),
         block("0x1",
-          directCall("p2", Some("returntarget"))
+          directCall("p2"), goto("returntarget")
         ),
         block("returntarget",
           ret
@@ -227,7 +227,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
         block("l_foo",
           Assign(getRegister("R0"), MemoryLoad(mem, BinaryExpr(BVADD, getRegister("R31"), bv64(6)), LittleEndian, 64)),
           Assign(getRegister("R1"), BinaryExpr(BVADD, getRegister("R31"), bv64(10))),
-          directCall("p2", Some("l_foo_1"))
+          directCall("p2"), goto("l_foo_1")
         ),
         block("l_foo_1",
           ret,
@@ -245,8 +245,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -303,4 +303,4 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
 //
 //    runSteensgaardAnalysis(program, globals = globals, globalOffsets = globalOffsets)
 //  }
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/ir/IRTest.scala b/src/test/scala/ir/IRTest.scala
index 7c06315d3..7421c2a28 100644
--- a/src/test/scala/ir/IRTest.scala
+++ b/src/test/scala/ir/IRTest.scala
@@ -4,7 +4,9 @@ import scala.collection.mutable
 import scala.collection.immutable.*
 import org.scalatest.funsuite.AnyFunSuite
 import util.intrusive_list.*
+import translating.serialiseIL
 import ir.dsl.*
+import ir._
 
 class IRTest extends AnyFunSuite {
 
@@ -57,31 +59,6 @@ class IRTest extends AnyFunSuite {
 
   }
 
-  test("removeblockinline") {
-
-    val p = prog(
-      proc("main",
-        block("lmain",
-          goto("lmain1")
-        ),
-        block("lmain1",
-          goto("lmain2")),
-        block("lmain2",
-          ret)
-      )
-    )
-
-    val blocks = p.collect {
-      case b: Block => b.label -> b
-    }.toMap
-
-    p.procedures.head.removeBlocksInline(blocks("lmain1"))
-
-    blocks("lmain").singleSuccessor.contains(blocks("lmain2"))
-    blocks("lmain2").singlePredecessor.contains(blocks("lmain"))
-
-  }
-
   test("simple replace jump") {
 
     val p = prog(
@@ -142,7 +119,8 @@ class IRTest extends AnyFunSuite {
         ),
         block("l_main_1",
           Assign(R0, bv64(22)),
-          directCall("p2", Some("returntarget"))
+          directCall("p2"), 
+          goto("returntarget")
         ),
         block("returntarget",
           ret
@@ -154,34 +132,32 @@ class IRTest extends AnyFunSuite {
       )
     )
 
+
     val blocks = p.collect {
       case b: Block => b.label -> b
     }.toMap
 
-
     val directcalls = p.collect {
       case c: DirectCall => c
     }
 
-    assert(blocks("l_main_1").fallthrough.nonEmpty)
-    assert(p.toSet.contains(blocks("l_main_1").fallthrough.get))
-    assert(directcalls.forall(c => IntraProcIRCursor.succ(c).count(_.asInstanceOf[GoTo].isAfterCall) == 1))
-    assert(directcalls.forall(c => IntraProcBlockIRCursor.succ(c).count(_.isAfterCall) == 1))
+    assert(p.toSet.contains(blocks("l_main_1").jump))
+    assert(directcalls.forall(c => IntraProcIRCursor.succ(c).count(c => isAfterCall(c.asInstanceOf[Command])) == 1))
 
     val afterCalls = p.collect {
-      case b: Block if b.isAfterCall => b
+      case b: Command if isAfterCall(b) => b
     }.toSet
 
-    assert(afterCalls.toSet == Set(blocks("returntarget")))
+    assert(afterCalls.toSet == Set(blocks("l_main_1").jump))
     val aftercallGotos = p.collect {
-      case c: Jump if c.isAfterCall => c
+      case c: Command if isAfterCall(c) => c
     }.toSet
-    assert(aftercallGotos == Set(blocks("l_main_1").fallthrough.get))
+    // assert(aftercallGotos == Set(blocks("l_main_1").fallthrough.get))
 
     assert(1 == aftercallGotos.count(b => IntraProcIRCursor.pred(b).contains(blocks("l_main_1").jump)))
-    assert(1 == aftercallGotos.count(b => IntraProcIRCursor.succ(b).contains(blocks("l_main_1").fallthrough.map(_.targets.head).head)))
-
-    assert(afterCalls.forall(b => IntraProcBlockIRCursor.pred(b).contains(blocks("l_main_1"))))
+    assert(1 == aftercallGotos.count(b => IntraProcIRCursor.succ(b).contains(blocks("l_main_1").jump match {
+      case GoTo(targets, _) => targets.head
+    })))
 
   }
 
@@ -246,7 +222,8 @@ class IRTest extends AnyFunSuite {
       Assign(R0, bv64(22)),
       Assign(R0, bv64(22)),
       Assign(R0, bv64(22)),
-      directCall("main", None)
+      directCall("main"),
+      halt
     ).resolve(p)
     val b2 = block("newblock1",
       Assign(R0, bv64(22)),
@@ -271,7 +248,8 @@ class IRTest extends AnyFunSuite {
     assert(called.incomingCalls().isEmpty)
     val b3 = block("newblock3",
       Assign(R0, bv64(22)),
-      directCall("called", None)
+      directCall("called"),
+      halt
     ).resolve(p)
 
     assert(b3.calls.toSet == Set(p.procs("called")))
@@ -283,11 +261,11 @@ class IRTest extends AnyFunSuite {
     assert(!oldb.hasParent)
     assert(oldb.incomingJumps.isEmpty)
     assert(!blocks("lmain").jump.asInstanceOf[GoTo].targets.contains(oldb))
-    assert(called.incomingCalls().toSet == Set(b3.jump))
+    assert(called.incomingCalls().toSet == Set(b3.statements.last))
     assert(called.incomingCalls().map(_.parent.parent).toSet == called.callers().toSet)
     val olds = blocks.size
     p.mainProcedure.replaceBlock(b3, b3)
-    assert(called.incomingCalls().toSet == Set(b3.jump))
+    assert(called.incomingCalls().toSet == Set(b3.statements.last))
     assert(olds == blocks.size)
     p.mainProcedure.addBlocks(block("test", ret).resolve(p))
     assert(olds != blocks.size)
@@ -333,35 +311,35 @@ class IRTest extends AnyFunSuite {
       proc("main",
         block("l_main",
           Assign(R0, bv64(10)),
-          directCall("p1", Some("returntarget"))
+          directCall("p1"), goto("returntarget")
         ),
         block("returntarget",
           ret
         )
       ),
     )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    returnUnifier.visitProgram(p)
+
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), p)
+    transforms.addReturnBlocks(p)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), p)
 
     val next = InterProcIRCursor.succ(p.blocks("l_main").jump)
     val prev = InterProcIRCursor.pred(p.blocks("returntarget"))
 
     assert(prev.size == 1 && prev.collect {
-      case c : GoTo => (c.parent == p.blocks("l_main")) && c.isAfterCall
+      case c : GoTo => (c.parent == p.blocks("l_main"))
     }.contains(true))
 
-    assert(next == Set(p.procs("p1"), p.blocks("l_main").fallthrough.get))
+    // assert(next == Set(p.procs("p1"), p.blocks("l_main").fallthrough.get))
 
-    val prevB: Block = (p.blocks("l_main").jump match
-      case c: IndirectCall => c.returnTarget
-      case c: DirectCall => c.returnTarget
-      case _ => None
+    val prevB: Command = (p.blocks("l_main").statements.lastOption match
+      case Some(c: IndirectCall) => c.returnTarget
+      case Some(c: DirectCall) => c.returnTarget
+      case o => None
     ).get
 
-    assert(prevB.isAfterCall)
+    assert(isAfterCall(prevB))
     assert(InterProcIRCursor.pred(prevB).size == 1)
-    assert(InterProcIRCursor.pred(prevB).head == p.blocks("l_main").fallthrough.get)
-    assert(InterProcBlockIRCursor.pred(prevB).head == p.blocks("l_main"), p.procs("p1").returnBlock.get)
 
   }
 
@@ -374,10 +352,10 @@ class IRTest extends AnyFunSuite {
       ),
       proc("main",
         block("l_main",
-          indirectCall(R1, Some("returntarget"))
+          indirectCall(R1), goto("returntarget")
         ),
         block("block2",
-          directCall("p1", Some("returntarget"))
+          directCall("p1"), goto("returntarget")
         ),
         block("returntarget",
           ret
diff --git a/src/test/scala/ir/SingleCallInvariant.scala b/src/test/scala/ir/SingleCallInvariant.scala
new file mode 100644
index 000000000..d8efb6fc2
--- /dev/null
+++ b/src/test/scala/ir/SingleCallInvariant.scala
@@ -0,0 +1,83 @@
+package ir
+
+
+import ir.dsl._
+
+import org.scalatest.funsuite.AnyFunSuite
+class InvariantTest extends AnyFunSuite {
+
+  test("sat singleCallBlockEnd case") {
+    var program: Program = prog(
+      proc("main",
+        block("first_call",
+          Assign(R0, bv64(10)),
+          Assign(R1, bv64(10)),
+          directCall("callee1"),
+          ret 
+        ),
+        block("second_call",
+          Assign(R0, bv64(10)),
+          directCall("callee2"),
+          ret
+        ),
+        block("returnBlock",
+          ret
+        )
+      ),
+      proc("callee1", block("bye1", ret)),
+      proc("callee2", block("bye2", ret)),
+    )
+
+    assert(invariant.singleCallBlockEnd(program))
+  }
+
+  test("unsat singleCallBlockEnd 1 (two calls)") {
+    var program: Program = prog(
+      proc("main",
+        block("first_call",
+          Assign(R0, bv64(10)),
+          directCall("callee2"),
+          Assign(R1, bv64(10)),
+          directCall("callee1"),
+          ret 
+        ),
+        block("second_call",
+          Assign(R0, bv64(10)),
+          ret
+        ),
+        block("returnBlock",
+          ret
+        )
+      ),
+      proc("callee1", block("bye1", ret)),
+      proc("callee2", block("bye2", ret)),
+    )
+
+    assert(!invariant.singleCallBlockEnd(program))
+  }
+
+  test("unsat singleCallBlockEnd 2 (not at end)") {
+    var program: Program = prog(
+      proc("main",
+        block("first_call",
+          Assign(R0, bv64(10)),
+          Assign(R1, bv64(10)),
+          ret 
+        ),
+        block("second_call",
+          directCall("callee2"),
+          Assign(R0, bv64(10)),
+          ret
+        ),
+        block("returnBlock",
+          ret
+        )
+      ),
+      proc("callee1", block("bye1", ret)),
+      proc("callee2", block("bye2", ret)),
+    )
+
+    assert(!invariant.singleCallBlockEnd(program))
+  }
+
+}

From fd56c9a1a7485eb039861a48ba7986ae3bc20d1a Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 9 Aug 2024 16:43:58 +1000
Subject: [PATCH 003/127] remove old cfg

---
 src/main/scala/analysis/Cfg.scala             | 829 ------------------
 src/main/scala/analysis/Dependencies.scala    |  20 -
 .../analysis/InterLiveVarsAnalysis.scala      |   8 +-
 .../InterprocSteensgaardAnalysis.scala        |   4 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 .../scala/analysis/MemoryRegionAnalysis.scala |   6 +-
 .../scala/analysis/RegToMemAnalysis.scala     |  38 +-
 .../scala/analysis/solvers/IDESolver.scala    |  19 +-
 src/main/scala/cfg_visualiser/Output.scala    |  37 -
 src/main/scala/ir/IRCursor.scala              |  11 +-
 src/main/scala/ir/Interpreter.scala           |   4 +-
 src/main/scala/ir/Program.scala               |  39 +-
 src/main/scala/ir/Statement.scala             |   4 +-
 src/main/scala/ir/dsl/DSL.scala               |   8 +-
 .../transforms/IndirectCallResolution.scala   | 280 ++----
 .../scala/ir/transforms/ReplaceReturn.scala   |   3 +-
 .../scala/ir/transforms/SplitThreads.scala    |   1 -
 .../StripUnreachableFunctions.scala           |  38 +
 src/main/scala/translating/BAPToIR.scala      |   4 +-
 src/main/scala/translating/GTIRBToIR.scala    |  12 +-
 src/main/scala/translating/ILtoIL.scala       |  16 +-
 src/main/scala/translating/IRToBoogie.scala   |   2 +-
 src/main/scala/util/RunUtils.scala            | 142 +--
 src/test/scala/IndirectCallsTests.scala       |  11 -
 src/test/scala/LiveVarsAnalysisTests.scala    |  23 +-
 .../scala/MemoryRegionAnalysisMiscTest.scala  |   2 +-
 src/test/scala/ir/IRTest.scala                |   4 +-
 src/test/scala/ir/InterpreterTests.scala      |   2 +-
 28 files changed, 215 insertions(+), 1356 deletions(-)
 delete mode 100644 src/main/scala/analysis/Cfg.scala
 delete mode 100644 src/main/scala/cfg_visualiser/Output.scala
 create mode 100644 src/main/scala/ir/transforms/StripUnreachableFunctions.scala

diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala
deleted file mode 100644
index 8807f2d2a..000000000
--- a/src/main/scala/analysis/Cfg.scala
+++ /dev/null
@@ -1,829 +0,0 @@
-package analysis
-
-import scala.collection.mutable
-import ir.*
-import cfg_visualiser.{DotArrow, DotGraph, DotInlineArrow, DotInterArrow, DotIntraArrow, DotNode, DotRegularArrow}
-
-import scala.collection.mutable.{ArrayBuffer, ListBuffer}
-import scala.util.control.Breaks.break
-import util.Logger
-
-import scala.annotation.tailrec
-
-/** Node in the control-flow graph.
-  */
-object CfgNode:
-
-  var id: Int = 0
-
-  def nextId(): Int =
-    id += 1
-    id
-
-/** Node in the control-flow graph. Each node has a (simple incremental) unique identifier used to distinguish it from
-  * other nodes in the cfg - this is mainly used for copying procedure cfgs when inlining them.
-  *
-  * Each node will store four separate sets: ingoing/outgoing of both inter-/intra-procedural CFG edges. Both intra and
-  * inter will also store regular edges in the cfg. This is duplication of storage, however is done so knowingly.
-  *
-  * By separating sets into inter/intra we are able to return these directly without doing any processing. Alternative
-  * means of achieving this same behaviour would involve some form of set operations, or a filter operation, both of
-  * which can be expensive, especially as the successors/predecessors will be accessed frequently by analyses.
-  * Additionally, inspecting the space complexity of these sets, we note that their sizes should be relatively limited:
-  *   a. #(outgoing edges) <= 2 b. #(incoming edges) ~ N Thus in `succIntra` + `succInter` we have at most 4 elements.
-  *      For `predIntra` + `predInter` we have a maximum of 2N, resulting from the case that this node is a block entry
-  *      that is jumped to by N other nodes. It should be noted that in the majority of cases (statements which are
-  *      neither the start of blocks nor jumps), both sets will be of size 1, making the storage complexity negligible.
-  *      This is a point which can be optimised upon however.
-  *
-  * A node can have three main types of connected edges:
-  *   a. A regular edge A regular edge connects two statements which only relate to the current procedure's context. b.
-  *      Intra-procedural edge Intra-procedural edges connect a call node with the subsequent cfg node in a way that
-  *      bypasses dealing with the semantics of the callee - it is up to analyses to determine how to treat such a call.
-  *      c. Inter-procedural edge These are split into two cases:
-  *      i. Inline edge These connect call nodes with an inlined copy of the target's procedure body. The exit of the
-  *         target procedure's clone is also linked back to the caller via an inline edge. For an inline limit of `n`,
-  *         these are the inter-procedural edges for depth 0 <= i < n ii. Call edge These connect leaf call nodes (calls
-  *         which are not inlined) to the start of the independent cfg of the call's target. For an inline limit of `n`,
-  *         these are the inter-procedural edges at depth i == n.
-  */
-trait CfgNode:
-
-  /** Edges to this node from regular statements or ignored procedure calls.
-    *
-    */
-  val predIntra: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Edges to this node from procedure calls. Likely empty unless this node is a [[CfgFunctionEntryNode]]
-    *
-    */
-  val predInter: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Edges to successor nodes, either regular or ignored procedure calls
-    *
-    */
-  val succIntra: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Edges to successor procedure calls. Used when walking inter-proc cfg.
-    *
-    */
-  val succInter: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Unique identifier. */
-  val id: Int = CfgNode.nextId()
-  def copyNode(): CfgNode
-
-  override def equals(obj: scala.Any): Boolean =
-    obj match
-      case o: CfgNode => o.id == this.id
-      case _          => false
-
-  override def hashCode(): Int = id.hashCode()
-
-/** Control-flow graph node that additionally stores an AST node.
-  */
-trait CfgNodeWithData[T] extends CfgNode {
-  val data: T
-}
-
-/** Control-flow graph node for the entry of a function.
-  */
-class CfgFunctionEntryNode(val data: Procedure) extends CfgNodeWithData[Procedure]:
-  val callers: mutable.Set[CfgFunctionEntryNode] = mutable.Set[CfgFunctionEntryNode]()
-  override def toString: String = s"[FunctionEntry] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgFunctionEntryNode = CfgFunctionEntryNode(data)
-
-/** Control-flow graph node for the exit of a function.
-  */
-class CfgFunctionExitNode(val data: Procedure) extends CfgNodeWithData[Procedure]:
-  override def toString: String = s"[FunctionExit] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgFunctionExitNode = CfgFunctionExitNode(data)
-
-/** CFG node immediately proceeding a indirect call. This signifies that the call is a return from the current context
-  * (i.e., likely an indirect call to R30). Its purpose is to provide a way for analyses to identify whether they should
-  * return to the previous function context, if it is a context dependent analyses, and otherwise can be ignored.
-  *
-  * In the cfg we treat this as a stepping stone to `CfgFunctionExitNode`, as a way to emphasise that the current
-  * procedure has no functionality past this point.
-  */
-class CfgProcedureReturnNode() extends CfgNode:
-  override def toString: String = s"[ProcedureReturn]"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgProcedureReturnNode = CfgProcedureReturnNode()
-
-/** CFG node immediately proceeding a direct/indirect call, if that call has no specified return block. There are a few
-  * reasons this can occur:
-  *   a. It is not expected that the program will return from the callee b. The lifter has erroneously labelled a call
-  *      as a jump / mislabelled a function name, which was then not associated with a block in some later stage. This
-  *      happened with a call to `__gmon_start_`, which was optimised from a call to a jump which was incorrectly
-  *      interpreted by the lifter. c. The indirect call is some other form of return-to-caller (which does not use
-  *      R30). These are currently unhandled, and could potentially be integrated - e.g., sometimes R17 and R16 can be
-  *      used in a similar way to R30.
-  *      https://blog.tomzhao.me/wp-content/uploads/2021/08/Procedure_Call_Standard_in_Armv8_54f88cbfe905409aaff956ac2d1ad059.pdf
-  *
-  * In the cfg this is similarly used as a stepping stone to `CfgFunctionExitNode`.
-  */
-class CfgCallNoReturnNode() extends CfgNode:
-  override def toString: String = s"[Call NoReturn]"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgCallNoReturnNode = CfgCallNoReturnNode()
-
-/** CFG node immediately proceeding a direct/indirect call, if that call has a return location specified. This serves as
-  * a point for analysis to stop and process update their states after handling a procedure call before continuing
-  * within the current contex. For example, a context sensitive analysis will return to this node after reaching a
-  * procedure return within the caller. It will then restore and update its context from before the call, before
-  * continuing on within the original procedure.
-  *
-  * Effectively, this just splits a procedure call from a single `Jmp` node into two - the call, and the return point.
-  * Incoming edges to the `Jmp` are then incoming edges to the respective `CfgJumpnode`, and outgoing edges from the
-  * `Jmp` are then outgoing edges of the `CfgCallReturnNode`. It is functionally in the same spirit as
-  * `CfgCallNoReturnNode`, though handles the case that this procedure still has functionality to be explored.
-  */
-class CfgCallReturnNode() extends CfgNode:
-  override def toString: String = s"[Call Return]"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgCallReturnNode = CfgCallReturnNode()
-
-/** Control-flow graph node for a command (statement or jump).
-  */
-trait CfgCommandNode extends CfgNodeWithData[Command] {
-  override def copyNode(): CfgCommandNode
-  val block: Block
-  val parent: CfgFunctionEntryNode
-}
-
-/** CFG's representation of a single statement.
-  */
-class CfgStatementNode(
-    val data: Statement,
-    val block: Block,
-    val parent: CfgFunctionEntryNode
-) extends CfgCommandNode:
-  override def toString: String = s"[Stmt] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgStatementNode = CfgStatementNode(data, block, parent)
-
-/** CFG's representation of a jump. This is used as a general jump node, for both indirect and direct calls.
-  */
-class CfgJumpNode(
-    val data: Jump | DirectCall | IndirectCall,
-    val block: Block,
-    val parent: CfgFunctionEntryNode
-) extends CfgCommandNode:
-  override def toString: String = s"[Jmp] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgJumpNode = CfgJumpNode(data, block, parent)
-
-/** A general purpose node which in terms of the IR has no functionality, but can have purpose in the CFG. As example,
-  * this is used as a "block" start node for the case that a block contains no statements, but has a `GoTo` as its jump.
-  * In this case we introduce a ghost node as the start of the block for the case that some part of the program jumps
-  * back to this conditional jump (e.g. in the case of loops).
-  */
-class CfgGhostNode(
-    val block: Block,
-    val parent: CfgFunctionEntryNode,
-    val data: NOP
-) extends CfgCommandNode:
-  override def toString: String = s"[NOP] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgGhostNode = CfgGhostNode(block, parent, data)
-
-/** A control-flow graph. Nodes provide the ability to walk it as both an intra and inter procedural CFG.
-  */
-class ProgramCfg:
-
-  var startNode: CfgFunctionEntryNode = _
-  var nodes: mutable.Set[CfgNode] = mutable.Set()
-  var funEntries: mutable.Set[CfgFunctionEntryNode] = mutable.Set()
-
-  /** Inline edges are for connecting an intraprocedural cfg with a copy of another procedure's intraprocedural cfg
-    * which is placed inside this one. They are considered interprocedural edges, and will not be followed if the caller
-    * requests an intraprocedural cfg.
-    */
-  def addInlineEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succInter += to
-    to.predInter += from
-  }
-
-  /** Interprocedural call edges connect an intraprocedural cfg with another procedure's intraprocedural cfg that it is
-    * calling.
-    */
-  def addInterprocCallEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succInter += to
-    to.predInter += from
-  }
-
-  /** Intraprocedural edges are for connecting call nodes to the call's return node, without following the call itself
-    * (stepping over the call).
-    */
-  def addIntraprocEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succIntra += to
-    to.predIntra += from
-  }
-
-  /** Regular edges are normal control flow - used in both inter-/intra-procedural cfgs.
-    */
-  def addRegularEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succInter += to
-    from.succIntra += to
-    to.predInter += from
-    to.predIntra += from
-  }
-
-  /** Add an outgoing edge from the current node, taking into account any conditionals on this jump. Note that we have
-    * some duplication of storage here - this is a performance consideration. We don't expect too many edges for any
-    * given node, and so the increased storage is relatively minimal. This saves having to filter / union sets when
-    * trying to retrieve only an intra/inter cfg, hopefully improving computation time.
-    *
-    * NOTE: this function attempts to "smartly" identify how to connect two edges. Perhaps as the CFG changes however
-    * different requirements will be made of nodes, and so the conditions on edges below may change. In that case,
-    * either update the below, or explicitly specify the edge to be added between two nodes.
-    *
-    * @param from
-    *   The originating node
-    * @param to
-    *   The destination node
-    */
-  def addEdge(from: CfgNode, to: CfgNode): Unit = {
-
-    (from, to) match {
-      // Ignored procedure (e.g. library calls such as @printf)
-      case (from: CfgFunctionEntryNode, to: CfgFunctionExitNode) => addRegularEdge(from, to)
-      // Calling procedure (follow as inline)
-      //  This to be used if inlining skips the call node and links the most recent statement to the first statement of the target
-      case (from: CfgCommandNode, to: CfgFunctionEntryNode) => addInlineEdge(from, to)
-      // Returning from procedure (follow as inline - see above)
-      case (from: CfgFunctionExitNode, to: CfgNode) => addInlineEdge(from, to)
-      // First instruction of procedure
-      case (from: CfgFunctionEntryNode, to: CfgNode) => addRegularEdge(from, to)
-      // Function call which returns to the previous context
-      case (from: CfgJumpNode, to: CfgProcedureReturnNode) => addRegularEdge(from, to)
-      // Edge to intermediary return node (no semantic meaning, a cfg convenience edge)
-      case (from: CfgJumpNode, to: (CfgCallReturnNode | CfgCallNoReturnNode)) => addIntraprocEdge(from, to)
-      // Pre-exit nodes
-      case (from: (CfgProcedureReturnNode | CfgCallNoReturnNode | CfgCallReturnNode), to: CfgFunctionExitNode) =>
-        addRegularEdge(from, to)
-      // Regular continuation of execution
-      case (from: CfgCallReturnNode, to: CfgCommandNode) => addRegularEdge(from, to)
-      // Regular flow of instructions
-      case (from: CfgCommandNode, to: (CfgCommandNode | CfgFunctionExitNode)) => addRegularEdge(from, to)
-      case _ => throw new Exception(s"[!] Unexpected edge combination when adding cfg edge between $from -> $to.")
-    }
-
-    nodes += from
-    nodes += to
-  }
-
-  /** Returns a Graphviz dot representation of the CFG. Each node is labeled using the given function labeler.
-    */
-  def toDot(labeler: CfgNode => String, idGen: (CfgNode, Int) => String): String = {
-    val dotNodes = mutable.Map[CfgNode, DotNode]()
-    var dotArrows = mutable.ListBuffer[DotArrow]()
-    var uniqueId = 0
-    nodes.foreach { n =>
-      dotNodes += (n -> DotNode(s"${idGen(n, uniqueId)}", labeler(n)))
-      uniqueId += 1
-    }
-    nodes.foreach { n =>
-
-      val successors = n.succIntra.toSet.union(n.succInter)
-
-      successors.foreach { s =>
-        (n, s) match {
-          case (from: CfgFunctionEntryNode, to: CfgNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgJumpNode, to: CfgProcedureReturnNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: (CfgProcedureReturnNode | CfgCallNoReturnNode | CfgCallReturnNode), to: CfgFunctionExitNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgCallReturnNode, to: CfgCommandNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgCommandNode, to: (CfgCommandNode | CfgFunctionExitNode)) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgCommandNode, to: CfgFunctionEntryNode) =>
-            DotInlineArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgFunctionExitNode, to: CfgNode) =>
-            DotInlineArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgJumpNode, to: (CfgCallReturnNode | CfgCallNoReturnNode)) =>
-            dotArrows += DotIntraArrow(dotNodes(n), dotNodes(to))
-          /*
-          Displaying the below in the CFG is mostly for debugging purposes. With it included the CFG becomes a little unreadable, but
-          will emphasise that the leaf-call nodes are linked to the start of the procedures they're calling (as green inter-procedural edges).
-          To verify this is still happening, simply uncomment the below and it will add these edges.
-          case (from: CfgCommandNode, to: CfgFunctionEntry) =>
-            dotArrows += DotInterArrow(dotNodes(n), dotNodes(to))
-            */
-
-          case _ =>
-        }
-      }
-    }
-    dotArrows = dotArrows.sortBy(arr => arr.fromNode.id + "-" + arr.toNode.id)
-    val allNodes = dotNodes.values.toList.sortBy(n => n.id)
-    DotGraph("CFG", allNodes, dotArrows).toDotString
-  }
-
-  override def toString: String = {
-    val sb = StringBuilder()
-    sb.append("CFG {")
-    sb.append(" nodes: ")
-    sb.append(nodes)
-    sb.append("}")
-    sb.toString()
-  }
-
-/** Control-flow graph for an entire program. We have a more granular approach, storing commands as nodes instead of
-  * basic blocks.
-  */
-class ProgramCfgFactory:
-  val cfg: ProgramCfg = ProgramCfg()
-
-  // Mapping from procedures to the start of their individual (intra) cfgs
-  val procToCfg: mutable.Map[Procedure, (CfgFunctionEntryNode, CfgFunctionExitNode)] = mutable.Map()
-  // Mapping from procedures to procedure call nodes (all the calls made within this procedure, including inlined functions)
-  val procToCalls: mutable.Map[Procedure, mutable.Set[CfgJumpNode]] = mutable.Map()
-  // Mapping from procedure entry instances to procedure call nodes within that procedure's instance (`CfgCommandNode.data <: DirectCall`)
-  //    Updated on first creation of a new procedure (e.g. in initial creation, or in cloning of a procedure's cfg)
-  val callToNodes: mutable.Map[CfgFunctionEntryNode, mutable.Set[CfgJumpNode]] = mutable.Map()
-  // Mapping from procedures to nodes in any node in the cfg which has a call to that procedure
-  val procToCallers: mutable.Map[Procedure, mutable.Set[CfgJumpNode]] = mutable.Map()
-
-  /** Generate the cfg for each function of the program. NOTE: is this functionally different to a constructor? Do we
-    * ever expect to generate a CFG from any other data structure? If not then the `class` could probably be absorbed
-    * into this object.
-    *
-    * @param program
-    *   Basil IR of the program
-    * @param inlineLimit
-    *   How many levels deep to inline function calls. Default is 3
-    */
-  def fromIR(program: Program, unify: Boolean = true, inlineLimit: Int = 0): ProgramCfg = {
-    CfgNode.id = 0
-    require(inlineLimit >= 0, "Can't inline procedures to negative depth...")
-    Logger.info("[+] Generating CFG...")
-
-    // Have to initialise the map entries manually. Scala maps have a `.withDefaulValue`, but this is buggy and doesn't
-    //  behave as you would expect: https://github.com/scala/bug/issues/8099 - thus the manual approach.
-    // We don't initialise `procToCfg` here, because it will never be accessed before `cfgForProcedure`,
-    //  and because it relies on the entry/exit nodes be initialised. It is initialised in `cfgForProcedure`.
-    program.procedures.foreach(proc =>
-      procToCalls += (proc -> mutable.Set())
-      procToCallers += (proc -> mutable.Set())
-    )
-
-    // Create CFG for individual procedures
-    program.procedures.foreach(
-      proc => {
-        val funcEntryNode: CfgFunctionEntryNode = CfgFunctionEntryNode(proc)
-        val funcExitNode: CfgFunctionExitNode = CfgFunctionExitNode(proc)
-        cfg.nodes += funcEntryNode
-        cfg.nodes += funcExitNode
-        cfg.funEntries += funcEntryNode
-
-        procToCfg += (proc -> (funcEntryNode, funcExitNode))
-        callToNodes += (funcEntryNode -> mutable.Set())
-      }
-    )
-    program.procedures.foreach(proc => cfgForProcedure(proc))
-
-    // Inline functions up to `inlineLimit` level
-    // EXTENSION; one way to improve this would be to specify inline depths for specific functions / situations.
-    //    i.e. we may not want to inline self-recursive functions too much.
-    // Of note is whether we want this at all or note. If not, then we can simply remove the below and pass `procCallNodes` to
-    //    `addInterprocEdges`.
-    val procCallNodes: Set[CfgJumpNode] = procToCalls.values.flatten.toSet
-    val leafCallNodes: Set[CfgJumpNode] =
-      if !unify then inlineProcedureCalls(procCallNodes, inlineLimit) else procCallNodes
-
-    // Add inter-proc edges to leaf call nodes
-    if (leafCallNodes.nonEmpty) {
-      addInterprocEdges(leafCallNodes)
-    }
-
-    cfg.startNode = procToCfg(program.mainProcedure)._1    
-
-    cfg
-  }
-
-  /** Create an intraprocedural CFG for the given IR procedure. The start of the CFG for a procedure is identified by
-    * its `CfgFunctionEntryNode`, and its closure is identified by the `CfgFunctionExitNode`.
-    *
-    * @param proc
-    *   Procedure for which to generate the intraprocedural cfg
-    */
-  private def cfgForProcedure(proc: Procedure): Unit = {
-    val funcEntryNode: CfgFunctionEntryNode = procToCfg(proc)._1
-    val funcExitNode: CfgFunctionExitNode = procToCfg(proc)._2
-
-    // Track blocks we've already processed so we don't double up
-    val visitedBlocks: mutable.Map[Block, CfgCommandNode] = mutable.Map()
-
-    // Procedure has no content (in our case this probably means it's an ignored procedure, e.g., an external function such as @printf)
-    if (proc.blocks.isEmpty) {
-      cfg.addEdge(funcEntryNode, funcExitNode)
-    } else {
-      // Recurse through blocks
-      visitBlock(proc.entryBlock.get, funcEntryNode)
-    }
-
-    /** Add a block to the CFG. A block in this case is a basic block, so it contains a list of consecutive statements
-      * followed by a jump at the end to another block. We process statements in this block (if they exist), and then
-      * follow the jump to recurse through all other blocks.
-      *
-      * This recursive approach is effectively a "reaches" approach, and will miss cases that we encounter a jump we
-      * can't resolve, or cases where the lifter has not identified a section of code. In each case:
-      *   a. The only jumps we can't resolve are indirect calls. It's the intent of the tool to attempt to resolve these
-      *      through analysis however. The CFG can then be updated as these are resolved to incorporate their jumps. In
-      *      construction we do a simple check for register R30 to identify if an indirect call is a return, but
-      *      otherwise consider it as unresolved. b. If the lifter has failed to identify a region of code, then the
-      *      problem exists at the lifter level. In that case we need a way to coerce the lifter into identifying it, or
-      *      to use a new lifter.
-      *
-      * These visitations will also only produce the intra-procedural CFG - the burden of "creating" the
-      * inter-procedural CFG is left to processes later during CFG construction. The benefit of doing this is that we
-      * can completely resolve a procedure's CFG without jumping to other procedures mid-way through processing, which
-      * assures we don't have any issues with referencing nodes before they exist. Essentially this is a depth-first
-      * approach to CFG construction, as opposed to a breadth-first.
-      *
-      * @param block
-      *   The block being added to the CFG.
-      * @param prevBlockEnd
-      *   Preceding block's end node (jump)
-      */
-    def visitBlock(block: Block, prevBlockEnd: CfgNode): Unit = {
-
-      if (block.statements.nonEmpty) {
-        val endStmt = visitStmts(block.statements, prevBlockEnd)
-        visitJump(block.jump, endStmt, false)
-      } else {
-        // Only jumps in this block
-        visitJump(block.jump, prevBlockEnd, true)
-      }
-
-      /** If a block has statements, we add them to the CFG. Blocks in this case are basic blocks, so we know
-        * consecutive statements will be linked by an unconditional, regular edge.
-        *
-        * @param stmts
-        *   Statements in this block
-        * @param prevNode
-        *   Preceding block's end node (jump)
-        * @return
-        *   The last statement's CFG node
-        */
-      def visitStmts(stmts: Iterable[Statement], prevNode: CfgNode): CfgCommandNode = {
-
-        val firstNode = CfgStatementNode(stmts.head, block, funcEntryNode)
-        cfg.addEdge(prevNode, firstNode)
-        visitedBlocks += (block -> firstNode) // This is guaranteed to be entrance to block if we are here
-
-        val statements = List.from(stmts).map(s => s match {
-          case d: DirectCall => CfgJumpNode(d, block, funcEntryNode)
-          case d: IndirectCall => CfgJumpNode(d, block, funcEntryNode)
-          case o => CfgStatementNode(o, block, funcEntryNode)
-        })
-        val succs = if (statements.nonEmpty) then statements.zip(statements.tail ++ List(CfgJumpNode(statements.head.data.parent.jump, block, funcEntryNode))) else List()
-
-        for ((s,nexts) <- succs) {
-          s.data match {
-          case dCall: DirectCall =>
-
-            var precNode = prevNode
-
-            val targetProc: Procedure = dCall.target
-            funcEntryNode.callers.add(procToCfg(targetProc)._1)
-
-            val callNode : CfgJumpNode = s.asInstanceOf[CfgJumpNode]
-
-            // Branch to this call
-            cfg.addEdge(precNode, callNode)
-
-            procToCalls(proc) += callNode
-            procToCallers(targetProc) += callNode
-            callToNodes(funcEntryNode) += callNode
-
-            // Record call association
-
-            // Jump to return location
-            val returnTarget = nexts
-                // Add intermediary return node (split call into call and return)
-            val callRet = CfgCallReturnNode()
-            cfg.addEdge(callNode, callRet)
-            cfg.addEdge(callRet, returnTarget)
-          case iCall: IndirectCall =>
-            Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
-            var precNode = prevNode
-
-            val jmpNode = s.asInstanceOf[CfgJumpNode]
-            // Branch to this call
-            cfg.addEdge(precNode, jmpNode)
-
-            // Record call association
-            procToCalls(proc) += jmpNode
-            callToNodes(funcEntryNode) += jmpNode
-
-            // R30 is the link register - this stores the address to return to.
-            //  For now just add a node expressing that we are to return to the previous context.
-            if (iCall.target == Register("R30", 64)) {
-              val returnNode = CfgProcedureReturnNode()
-              cfg.addEdge(jmpNode, returnNode)
-              cfg.addEdge(returnNode, funcExitNode)
-            }
-
-            val callRet = CfgCallReturnNode()
-            cfg.addEdge(jmpNode, callRet)
-            val returnTarget = nexts
-            cfg.addEdge(callRet, jmpNode)
-          case h: Halt =>  {
-            assert(false);
-            // not possible since s is only Statement.
-          }
-          case _ => ()
-          }
-        }
-
-
-        if (stmts.size == 1) {
-          return firstNode
-        }
-
-        var prevStmtNode: CfgStatementNode = firstNode
-
-        stmts.tail.foreach(stmt =>
-          val stmtNode = CfgStatementNode(stmt, block, funcEntryNode)
-          cfg.addEdge(prevStmtNode, stmtNode)
-          prevStmtNode = stmtNode
-        )
-
-        prevStmtNode
-      }
-
-      /** All blocks end with jump(s), whereas some also start with a jump (in the case of no statements). Add these to
-        * the CFG and visit their target blocks for processing.
-        *
-        * @param jmps
-        *   Jumps in the current block being processed
-        * @param prevNode
-        *   Either the previous statement in the block, or the previous block's end node (in the case that this block
-        *   contains no statements)
-        * @param solitary
-        *   `True` if this block contains no statements, `False` otherwise
-        */
-      def visitJump(jmp: Jump, prevNode: CfgNode, solitary: Boolean): Unit = {
-        val jmpNode = CfgJumpNode(jmp, block, funcEntryNode)
-        var precNode = prevNode
-
-        if (solitary) {
-          /* If the block contains only jumps (no statements), then the "start" of the block is a jump.
-                If this is a direct call, then we simply use that call node as the start of the block.
-                However, GoTos in the CFG are resolved as edges, and so there doesn't exist a node to use as
-                the start. Thus we introduce a "ghost" node to act as that jump point - it has no functionality
-                and will simply be skipped by analyses.
-
-                Currently we display these nodes in the DOT view of the CFG, however these could be hidden if desired.
-           */
-          jmp match {
-            case jmp: GoTo =>
-              // `GoTo`s are just edges, so introduce a fake `start of block` that can be jmp'd to
-              val ghostNode = CfgGhostNode(block, funcEntryNode, NOP(jmp.label))
-              cfg.addEdge(prevNode, ghostNode)
-              precNode = ghostNode
-              visitedBlocks += (block -> ghostNode)
-            case _ =>
-              // (In)direct call - use this as entrance to block
-              visitedBlocks += (block -> jmpNode)
-          }
-        }
-
-        jmp match {
-          case n: GoTo =>
-            for (targetBlock <- n.targets) {
-              if (visitedBlocks.contains(targetBlock)) {
-                val targetBlockEntry: CfgCommandNode = visitedBlocks(targetBlock)
-                cfg.addEdge(precNode, targetBlockEntry)
-              } else {
-                visitBlock(targetBlock, precNode)
-              }
-            }
-          case h: Halt =>  {
-            cfg.addEdge(jmpNode, funcExitNode)
-          }
-          case r: Return => 
-            // Branch to this call
-            cfg.addEdge(precNode, jmpNode)
-
-            // Record call association
-            procToCalls(proc) += jmpNode
-            callToNodes(funcEntryNode) += jmpNode
-
-            val returnNode = CfgProcedureReturnNode()
-            cfg.addEdge(jmpNode, returnNode)
-            cfg.addEdge(returnNode, funcExitNode)
-        } // `jmps.head` match
-      } // `visitJumps` function
-    } // `visitBlocks` function
-  } // `cfgForProcedure` function
-
-  /** This takes an expression used in a conditional (jump) and tries to negate it in a (hopefully) nice way. Most
-    * conditional jumps are just bitvector comparisons.
-    *
-    * @param expr
-    *   The expression to negate
-    * @return
-    *   The negated expression
-    */
-  private def negateConditional(expr: Expr): Expr = expr match {
-    case binop: BinaryExpr =>
-      binop.op match {
-        case BVNEQ =>
-          BinaryExpr(
-            BVEQ,
-            binop.arg1,
-            binop.arg2
-          )
-        case BVEQ =>
-          BinaryExpr(
-            BVNEQ,
-            binop.arg1,
-            binop.arg2
-          )
-        case _ =>
-          // Worst case scenario we just take the logical not of everything
-          UnaryExpr(
-            BoolNOT,
-            binop
-          )
-      }
-    case unop: UnaryExpr =>
-      unop.op match {
-        case BVNOT | BoolNOT =>
-          unop.arg
-        case _ =>
-          UnaryExpr(
-            BoolNOT,
-            unop
-          )
-      }
-    case _ =>
-      UnaryExpr(
-        BoolNOT,
-        expr
-      )
-  }
-
-  /** Recursively inline procedures. This has a dumb/flat approach - we simply continue inlining each all direct calls
-    * until we either run out of direct calls, or we are at our max inline depth.
-    *
-    * For each direct call to be inlined we make a copy of the target's intraprocedural cfg, which is then linked to the
-    * calling procedure's cfg. We keep track of newly found direct calls that come from inlined functions, which is what
-    * we pass to the next recursive call. At the end of recursion this set stores the leaf nodes of the cfg - this is
-    * then used later to link interprocedural calls.
-    *
-    * @param procNodes
-    *   The call nodes to inline
-    * @param inlineAmount
-    *   Maximum amount of inlining from this depth allowed
-    * @return
-    *   Tthe next leaf call nodes
-    */
-  @tailrec
-  private def inlineProcedureCalls(procNodes: Set[CfgJumpNode], inlineAmount: Int): Set[CfgJumpNode] = {
-    assert(inlineAmount >= 0)
-    Logger.info(s"[+] Inlining ${procNodes.size} leaf call nodes with $inlineAmount level(s) left")
-
-    if (inlineAmount == 0 || procNodes.isEmpty) {
-      return procNodes
-    }
-
-    // Set of procedure calls to be discovered by inlining the ones in `procNodes`
-    val nextProcNodes: mutable.Set[CfgJumpNode] = mutable.Set()
-
-    procNodes.foreach { procNode =>
-      procNode.data match {
-        case targetCall: DirectCall =>
-          // Retrieve information about the call to the target procedure
-          val targetProc = targetCall.target
-          val (procEntry, procExit) = cloneProcedureCFG(targetProc)
-
-          // Add link between call node and the procedure's `Entry`.
-          cfg.addInlineEdge(procNode, procEntry)
-
-          // Link the procedure's `Exit` to the return point. There should only be one.
-          assert(
-            procNode.succIntra.size == 1,
-            s"More than 1 return node... $procNode has ${procNode.succIntra}"
-          )
-          val returnNode = procNode.succIntra.head
-          cfg.addInlineEdge(procExit, returnNode)
-
-          // Add new (un-inlined) function calls to be inlined
-          nextProcNodes ++= callToNodes(procEntry)
-        case _ =>
-      }
-    }
-
-    inlineProcedureCalls(nextProcNodes.toSet, inlineAmount - 1)
-  }
-
-  /** Clones the intraproc-cfg of the given procedure, with unique CfgNode ids. Adds the new nodes to the cfg, and
-    * returns the start/end nodes of the new procedure cfg.
-    *
-    * @param proc
-    *   The procedure to clone (used to index the pre-computed cfgs)
-    * @return
-    *   (CfgFunctionEntryNode, CfgFunctionExitNode) of the cloned cfg
-    */
-  private def cloneProcedureCFG(proc: Procedure): (CfgFunctionEntryNode, CfgFunctionExitNode) = {
-
-    val (entryNode: CfgFunctionEntryNode, exitNode: CfgFunctionExitNode) = procToCfg(proc)
-    val (newEntry: CfgFunctionEntryNode, newExit: CfgFunctionExitNode) = (entryNode.copyNode(), exitNode.copyNode())
-
-    callToNodes += (newEntry -> mutable.Set())
-
-    // Entry is guaranteed to only have one successor (by our cfg design)
-    val currNode: CfgNode = entryNode.succIntra.head
-    visitNode(currNode, newEntry)
-
-    /** Walk this proc's cfg until we reach the exit node on each branch. We do this recursively, tracking the previous
-      * node, to account for branches and loops.
-      *
-      * We can't represent the parameters as an edge as one node comes from the old cfg, and the other from the new cfg.
-      *
-      * @param node
-      *   Node in the original procedure's cfg we're up to cloning
-      * @param prevNewNode
-      *   The originating node in the new clone's cfg
-      */
-    def visitNode(node: CfgNode, prevNewNode: CfgNode): Unit = {
-
-      if (node == exitNode) {
-        cfg.addEdge(prevNewNode, newExit)
-        return
-      }
-
-      node match {
-        case n: CfgJumpNode =>
-          val newNode = n.copyNode()
-
-          // Link this node with predecessor in the new cfg
-          cfg.addEdge(prevNewNode, newNode)
-
-          n.data match {
-            case d: DirectCall =>
-              procToCalls(proc) += newNode
-              callToNodes(newEntry) += newNode
-              procToCallers(d.target) += newNode
-            case i: IndirectCall =>
-              procToCalls(proc) += newNode
-              callToNodes(newEntry) += newNode
-            case _ =>
-          }
-
-          // Get intra-cfg successors
-          val outNodes = node.succIntra
-          outNodes.foreach(node => visitNode(node, newNode))
-
-        // For other node types, link with predecessor and continue traversal
-        case _ =>
-          val newNode = node.copyNode()
-          cfg.addEdge(prevNewNode, newNode)
-
-          val outNodes = node.succIntra
-          outNodes.foreach(node => visitNode(node, newNode))
-      }
-    }
-
-    (newEntry, newExit)
-  }
-
-  /** After inlining has been done, we link all residual direct calls (leaf nodes) to the start of the intraprocedural
-    * that are the target of the call.
-    *
-    * @param leaves
-    *   The call nodes at edge of intraprocedural cfgs to be linked to their targets
-    */
-  private def addInterprocEdges(leaves: Set[CfgJumpNode]): Unit = {
-
-    leaves.foreach { callNode =>
-      callNode.data match {
-        case targetCall: DirectCall =>
-          val targetProc: Procedure = targetCall.target
-
-          // this does not add returns for any of the calls, so the interprocedural analysis will not work if any
-          // calls are not in-lined
-          val (targetEntry: CfgFunctionEntryNode, _) = procToCfg(targetProc)
-
-          cfg.addInterprocCallEdge(callNode, targetEntry)
-        case _ =>
-      }
-    }
-  }
diff --git a/src/main/scala/analysis/Dependencies.scala b/src/main/scala/analysis/Dependencies.scala
index 040861803..4b5e15106 100644
--- a/src/main/scala/analysis/Dependencies.scala
+++ b/src/main/scala/analysis/Dependencies.scala
@@ -22,26 +22,6 @@ trait Dependencies[N]:
     */
   def indep(n: N): Set[N]
 
-trait InterproceduralForwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.succInter.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.predInter.toSet
-}
-
-trait IntraproceduralForwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.succIntra.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.predIntra.toSet
-}
-
-trait InterproceduralBackwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.predInter.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.succInter.toSet
-}
-
-trait IntraproceduralBackwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.predIntra.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.succIntra.toSet
-}
-
 trait IRInterproceduralForwardDependencies extends Dependencies[CFGPosition] {
   override def outdep(n: CFGPosition): Set[CFGPosition] = InterProcIRCursor.succ(n)
   override def indep(n: CFGPosition): Set[CFGPosition] = InterProcIRCursor.pred(n)
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index 7a93266e8..cbe3076c6 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.BackwardIDESolver
-import ir.{Assert, Assume, Block, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Halt, Return, Procedure, Program, Variable, toShortString}
+import ir.{Assert, Assume, Block, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Unreachable, Return, Procedure, Program, Variable, toShortString}
 
 /**
  * Micro-transfer-functions for LiveVar analysis
@@ -74,11 +74,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
         d match
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
-      case r: Return => Map(d -> IdEdge())
-      case h: Halt => Map(d -> IdEdge())
-      case c: DirectCall => Map(d -> IdEdge())
-      case c: Block => Map(d -> IdEdge())
-      case c: GoTo => Map(d -> IdEdge())
+      case _ => Map(d -> IdEdge())
 
   }
 }
diff --git a/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala b/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
index 38153e277..4e7ba81f1 100644
--- a/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
+++ b/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
@@ -39,7 +39,7 @@ case class RegisterWrapperEqualSets(variable: Variable, assigns: Set[Assign]) {
 class InterprocSteensgaardAnalysis(
       program: Program,
       constantProp: Map[CFGPosition, Map[RegisterWrapperEqualSets, Set[BitVecLiteral]]],
-      regionAccesses: Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]],
+      regionAccesses: Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]],
       mmm: MemoryModelMap,
       reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
       globalOffsets: Map[BigInt, BigInt]) extends Analysis[Any] {
@@ -431,4 +431,4 @@ object Fresh {
     n += 1
     n
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index 75fa1dbb0..a576b27fb 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.SimpleWorklistFixpointSolver
-import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable, Return, Halt}
+import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable, Return, Unreachable}
 
 abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
   val lattice: MapLattice[CFGPosition, Set[Variable], PowersetLattice[Variable]] = MapLattice(PowersetLattice())
@@ -19,7 +19,7 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case c: DirectCall => s
       case g: GoTo => s
       case r: Return => s
-      case r: Halt => s
+      case r: Unreachable => s
       case _ => ???
     }
   }
diff --git a/src/main/scala/analysis/MemoryRegionAnalysis.scala b/src/main/scala/analysis/MemoryRegionAnalysis.scala
index 65aa1cc20..c7d888a43 100644
--- a/src/main/scala/analysis/MemoryRegionAnalysis.scala
+++ b/src/main/scala/analysis/MemoryRegionAnalysis.scala
@@ -14,7 +14,7 @@ trait MemoryRegionAnalysis(val program: Program,
                            val constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
                            val ANRResult: Map[CFGPosition, Set[Variable]],
                            val RNAResult: Map[CFGPosition, Set[Variable]],
-                           val regionAccesses: Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]],
+                           val regionAccesses: Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]],
                            reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) {
 
   var mallocCount: Int = 0
@@ -234,7 +234,7 @@ class MemoryRegionAnalysisSolver(
     constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
     ANRResult: Map[CFGPosition, Set[Variable]],
     RNAResult: Map[CFGPosition, Set[Variable]],
-    regionAccesses: Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]],
+    regionAccesses: Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]],
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
   ) extends MemoryRegionAnalysis(program, globals, globalOffsets, subroutines, constantProp, ANRResult, RNAResult, regionAccesses, reachingDefs)
   with IRIntraproceduralForwardDependencies
@@ -249,4 +249,4 @@ class MemoryRegionAnalysisSolver(
       case _ => super.funsub(n, x)
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/RegToMemAnalysis.scala b/src/main/scala/analysis/RegToMemAnalysis.scala
index df7217f75..1afde6f4d 100644
--- a/src/main/scala/analysis/RegToMemAnalysis.scala
+++ b/src/main/scala/analysis/RegToMemAnalysis.scala
@@ -15,29 +15,29 @@ import scala.collection.immutable
  *
  * Both in which constant propagation mark as TOP which is not useful.
  */
-trait RegionAccessesAnalysis(cfg: ProgramCfg, constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) {
+trait RegionAccessesAnalysis(program: Program, constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) {
 
   val mapLattice: MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]] = MapLattice(FlatLattice[_root_.ir.Expr]())
 
-  val lattice: MapLattice[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] = MapLattice(mapLattice)
+  val lattice: MapLattice[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] = MapLattice(mapLattice)
 
-  val domain: Set[CfgNode] = cfg.nodes.toSet
+  val domain: Set[CFGPosition] = program.toSet 
 
-  val first: Set[CfgNode] = Set(cfg.startNode)
+  val first: Set[CFGPosition] = program.procedures.toSet
 
   /** Default implementation of eval.
    */
-  def eval(cmd: CfgCommandNode, constants: Map[Variable, FlatElement[BitVecLiteral]], s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = {
-    cmd.data match {
+  def eval(cmd: Statement, constants: Map[Variable, FlatElement[BitVecLiteral]], s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = {
+    cmd match {
       case assign: Assign =>
         assign.rhs match {
           case memoryLoad: MemoryLoad =>
-            s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd.data, reachingDefs)) -> FlatEl(memoryLoad))
+            s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd, reachingDefs)) -> FlatEl(memoryLoad))
           case binaryExpr: BinaryExpr =>
             if (evaluateExpression(binaryExpr.arg1, constants).isEmpty) { // approximates Base + Offset
               Logger.debug(s"Approximating $assign in $binaryExpr")
-              Logger.debug(s"Reaching defs: ${reachingDefs(cmd.data)}")
-              s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd.data, reachingDefs)) -> FlatEl(binaryExpr))
+              Logger.debug(s"Reaching defs: ${reachingDefs(cmd)}")
+              s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd, reachingDefs)) -> FlatEl(binaryExpr))
             } else {
               s
             }
@@ -50,23 +50,23 @@ trait RegionAccessesAnalysis(cfg: ProgramCfg, constantProp: Map[CFGPosition, Map
 
   /** Transfer function for state lattice elements.
    */
-  def localTransfer(n: CfgNode, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = n match {
-    case cmd: CfgCommandNode =>
-      eval(cmd, constantProp(cmd.data), s)
+  def localTransfer(n: CFGPosition, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = n match {
+    case cmd: Statement =>
+      eval(cmd, constantProp(cmd), s)
     case _ => s // ignore other kinds of nodes
   }
 
   /** Transfer function for state lattice elements.
    */
-  def transfer(n: CfgNode, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = localTransfer(n, s)
+  def transfer(n: CFGPosition, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = localTransfer(n, s)
 }
 
 class RegionAccessesAnalysisSolver(
-                         cfg: ProgramCfg,
+                         program: Program,
                          constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
                          reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
-                       ) extends RegionAccessesAnalysis(cfg, constantProp, reachingDefs)
-  with InterproceduralForwardDependencies
-  with Analysis[Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]]]
-  with SimpleWorklistFixpointSolver[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] {
-}
\ No newline at end of file
+                       ) extends RegionAccessesAnalysis(program, constantProp, reachingDefs)
+  with IRInterproceduralForwardDependencies
+  with Analysis[Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]]]
+  with SimpleWorklistFixpointSolver[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] {
+}
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index 7a581dbe4..030017434 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -1,7 +1,7 @@
 package analysis.solvers
 
 import analysis.{BackwardIDEAnalysis, Dependencies, EdgeFunction, EdgeFunctionLattice, ForwardIDEAnalysis, IDEAnalysis, IRInterproceduralBackwardDependencies, IRInterproceduralForwardDependencies, Lambda, Lattice, MapLattice}
-import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, Return, InterProcIRCursor, Procedure, Program, isAfterCall, Halt, Statement, Jump}
+import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, Return, InterProcIRCursor, Procedure, Program, isAfterCall, Unreachable, Statement, Jump}
 import util.Logger
 
 import scala.collection.immutable.Map
@@ -209,7 +209,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def entryToExit(entry: Procedure): Return = IRWalk.lastInProc(entry).asInstanceOf[Return]
 
-  protected def exitToEntry(exit: IndirectCall): Procedure = IRWalk.procedure(exit)
+  protected def exitToEntry(exit: Return): Procedure = IRWalk.procedure(exit)
 
   protected def callToReturn(call: DirectCall): Command = call.successor
 
@@ -225,13 +225,13 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Halt]) => true
+      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Unreachable]) => true
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
       // only looking at functions with statements
-      case command: Command => IRWalk.lastInProc(IRWalk.procedure(command)) == command
+      case command: Return => true
       case _ => false
 
   protected def getAfterCalls(exit: IndirectCall): Set[Command] =
@@ -264,12 +264,19 @@ abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case c : Command => isAfterCall(c) && IRWalk.prevCommandInBlock(c).map(_.isInstanceOf[DirectCall]).getOrElse(false)
+      case c: Unreachable => false /* don't process non-returning calls */
+      case c : Command => {
+        val call = IRWalk.prevCommandInBlock(c)
+        call match {
+          case Some(d: DirectCall) if d.target.returnBlock.isDefined => true
+          case _ => false
+        }
+      }
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
-      case procedure: Procedure => true
+      case procedure: Procedure => procedure.blocks.nonEmpty
       case _ => false
 
   protected def getAfterCalls(exit: Procedure): Set[DirectCall] = exit.incomingCalls().toSet
diff --git a/src/main/scala/cfg_visualiser/Output.scala b/src/main/scala/cfg_visualiser/Output.scala
deleted file mode 100644
index cc730d62e..000000000
--- a/src/main/scala/cfg_visualiser/Output.scala
+++ /dev/null
@@ -1,37 +0,0 @@
-package cfg_visualiser
-
-import java.io.{File, PrintWriter}
-import analysis._
-
-/** Basic outputting functionality.
-  */
-object Output {
-
-  /** Helper function for producing string output for a control-flow graph node after an analysis.
-    * @param res
-    *   map from control-flow graph nodes to strings, as produced by the analysis
-    */
-  def labeler(res: Map[CfgNode, _], stateAfterNode: Boolean)(n: CfgNode): String = {
-    val r = res.getOrElse(n, "-")
-    val desc = n match {
-      case entry: CfgFunctionEntryNode => s"Function ${entry.data.name} entry"
-      case exit: CfgFunctionExitNode   => s"Function ${exit.data.name} exit"
-      case _                           => n.toString + s" ${n.id}"
-    }
-    if (stateAfterNode) s"$desc\n$r"
-    else s"$r\n$desc"
-  }
-
-  /** Generate an unique ID string for the given AST node.
-    */
-  def dotIder(n: CfgNode, uniqueId: Int): String =
-    n match {
-      case real: CfgCommandNode           => s"real${real.data}_$uniqueId"
-      case entry: CfgFunctionEntryNode    => s"entry${entry.data}_$uniqueId"
-      case exit: CfgFunctionExitNode      => s"exit${exit.data}_$uniqueId"
-      case ret: CfgProcedureReturnNode    => s"return_$uniqueId"
-      case noCallRet: CfgCallNoReturnNode => s"callnoreturn_$uniqueId"
-      case callRet: CfgCallReturnNode     => s"callreturn_$uniqueId"
-      case _                              => ???
-    }
-}
\ No newline at end of file
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 690b57dea..27b558ccf 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -96,7 +96,7 @@ trait IntraProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
       case proc: Procedure => proc.entryBlock.toSet
       case b: Block        => b.statements.headOption.orElse(Some(b.jump)).toSet
       case n: GoTo         => n.targets.asInstanceOf[Set[CFGPosition]]
-      case h: Halt         => Set()
+      case h: Unreachable         => Set()
       case h: Return       => Set()
       case c: Statement    => IRWalk.nextCommandInBlock(c).toSet
     }
@@ -150,7 +150,6 @@ trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
     IntraProcIRCursor.succ(pos) ++
       (pos match
         case c: DirectCall if c.target.blocks.nonEmpty => Set(c.target)
-        // case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
         case c: Return => c.parent.parent.incomingCalls().map(_.successor).toSet
         case _         => Set.empty
       )
@@ -159,7 +158,13 @@ trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
   final def pred(pos: CFGPosition): Set[CFGPosition] = {
     IntraProcIRCursor.pred(pos) ++
       (pos match
-        case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
+        case c: Command => {
+          IRWalk.prevCommandInBlock(c) match {
+            case Some(d: DirectCall) if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
+            case o            => o.toSet
+          }
+
+        }
         case c: Procedure                              => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
         case _                                         => Set.empty
       )
diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/Interpreter.scala
index de470d5d9..0430ef66a 100644
--- a/src/main/scala/ir/Interpreter.scala
+++ b/src/main/scala/ir/Interpreter.scala
@@ -248,8 +248,8 @@ class Interpreter() {
         case r: Return => {
           nextCmd = Some(returnCmd.pop())
         }
-        case h: Halt => {
-          Logger.debug("Halt")
+        case h: Unreachable => {
+          Logger.debug("Unreachable")
           nextCmd = None
         }
       }
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index ed61cba4f..54916b27c 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -18,40 +18,6 @@ class Program(var procedures: ArrayBuffer[Procedure],
     serialiseIL(this)
   }
 
-  // This shouldn't be run before indirect calls are resolved
-  def stripUnreachableFunctions(depth: Int = Int.MaxValue): Unit = {
-    val procedureCalleeNames = procedures.map(f => f.name -> f.calls.map(_.name)).toMap
-
-    val toVisit: mutable.LinkedHashSet[(Int, String)] = mutable.LinkedHashSet((0, mainProcedure.name))
-    var reachableFound = true
-    val reachableNames = mutable.HashMap[String, Int]()
-    while (toVisit.nonEmpty) {
-      val next = toVisit.head
-      toVisit.remove(next)
-
-      if (next._1 <= depth) {
-
-        def addName(depth: Int, name: String): Unit = {
-          val oldDepth = reachableNames.getOrElse(name, Integer.MAX_VALUE)
-          reachableNames.put(next._2, if depth < oldDepth then depth else oldDepth)
-        }
-        addName(next._1, next._2)
-
-        val callees = procedureCalleeNames(next._2)
-
-        toVisit.addAll(callees.diff(reachableNames.keySet).map(c => (next._1 + 1, c)))
-        callees.foreach(c => addName(next._1 + 1, c))
-      }
-    }
-    procedures = procedures.filter(f => reachableNames.keySet.contains(f.name))
-
-    for (elem <- procedures.filter(c => c.calls.exists(s => !procedures.contains(s)))) {
-      // last layer is analysed only as specifications so we remove the body for anything that calls
-      // a function we have removed
-
-      elem.clearBlocks()
-    }
-  }
 
   def setModifies(specModifies: Map[String, List[String]]): Unit = {
     val procToCalls: mutable.Map[Procedure, Set[Procedure]] = mutable.Map()
@@ -229,7 +195,6 @@ class Procedure private (
   }
 
   def addBlocks(block: Block): Block = {
-    block.parent = this
     if (!_blocks.contains(block)) {
       block.parent = this
       _blocks.add(block)
@@ -318,7 +283,8 @@ class Procedure private (
 
   def clearBlocks(): Unit = {
     // O(n) because we are careful to unlink the parents etc.
-    removeBlocks(_blocks)
+    // .toList to avoid modifying our own iterator
+    removeBlocksDisconnect(_blocks.toList)
   }
 
   def callers(): Iterable[Procedure] = _callers.map(_.parent.parent).toSet[Procedure]
@@ -369,6 +335,7 @@ class Block private (
     this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty)
   }
 
+  def isReturn: Boolean = parent.returnBlock.contains(this)
   def isEntry: Boolean = parent.entryBlock.contains(this)
 
   def jump: Jump = _jump
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 2dea68f46..ce49bc82e 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -82,7 +82,7 @@ sealed trait Jump extends Command {
   def acceptVisit(visitor: Visitor): Jump = throw new Exception("visitor " + visitor + " unimplemented for: " + this)
 }
 
-class Halt(override val label: Option[String] = None) extends Jump {
+class Unreachable(override val label: Option[String] = None) extends Jump {
   /* Terminate / No successors / assume false */
   override def acceptVisit(visitor: Visitor): Jump = this
 }
@@ -139,7 +139,7 @@ object GoTo:
 
 sealed trait Call extends Statement {
   def returnTarget: Option[Command] = successor match {
-    case h: Halt => None
+    case h: Unreachable => None
     case o => Some(o)
   }
 }
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 6a1b96742..3ebeefbc4 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -73,8 +73,8 @@ case class EventuallyGoto(targets: List[DelayNameResolve]) extends EventuallyJum
 case class EventuallyReturn() extends EventuallyJump {
   override def resolve(p: Program) = Return()
 }
-case class EventuallyHalt() extends EventuallyJump  {
-  override def resolve(p: Program) = Halt()
+case class EventuallyUnreachable() extends EventuallyJump  {
+  override def resolve(p: Program) = Unreachable()
 }
 
 def goto(): EventuallyGoto = EventuallyGoto(List.empty)
@@ -84,7 +84,7 @@ def goto(targets: String*): EventuallyGoto = {
 }
 
 def ret: EventuallyReturn = EventuallyReturn()
-def halt: EventuallyHalt= EventuallyHalt()
+def unreachable: EventuallyUnreachable= EventuallyUnreachable()
 
 def goto(targets: List[String]): EventuallyGoto = {
   EventuallyGoto(targets.map(p => DelayNameResolve(p)))
@@ -111,8 +111,6 @@ def block(label: String, sl: (Statement | EventuallyStatement | EventuallyJump)*
   val statements : Seq[EventuallyStatement] = sl.flatMap {
     case s: Statement => Some(ResolvableStatement(s))
     case o: EventuallyStatement => Some(o)
-    case o: EventuallyCall => Some(o)
-    case o: EventuallyIndirectCall => Some(o)
     case g: EventuallyJump => None
   }
   val jump = sl.collectFirst {
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index e9c9fddf7..4345dcaa1 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -1,7 +1,5 @@
 package ir.transforms
 
-
-
 import scala.collection.mutable.ListBuffer
 import scala.collection.mutable.ArrayBuffer
 import analysis.solvers.*
@@ -11,165 +9,27 @@ import ir.*
 import translating.*
 import util.Logger
 import util.intrusive_list.IntrusiveList
-import analysis.CfgCommandNode
 import scala.collection.mutable
 import cilvisitor._
 
-
-/** Resolve indirect calls to an address-conditional choice between direct calls using the Value Set Analysis results.
- *  Dead code, and currently broken by statement calls 
- *
-def resolveIndirectCalls(
-    cfg: ProgramCfg,
-    valueSets: Map[CfgNode, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]],
+def resolveIndirectCallsUsingPointsTo(
+    pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
+    regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
+    reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
     IRProgram: Program
 ): Boolean = {
   var modified: Boolean = false
-  val worklist = ListBuffer[CfgNode]()
-  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-  val visited = mutable.Set[CfgNode]()
-  while (worklist.nonEmpty) {
-    val node = worklist.remove(0)
-    if (!visited.contains(node)) {
-      process(node)
-      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
-      visited.add(node)
-    }
-  }
-
-  def process(n: CfgNode): Unit = n match {
-    /*
-    case c: CfgStatementNode =>
-      c.data match
+  val worklist = ListBuffer[CFGPosition]()
 
-      //We do not want to insert the VSA results into the IR like this
-        case localAssign: Assign =>
-          localAssign.rhs match
-            case _: MemoryLoad =>
-              if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size == 1) {
-                val extractedValue = extractExprFromValue(valueSets(n).get(localAssign.lhs).head.head)
-                localAssign.rhs = extractedValue
-                Logger.info(s"RESOLVED: Memory load ${localAssign.lhs} resolved to ${extractedValue}")
-              } else if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size > 1) {
-                Logger.info(s"RESOLVED: WARN Memory load ${localAssign.lhs} resolved to multiple values, cannot replace")
-
-                /*
-                // must merge into a single memory variable to represent the possible values
-                // Make a binary OR of all the possible values takes two at a time (incorrect to do BVOR)
-                val values = valueSets(n).get(localAssign.lhs).head
-                val exprValues = values.map(extractExprFromValue)
-                val result = exprValues.reduce((a, b) => BinaryExpr(BVOR, a, b)) // need to express nondeterministic
-                                                                                 // choice between these specific options
-                localAssign.rhs = result
-     */
-              }
-            case _ =>
-     */
-    case c: CfgJumpNode =>
-      val block = c.block
-      c.data match
-        case indirectCall: IndirectCall =>
-          if (block.jump != indirectCall) {
-            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-            // to replace.
-            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-            return
-          }
-          valueSets(n) match {
-            case Lift(valueSet) =>
-              val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted
-              val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head)
-
-              if (targets.size == 1) {
-                modified = true
-
-                // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-                val newCall = DirectCall(targets.head, indirectCall.label)
-                block.statements.replace(indirectCall, newCall) 
-              } else if (targets.size > 1) {
-                modified = true
-                val procedure = c.parent.data
-                val newBlocks = ArrayBuffer[Block]()
-                for (t <- targets) {
-                  val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
-                  val newLabel: String = block.label + t.name
-                  val directCall = DirectCall(t)
-                  directCall.parent = indirectCall.parent
-
-                  // assume indircall is the last statement in block
-                  assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-                  val fallthrough = indirectCall.parent.jump
-
-                  newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-                }
-                procedure.addBlocks(newBlocks)
-                val newCall = GoTo(newBlocks, indirectCall.label)
-                block.replaceJump(newCall)
-              }
-            case LiftedBottom =>
-          }
-        case _ =>
-    case _ =>
-  }
-
-  def nameExists(name: String): Boolean = {
-    IRProgram.procedures.exists(_.name.equals(name))
-  }
-
-  def addFakeProcedure(name: String): Unit = {
-    IRProgram.procedures += Procedure(name)
-  }
+  worklist.addAll(IRProgram)
 
-  def resolveAddresses(valueSet: Set[Value]): Set[AddressValue] = {
-    var functionNames: Set[AddressValue] = Set()
-    valueSet.foreach {
-      case globalAddress: GlobalAddress =>
-        if (nameExists(globalAddress.name)) {
-          functionNames += globalAddress
-          Logger.info(s"RESOLVED: Call to Global address ${globalAddress.name} rt statuesolved.")
-        } else {
-          addFakeProcedure(globalAddress.name)
-          functionNames += globalAddress
-          Logger.info(s"Global address ${globalAddress.name} does not exist in the program.  Added a fake function.")
-        }
-      case localAddress: LocalAddress =>
-        if (nameExists(localAddress.name)) {
-          functionNames += localAddress
-          Logger.info(s"RESOLVED: Call to Local address ${localAddress.name}")
-        } else {
-          addFakeProcedure(localAddress.name)
-          functionNames += localAddress
-          Logger.info(s"Local address ${localAddress.name} does not exist in the program. Added a fake function.")
-        }
-      case _ =>
-    }
-    functionNames
-  }
-
-  modified
-}
-
-  */
-
-def resolveIndirectCallsUsingPointsTo(
-   cfg: ProgramCfg,
-   pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
-   regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
-   reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
-   IRProgram: Program
- ): Boolean = {
-  var modified: Boolean = false
-  val worklist = ListBuffer[CfgNode]()
-  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-  val visited = mutable.Set[CfgNode]()
+  val visited = mutable.Set[CFGPosition]()
   while (worklist.nonEmpty) {
     val node = worklist.remove(0)
     if (!visited.contains(node)) {
+      // add to worklist before we delete the node and can no longer find its successors
+      InterProcIRCursor.succ(node).foreach(node => worklist.addOne(node))
       process(node)
-      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
       visited.add(node)
     }
   }
@@ -181,7 +41,7 @@ def resolveIndirectCallsUsingPointsTo(
         if (regionContents.contains(stackRegion)) {
           for (c <- regionContents(stackRegion)) {
             c match {
-              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral) //???
               case memoryRegion: MemoryRegion =>
                 result.addAll(searchRegion(memoryRegion))
             }
@@ -195,7 +55,7 @@ def resolveIndirectCallsUsingPointsTo(
           result.add(dataRegion.regionIdentifier) // TODO: may need to investigate if we should add the parent region
           for (c <- regionContents(dataRegion)) {
             c match {
-              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral) //???
               case memoryRegion: MemoryRegion =>
                 result.addAll(searchRegion(memoryRegion))
             }
@@ -218,76 +78,70 @@ def resolveIndirectCallsUsingPointsTo(
       case Some(value) =>
         value.map {
           case v: RegisterVariableWrapper => names.addAll(resolveAddresses(v.variable, i))
-          case m: MemoryRegion => names.addAll(searchRegion(m))
+          case m: MemoryRegion            => names.addAll(searchRegion(m))
         }
         names
       case None => names
     }
   }
 
-  def process(n: CfgNode): Unit = n match {
-    case c: CfgJumpNode =>
-      val block = c.block
-      c.data match
-        // don't try to resolve returns
-        case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
-          if (!indirectCall.hasParent) {
-            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-            // to replace.
-            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-            return
-          }
-          assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-
-          val targetNames = resolveAddresses(indirectCall.target, indirectCall)
-          Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
-          Logger.debug(IRProgram.procedures)
-          val targets: mutable.Set[Procedure] = targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
-
-          if (targets.size > 1) {
-            Logger.info(s"Resolved indirect call $indirectCall")
+  def process(n: CFGPosition): Unit = n match {
+    case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
+      if (!indirectCall.hasParent) {
+        // skip if we have already processesd this call
+        return
+      }
+      // we need the single-call-at-end-of-block invariant
+      assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+
+      val block = indirectCall.parent
+      val procedure = block.parent
+
+      val targetNames = resolveAddresses(indirectCall.target, indirectCall)
+      Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
+      Logger.debug(IRProgram.procedures)
+      val targets: mutable.Set[Procedure] =
+        targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
+
+      if (targets.size > 1) {
+        Logger.info(s"Resolved indirect call $indirectCall")
+      }
+
+      if (targets.size == 1) {
+        modified = true
+
+        val newCall = DirectCall(targets.head, indirectCall.label)
+        block.statements.replace(indirectCall, newCall)
+      } else if (targets.size > 1) {
+
+        val oft = indirectCall.parent.jump
+
+        modified = true
+        val newBlocks = ArrayBuffer[Block]()
+        for (t <- targets) {
+          Logger.debug(targets)
+          val address = t.address.match {
+            case Some(a) => a
+            case None =>
+              throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
           }
-
-
-          if (targets.size == 1) {
-            modified = true
-
-            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-            val newCall = DirectCall(targets.head, indirectCall.label)
-            block.statements.replace(indirectCall, newCall)
-          } else if (targets.size > 1) {
-
-            val oft = indirectCall.parent.jump
-
-            modified = true
-            val procedure = c.parent.data
-            val newBlocks = ArrayBuffer[Block]()
-            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-            for (t <- targets) {
-              Logger.debug(targets)
-              val address = t.address.match {
-                case Some(a) => a
-                case None => throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
-              }
-              val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
-              val newLabel: String = block.label + t.name
-              val directCall = DirectCall(t)
-
-              /* copy the goto node resulting */
-              val fallthrough = oft match {
-                case g: GoTo => GoTo(g.targets, g.label)
-                case h: Halt => Halt()
-                case r: Return => Return()
-              }
-              newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-            }
-            block.statements.remove(indirectCall)
-            procedure.addBlocks(newBlocks)
-            val newCall = GoTo(newBlocks, indirectCall.label)
-            block.replaceJump(newCall)
+          val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
+          val newLabel: String = block.label + t.name
+          val directCall = DirectCall(t)
+
+          /* copy the goto node resulting */
+          val fallthrough = oft match {
+            case g: GoTo        => GoTo(g.targets, g.label)
+            case h: Unreachable => Unreachable()
+            case r: Return      => Return()
           }
-        case _ =>
+          newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
+        }
+        block.statements.remove(indirectCall)
+        procedure.addBlocks(newBlocks)
+        val newCall = GoTo(newBlocks, indirectCall.label)
+        block.replaceJump(newCall)
+      }
     case _ =>
   }
 
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index 91681ab8e..f41c25e3d 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -13,7 +13,7 @@ class ReplaceReturns extends CILVisitor {
     j match {
       case IndirectCall(Register("R30", _), _) => {
         assert(j.parent.statements.lastOption.contains(j))
-        if (j.parent.jump.isInstanceOf[Halt | Return]) {
+        if (j.parent.jump.isInstanceOf[Unreachable | Return]) {
           j.parent.replaceJump(Return())
           ChangeTo(List())
         } else {
@@ -32,7 +32,6 @@ def addReturnBlocks(p: Program, toAll: Boolean = false) = {
   p.procedures.foreach(p => {
     val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
     if (toAll && p.blocks.isEmpty && p.entryBlock.isEmpty && p.returnBlock.isEmpty) {
-      Logger.info(s"proc ${p.name} ${p.entryBlock}, ${p.returnBlock}")
       p.returnBlock = (Block(label=p.name + "_basil_return",jump=Return()))
       p.entryBlock = (Block(label=p.name + "_basil_entry",jump=GoTo(p.returnBlock.get)))
     } else if (p.returnBlock.isEmpty && (toAll || containsReturn)) {
diff --git a/src/main/scala/ir/transforms/SplitThreads.scala b/src/main/scala/ir/transforms/SplitThreads.scala
index 7f36fdb3c..8678720e7 100644
--- a/src/main/scala/ir/transforms/SplitThreads.scala
+++ b/src/main/scala/ir/transforms/SplitThreads.scala
@@ -11,7 +11,6 @@ import util.Logger
 import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
 import util.intrusive_list.IntrusiveList
-import analysis.CfgCommandNode
 import scala.collection.mutable
 import cilvisitor._
 
diff --git a/src/main/scala/ir/transforms/StripUnreachableFunctions.scala b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
new file mode 100644
index 000000000..96784cc28
--- /dev/null
+++ b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
@@ -0,0 +1,38 @@
+package ir.transforms
+import ir._
+import collection.mutable
+
+// This shouldn't be run before indirect calls are resolved
+def stripUnreachableFunctions(p: Program, depth: Int = Int.MaxValue): Unit = {
+  val procedureCalleeNames = p.procedures.map(f => f.name -> f.calls.map(_.name)).toMap
+
+  val toVisit: mutable.LinkedHashSet[(Int, String)] = mutable.LinkedHashSet((0, p.mainProcedure.name))
+  var reachableFound = true
+  val reachableNames = mutable.HashMap[String, Int]()
+  while (toVisit.nonEmpty) {
+    val next = toVisit.head
+    toVisit.remove(next)
+
+    if (next._1 <= depth) {
+
+      def addName(depth: Int, name: String): Unit = {
+        val oldDepth = reachableNames.getOrElse(name, Integer.MAX_VALUE)
+        reachableNames.put(next._2, if depth < oldDepth then depth else oldDepth)
+      }
+      addName(next._1, next._2)
+
+      val callees = procedureCalleeNames(next._2)
+
+      toVisit.addAll(callees.diff(reachableNames.keySet).map(c => (next._1 + 1, c)))
+      callees.foreach(c => addName(next._1 + 1, c))
+    }
+  }
+  p.procedures = p.procedures.filter(f => reachableNames.keySet.contains(f.name))
+
+  for (elem <- p.procedures.filter(c => c.calls.exists(s => !p.procedures.contains(s)))) {
+    // last layer is analysed only as specifications so we remove the body for anything that calls
+    // a function we have removed
+
+    elem.clearBlocks()
+  }
+}
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index 90ba61335..93a5010cf 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -136,11 +136,11 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
       jumps.head match {
         case b: BAPDirectCall =>
           val call = Some(DirectCall(nameToProcedure(b.target),Some(b.line)))
-          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Unreachable())
           (call, ft, ArrayBuffer())
         case b: BAPIndirectCall =>
           val call = IndirectCall(b.target.toIR, Some(b.line))
-          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Unreachable())
           (Some(call), ft, ArrayBuffer())
         case b: BAPGoTo =>
           val target = labelToBlock(b.target)
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index ad090eb90..b1483343d 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -364,7 +364,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // need to copy jump as it can't have multiple parents
       val jumpCopy = currentBlock.jump match {
         case GoTo(targets, label) => GoTo(targets, label)
-        case h: Halt => Halt()
+        case h: Unreachable => Unreachable()
         case r: Return => Return() 
         case _ => throw Exception("this shouldn't be reachable")
       }
@@ -392,7 +392,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               case _ => throw Exception(s"no assignment to program counter found before indirect call in block ${block.label}")
             }
             block.statements.remove(block.statements.last) // remove _PC assignment
-            (Some(IndirectCall(target)), Halt())
+            (Some(IndirectCall(target)), Unreachable())
           } else if (proxySymbols.size > 1) {
             // TODO requires further consideration once encountered
             throw Exception(s"multiple uuidToSymbol ${proxySymbols.map(_.name).mkString(", ")} associated with proxy block ${byteStringToString(edge.targetUuid)}, target of indirect call from block ${block.label}")
@@ -408,7 +408,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               proc
             }
             removePCAssign(block)
-            (Some(DirectCall(target)), Halt())
+            (Some(DirectCall(target)), Unreachable())
           }
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           // resolved indirect jump
@@ -428,7 +428,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           val jump = if (procedure == targetProc) {
             (None, GoTo(mutable.Set(uuidToBlock(edge.targetUuid))))
           } else {
-            (Some(DirectCall(targetProc)), Halt())
+            (Some(DirectCall(targetProc)), Unreachable())
           }
           removePCAssign(block)
           jump
@@ -450,7 +450,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           // probably doesn't actually happen in practice since it seems to be after brk instructions?
           val targetProc = entranceUUIDtoProcedure(edge.targetUuid)
           // assuming fallthrough won't fall through to start of own procedure
-          (Some(DirectCall(targetProc)), Halt())
+          (Some(DirectCall(targetProc)), Unreachable())
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           val target = uuidToBlock(edge.targetUuid)
           (None, GoTo(mutable.Set(target)))
@@ -463,7 +463,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
           val target = entranceUUIDtoProcedure(edge.targetUuid)
           removePCAssign(block)
-          (Some(DirectCall(target)), Halt())
+          (Some(DirectCall(target)), Unreachable())
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known procedure entrance")
         }
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index 99b64bc6e..856b18934 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -61,7 +61,12 @@ private class ILSerialiser extends ReadOnlyVisitor {
   }
 
   override def visitJump(node: Jump): Jump = {
-    node.acceptVisit(this)
+    node match {
+      case j: GoTo => program ++= s"goTo(${j.targets.map(_.label).mkString(", ")})" 
+      case h: Unreachable => program ++= "halt"
+      case h: Return => program ++= "return"
+    }
+
     node
   }
 
@@ -77,7 +82,6 @@ private class ILSerialiser extends ReadOnlyVisitor {
   override def visitDirectCall(node: DirectCall): Statement = {
     program ++= "DirectCall("
     program ++= procedureIdentifier(node.target)
-    program ++= ", "
     program ++= ")" // DirectCall
     node
   }
@@ -95,7 +99,10 @@ private class ILSerialiser extends ReadOnlyVisitor {
     program ++= "Block(" + blockIdentifier(node) + ",\n"
     indentLevel += 1
     program ++= getIndent()
-    program ++= "statements(\n"
+    program ++= "statements("
+    if (node.statements.size > 0) {
+      program ++= "\n"
+    }
     indentLevel += 1
 
     for (s <- node.statements) {
@@ -105,8 +112,7 @@ private class ILSerialiser extends ReadOnlyVisitor {
     }
     indentLevel -= 1
     program ++= getIndent() + "),\n"
-    program ++= getIndent() + "jumps(\n"
-    program ++= getIndent()
+    program ++= getIndent() + "jump("
     visitJump(node.jump)
     program ++= ")\n"
     indentLevel -= 1
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index e37f9ce92..6cf271de5 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -650,7 +650,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
     case r: Return => List(ReturnCmd)
-    case r: Halt => List(BAssume(FalseBLiteral))
+    case r: Unreachable => List(BAssume(FalseBLiteral))
   }
 
   def translate(j: Call): List[BCmd] = j match {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 059701ab2..aeaaa6916 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -13,7 +13,6 @@ import java.io.{BufferedWriter, FileWriter, IOException}
 import scala.jdk.CollectionConverters.*
 import analysis.solvers.*
 import analysis.*
-import cfg_visualiser.Output
 import bap.*
 import ir.*
 import boogie.*
@@ -28,7 +27,6 @@ import util.Logger
 import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
 import util.intrusive_list.IntrusiveList
-import analysis.CfgCommandNode
 import cilvisitor._
 
 import scala.annotation.tailrec
@@ -51,7 +49,6 @@ case class IRContext(
 /** Stores the results of the static analyses.
   */
 case class StaticAnalysisContext(
-    cfg: ProgramCfg,
     constPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
     IRconstPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
     memoryRegionResult: Map[CFGPosition, LiftedElement[Set[MemoryRegion]]],
@@ -216,7 +213,7 @@ object IRTransform {
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
-    ctx.program.stripUnreachableFunctions(config.procedureTrimDepth)
+    transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
     Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
@@ -273,15 +270,12 @@ object StaticAnalysis {
     newLoops.foreach(l => Logger.info(s"Loop found: ${l.name}"))
 
     config.analysisDotPath.foreach { s =>
-      val newCFG = ProgramCfgFactory().fromIR(IRProgram)
-      writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG-reducible.dot")
+      writeToFile(dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap), s"${s}_graph-after-reduce-$iteration.dot")
       writeToFile(dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-reduce-$iteration.dot")
     }
 
     val mergedSubroutines = subroutines ++ externalAddresses
 
-    val cfg = ProgramCfgFactory().fromIR(IRProgram)
-
     val domain = computeDomain(IntraProcIRCursor, IRProgram.procedures)
 
     Logger.info("[!] Running ANR")
@@ -320,11 +314,17 @@ object StaticAnalysis {
 
 
     Logger.info("[!] Running RegToMemAnalysisSolver")
-    val regionAccessesAnalysisSolver = RegionAccessesAnalysisSolver(cfg, constPropResult, reachingDefinitionsAnalysisResults)
+    val regionAccessesAnalysisSolver = RegionAccessesAnalysisSolver(IRProgram, constPropResult, reachingDefinitionsAnalysisResults)
     val regionAccessesAnalysisResults = regionAccessesAnalysisSolver.analyze()
 
-    config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(regionAccessesAnalysisResults, true), Output.dotIder), s"${s}_RegTo$iteration.dot"))
-    config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(cfg, regionAccessesAnalysisResults, iteration), s"${s}_RegTo$iteration.txt"))
+//     config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(regionAccessesAnalysisResults, true), Output.dotIder), s"${s}_RegTo$iteration.dot"))
+    config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(IRProgram, regionAccessesAnalysisResults), s"${s}_RegTo$iteration.txt"))
+    config.analysisDotPath.foreach(s => {
+      writeToFile(
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> regionAccessesAnalysisResults(b).toString).toMap),
+        s"${s}_RegTo$iteration.dot"
+      )
+    })
 
     Logger.info("[!] Running Constant Propagation with SSA")
     val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
@@ -365,10 +365,8 @@ object StaticAnalysis {
     mmm.logRegions(memoryRegionContents)
 
     // turn fake procedures into diamonds
-    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     Logger.info("[!] Running VSA")
-    val vsaSolver =
-      ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
+    val vsaSolver = ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
     Logger.info("[!] Running Interprocedural Live Variables Analysis")
@@ -380,7 +378,6 @@ object StaticAnalysis {
     // val paramResults = Map[Procedure, Set[Variable]]()
 
     StaticAnalysisContext(
-      cfg = cfg,
       constPropResult = constPropResult,
       IRconstPropResult = newCPResult,
       memoryRegionResult = mraResult,
@@ -394,34 +391,6 @@ object StaticAnalysis {
     )
   }
 
-  /** Converts MapLattice of CfgNodes to a MapLattice from IRPosition.
-    * @param cfg
-    *   The CFG
-    * @param result
-    *   The analysis result MapLattice
-    * @tparam T
-    *   The analysis result type.
-    * @return
-    *   The new map analysis result.
-    */
-  def convertAnalysisResults[T](cfg: ProgramCfg, result: Map[CfgNode, T]): Map[CFGPosition, T] = {
-    val results = mutable.HashMap[CFGPosition, T]()
-    result.foreach((node, res) =>
-      node match {
-        case s: CfgStatementNode     => results.addOne(s.data -> res)
-        case s: CfgFunctionEntryNode => results.addOne(s.data -> res)
-        case s: CfgJumpNode          => results.addOne(s.data -> res)
-        case s: CfgCommandNode       => results.addOne(s.data -> res)
-        case _                       => ()
-      }
-    )
-
-    results.toMap
-  }
-
-  def printAnalysisResults[T](program: Program, cfg: ProgramCfg, result: Map[CfgNode, T]): String = {
-    printAnalysisResults(program, convertAnalysisResults(cfg, result))
-  }
 
   def printAnalysisResults(prog: Program, result: Map[CFGPosition, _]): String = {
     val results = mutable.ArrayBuffer[String]()
@@ -465,86 +434,6 @@ object StaticAnalysis {
     results.mkString(System.lineSeparator())
   }
 
-  def printAnalysisResults(cfg: ProgramCfg, result: Map[CfgNode, _], iteration: Int): String = {
-    val functionEntries = cfg.nodes.collect { case n: CfgFunctionEntryNode => n }.toSeq.sortBy(_.data.name)
-    val s = StringBuilder()
-    s.append(System.lineSeparator())
-    for (f <- functionEntries) {
-      val stack: mutable.Stack[CfgNode] = mutable.Stack()
-      val visited: mutable.Set[CfgNode] = mutable.Set()
-      stack.push(f)
-      var previousBlock: String = ""
-      var isEntryNode = false
-      while (stack.nonEmpty) {
-        val next = stack.pop()
-        if (!visited.contains(next)) {
-          visited.add(next)
-          next.match {
-            case c: CfgCommandNode =>
-              if (c.block.label != previousBlock) {
-                printBlock(c)
-              }
-              c match {
-                case _: CfgStatementNode => s.append("    ")
-                case _                   => ()
-              }
-              printNode(c)
-              previousBlock = c.block.label
-              isEntryNode = false
-            case c: CfgFunctionEntryNode =>
-              printNode(c)
-              isEntryNode = true
-            case c: CfgCallNoReturnNode =>
-              s.append(System.lineSeparator())
-              isEntryNode = false
-            case _ => isEntryNode = false
-          }
-          val successors = next.succIntra
-          if (successors.size > 1) {
-            val successorsCmd = successors.collect { case c: CfgCommandNode => c }.toSeq.sortBy(_.data.toString)
-            printGoTo(successorsCmd)
-            for (s <- successorsCmd) {
-              if (!visited.contains(s)) {
-                stack.push(s)
-              }
-            }
-          } else if (successors.size == 1) {
-            val successor = successors.head
-            if (!visited.contains(successor)) {
-              stack.push(successor)
-            }
-            successor.match {
-              case c: CfgCommandNode if (c.block.label != previousBlock) && (!isEntryNode) => printGoTo(Seq(c))
-              case _                                                                       =>
-            }
-          }
-        }
-      }
-      s.append(System.lineSeparator())
-    }
-
-    def printNode(node: CfgNode): Unit = {
-      s.append(node)
-      s.append(" :: ")
-      s.append(result(node))
-      s.append(System.lineSeparator())
-    }
-
-    def printGoTo(nodes: Seq[CfgCommandNode]): Unit = {
-      s.append("[GoTo] ")
-      s.append(nodes.map(_.block.label).mkString(", "))
-      s.append(System.lineSeparator())
-      s.append(System.lineSeparator())
-    }
-
-    def printBlock(node: CfgCommandNode): Unit = {
-      s.append("[Block] ")
-      s.append(node.block.label)
-      s.append(System.lineSeparator())
-    }
-
-    s.toString
-  }
 
 }
 
@@ -608,7 +497,7 @@ object RunUtils {
       val result = StaticAnalysis.analyse(ctx, config, iteration)
       analysisResult.append(result)
       Logger.info("[!] Replacing Indirect Calls")
-      modified = transforms.resolveIndirectCallsUsingPointsTo(result.cfg,
+      modified = transforms.resolveIndirectCallsUsingPointsTo(
         result.steensgaardResults,
         result.memoryRegionContents,
         result.reachingDefs,
@@ -626,11 +515,6 @@ object RunUtils {
       transforms.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.memoryRegionContents, analysisResult.last.reachingDefs)
     }
 
-    config.analysisDotPath.foreach { s =>
-      val newCFG = analysisResult.last.cfg
-      writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG.dot")
-    }
-
     assert(invariant.singleCallBlockEnd(ctx.program))
     Logger.info(s"[!] Finished indirect call resolution after $iteration iterations")
     analysisResult.last
diff --git a/src/test/scala/IndirectCallsTests.scala b/src/test/scala/IndirectCallsTests.scala
index 15c635fc9..fbc5a4362 100644
--- a/src/test/scala/IndirectCallsTests.scala
+++ b/src/test/scala/IndirectCallsTests.scala
@@ -84,7 +84,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
                   case _ => 
                 }
         }
-        println(result.ir.program)
         assert(expectedCallTransform.isEmpty)
   }
 
@@ -122,7 +121,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -160,7 +158,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -204,7 +201,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -248,7 +244,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -291,7 +286,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -335,7 +329,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -363,7 +356,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         "l000004f3set_seven" -> ("set_seven", "R0")
       )
 
-    println("prev " + result.ir.program)
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
@@ -375,7 +367,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -414,7 +405,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -453,7 +443,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         }
 
       // Traverse the statements in the main function
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
diff --git a/src/test/scala/LiveVarsAnalysisTests.scala b/src/test/scala/LiveVarsAnalysisTests.scala
index e1b142001..881ad61fc 100644
--- a/src/test/scala/LiveVarsAnalysisTests.scala
+++ b/src/test/scala/LiveVarsAnalysisTests.scala
@@ -115,10 +115,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
       proc("main",
         block("main_first_call",
-          directCall("wrapper1"), goto("main_second_call")
+          directCall("wrapper1"), 
+          goto("main_second_call")
         ),
         block("main_second_call",
-          directCall("wrapper2"), goto("main_return")
+          directCall("wrapper2"), 
+          goto("main_return")
         ),
         block("main_return", ret)
       ),
@@ -128,10 +130,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       proc("wrapper1",
         block("wrapper1_first_call",
           Assign(R1, constant1),
-          directCall("callee"), goto("wrapper1_second_call")
+          directCall("callee"), 
+          goto("wrapper1_second_call")
         ),
         block("wrapper1_second_call",
-          directCall("callee2"), goto("wrapper1_return")),
+          directCall("callee2"), 
+          goto("wrapper1_return")),
         block("wrapper1_return", ret)
       ),
       proc("wrapper2",
@@ -349,12 +353,11 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // main has no parameters, get_two has three and a return
-    assert(analysisResults(blocks("lmain").jump) == Map(R29 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("l000003ec").jump) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
-    assert(analysisResults(blocks("l00000430").jump) == Map(R31 -> TwoElementTop)) // printf aftercall
-    assert(analysisResults(blocks("main_basil_return").jump) == Map(R30 -> TwoElementTop))
-    assert(analysisResults(blocks("lget_two").jump) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("get_two_basil_return").jump) == Map(R0 -> TwoElementTop,  R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lmain")) == Map(R29 -> TwoElementTop, R31 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(analysisResults(blocks("l000003ec")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
+    assert(analysisResults(blocks("l00000430")) == Map(R31 -> TwoElementTop)) // printf aftercall
+    assert(analysisResults(blocks("lget_two")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("get_two_basil_return")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("ifbranches") {
diff --git a/src/test/scala/MemoryRegionAnalysisMiscTest.scala b/src/test/scala/MemoryRegionAnalysisMiscTest.scala
index 2844548d1..a7d7e4e73 100644
--- a/src/test/scala/MemoryRegionAnalysisMiscTest.scala
+++ b/src/test/scala/MemoryRegionAnalysisMiscTest.scala
@@ -1,4 +1,4 @@
-import analysis.{CfgNode, LiftedElement, MemoryRegion}
+import analysis.{LiftedElement, MemoryRegion}
 import org.scalatest.Inside.inside
 import org.scalatest.*
 import org.scalatest.funsuite.*
diff --git a/src/test/scala/ir/IRTest.scala b/src/test/scala/ir/IRTest.scala
index 7421c2a28..ac6df38cf 100644
--- a/src/test/scala/ir/IRTest.scala
+++ b/src/test/scala/ir/IRTest.scala
@@ -223,7 +223,7 @@ class IRTest extends AnyFunSuite {
       Assign(R0, bv64(22)),
       Assign(R0, bv64(22)),
       directCall("main"),
-      halt
+      unreachable 
     ).resolve(p)
     val b2 = block("newblock1",
       Assign(R0, bv64(22)),
@@ -249,7 +249,7 @@ class IRTest extends AnyFunSuite {
     val b3 = block("newblock3",
       Assign(R0, bv64(22)),
       directCall("called"),
-      halt
+      unreachable
     ).resolve(p)
 
     assert(b3.calls.toSet == Set(p.procs("called")))
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 47cf65e3c..57f9739fe 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -30,7 +30,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     var IRProgram = IRTranslator.translate
     IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)
     IRProgram = Renamer(Set("free")).visitProgram(IRProgram)
-    IRProgram.stripUnreachableFunctions()
+    transforms.stripUnreachableFunctions(IRProgram)
     val stackIdentification = StackSubstituter()
     stackIdentification.visitProgram(IRProgram)
     IRProgram.setModifies(Map())

From bd6b2adb61b9752a9157355ddef98e84b2ed8e31 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 12:15:10 +1000
Subject: [PATCH 004/127] update docs

---
 docs/basil-ir.md | 45 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 39 insertions(+), 6 deletions(-)

diff --git a/docs/basil-ir.md b/docs/basil-ir.md
index fe30af78d..4c152db8d 100644
--- a/docs/basil-ir.md
+++ b/docs/basil-ir.md
@@ -3,6 +3,7 @@
 BASIL IR is the intermediate representation used during static analysis. 
 This is on contrast to Boogie IR which is used for specification annotation, and output to textual boogie syntax that can be run through the Boogie verifier. 
 
+
 The grammar is described below, note that the IR is a data-structure, without a concrete textual representation so the below grammar only represents the structure. 
 We omit the full description of the expression language because it is relatively standard.  
 
@@ -13,13 +14,16 @@ The IR has a completely standard simple type system that is enforced at construc
 Program ::=&~ Procedure* \\
 Procedure ::=&~ (name: ProcID) (entryBlock: Block) (returnBlock: Block) (blocks: Block*) \\
                &~ \text{Where }entryBlock, returnBlock \in blocks \\
-Block ::=&~ BlockID \; (Statement*)\; Jump \; (fallthrough: (GoTo | None))\\
-         &~ \text{Where $fallthough$ may be $GoTo$ IF $Jump$ is $Call$} \\
+Block_1 ::=&~ BlockID \; Statement*\; Call? \; Jump \; \\
+Block_2 ::=&~ BlockID \; (Statement | Call)*\; Jump \; \\
+\\
+&~ Block = Block_1 \text{ is a structural invariant that holds during all the early analysis/transform stages}
+\\
 Statement ::=&~ MemoryAssign ~|~ LocalAssign ~|~ Assume ~|~ Assert ~|~ NOP \\
 ProcID ::=&~ String \\
 BlockID ::=&~ String \\
 \\
-Jump ::=&~ Call ~|~ GoTo \\
+Jump ::=&~ GoTo ~|~ Unreachable ~|~ Return \\
 GoTo ::=&~ \text{goto } BlockID* \\
 Call ::=&~ DirectCall ~|~ IndirectCall  \\
 DirectCall ::=&~ \text{call } ProcID \\
@@ -46,6 +50,33 @@ Endian ::=&~ BigEndian ~|~ LittleEndian \\
 \end{align*}
 ```
 
+- The `GoTo` jump is a multi-target jump reprsenting non-deterministic choice between its targets. 
+  Conditional structures are represented by these with a guard (an assume statement) beginning each target. 
+- The `Unreachable` jump is used to signify the absence of successors, it has the semantics of `assume false`.
+- The `Return` jump passes control to the calling function, often this is over-approximated to all functions which call the statement's parent procedure.
+
+## Translation Phases
+
+#### IR With Returns
+
+- Immediately after loading the IR return statements may appear in any block, or may be represented by indirect calls. 
+  The transform pass below replaces all calls to the link register (R30) with return statements. 
+  In the future, more proof is required to implement this soundly.
+  
+```
+cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
+transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
+cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
+```
+
+This ensures that all returning, non-stub procedures have exactly one return statement residing in their `returnBlock`.
+
+#### Calls appear only as the last statement in a block 
+
+- The structure of the IR allows a call may appear anywhere in the block but for all the analysis passes we hold the invariant that it 
+  only appears as the last statement. This is checked with the function `singleCallBlockEnd(p: Program)`.
+  And it means for any call statement `c` we may `assert(c.parent.statements.lastOption.contains(c))`.
+
 ## Interaction with BASIL IR
 
 ### Constructing Programs in Code
@@ -62,10 +93,12 @@ var program: Program = prog(
     block("first_call",
       Assign(R0, bv64(1), None)
       Assign(R1, bv64(1), None)
-      directCall("callee1", Some("second_call"))
+      directCall("callee1"),
+      goto("second_call"))
     ),
     block("second_call",
-      directCall("callee2", Some("returnBlock"))
+      directCall("callee2"),
+      goto("returnBlock")
     ),
     block("returnBlock",
       ret
@@ -82,7 +115,7 @@ program     ::= prog ( procedure+ )
 procedure   ::= proc (procname, block+)
 block       ::= block(blocklabel, statement+, jump)
 statement   ::= <BASIL IR Statement>
-jump        ::= call_s | goto_s | ret
+jump        ::= goto_s | ret | unreachable
 call_s      ::= directCall (procedurename, None | Some(blocklabel))  // target, fallthrough 
 goto_s      ::= goto(blocklabel+)                              // targets
 procname    ::= String

From 96b902837677228b6b2c8eb31bc80424b33bbf2a Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 16:22:51 +1000
Subject: [PATCH 005/127] pe based expr evaluator

---
 src/main/scala/analysis/Lattice.scala         |   4 +-
 src/main/scala/analysis/UtilMethods.scala     |  66 +----
 src/main/scala/ir/Expr.scala                  |   9 +-
 src/main/scala/ir/Program.scala               |   2 +-
 .../eval/Bitvector.scala}                     |  36 +--
 .../scala/ir/{ => eval}/Interpreter.scala     | 196 ++++-----------
 src/main/scala/ir/eval/expr.scala             | 228 ++++++++++++++++++
 7 files changed, 306 insertions(+), 235 deletions(-)
 rename src/main/scala/{analysis/BitVectorEval.scala => ir/eval/Bitvector.scala} (90%)
 rename src/main/scala/ir/{ => eval}/Interpreter.scala (54%)
 create mode 100644 src/main/scala/ir/eval/expr.scala

diff --git a/src/main/scala/analysis/Lattice.scala b/src/main/scala/analysis/Lattice.scala
index 0ef98020f..cb499f8c3 100644
--- a/src/main/scala/analysis/Lattice.scala
+++ b/src/main/scala/analysis/Lattice.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import ir._
-import analysis.BitVectorEval
+import ir.eval.BitVectorEval
 import util.Logger
 
 /** Basic lattice
@@ -244,4 +244,4 @@ class ConstantPropagationLatticeWithSSA extends PowersetLattice[BitVecLiteral] {
     apply(BitVectorEval.boogie_extract(high, low, _: BitVecLiteral), a)
 
   def concat(a: Set[BitVecLiteral], b: Set[BitVecLiteral]): Set[BitVecLiteral] = apply(BitVectorEval.smt_concat, a, b)
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/UtilMethods.scala b/src/main/scala/analysis/UtilMethods.scala
index 2d6c54090..0b7925894 100644
--- a/src/main/scala/analysis/UtilMethods.scala
+++ b/src/main/scala/analysis/UtilMethods.scala
@@ -1,6 +1,7 @@
 package analysis
 import ir.*
 import util.Logger
+import ir.eval.BitVectorEval
 
 /** Evaluate an expression in a hope of finding a global variable.
   *
@@ -12,63 +13,14 @@ import util.Logger
   *   The evaluated expression (e.g. 0x69632)
   */
 def evaluateExpression(exp: Expr, constantPropResult: Map[Variable, FlatElement[BitVecLiteral]]): Option[BitVecLiteral] = {
-  Logger.debug(s"evaluateExpression: $exp")
-  exp match {
-    case binOp: BinaryExpr =>
-      val lhs = evaluateExpression(binOp.arg1, constantPropResult)
-      val rhs = evaluateExpression(binOp.arg2, constantPropResult)
-
-      (lhs, rhs) match {
-        case (Some(l: BitVecLiteral), Some(r: BitVecLiteral)) =>
-          val result = binOp.op match {
-            case BVADD => BitVectorEval.smt_bvadd(l, r)
-            case BVSUB => BitVectorEval.smt_bvsub(l, r)
-            case BVMUL => BitVectorEval.smt_bvmul(l, r)
-            case BVUDIV => BitVectorEval.smt_bvudiv(l, r)
-            case BVSDIV => BitVectorEval.smt_bvsdiv(l, r)
-            case BVSREM => BitVectorEval.smt_bvsrem(l, r)
-            case BVUREM => BitVectorEval.smt_bvurem(l, r)
-            case BVSMOD => BitVectorEval.smt_bvsmod(l, r)
-            case BVAND => BitVectorEval.smt_bvand(l, r)
-            case BVOR => BitVectorEval.smt_bvxor(l, r)
-            case BVXOR => BitVectorEval.smt_bvxor(l, r)
-            case BVNAND => BitVectorEval.smt_bvnand(l, r)
-            case BVNOR => BitVectorEval.smt_bvnor(l, r)
-            case BVXNOR => BitVectorEval.smt_bvxnor(l, r)
-            case BVSHL => BitVectorEval.smt_bvshl(l, r)
-            case BVLSHR => BitVectorEval.smt_bvlshr(l, r)
-            case BVASHR => BitVectorEval.smt_bvashr(l, r)
-            case BVCOMP => BitVectorEval.smt_bvcomp(l, r)
-            case BVCONCAT => BitVectorEval.smt_concat(l, r)
-            case x => throw RuntimeException("Binary operation support not implemented: " + binOp.op)
-          }
-          Some(result)
-        case _ => None
-      }
-    case extend: ZeroExtend =>
-      evaluateExpression(extend.body, constantPropResult) match {
-        case Some(b: BitVecLiteral) => Some(BitVectorEval.smt_zero_extend(extend.extension, b))
-        case None                => None
-      }
-    case extend: SignExtend =>
-      evaluateExpression(extend.body, constantPropResult) match {
-        case Some(b: BitVecLiteral) => Some(BitVectorEval.smt_sign_extend(extend.extension, b))
-        case None => None
-      }
-    case e: Extract =>
-      evaluateExpression(e.body, constantPropResult) match {
-        case Some(b: BitVecLiteral) => Some(BitVectorEval.boogie_extract(e.end, e.start, b))
-        case None               => None
-      }
-    case variable: Variable =>
-      constantPropResult(variable) match {
+  def value(v: Variable) = constantPropResult(v) match {
         case FlatEl(value) => Some(value)
-        case Top           => None
-        case Bottom        => None
-      }
-    case b: BitVecLiteral => Some(b)
-    case _ => //throw new RuntimeException("ERROR: CASE NOT HANDLED: " + exp + "\n")
-      None
+        case _             => None
+  }
+
+  ir.eval.evalBVExpr(exp, value) match {
+    case Right(v) => Some(v)
+    case Left(_) => None
   }
 }
 
@@ -170,4 +122,4 @@ def unwrapExpr(expr: Expr): Set[Expr] = {
     case _ =>
   }
   buffers
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 6a7c862cd..4b10fc092 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -1,5 +1,6 @@
 package ir
 
+
 import boogie._
 import scala.collection.mutable
 
@@ -28,18 +29,22 @@ sealed trait Literal extends Expr {
   override def acceptVisit(visitor: Visitor): Literal = visitor.visitLiteral(this)
 }
 
-sealed trait BoolLit extends Literal
+sealed trait BoolLit extends Literal {
+  def value: Boolean
+}
 
 case object TrueLiteral extends BoolLit {
   override def toBoogie: BoolBLiteral = TrueBLiteral
   override def getType: IRType = BoolType
   override def toString: String = "true"
+  override def value = true
 }
 
 case object FalseLiteral extends BoolLit {
   override def toBoogie: BoolBLiteral = FalseBLiteral
   override def getType: IRType = BoolType
   override def toString: String = "false"
+  override def value = false
 }
 
 case class BitVecLiteral(value: BigInt, size: Int) extends Literal {
@@ -391,4 +396,4 @@ case class StackMemory(override val name: String, override val addressSize: Int,
 // A non-stack region of memory, which is shared between threads
 case class SharedMemory(override val name: String, override val addressSize: Int, override val valueSize: Int) extends Memory {
   override def acceptVisit(visitor: Visitor): Memory = visitor.visitSharedMemory(this)
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 54916b27c..0a19add9c 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -3,9 +3,9 @@ package ir
 import scala.collection.mutable.ArrayBuffer
 import scala.collection.{IterableOnceExtensionMethods, View, immutable, mutable}
 import boogie.*
-import analysis.BitVectorEval
 import util.intrusive_list.*
 import translating.serialiseIL
+import eval.BitVectorEval
 
 class Program(var procedures: ArrayBuffer[Procedure],
               var mainProcedure: Procedure,
diff --git a/src/main/scala/analysis/BitVectorEval.scala b/src/main/scala/ir/eval/Bitvector.scala
similarity index 90%
rename from src/main/scala/analysis/BitVectorEval.scala
rename to src/main/scala/ir/eval/Bitvector.scala
index 0b5847506..b3e426010 100644
--- a/src/main/scala/analysis/BitVectorEval.scala
+++ b/src/main/scala/ir/eval/Bitvector.scala
@@ -1,6 +1,6 @@
-package analysis
+package ir.eval 
+
 import ir._
-import analysis.BitVectorEval.*
 
 import scala.math.pow
 
@@ -157,15 +157,15 @@ object BitVectorEval {
   /** (bvneq (_ BitVec m) (_ BitVec m))
     *   - not equal too
     */
-  def smt_bveq(s: BitVecLiteral, t: BitVecLiteral): BoolLit = {
-    bool2BoolLit(s == t)
+  def smt_bveq(s: BitVecLiteral, t: BitVecLiteral): Boolean = {
+    s == t
   }
 
   /** (bvneq (_ BitVec m) (_ BitVec m))
     *   - not equal too
     */
-  def smt_bvneq(s: BitVecLiteral, t: BitVecLiteral): BoolLit = {
-    bool2BoolLit(s != t)
+  def smt_bvneq(s: BitVecLiteral, t: BitVecLiteral): Boolean = {
+    s != t
   }
 
   /** (bvshl (_ BitVec m) (_ BitVec m) (_ BitVec m))
@@ -259,55 +259,55 @@ object BitVectorEval {
   /** (bvult (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for unsigned less-than
     */
-  def smt_bvult(s: BitVecLiteral, t: BitVecLiteral): BoolLit = {
-    bool2BoolLit(bv2nat(s) < bv2nat(t))
+  def smt_bvult(s: BitVecLiteral, t: BitVecLiteral): Boolean = {
+    bv2nat(s) < bv2nat(t)
   }
 
   /** (bvule (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for unsigned less than or equal
     */
-  def smt_bvule(s: BitVecLiteral, t: BitVecLiteral): BoolLit = {
-    bool2BoolLit(bv2nat(s) <= bv2nat(t))
+  def smt_bvule(s: BitVecLiteral, t: BitVecLiteral): Boolean = {
+    bv2nat(s) <= bv2nat(t)
   }
 
   /** (bvugt (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for unsigned greater than
     */
-  def smt_bvugt(s: BitVecLiteral, t: BitVecLiteral): BoolLit = {
+  def smt_bvugt(s: BitVecLiteral, t: BitVecLiteral): Boolean = {
     smt_bvult(t, s)
   }
 
   /** (bvuge (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for unsigned greater than or equal
     */
-  def smt_bvuge(s: BitVecLiteral, t: BitVecLiteral): BoolLit = smt_bvule(t, s)
+  def smt_bvuge(s: BitVecLiteral, t: BitVecLiteral): Boolean = smt_bvule(t, s)
 
   /** (bvslt (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for signed less than
     */
-  def smt_bvslt(s: BitVecLiteral, t: BitVecLiteral): BoolLit = {
+  def smt_bvslt(s: BitVecLiteral, t: BitVecLiteral): Boolean = {
     val sNeg = isNegative(s)
     val tNeg = isNegative(t)
-    bool2BoolLit((sNeg && !tNeg) || ((sNeg == tNeg) && (smt_bvult(s, t) == TrueLiteral)))
+    (sNeg && !tNeg) || ((sNeg == tNeg) && (smt_bvult(s, t)))
   }
 
   /** (bvsle (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for signed less than or equal
     */
-  def smt_bvsle(s: BitVecLiteral, t: BitVecLiteral): BoolLit =
+  def smt_bvsle(s: BitVecLiteral, t: BitVecLiteral): Boolean =
     val sNeg = isNegative(s)
     val tNeg = isNegative(t)
-    bool2BoolLit((sNeg && !tNeg) || ((sNeg == tNeg) && (smt_bvule(s, t) == TrueLiteral)))
+    (sNeg && !tNeg) || ((sNeg == tNeg) && (smt_bvule(s, t)))
 
   /** (bvsgt (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for signed greater than
     */
-  def smt_bvsgt(s: BitVecLiteral, t: BitVecLiteral): BoolLit = smt_bvslt(t, s)
+  def smt_bvsgt(s: BitVecLiteral, t: BitVecLiteral): Boolean = smt_bvslt(t, s)
 
   /** (bvsge (_ BitVec m) (_ BitVec m) Bool)
     *   - binary predicate for signed greater than or equal
     */
-  def smt_bvsge(s: BitVecLiteral, t: BitVecLiteral): BoolLit = smt_bvsle(t, s)
+  def smt_bvsge(s: BitVecLiteral, t: BitVecLiteral): Boolean = smt_bvsle(t, s)
 
   def smt_bvashr(s: BitVecLiteral, t: BitVecLiteral): BitVecLiteral =
     if (!isNegative(s)) {
diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
similarity index 54%
rename from src/main/scala/ir/Interpreter.scala
rename to src/main/scala/ir/eval/Interpreter.scala
index 0430ef66a..b2f45ed1a 100644
--- a/src/main/scala/ir/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -1,10 +1,29 @@
 package ir
-import analysis.BitVectorEval.*
+import ir.eval.BitVectorEval.*
 import util.Logger
 
 import scala.collection.mutable
 import scala.util.control.Breaks.{break, breakable}
 
+
+// enum Asssumption:
+//   case Assume(x: Expr)
+//   case Jump(choice: Block)
+//   case Not(a: Assumption)
+// 
+// 
+// class State() {
+//   // stack of assumptions
+//   var assumptions: mutable.Stack[Assumption] = mutable.Stack()
+//   var memory: mutable.Map[Memory, Map[BigInt, BigInt]] = Map()
+//   var bvValues: mutable.Map[Variable, BigInt] = Map()
+//   var intValues: mutable.Map[Variable, BigInt] = Map()
+// 
+//   var nextCmd: Option[Command] = None
+//   var returnCmd: mutable.Stack[Command] = mutable.Stack()
+// }
+
+
 class Interpreter() {
   val regs: mutable.Map[Variable, BitVecLiteral] = mutable.Map()
   val mems: mutable.Map[Int, BitVecLiteral] = mutable.Map()
@@ -15,155 +34,28 @@ class Interpreter() {
   private val returnCmd: mutable.Stack[Command] = mutable.Stack()
 
   def eval(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BitVecLiteral = {
-    exp match {
-      case id: Variable =>
-        env.get(id) match {
-          case Some(value) =>
-            Logger.debug(s"\t${id.name} == 0x${value.value.toString(16)}[u${value.size}]")
-            value
-          case _ => throw new Exception(s"$id not found in env")
-        }
-
-      case n: Literal =>
-        n match {
-          case bv: BitVecLiteral =>
-            Logger.debug(s"\tBitVecLiteral(0x${bv.value.toString(16)}[u${bv.size}])")
-            bv
-          case _ => ???
-        }
-
-      case ze: ZeroExtend =>
-        Logger.debug(s"\t$ze")
-        smt_zero_extend(ze.extension, eval(ze.body, env))
-
-      case se: SignExtend =>
-        Logger.debug(s"\t$se")
-        smt_sign_extend(se.extension, eval(se.body, env))
-
-      case e: Extract =>
-        Logger.debug(s"\tExtract($e, ${e.start}, ${e.end})")
-        boogie_extract(e.end, e.start, eval(e.body, env))
-
-      case r: Repeat =>
-        Logger.debug(s"\t$r")
-        ??? // TODO
-
-      case bin: BinaryExpr =>
-        val left = eval(bin.arg1, env)
-        val right = eval(bin.arg2, env)
-        Logger.debug(
-          s"\tBinaryExpr(0x${left.value.toString(16)}[u${left.size}] ${bin.op} 0x${right.value.toString(16)}[u${right.size}])"
-        )
-        bin.op match {
-          case BVAND    => smt_bvand(left, right)
-          case BVOR     => smt_bvor(left, right)
-          case BVADD    => smt_bvadd(left, right)
-          case BVMUL    => smt_bvmul(left, right)
-          case BVUDIV   => smt_bvudiv(left, right)
-          case BVUREM   => smt_bvurem(left, right)
-          case BVSHL    => smt_bvshl(left, right)
-          case BVLSHR   => smt_bvlshr(left, right)
-          case BVNAND   => smt_bvnand(left, right)
-          case BVNOR    => smt_bvnor(left, right)
-          case BVXOR    => smt_bvxor(left, right)
-          case BVXNOR   => smt_bvxnor(left, right)
-          case BVCOMP   => smt_bvcomp(left, right)
-          case BVSUB    => smt_bvsub(left, right)
-          case BVSDIV   => smt_bvsdiv(left, right)
-          case BVSREM   => smt_bvsrem(left, right)
-          case BVSMOD   => smt_bvsmod(left, right)
-          case BVASHR   => smt_bvashr(left, right)
-          case BVCONCAT => smt_concat(left, right)
-          case _ => ???
-        }
-
-      case un: UnaryExpr =>
-        val arg = eval(un.arg, env)
-        Logger.debug(s"\tUnaryExpr($un)")
-        un.op match {
-          case BVNEG   => smt_bvneg(arg)
-          case BVNOT   => smt_bvnot(arg)
-        }
-
-      case ml: MemoryLoad =>
-        Logger.debug(s"\t$ml")
-        val index: Int = eval(ml.index, env).value.toInt
-        getMemory(index, ml.size, ml.endian, mems)
+    def load(m: Memory, index: Expr, endian: Endian, size: Int) = {
+      val idx = evalInt(index, env).toInt
+      Some(getMemory(idx, size, endian, mems))
+    }
 
-      case u: UninterpretedFunction =>
-        Logger.debug(s"\t$u")
-        ???
+    ir.eval.evalBVExpr(exp, x => env.get(x), load) match {
+      case Right(b) => b
+      case Left(e) => throw Exception(s"Failed to evaluate expr: residual $exp")
     }
   }
 
-  def evalBool(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BoolLit = {
-    exp match {
-      case n: BoolLit => n
-      case bin: BinaryExpr =>
-        bin.op match {
-          case b: BoolBinOp =>
-            val arg1 = evalBool(bin.arg1, env)
-            val arg2 = evalBool(bin.arg2, env)
-            b match {
-              case BoolEQ =>
-                if (arg1 == arg2) {
-                  TrueLiteral
-                } else {
-                  FalseLiteral
-                }
-              case BoolNEQ =>
-                if (arg1 != arg2) {
-                  TrueLiteral
-                } else {
-                  FalseLiteral
-                }
-              case BoolAND =>
-                (arg1, arg2) match {
-                  case (TrueLiteral, TrueLiteral) => TrueLiteral
-                  case _ => FalseLiteral
-                }
-              case BoolOR =>
-                (arg1, arg2) match {
-                  case (FalseLiteral, FalseLiteral) => FalseLiteral
-                  case _ => TrueLiteral
-                }
-              case BoolIMPLIES =>
-                (arg1, arg2) match {
-                  case (TrueLiteral, FalseLiteral) => FalseLiteral
-                  case _ => TrueLiteral
-                }
-              case BoolEQUIV =>
-                if (arg1 == arg2) {
-                  TrueLiteral
-                } else {
-                  FalseLiteral
-                }
-            }
-          case b: BVBinOp =>
-            val left = eval(bin.arg1, env)
-            val right = eval(bin.arg2, env)
-            b match {
-              case BVULT => smt_bvult(left, right)
-              case BVULE => smt_bvule(left, right)
-              case BVUGT => smt_bvugt(left, right)
-              case BVUGE => smt_bvuge(left, right)
-              case BVSLT => smt_bvslt(left, right)
-              case BVSLE => smt_bvsle(left, right)
-              case BVSGT => smt_bvsgt(left, right)
-              case BVSGE => smt_bvsge(left, right)
-              case BVEQ => smt_bveq(left, right)
-              case BVNEQ => smt_bvneq(left, right)
-              case _ => ???
-            }
-          case _ => ???
-        }
+  def evalBool(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): Boolean = {
+    ir.eval.evalLogExpr(exp, x => env.get(x)) match {
+      case Right(b) => b
+      case Left(e) => throw Exception(s"Failed to evaluate expr: residual $e")
+    }
+  }
 
-      case un: UnaryExpr =>
-        un.op match {
-          case BoolNOT => if evalBool(un.arg, env) == TrueLiteral then FalseLiteral else TrueLiteral
-          case _ => ???
-        }
-      case _ => ???
+  def evalInt(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BigInt = {
+    ir.eval.evalIntExpr(exp, x => env.get(x)) match {
+      case Right(b) => b
+      case Left(e) => throw Exception(s"Failed to evaluate expr: residual $e")
     }
   }
 
@@ -234,11 +126,9 @@ class Interpreter() {
           for (g <- gt.targets) {
             val condition: Option[Expr] = g.statements.headOption.collect { case a: Assume => a.body }
             condition match {
-              case Some(e) => evalBool(e, regs) match {
-                case TrueLiteral =>
+              case Some(e) => if (evalBool(e, regs)) {
                   nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
                   break
-                case _ =>
               }
               case None =>
                 nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
@@ -284,19 +174,15 @@ class Interpreter() {
       case assert: Assert =>
         // TODO
         Logger.debug(assert)
-        evalBool(assert.body, regs) match {
-          case TrueLiteral => ()
-          case FalseLiteral => throw Exception(s"Assertion failed ${assert}")
+        if (!evalBool(assert.body, regs)) {
+          throw Exception(s"Assertion failed ${assert}")
         }
       case assume: Assume =>
         // TODO, but already taken into effect if it is a branch condition
         Logger.debug(assume)
-        evalBool(assume.body, regs) match {
-          case TrueLiteral => ()
-          case FalseLiteral => {
+        if (!evalBool(assume.body, regs)) {
             nextCmd = None
             Logger.debug(s"Assumption not satisfied: $assume")
-          }
         }
       case dc: DirectCall =>
         Logger.debug(s"$dc")
diff --git a/src/main/scala/ir/eval/expr.scala b/src/main/scala/ir/eval/expr.scala
new file mode 100644
index 000000000..a7f748546
--- /dev/null
+++ b/src/main/scala/ir/eval/expr.scala
@@ -0,0 +1,228 @@
+package ir.eval
+import ir.eval.BitVectorEval
+import ir._
+
+/**
+ * We generalise the expression evaluator to a partial evaluator to simplify evaluating casts.
+ * This is not as nice or type-safe as we would like. 
+ *
+ * - Program state is taken via a function from var -> value and for loads a function from (mem,addr,endian,size) -> value. 
+ * - For conrete evaluators we prefer low-level representations (bool vs BoolLit) and wrap them at the expression eval level 
+ * - Avoid using default cases so we have some idea of complete coverage
+ *
+ */
+
+
+def evalBVBinExpr(b: BVBinOp, l:BitVecLiteral, r:BitVecLiteral): BitVecLiteral = {
+  b match {
+    case BVADD => BitVectorEval.smt_bvadd(l, r)
+    case BVSUB => BitVectorEval.smt_bvsub(l, r)
+    case BVMUL => BitVectorEval.smt_bvmul(l, r)
+    case BVUDIV => BitVectorEval.smt_bvudiv(l, r)
+    case BVSDIV => BitVectorEval.smt_bvsdiv(l, r)
+    case BVSREM => BitVectorEval.smt_bvsrem(l, r)
+    case BVUREM => BitVectorEval.smt_bvurem(l, r)
+    case BVSMOD => BitVectorEval.smt_bvsmod(l, r)
+    case BVAND => BitVectorEval.smt_bvand(l, r)
+    case BVOR => BitVectorEval.smt_bvxor(l, r)
+    case BVXOR => BitVectorEval.smt_bvxor(l, r)
+    case BVNAND => BitVectorEval.smt_bvnand(l, r)
+    case BVNOR => BitVectorEval.smt_bvnor(l, r)
+    case BVXNOR => BitVectorEval.smt_bvxnor(l, r)
+    case BVSHL => BitVectorEval.smt_bvshl(l, r)
+    case BVLSHR => BitVectorEval.smt_bvlshr(l, r)
+    case BVASHR => BitVectorEval.smt_bvashr(l, r)
+    case BVCOMP => BitVectorEval.smt_bvcomp(l, r)
+    case BVCONCAT => BitVectorEval.smt_concat(l, r)
+    case BVULE => throw Exception("Did not expect logical op")
+    case BVULT => throw Exception("Did not expect logical op")
+    case BVUGT => throw Exception("Did not expect logical op")
+    case BVUGE => throw Exception("Did not expect logical op")
+    case BVSLT => throw Exception("Did not expect logical op")
+    case BVSLE => throw Exception("Did not expect logical op")
+    case BVSGT => throw Exception("Did not expect logical op")
+    case BVSGE => throw Exception("Did not expect logical op")
+    case BVEQ => throw Exception("Did not expect logical op")
+    case BVNEQ => throw Exception("Did not expect logical op")
+  }
+}
+
+def evalBVLogBinExpr(b: BVBinOp, l: BitVecLiteral, r:BitVecLiteral) : Boolean = b match {
+  case BVULE => BitVectorEval.smt_bvule(l, r)
+  case BVUGT => BitVectorEval.smt_bvult(l, r)
+  case BVUGE => BitVectorEval.smt_bvuge(l, r)
+  case BVULT  => BitVectorEval.smt_bvult(l, r)
+  case BVSLT  => BitVectorEval.smt_bvslt(l, r)
+  case BVSLE  => BitVectorEval.smt_bvsle(l, r)
+  case BVSGT  => BitVectorEval.smt_bvsgt(l, r)
+  case BVSGE  => BitVectorEval.smt_bvsge(l, r)
+  case BVEQ  => BitVectorEval.smt_bveq(l, r)
+  case BVNEQ  => BitVectorEval.smt_bvneq(l, r)
+  case BVADD => throw Exception("Did not expect non-logical op")
+  case BVSUB => throw Exception("Did not expect non-logical op")
+  case BVMUL => throw Exception("Did not expect non-logical op")
+  case BVUDIV => throw Exception("Did not expect non-logical op")
+  case BVSDIV => throw Exception("Did not expect non-logical op")
+  case BVSREM => throw Exception("Did not expect non-logical op")
+  case BVUREM => throw Exception("Did not expect non-logical op")
+  case BVSMOD => throw Exception("Did not expect non-logical op")
+  case BVAND => throw Exception("Did not expect non-logical op")
+  case BVOR => throw Exception("Did not expect non-logical op")
+  case BVXOR => throw Exception("Did not expect non-logical op")
+  case BVNAND => throw Exception("Did not expect non-logical op")
+  case BVNOR => throw Exception("Did not expect non-logical op")
+  case BVXNOR => throw Exception("Did not expect non-logical op")
+  case BVSHL => throw Exception("Did not expect non-logical op")
+  case BVLSHR => throw Exception("Did not expect non-logical op")
+  case BVASHR => throw Exception("Did not expect non-logical op")
+  case BVCOMP => throw Exception("Did not expect non-logical op")
+  case BVCONCAT => throw Exception("Did not expect non-logical op")
+}
+
+def evalIntLogBinExpr(b: IntBinOp, l:BigInt, r:BigInt) : Boolean = b match {
+  case IntEQ => l == r
+  case IntNEQ =>  l != r
+  case IntLT => l < r
+  case IntLE =>  l <= r
+  case IntGT =>  l > r
+  case IntGE =>  l >= r
+  case IntADD => throw Exception("Did not expect non-logical op")
+  case IntSUB => throw Exception("Did not expect non-logical op")
+  case IntMUL => throw Exception("Did not expect non-logical op")
+  case IntDIV => throw Exception("Did not expect non-logical op")
+  case IntMOD  => throw Exception("Did not expect non-logical op")
+}
+
+def evalIntBinExpr(b: IntBinOp, l:BigInt, r: BigInt): BigInt = b match {
+  case IntADD => l + r
+  case IntSUB =>  l - r
+  case IntMUL => l * r
+  case IntDIV =>  l / r
+  case IntMOD  => l % r
+  case IntEQ => throw Exception("Did not expect logical op")
+  case IntNEQ => throw Exception("Did not expect logical op")
+  case IntLT => throw Exception("Did not expect logical op")
+  case IntLE => throw Exception("Did not expect logical op")
+  case IntGT => throw Exception("Did not expect logical op")
+  case IntGE => throw Exception("Did not expect logical op")
+}
+
+
+def evalBoolLogBinExpr(b: BoolBinOp, l:Boolean, r:Boolean) : Boolean = b match {
+  case BoolEQ => l == r
+  case BoolEQUIV => l == r
+  case BoolNEQ => l != r
+  case BoolAND => l && r
+  case BoolOR => l || r
+  case BoolIMPLIES => l || (!r)
+}
+
+
+def evalUnOp(op: UnOp, body: Literal) : Expr = {
+  (body, op) match {
+    case (b: BitVecLiteral, BVNOT) => BitVectorEval.smt_bvnot(b) 
+    case (b: BitVecLiteral, BVNEG) => BitVectorEval.smt_bvneg(b) 
+    case (i: IntLiteral, IntNEG) => IntLiteral(-i.value)
+    case (FalseLiteral, BoolNOT) => TrueLiteral
+    case (TrueLiteral, BoolNOT) => FalseLiteral
+  }
+}
+
+def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c,d) => None)): Expr = {
+  exp match {
+    case f: UninterpretedFunction => f
+    case unOp: UnaryExpr => {
+      val body = partialEvalExpr(unOp.arg, variableAssignment, memory)
+      body match {
+        case l: Literal => evalUnOp(unOp.op, l)
+        case o => UnaryExpr(unOp.op, body)
+      }
+    }
+    case binOp: BinaryExpr =>
+      val lhs = partialEvalExpr(binOp.arg1, variableAssignment, memory)
+      val rhs = partialEvalExpr(binOp.arg2, variableAssignment, memory)
+      binOp.getType match {
+        case m: MapType => binOp
+        case b: BitVecType => {
+          (binOp.op, lhs, rhs) match {
+            case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => evalBVBinExpr(o, l, r)
+            case _ => BinaryExpr(binOp.op, lhs, rhs)
+          }
+        }
+        case BoolType => {
+          def bool2lit(b: Boolean) = if b then TrueLiteral else FalseLiteral
+          (binOp.op, lhs, rhs) match {
+            case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => bool2lit(evalBVLogBinExpr(o, l, r))
+            case (o: IntBinOp, l: IntLiteral , r: IntLiteral) => bool2lit(evalIntLogBinExpr(o, l.value, r.value))
+            case (o: BoolBinOp, l: BoolLit, r: BoolLit) => bool2lit(evalBoolLogBinExpr(o, l.value, r.value))
+            case _ => BinaryExpr(binOp.op, lhs, rhs)
+          }
+        }
+        case IntType => {
+          (binOp.op, lhs, rhs) match {
+            case (o: IntBinOp, l: IntLiteral , r: IntLiteral) => IntLiteral(evalIntBinExpr(o, l.value, r.value))
+            case _ => BinaryExpr(binOp.op, lhs, rhs)
+          }
+        }
+      }
+    case extend: ZeroExtend => partialEvalExpr(extend.body, variableAssignment, memory) match {
+      case b : BitVecLiteral => BitVectorEval.smt_zero_extend(extend.extension, b)
+      case o => extend.copy(body=o)
+    }
+    case extend: SignExtend => partialEvalExpr(extend.body, variableAssignment, memory) match {
+      case b: BitVecLiteral => BitVectorEval.smt_sign_extend(extend.extension, b)
+      case o => extend.copy(body=o)
+    }
+    case e: Extract => partialEvalExpr(e.body, variableAssignment, memory) match {
+      case b: BitVecLiteral => BitVectorEval.boogie_extract(e.end, e.start, b)
+      case o => e.copy(body=o)
+    }
+    case r: Repeat => {
+      partialEvalExpr(r.body, variableAssignment, memory) match {
+        case b: BitVecLiteral => {
+          assert(r.repeats > 0)
+          if (r.repeats == 1) b 
+          else {
+            (2 to r.repeats).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b))
+          }
+        }
+        case o => r.copy(body=o)
+      }
+
+    }
+    case variable: Variable => variableAssignment(variable).getOrElse(variable)
+    case l: MemoryLoad => memory(l.mem, partialEvalExpr(l.index, variableAssignment, memory), l.endian, l.size).getOrElse(l)
+    case b: BitVecLiteral => b
+    case b: IntLiteral => b
+    case b: BoolLit => b
+  }
+}
+
+def evalIntExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c,d) => None)): Either[Expr, BigInt] = {
+  partialEvalExpr(exp, variableAssignment, memory) match {
+    case i: IntLiteral => Right(i.value)
+    case o => Left(o) 
+  }
+}
+
+def evalBVExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c,d) => None)): Either[Expr, BitVecLiteral] = {
+  partialEvalExpr(exp, variableAssignment, memory) match {
+    case b: BitVecLiteral => Right(b)
+    case o => Left(o) 
+  }
+}
+
+def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c, d) => None)): Either[Expr, Boolean] = {
+  partialEvalExpr(exp, variableAssignment, memory) match {
+    case TrueLiteral => Right(true)
+    case FalseLiteral => Right(false)
+    case o => Left(o)
+  }
+}
+
+def evalExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((d, a,b,c) => None)): Option[Literal] = {
+  partialEvalExpr match {
+    case l: Literal => Some(l)
+    case _ => None
+  }
+}

From d264b97cfd07a52873bd9cec60f612adb60a9681 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 18:01:12 +1000
Subject: [PATCH 006/127] interpreter test

---
 src/main/scala/ir/dsl/DSL.scala             |   1 +
 src/main/scala/ir/eval/Interpreter.scala    | 149 ++++++++++++--------
 src/test/scala/BitVectorAnalysisTests.scala |  42 +++---
 src/test/scala/ir/InterpreterTests.scala    |  58 +++++++-
 4 files changed, 168 insertions(+), 82 deletions(-)

diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 3ebeefbc4..2d892a444 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -11,6 +11,7 @@ val R4: Register = Register("R4", 64)
 val R5: Register = Register("R5", 64)
 val R6: Register = Register("R6", 64)
 val R7: Register = Register("R7", 64)
+val R8: Register = Register("R8", 64)
 val R29: Register = Register("R29", 64)
 val R30: Register = Register("R30", 64)
 val R31: Register = Register("R31", 64)
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index b2f45ed1a..f505425d3 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -5,57 +5,72 @@ import util.Logger
 import scala.collection.mutable
 import scala.util.control.Breaks.{break, breakable}
 
-
 // enum Asssumption:
 //   case Assume(x: Expr)
 //   case Jump(choice: Block)
 //   case Not(a: Assumption)
-// 
-// 
-// class State() {
+
+sealed trait ExecutionState
+case class FailedAssertion(a: Assert) extends ExecutionState
+case class Stopped() extends ExecutionState
+case class Run(val next: Command) extends ExecutionState
+case class EscapedControlFlow(val call: IndirectCall) extends ExecutionState
+case class Errored(val message: String = "") extends ExecutionState
+
+// case class Execution() extends State {
 //   // stack of assumptions
-//   var assumptions: mutable.Stack[Assumption] = mutable.Stack()
-//   var memory: mutable.Map[Memory, Map[BigInt, BigInt]] = Map()
-//   var bvValues: mutable.Map[Variable, BigInt] = Map()
-//   var intValues: mutable.Map[Variable, BigInt] = Map()
+//   // var assumptions: mutable.Stack[] = mutable.Stack()
+//   var memory: mutable.Map[Memory, Map[BigInt, BigInt]] = mutable.Map()
+//   var bvValues: mutable.Map[Variable, BigInt] = mutable.Map()
+//   var intValues: mutable.Map[Variable, BigInt] = mutable.Map()
 // 
-//   var nextCmd: Option[Command] = None
-//   var returnCmd: mutable.Stack[Command] = mutable.Stack()
+//   var nextCmd: ExecutionState = Stopped()
+//   var callStack: mutable.Stack[Command] = mutable.Stack()
 // }
 
 
+case class InterpreterError(condinue: ExecutionState) extends Exception()
+
 class Interpreter() {
   val regs: mutable.Map[Variable, BitVecLiteral] = mutable.Map()
   val mems: mutable.Map[Int, BitVecLiteral] = mutable.Map()
   private val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
   private val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
   private val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-  private var nextCmd: Option[Command] = None
-  private val returnCmd: mutable.Stack[Command] = mutable.Stack()
+  var nextCmd: ExecutionState = Stopped()
+  private val callStack: mutable.Stack[Command] = mutable.Stack()
 
   def eval(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BitVecLiteral = {
     def load(m: Memory, index: Expr, endian: Endian, size: Int) = {
-      val idx = evalInt(index, env).toInt
+      val idx = eval(index, env).value.toInt
       Some(getMemory(idx, size, endian, mems))
     }
 
     ir.eval.evalBVExpr(exp, x => env.get(x), load) match {
       case Right(b) => b
-      case Left(e) => throw Exception(s"Failed to evaluate expr: residual $exp")
+      case Left(e)  => throw InterpreterError(Errored(s"Failed to evaluate bv expr: residual $exp"))
+    }
+  }
+
+  def doReturn() = {
+    if (callStack.nonEmpty) {
+      nextCmd = Run(callStack.pop())
+    } else {
+      nextCmd = Stopped()
     }
   }
 
   def evalBool(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): Boolean = {
     ir.eval.evalLogExpr(exp, x => env.get(x)) match {
       case Right(b) => b
-      case Left(e) => throw Exception(s"Failed to evaluate expr: residual $e")
+      case Left(e)  => throw InterpreterError(Errored(s"Failed to evaluate logical expr: residual $e"))
     }
   }
 
   def evalInt(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BigInt = {
     ir.eval.evalIntExpr(exp, x => env.get(x)) match {
       case Right(b) => b
-      case Left(e) => throw Exception(s"Failed to evaluate expr: residual $e")
+      case Left(e)  => throw InterpreterError(Errored(s"Failed to evaluate int expr: residual $e"))
     }
   }
 
@@ -99,6 +114,7 @@ class Interpreter() {
 
   private def interpretProcedure(p: Procedure): Unit = {
     Logger.debug(s"Procedure(${p.name}, ${p.address.getOrElse("None")})")
+    Logger.debug(s"Regs $regs")
 
     // Procedure.in
     for ((in, index) <- p.in.zipWithIndex) {
@@ -112,96 +128,89 @@ class Interpreter() {
 
     // Procedure.Block
     p.entryBlock match {
-      case Some(block) => nextCmd = Some(block.statements.headOption.getOrElse(block.jump))
-      case None        => nextCmd = Some(returnCmd.pop())
+      case Some(block) => nextCmd = Run(block.statements.headOption.getOrElse(block.jump))
+      case None        => doReturn()
     }
   }
 
-  private def interpretJump(j: Jump) : Unit = {
-    Logger.debug(s"jump:")
+  private def interpretJump(j: Jump): Unit = {
+    Logger.debug(s"jump: $j")
     breakable {
       j match {
         case gt: GoTo =>
-          Logger.debug(s"$gt")
           for (g <- gt.targets) {
             val condition: Option[Expr] = g.statements.headOption.collect { case a: Assume => a.body }
             condition match {
-              case Some(e) => if (evalBool(e, regs)) {
-                  nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
+              case Some(e) =>
+                if (evalBool(e, regs)) {
+                  Logger.debug(s"chosen ${g.label}")
+                  nextCmd = Run(g.statements.headOption.getOrElse(g.jump))
                   break
-              }
+                }
               case None =>
-                nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
+                nextCmd = Run(g.statements.headOption.getOrElse(g.jump))
                 break
             }
           }
-        case r: Return => {
-          nextCmd = Some(returnCmd.pop())
-        }
+        case r: Return => doReturn()
         case h: Unreachable => {
           Logger.debug("Unreachable")
-          nextCmd = None
+          nextCmd = Stopped()
         }
       }
     }
   }
 
   private def interpretStatement(s: Statement): Unit = {
+    Logger.debug(s"Regs $regs")
     Logger.debug(s"statement[$s]:")
+
+    nextCmd = Run(s.successor)
+
     s match {
       case assign: Assign =>
-        Logger.debug(s"LocalAssign ${assign.lhs} = ${assign.rhs}")
+        //Logger.debug(s"LocalAssign ${assign.lhs} = ${assign.rhs}")
         val evalRight = eval(assign.rhs, regs)
-        Logger.debug(s"LocalAssign ${assign.lhs} := 0x${evalRight.value.toString(16)}[u${evalRight.size}]\n")
+        //Logger.debug(s"LocalAssign ${assign.lhs} := 0x${evalRight.value.toString(16)}[u${evalRight.size}]\n")
         regs += (assign.lhs -> evalRight)
 
       case assign: MemoryAssign =>
-        Logger.debug(s"MemoryAssign ${assign.mem}[${assign.index}] = ${assign.value}")
+        //Logger.debug(s"MemoryAssign ${assign.mem}[${assign.index}] = ${assign.value}")
 
         val index: Int = eval(assign.index, regs).value.toInt
         val value: BitVecLiteral = eval(assign.value, regs)
-        Logger.debug(s"\tMemoryStore(mem:${assign.mem}, index:0x${index.toHexString}, value:0x${
-          value.value
-            .toString(16)
-        }[u${value.size}], size:${assign.size})")
+        //Logger.debug(s"\tMemoryStore(mem:${assign.mem}, index:0x${index.toHexString}, value:0x${value.value
+          // .toString(16)}[u${value.size}], size:${assign.size})")
 
         val evalStore = setMemory(index, assign.size, assign.endian, value, mems)
         evalStore match {
           case BitVecLiteral(value, size) =>
-            Logger.debug(s"MemoryAssign ${assign.mem} := 0x${value.toString(16)}[u$size]\n")
+            //Logger.debug(s"MemoryAssign ${assign.mem} := 0x${value.toString(16)}[u$size]\n")
         }
-      case _ : NOP => ()
       case assert: Assert =>
-        // TODO
-        Logger.debug(assert)
+        // Logger.debug(assert)
         if (!evalBool(assert.body, regs)) {
-          throw Exception(s"Assertion failed ${assert}")
+          nextCmd = FailedAssertion(assert)
         }
       case assume: Assume =>
         // TODO, but already taken into effect if it is a branch condition
-        Logger.debug(assume)
+        // Logger.debug(assume)
         if (!evalBool(assume.body, regs)) {
-            nextCmd = None
-            Logger.debug(s"Assumption not satisfied: $assume")
+          nextCmd = Errored(s"Assumption not satisfied: $assume")
         }
       case dc: DirectCall =>
-        Logger.debug(s"$dc")
-        returnCmd.push(dc.successor)
+        // Logger.debug(s"$dc")
+        callStack.push(dc.successor)
         interpretProcedure(dc.target)
-        break
       case ic: IndirectCall =>
-        Logger.debug(s"$ic")
+        // Logger.debug(s"$ic")
         if (ic.target == Register("R30", 64)) {
-          if (returnCmd.nonEmpty) {
-            nextCmd = Some(returnCmd.pop())
-          } else {
-            //Exit Interpreter
-            nextCmd = None
-          }
-          break
+          doReturn()
+          //Exit Interpreter
         } else {
-          ???
+          nextCmd = EscapedControlFlow(ic)
         }
+      case _: NOP => ()
     }
   }
 
@@ -228,13 +237,33 @@ class Interpreter() {
 
     // Program.Procedure
     interpretProcedure(IRProgram.mainProcedure)
-    while (nextCmd.isDefined) {
-      nextCmd.get match  {
-        case c: Statement => interpretStatement(c) 
-        case c: Jump => interpretJump(c)
+    while (
+      try {nextCmd match {
+          case Run(c: Statement) => {
+            interpretStatement(c)
+            true
+          }
+          case Run(c: Jump)      => {
+            interpretJump(c)
+            true
+          }
+          case Stopped() => {
+            false
+          }
+          case errorstop => {
+            Logger.error(s"Interpreter $errorstop")
+            false
+          } 
+        }
+    } catch {
+      case InterpreterError(e) => {
+        nextCmd = e 
+        true
       }
     }
 
+    ) {}
+
     regs
   }
 }
diff --git a/src/test/scala/BitVectorAnalysisTests.scala b/src/test/scala/BitVectorAnalysisTests.scala
index 485ba6a83..08710a940 100644
--- a/src/test/scala/BitVectorAnalysisTests.scala
+++ b/src/test/scala/BitVectorAnalysisTests.scala
@@ -1,4 +1,4 @@
-import analysis.BitVectorEval.*
+import ir.eval.BitVectorEval._
 import ir.*
 import org.scalatest.funsuite.AnyFunSuite
 import util.Logger
@@ -181,20 +181,20 @@ class BitVectorAnalysisTests extends AnyFunSuite {
   // smt_bveq
   test("BitVector Equal - should return true if two BitVectors are equal") {
     val result = smt_bveq(BitVecLiteral(255, 8), BitVecLiteral(255, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
   test("BitVector Equal - should return false if two BitVectors are not equal") {
     val result = smt_bveq(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
   // smt_bvneq
   test("BitVector Not Equal - should return false if two BitVectors are equal") {
     val result = smt_bvneq(BitVecLiteral(255, 8), BitVecLiteral(255, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
   test("BitVector Not Equal - should return true if two BitVectors are not equal") {
     val result = smt_bvneq(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
   // smt_bvshl
   test("BitVector Shift Left - should shift bits left") {
@@ -239,14 +239,14 @@ class BitVectorAnalysisTests extends AnyFunSuite {
 
   test("BitVector unsigned less then - should return true if first argument is less than second argument") {
     val result = smt_bvult(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector unsigned less then - should return false if first argument is greater than or equal to second argument"
   ) {
     val result = smt_bvult(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvule
@@ -255,14 +255,14 @@ class BitVectorAnalysisTests extends AnyFunSuite {
     "BitVector unsigned less then or equal to - should return true if first argument is less equal to second argument"
   ) {
     val result = smt_bvule(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector unsigned less then or equal to - should return false if first argument is greater than second argument"
   ) {
     val result = smt_bvule(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvugt
@@ -270,14 +270,14 @@ class BitVectorAnalysisTests extends AnyFunSuite {
     "BitVector unsinged greater than - should return true if first argument is greater equal to than second argument"
   ) {
     val result = smt_bvugt(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector unsinged greater than - should return false if first argument is less than or equal to second argument"
   ) {
     val result = smt_bvugt(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvuge
@@ -285,27 +285,27 @@ class BitVectorAnalysisTests extends AnyFunSuite {
     "BitVector unsinged greater than or equal to - should return true if first argument is greater equal or equal to second argument"
   ) {
     val result = smt_bvuge(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector unsinged greater than or equal to - should return false if first argument is less than second argument"
   ) {
     val result = smt_bvuge(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvslt
   test("BitVector signed less than - should return true if first argument is less than second argument") {
     val result = smt_bvslt(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector signed less than - should return false if first argument is greater than or equal to second argument"
   ) {
     val result = smt_bvslt(BitVecLiteral(254, 8), BitVecLiteral(254, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvsle
@@ -313,25 +313,25 @@ class BitVectorAnalysisTests extends AnyFunSuite {
     "BitVector signed less than or equal to - should return true if first argument is less than or equal to second argument"
   ) {
     val result = smt_bvsle(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector signed less than or equal to - should return false if first argument is greater than second argument"
   ) {
     val result = smt_bvsle(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvsgt
   test("BitVector signed greater than - should return true if first argument is greater than second argument") {
     val result = smt_bvsgt(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test("BitVector signed greater than - should return false if first argument is less than second argument") {
     val result = smt_bvsgt(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
 
   // smt_bvsge
@@ -339,14 +339,14 @@ class BitVectorAnalysisTests extends AnyFunSuite {
     "BitVector signed greater than or equal to - should return true if first argument is greater than or equal to second argument"
   ) {
     val result = smt_bvsge(BitVecLiteral(255, 8), BitVecLiteral(254, 8))
-    assert(result == TrueLiteral)
+    assert(result)
   }
 
   test(
     "BitVector signed greater than or equal to - should return false if first argument is less than second argument"
   ) {
     val result = smt_bvsge(BitVecLiteral(254, 8), BitVecLiteral(255, 8))
-    assert(result == FalseLiteral)
+    assert(!result)
   }
   // smt_bvashr
   test("BitVector Arithmetic shift right - should return shift right a positive number") {
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 57f9739fe..56bbbf7d3 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -1,6 +1,7 @@
 package ir
 
-import analysis.BitVectorEval.*
+import ir.eval.*
+import ir.dsl._
 import org.scalatest.funsuite.AnyFunSuite
 import org.scalatest.BeforeAndAfter
 import specification.SpecGlobal
@@ -201,4 +202,59 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     )
     testInterpret("no_interference_update_y", expected)
   }
+
+  test("fibonacci") {
+    val fib = prog(
+      proc("begin", 
+        block("entry",
+          Assign(R8, Register("R31", 64)),
+          Assign(R0, bv64(8)),
+          directCall("fib"),
+          goto("done")
+        ),
+        block("done",
+          Assert(BinaryExpr(BVEQ, R0, bv64(21))),
+          ret
+        )),
+      proc("fib",
+        block("base", goto("base1", "base2", "dofib")),
+        block("base1", 
+          Assume(BinaryExpr(BVEQ, R0, bv64(0))),
+          ret),
+        block("base2", 
+          Assume(BinaryExpr(BVEQ, R0, bv64(1))),
+          ret),
+        block("dofib",
+          Assume(BinaryExpr(BoolAND, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVNEQ, R0, bv64(1)))),
+          // R8 stack pointer preserved across calls
+          Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),  
+          MemoryAssign(stack, R7, R8, Endian.LittleEndian, 64), // sp
+          Assign(R8, R7),
+          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 8
+          MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 8] = arg0
+          Assign(R0, BinaryExpr(BVSUB, R0, bv64(1))),
+          directCall("fib"),
+          Assign(R2, R8), // sp + 8
+          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 16
+          MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 16] = r1
+          Assign(R0, MemoryLoad(stack, R2, Endian.LittleEndian, 64)), // [sp + 8]
+          Assign(R0, BinaryExpr(BVSUB, R0, bv64(2))),
+          directCall("fib"),
+          Assign(R2, MemoryLoad(stack, R8, Endian.LittleEndian, 64)), // [sp + 16] (r1)
+          Assign(R0, BinaryExpr(BVADD, R0, R2)),
+          Assign(R8, MemoryLoad(stack, BinaryExpr(BVSUB, R8, bv64(16)), Endian.LittleEndian, 64)),
+          ret
+          )
+        )
+      )
+
+    val regs = i.interpret(fib)
+
+    // Show interpreted result
+    Logger.info("Registers:")
+    regs.foreach { (key, value) =>
+      Logger.info(s"$key := $value")
+    }
+
+  }
 }

From a3bf83b9897b99c22863bfc23b9f0dd6784a9c57 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 22 Aug 2024 16:01:41 +1000
Subject: [PATCH 007/127] rewrite interpreter in functional style

---
 .../ir/eval/{expr.scala => ExprEval.scala}    |  13 +-
 src/main/scala/ir/eval/Interpreter.scala      | 734 +++++++++++++-----
 src/main/scala/util/RunUtils.scala            |   4 +-
 src/test/scala/ir/InterpreterTests.scala      | 254 +++---
 4 files changed, 708 insertions(+), 297 deletions(-)
 rename src/main/scala/ir/eval/{expr.scala => ExprEval.scala} (91%)

diff --git a/src/main/scala/ir/eval/expr.scala b/src/main/scala/ir/eval/ExprEval.scala
similarity index 91%
rename from src/main/scala/ir/eval/expr.scala
rename to src/main/scala/ir/eval/ExprEval.scala
index a7f748546..7efcc8f7d 100644
--- a/src/main/scala/ir/eval/expr.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -4,11 +4,10 @@ import ir._
 
 /**
  * We generalise the expression evaluator to a partial evaluator to simplify evaluating casts.
- * This is not as nice or type-safe as we would like. 
  *
  * - Program state is taken via a function from var -> value and for loads a function from (mem,addr,endian,size) -> value. 
  * - For conrete evaluators we prefer low-level representations (bool vs BoolLit) and wrap them at the expression eval level 
- * - Avoid using default cases so we have some idea of complete coverage
+ * - Avoid using any default cases so we have some idea of complete coverage
  *
  */
 
@@ -128,7 +127,7 @@ def evalUnOp(op: UnOp, body: Literal) : Expr = {
   }
 }
 
-def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c,d) => None)): Expr = {
+def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
   exp match {
     case f: UninterpretedFunction => f
     case unOp: UnaryExpr => {
@@ -198,21 +197,21 @@ def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], mem
   }
 }
 
-def evalIntExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c,d) => None)): Either[Expr, BigInt] = {
+def evalIntExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BigInt] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case i: IntLiteral => Right(i.value)
     case o => Left(o) 
   }
 }
 
-def evalBVExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c,d) => None)): Either[Expr, BitVecLiteral] = {
+def evalBVExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BitVecLiteral] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case b: BitVecLiteral => Right(b)
     case o => Left(o) 
   }
 }
 
-def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((a,b,c, d) => None)): Either[Expr, Boolean] = {
+def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c, d) => None)): Either[Expr, Boolean] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case TrueLiteral => Right(true)
     case FalseLiteral => Right(false)
@@ -220,7 +219,7 @@ def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral]
   }
 }
 
-def evalExpr(exp: Expr, variableAssignment: Variable => Option[BitVecLiteral], memory: (Memory, Expr, Endian, Int) => Option[BitVecLiteral] = ((d, a,b,c) => None)): Option[Literal] = {
+def evalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a,b,c) => None)): Option[Literal] = {
   partialEvalExpr match {
     case l: Literal => Some(l)
     case _ => None
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index f505425d3..e2fda9e6b 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -1,269 +1,605 @@
-package ir
+package ir.eval
 import ir.eval.BitVectorEval.*
+import ir._
 import util.Logger
+import boogie.Scope
 
+import scala.annotation.tailrec
 import scala.collection.mutable
+import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-// enum Asssumption:
-//   case Assume(x: Expr)
-//   case Jump(choice: Block)
-//   case Not(a: Assumption)
 
-sealed trait ExecutionState
-case class FailedAssertion(a: Assert) extends ExecutionState
-case class Stopped() extends ExecutionState
-case class Run(val next: Command) extends ExecutionState
-case class EscapedControlFlow(val call: IndirectCall) extends ExecutionState
-case class Errored(val message: String = "") extends ExecutionState
+sealed trait ExecutionContinuation
+case class FailedAssertion(a: Assert) extends ExecutionContinuation
+case class Stopped() extends ExecutionContinuation
 
-// case class Execution() extends State {
-//   // stack of assumptions
-//   // var assumptions: mutable.Stack[] = mutable.Stack()
-//   var memory: mutable.Map[Memory, Map[BigInt, BigInt]] = mutable.Map()
-//   var bvValues: mutable.Map[Variable, BigInt] = mutable.Map()
-//   var intValues: mutable.Map[Variable, BigInt] = mutable.Map()
-// 
-//   var nextCmd: ExecutionState = Stopped()
-//   var callStack: mutable.Stack[Command] = mutable.Stack()
-// }
+/** Normal stop * */
+case class Run(val next: Command) extends ExecutionContinuation
+case class EscapedControlFlow(val call: Jump | Call) extends ExecutionContinuation
 
+/** controlflow has reached somewhere eunrecoverable */
+case class Errored(val message: String = "") extends ExecutionContinuation
+case class TypeError(val message: String = "") extends ExecutionContinuation /* type mismatch appeared */
+case class EvalError(val message: String = "")
+    extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
+case class MemoryError(val message: String = "")
+    extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
 
-case class InterpreterError(condinue: ExecutionState) extends Exception()
+case class InterpreterError(continue: ExecutionContinuation) extends Exception()
 
-class Interpreter() {
-  val regs: mutable.Map[Variable, BitVecLiteral] = mutable.Map()
-  val mems: mutable.Map[Int, BitVecLiteral] = mutable.Map()
-  private val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-  private val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-  private val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-  var nextCmd: ExecutionState = Stopped()
-  private val callStack: mutable.Stack[Command] = mutable.Stack()
+case class InterpreterSummary(
+    val exitState: ExecutionContinuation,
+    val regs: Map[Variable, BitVecLiteral],
+    val memory: Map[Int, BitVecLiteral]
+)
 
-  def eval(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BitVecLiteral = {
-    def load(m: Memory, index: Expr, endian: Endian, size: Int) = {
-      val idx = eval(index, env).value.toInt
-      Some(getMemory(idx, size, endian, mems))
+enum BasilValue(val irType: IRType):
+  case Scalar(val value: Literal) extends BasilValue(value.getType)
+  // Erase the type of basil values and enforce the invariant that
+  // \exists i . \forall v \in value.keys , v.irType = i  and
+  // \exists j . \forall v \in value.values, v.irType = j
+  case MapValue(val value: Map[BasilValue, BasilValue], override val irType: MapType) extends BasilValue(irType)
+
+given Conversion[BitVecLiteral, Scalar] with
+  def apply(b: BitVecLiteral): Scalar = new Scalar(b)
+
+given Conversion[IntLiteral, Scalar] with
+  def apply(b: IntLiteral): Scalar = new Scalar(b)
+
+given Conversion[BoolLit, Scalar] with
+  def apply(b: BoolLit): Scalar = new Scalar(b)
+
+case object BasilValue:
+
+  def size(v: IRType): Int = {
+    v match {
+      case BitVecType(sz) => sz
+      case _              => 1
     }
+  }
+
+  def size(v: BasilValue): Int = size(v.irType)
+
+  def unsafeAdd(l: BasilValue, vr: Int): BasilValue = {
+    l match {
+      case Scalar(IntLiteral(vl))    => Scalar(IntLiteral(vl + vr))
+      case Scalar(b1: BitVecLiteral) => Scalar(eval.evalBVBinExpr(BVADD, b1, BitVecLiteral(vr, b1.size)))
+      case _                         => throw InterpreterError(TypeError(s"Operation add $vr undefined on $l"))
+    }
+  }
 
-    ir.eval.evalBVExpr(exp, x => env.get(x), load) match {
-      case Right(b) => b
-      case Left(e)  => throw InterpreterError(Errored(s"Failed to evaluate bv expr: residual $exp"))
+  def add(l: BasilValue, r: BasilValue): BasilValue = {
+    (l, r) match {
+      case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))       => Scalar(IntLiteral(vl + vr))
+      case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Scalar(eval.evalBVBinExpr(BVADD, b1, b2))
+      case (Scalar(b1: BoolLit), Scalar(b2: BoolLit)) =>
+        Scalar(if (b2.value || b2.value) then TrueLiteral else FalseLiteral)
+      case _ => throw InterpreterError(TypeError(s"Operation add undefined on $l $r"))
     }
   }
 
-  def doReturn() = {
-    if (callStack.nonEmpty) {
-      nextCmd = Run(callStack.pop())
-    } else {
-      nextCmd = Stopped()
+  def concat(l: BasilValue, r: BasilValue): BasilValue = {
+    (l, r) match {
+      case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Scalar(eval.evalBVBinExpr(BVCONCAT, b1, b2))
+      case _ => throw InterpreterError(TypeError(s"Operation concat undefined on $l $r"))
     }
   }
 
-  def evalBool(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): Boolean = {
-    ir.eval.evalLogExpr(exp, x => env.get(x)) match {
-      case Right(b) => b
-      case Left(e)  => throw InterpreterError(Errored(s"Failed to evaluate logical expr: residual $e"))
+  def extract(l: BasilValue, high: Int, low: Int): BasilValue = {
+    (l) match {
+      case Scalar(b: BitVecLiteral) => Scalar(eval.BitVectorEval.boogie_extract(high, low, b))
+      case _ => throw InterpreterError(TypeError(s"Operation extract($high, $low) undefined on $l"))
     }
   }
 
-  def evalInt(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BigInt = {
-    ir.eval.evalIntExpr(exp, x => env.get(x)) match {
-      case Right(b) => b
-      case Left(e)  => throw InterpreterError(Errored(s"Failed to evaluate int expr: residual $e"))
+  def fromIR(e: Expr) = {
+    e match {
+      case t: IntLiteral    => Scalar(t)
+      case v: BitVecLiteral => Scalar(v)
+      case b: BoolLit       => Scalar(b)
+      case _                => throw InterpreterError(EvalError(s"Failed to get value from non-literal expr $e"))
+
     }
   }
 
-  def getMemory(index: Int, size: Int, endian: Endian, env: mutable.Map[Int, BitVecLiteral]): BitVecLiteral = {
-    val end = index + size / 8 - 1
-    val memoryChunks = (index to end).map(i => env.getOrElse(i, BitVecLiteral(0, 8)))
+export BasilValue._
+
+def evalToConst(
+    to: IRType,
+    exp: Expr,
+    variable: Variable => Option[Expr],
+    load: (Memory, Expr, Endian, Int) => Option[Literal]
+): BasilValue = {
+
+  val res: Expr = ir.eval.partialEvalExpr(exp, variable, load)
+  res match {
+    case e: Literal if e.getType == to => Scalar(e)
+    case res => throw InterpreterError(EvalError(s"Failed to evaluate expr to constant ${to} literal: residual $res"))
+  }
+}
+
+// case class BasilConstant(val basilType: BasilValue, val value: basilType.ReprType)
+
+type StackFrameID = String
+val globalFrame: StackFrameID = "GLOBAL"
+
+case class MemoryState(
+    val stackFrames: Map[StackFrameID, Map[String, BasilValue]] = Map((globalFrame -> Map.empty)),
+    val activations: List[StackFrameID] = List.empty,
+    val activationCount: Map[String, Int] = Map.empty.withDefault(_ => 0)
+) {
+
+  /** Debug return useful values * */
+
+  def getGlobalVals: Map[String, BitVecLiteral] = {
+    stackFrames(globalFrame).collect { case (k, Scalar(b: BitVecLiteral)) =>
+      k -> b
+    }
+  }
 
-    val (newValue, newSize) = memoryChunks.foldLeft(("", 0)) { (acc, current) =>
-      val currentString: String = current.value.toString(2).reverse.padTo(8, '0').reverse
-      endian match {
-        case Endian.LittleEndian => (currentString + acc._1, acc._2 + current.size)
-        case Endian.BigEndian    => (acc._1 + currentString, acc._2 + current.size)
+  def getMem(name: String): Map[BitVecLiteral, BitVecLiteral] = {
+    stackFrames(globalFrame)(name) match {
+      case MapValue(innerMap, MapType(BitVecType(ks), BitVecType(vs))) => {
+        def unwrap(v: BasilValue): BitVecLiteral = v match {
+          case Scalar(b: BitVecLiteral) => b
+          case v => throw Exception(s"Failed to convert map value to bitvector: $v (interpreter type error somewhere)")
+        }
+        innerMap.map((k, v) => unwrap(k) -> unwrap(v))
       }
+      case v => throw Exception(s"$name not a bitvec map variable: ${v.irType}")
     }
+  }
+
+  /** Local Variable Stack * */
 
-    BitVecLiteral(BigInt(newValue, 2), newSize)
+  def pushStackFrame(function: String): MemoryState = {
+    val counts = activationCount + (function -> (activationCount(function) + 1))
+    val frameName: StackFrameID = s"AR_${function}_${activationCount(function)}"
+    val frames = stackFrames + (frameName -> Map.empty)
+    MemoryState(frames, frameName :: activations, counts)
   }
 
-  def setMemory(
-      index: Int,
-      size: Int,
-      endian: Endian,
-      value: BitVecLiteral,
-      env: mutable.Map[Int, BitVecLiteral]
-  ): BitVecLiteral = {
-    val binaryString: String = value.value.toString(2).reverse.padTo(size, '0').reverse
+  def popStackFrame(): MemoryState = {
+    val (frame, remactivs) = activations match {
+      case Nil                          => throw InterpreterError(Errored("No stack frame to pop"))
+      case h :: Nil if h == globalFrame => throw InterpreterError(Errored("tried to pop global scope"))
+      case h :: tl                      => (h, tl)
+    }
+    val frames = stackFrames.removed(frame)
+    MemoryState(frames, remactivs, activationCount)
+  }
+
+  /* Variable retrieval and setting */
+
+  def setVar(frame: StackFrameID, varname: String, value: BasilValue): MemoryState = {
+    val nv = stackFrames + (frame -> (stackFrames(frame) + (varname -> value)))
+    MemoryState(nv, activations, activationCount)
+  }
+
+  def setVar(v: String, value: BasilValue): MemoryState = {
+    val frame = findVarOpt(v).map(_._1).getOrElse(activations.head)
+    setVar(frame, v, value)
+  }
+
+  def setVar(v: String, value: Literal): MemoryState = {
+    setVar(v, Scalar(value))
+  }
+
+  def defVar(v: Variable, value: Literal): MemoryState = {
+    val frame = v.toBoogie.scope match {
+      case Scope.Global => globalFrame
+      case _            => activations.head
+    }
+    setVar(frame, v.name, Scalar(value))
+  }
+
+  def findVarOpt(name: String): Option[(StackFrameID, BasilValue)] = {
+    val searchScopes = globalFrame :: activations.headOption.toList
+    searchScopes.foldRight(None: Option[(StackFrameID, BasilValue)])((r, acc) =>
+      acc match {
+        case None => stackFrames(r).get(name).map(v => (r, v))
+        case s    => s
+      }
+    )
+  }
+
+  def findVar(name: String): (StackFrameID, BasilValue) = {
+    findVarOpt(name: String).getOrElse(throw InterpreterError(Errored(s"Access to undefined variable $name")))
+  }
+
+  def getVarOpt(name: String): Option[BasilValue] = findVarOpt(name).map(_._2)
+
+  def getVar(name: String): BasilValue = {
+    getVarOpt(name).getOrElse(throw InterpreterError(Errored(s"Access undefined variable $name")))
+  }
+
+  def getVar(v: Variable): BasilValue = {
+    val value = getVar(v.name)
+    value match {
+      case dv: BasilValue if v.getType != dv.irType =>
+        throw InterpreterError(
+          Errored(s"Type mismatch on variable definition and load: defined ${dv.irType}, variable ${v.getType}")
+        )
+      case o => o
+    }
+  }
+
+  def getVarLiteralOpt(v: Variable): Option[Literal] = {
+    getVar(v) match {
+      case Scalar(v) => Some(v)
+      case _         => None
+    }
+  }
+
+  /* Map variable accessing ; load and store operations */
+
+  /* canonical load operation */
+  def load(vname: String, addr: Scalar, endian: Endian, count: Int): List[BasilValue] = {
+    val (frame, mem) = findVar(vname)
+
+    val mapv: MapValue = mem match {
+      case m @ MapValue(innerMap, ty) => m
+      case _                          => throw InterpreterError(Errored("Load from nonmap"))
+    }
+
+    if (count == 0) {
+      throw InterpreterError(Errored(s"Attempted fractional load"))
+    }
+
+    val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
 
-    val data: List[BitVecLiteral] = endian match {
-      case Endian.LittleEndian =>
-        binaryString.grouped(8).toList.map(chunk => BitVecLiteral(BigInt(chunk, 2), 8)).reverse
-      case Endian.BigEndian =>
-        binaryString.grouped(8).toList.map(chunk => BitVecLiteral(BigInt(chunk, 2), 8))
+    val values = keys.map(k =>
+      mapv.value.get(k).getOrElse(throw InterpreterError(MemoryError(s"Read from uninitialised $vname[$k]")))
+    )
+
+    val vals = endian match {
+      case Endian.LittleEndian => values.reverse
+      case Endian.BigEndian    => values
+    }
+
+    vals.toList
+  }
+
+  /** Load and concat bitvectors */
+  def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
+    val (frame, mem) = findVar(vname)
+
+    val (valsize, mapv) = mem match {
+      case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
+      case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
     }
 
-    data.zipWithIndex.foreach { case (bv, i) =>
-      env(index + i) = bv
+    val cells = size / BasilValue.size(mapv.irType.result)
+
+    val bvs: List[BitVecLiteral] = {
+      val res = load(vname, addr, endian, cells)
+      val rr = res.map {
+        case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
+        case _ => throw InterpreterError(Errored(s"Loaded value that did not match expected type bv$valsize"))
+      }
+      rr
     }
 
-    value
+    val bvres = bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r))
+    assert(bvres.size == size)
+    bvres
+  }
+
+  def loadSingle(vname: String, addr: Scalar): BasilValue = {
+    load(vname, addr, Endian.LittleEndian, 1).head
   }
 
-  private def interpretProcedure(p: Procedure): Unit = {
-    Logger.debug(s"Procedure(${p.name}, ${p.address.getOrElse("None")})")
-    Logger.debug(s"Regs $regs")
+  /** Canonical store operation */
+  def store(vname: String, addr: BasilValue, values: List[BasilValue], endian: Endian) = {
+    val (frame, mem) = findVar(vname)
 
-    // Procedure.in
-    for ((in, index) <- p.in.zipWithIndex) {
-      Logger.debug(s"\tin[$index]:${in.name} ${in.size} ${in.value}")
+    val (mapval, keytype, valtype) = mem match {
+      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
+      case _ => throw InterpreterError(Errored("Invalid map store operation."))
     }
+    val keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
+    val vals = endian match {
+      case Endian.LittleEndian => values.reverse
+      case Endian.BigEndian    => values
+    }
+
+    val nmap = MapValue(mapval.value ++ keys.zip(vals), mapval.irType)
+    setVar(frame, vname, nmap)
+  }
 
-    // Procedure.out
-    for ((out, index) <- p.out.zipWithIndex) {
-      Logger.debug(s"\tout[$index]:${out.name} ${out.size} ${out.value}")
+  /** Store extract bitvec to bytes and store bytes */
+  def storeBV(vname: String, addr: BasilValue, value: BitVecLiteral, endian: Endian) = {
+    val (frame, mem) = findVar(vname)
+    val (mapval, vsize) = mem match {
+      case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
+      case _ => throw InterpreterError(Errored("Tried to extract-store non to bv map"))
     }
+    val cells = value.size / vsize
+    if (cells < 1) {
+      throw InterpreterError(Errored("Tried to execute fractional store"))
+    }
+
+    val extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
 
-    // Procedure.Block
-    p.entryBlock match {
-      case Some(block) => nextCmd = Run(block.statements.headOption.getOrElse(block.jump))
-      case None        => doReturn()
+    val vs = endian match {
+      case Endian.LittleEndian => extractVals.reverse.map(Scalar(_))
+      case Endian.BigEndian    => extractVals.map(Scalar(_))
     }
+
+    store(vname, addr, vs, endian)
   }
 
-  private def interpretJump(j: Jump): Unit = {
-    Logger.debug(s"jump: $j")
-    breakable {
-      j match {
-        case gt: GoTo =>
-          for (g <- gt.targets) {
-            val condition: Option[Expr] = g.statements.headOption.collect { case a: Assume => a.body }
-            condition match {
-              case Some(e) =>
-                if (evalBool(e, regs)) {
-                  Logger.debug(s"chosen ${g.label}")
-                  nextCmd = Run(g.statements.headOption.getOrElse(g.jump))
-                  break
-                }
-              case None =>
-                nextCmd = Run(g.statements.headOption.getOrElse(g.jump))
-                break
-            }
-          }
-        case r: Return => doReturn()
-        case h: Unreachable => {
-          Logger.debug("Unreachable")
-          nextCmd = Stopped()
+  def storeSingle(vname: String, addr: BasilValue, value: BasilValue) = {
+    store(vname, addr, List(value), Endian.LittleEndian)
+  }
+
+}
+
+case object Eval {
+
+  def getVar(s: MemoryState)(v: Variable) = s.getVarLiteralOpt(v)
+
+  def doLoad(s: MemoryState)(m: Memory, addr: Expr, endian: Endian, sz: Int): Option[Literal] = {
+    addr match {
+      case l: Literal if sz == 1 => (
+        s.loadSingle(m.name, Scalar(l)) match {
+          case Scalar(v) => Some(v)
+          case _         => None
         }
+      )
+      case l: Literal => Some(s.loadBV(m.name, Scalar(l), endian, sz))
+      case _          => None
+    }
+  }
+
+  def evalBV(s: MemoryState, e: Expr): BitVecLiteral = {
+    ir.eval.evalBVExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
+      case Right(e) => e
+      case Left(e)  => throw InterpreterError(Errored(s"Eval BV residual $e"))
+    }
+  }
+
+  def evalInt(s: MemoryState, e: Expr): BigInt = {
+    ir.eval.evalIntExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
+      case Right(e) => e
+      case Left(e)  => throw InterpreterError(Errored(s"Eval int residual $e"))
+    }
+  }
+
+  def evalBool(s: MemoryState, e: Expr): Boolean = {
+    ir.eval.evalLogExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
+      case Right(e) => e
+      case Left(e)  => throw InterpreterError(Errored(s"Eval bool residual $e"))
+    }
+  }
+
+}
+
+def initialState(): MemoryState = {
+  val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+  val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+  val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
+
+  MemoryState()
+    .setVar(globalFrame, "mem", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+    .setVar(globalFrame, "stack", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+    .setVar(globalFrame, "R31", Scalar(SP))
+    .setVar(globalFrame, "R29", Scalar(FP))
+    .setVar(globalFrame, "R30", Scalar(LR))
+}
+
+sealed trait Effects[T <: Effects[T]] {
+  /* evaluation (may side-effect via InterpreterException on evaluation failure) */
+  def evalBV(e: Expr): BitVecLiteral
+
+  def evalInt(e: Expr): BigInt
+
+  def evalBool(e: Expr): Boolean
+
+  /** effects * */
+  def setNext(c: ExecutionContinuation): T
+
+  def call(c: DirectCall): T
+
+  def doReturn(): T
+
+  def storeVar(v: Variable, value: Literal): T
+
+  def storeMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int): T
+
+  def initialiseProgram(p: Program): T
+}
+
+case class InterpreterCFState(
+    val nextCmd: ExecutionContinuation = Stopped(),
+    val callStack: List[DirectCall] = List.empty,
+    val memoryState: MemoryState = MemoryState()
+) extends Effects[InterpreterCFState] {
+
+  /** eval * */
+  def evalBV(e: Expr): BitVecLiteral = Eval.evalBV(memoryState, e)
+
+  def evalInt(e: Expr): BigInt = Eval.evalInt(memoryState, e)
+
+  def evalBool(e: Expr): Boolean = Eval.evalBool(memoryState, e)
+
+  /** effects * */
+  def setNext(c: ExecutionContinuation): InterpreterCFState = {
+    InterpreterCFState(c, callStack, memoryState)
+  }
+
+  def call(c: DirectCall): InterpreterCFState = {
+    Logger.debug(s"    eff : CALL $c")
+    c.target.entryBlock match {
+      case Some(block) =>
+        InterpreterCFState(
+          Run(block.statements.headOption.getOrElse(block.jump)),
+          c :: callStack,
+          memoryState.pushStackFrame(c.target.name)
+        )
+      case None => setNext(Run(c.successor))
+    }
+  }
+
+  def doReturn(): InterpreterCFState = {
+    callStack match {
+      case Nil => InterpreterCFState(Stopped(), Nil, memoryState)
+      case h :: tl => {
+        Logger.debug(s"    eff : RETURN $h")
+        InterpreterCFState(Run(h.successor), tl, memoryState.popStackFrame())
       }
     }
   }
 
-  private def interpretStatement(s: Statement): Unit = {
-    Logger.debug(s"Regs $regs")
-    Logger.debug(s"statement[$s]:")
+  def storeVar(v: Variable, value: Literal) = {
+    Logger.debug(s"    eff : SET $v := $value")
+    InterpreterCFState(nextCmd, callStack, memoryState.defVar(v, value))
+  }
+
+  def storeMem(
+      vname: String,
+      addr: BitVecLiteral,
+      value: BitVecLiteral,
+      endian: Endian,
+      size: Int
+  ): InterpreterCFState = {
+    Logger.debug(s"    eff : STORE $vname[$addr..$addr + $size] := $value ($endian)")
+    InterpreterCFState(nextCmd, callStack, memoryState.storeBV(vname, Scalar(addr), value, endian))
+  }
+
+  def initialiseProgram(p: Program): InterpreterCFState = {
+    val mem = p.initialMemory.foldLeft(initialState())((s, memory) => {
+      s.store("mem", Scalar(BitVecLiteral(memory.address, 64)), memory.bytes.map(Scalar(_)).toList, Endian.LittleEndian)
+      s.store(
+        "stack",
+        Scalar(BitVecLiteral(memory.address, 64)),
+        memory.bytes.map(Scalar(_)).toList,
+        Endian.LittleEndian
+      )
+    })
+
+    InterpreterCFState(
+      Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)),
+      callStack,
+      mem.pushStackFrame(p.mainProcedure.name)
+    )
+  }
+}
 
-    nextCmd = Run(s.successor)
+case object InterpFuns {
 
-    s match {
-      case assign: Assign =>
-        //Logger.debug(s"LocalAssign ${assign.lhs} = ${assign.rhs}")
-        val evalRight = eval(assign.rhs, regs)
-        //Logger.debug(s"LocalAssign ${assign.lhs} := 0x${evalRight.value.toString(16)}[u${evalRight.size}]\n")
-        regs += (assign.lhs -> evalRight)
-
-      case assign: MemoryAssign =>
-        //Logger.debug(s"MemoryAssign ${assign.mem}[${assign.index}] = ${assign.value}")
-
-        val index: Int = eval(assign.index, regs).value.toInt
-        val value: BitVecLiteral = eval(assign.value, regs)
-        //Logger.debug(s"\tMemoryStore(mem:${assign.mem}, index:0x${index.toHexString}, value:0x${value.value
-          // .toString(16)}[u${value.size}], size:${assign.size})")
-
-        val evalStore = setMemory(index, assign.size, assign.endian, value, mems)
-        evalStore match {
-          case BitVecLiteral(value, size) =>
-            //Logger.debug(s"MemoryAssign ${assign.mem} := 0x${value.toString(16)}[u$size]\n")
+  def interpretJump[T <: Effects[T]](s: T, j: Jump): T = {
+    j match {
+      case gt: GoTo if gt.targets.size == 1 => {
+        s.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
+      }
+      case gt: GoTo =>
+        val condition = gt.targets.flatMap(_.statements.headOption).collect { case a: Assume =>
+          (a, s.evalBool(a.body))
+        }
+
+        if (condition.size != gt.targets.size) {
+          throw InterpreterError(Errored(s"Some goto target missing guard $gt"))
         }
-      case assert: Assert =>
-        // Logger.debug(assert)
-        if (!evalBool(assert.body, regs)) {
-          nextCmd = FailedAssertion(assert)
+
+        val chosen = condition.filter(_._2).toList match {
+          case Nil      => throw InterpreterError(Errored(s"No jump target satisfied $gt"))
+          case h :: Nil => h
+          case h :: tl  => throw InterpreterError(Errored(s"More than one jump guard satisfied $gt"))
+        }
+        Logger.debug(s"Goto ${chosen._1.parent.label}")
+
+        s.setNext(Run(chosen._1.successor))
+      case r: Return      => s.doReturn()
+      case h: Unreachable => s.setNext(EscapedControlFlow(h))
+    }
+  }
+
+  def interpretStatement[T <: Effects[T]](st: T, s: Statement): T = {
+    s match {
+      case assign: Assign => {
+        val rhs = st.evalBV(assign.rhs)
+        st.storeVar(assign.lhs, rhs).setNext(Run(s.successor))
+
+      }
+      case assign: MemoryAssign => {
+        val index: BitVecLiteral = st.evalBV(assign.index)
+        val value: BitVecLiteral = st.evalBV(assign.value)
+        st.storeMem(assign.mem.name, index, value, assign.endian, assign.size).setNext(Run(s.successor))
+
+      }
+      case assert: Assert => {
+        if (!st.evalBool(assert.body)) then {
+          st.setNext(FailedAssertion(assert))
+        } else {
+          st.setNext(Run(s.successor))
+
         }
+      }
       case assume: Assume =>
-        // TODO, but already taken into effect if it is a branch condition
-        // Logger.debug(assume)
-        if (!evalBool(assume.body, regs)) {
-          nextCmd = Errored(s"Assumption not satisfied: $assume")
+        if (!st.evalBool(assume.body)) {
+          st.setNext(Errored(s"Assumption not satisfied: $assume"))
+        } else {
+          st.setNext(Run(s.successor))
+
         }
       case dc: DirectCall =>
-        // Logger.debug(s"$dc")
-        callStack.push(dc.successor)
-        interpretProcedure(dc.target)
+        st.call(dc)
       case ic: IndirectCall =>
-        // Logger.debug(s"$ic")
         if (ic.target == Register("R30", 64)) {
-          doReturn()
-          //Exit Interpreter
+          st.doReturn()
         } else {
-          nextCmd = EscapedControlFlow(ic)
-        }
-      case _: NOP => ()
-    }
-  }
-
-  def interpret(IRProgram: Program): mutable.Map[Variable, BitVecLiteral] = {
-    // initialize memory array from IRProgram
-    var currentAddress = 0
-    IRProgram.initialMemory
-      .sortBy(_.address)
-      .foreach { im =>
-        if (im.address + im.size > currentAddress) {
-          val start = im.address.max(currentAddress)
-          val data = if (im.address < currentAddress) im.bytes.slice(currentAddress - im.address, im.size) else im.bytes
-          data.zipWithIndex.foreach { (byte, index) =>
-            mems(start + index) = byte
-          }
-          currentAddress = im.address + im.size
+          st.setNext(EscapedControlFlow(ic))
         }
-      }
+      case _: NOP => st.setNext(Run(s.successor))
+    }
+  }
 
-    // Initial SP, FP and LR to regs
-    regs += (Register("R31", 64) -> SP)
-    regs += (Register("R29", 64) -> FP)
-    regs += (Register("R30", 64) -> LR)
-
-    // Program.Procedure
-    interpretProcedure(IRProgram.mainProcedure)
-    while (
-      try {nextCmd match {
-          case Run(c: Statement) => {
-            interpretStatement(c)
-            true
-          }
-          case Run(c: Jump)      => {
-            interpretJump(c)
-            true
-          }
-          case Stopped() => {
-            false
-          }
-          case errorstop => {
-            Logger.error(s"Interpreter $errorstop")
-            false
-          } 
-        }
+  def protect[T](x: () => T, fnly: PartialFunction[Exception, T]): T = {
+    try {
+      x()
     } catch {
-      case InterpreterError(e) => {
-        nextCmd = e 
-        true
-      }
+      case e: Exception if fnly.isDefinedAt(e) => fnly(e)
     }
+  }
 
-    ) {}
+  @tailrec
+  def interpret(s: InterpreterCFState): InterpreterCFState = {
+    Logger.debug(s"interpret ${s.nextCmd}")
+    s.nextCmd match {
+      case Run(c: Statement) =>
+        interpret(
+          protect[InterpreterCFState](
+            () => interpretStatement(s, c),
+            {
+              case InterpreterError(e)         => s.setNext(e)
+              case e: IllegalArgumentException => s.setNext(Errored(s"Evaluation error $e"))
+            }
+          )
+        )
+      case Run(c: Jump) =>
+        interpret(
+          protect[InterpreterCFState](
+            () => interpretJump(s, c),
+            {
+              case InterpreterError(e)         => s.setNext(e)
+              case e: IllegalArgumentException => s.setNext(Errored(s"Evaluation error $e"))
+            }
+          )
+        )
+      case Stopped() => s
+      case errorstop => s
+    }
+  }
 
-    regs
+  def interpretProg(p: Program): InterpreterCFState = {
+    var s = InterpreterCFState().initialiseProgram(p)
+    interpret(s)
   }
+
+}
+
+def interpret(IRProgram: Program) = {
+  InterpFuns.interpretProg(IRProgram)
 }
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index aeaaa6916..73768e61b 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -461,8 +461,8 @@ object RunUtils {
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-analysis.il"))
 
     if (q.runInterpret) {
-      val interpreter = Interpreter()
-      interpreter.interpret(ctx.program)
+      // val interpreter = eval.Interpreter()
+      eval.interpret(ctx.program)
     }
 
     IRTransform.prepareForTranslation(q.loading, ctx)
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 56bbbf7d3..85e8c5c70 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -1,6 +1,6 @@
 package ir
 
-import ir.eval.*
+import ir.eval._
 import ir.dsl._
 import org.scalatest.funsuite.AnyFunSuite
 import org.scalatest.BeforeAndAfter
@@ -10,13 +10,30 @@ import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
 import util.ILLoadingConfig
 
+
+def load[T <: Effects[T]](s: T, global: SpecGlobal) : Option[BitVecLiteral] = {
+ //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
+  // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
+  
+  try {
+    Some(s.evalBV(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)))
+  } catch {
+    case e : InterpreterError => None
+  }
+}
+
+
+def mems[T <: Effects[T]](m: MemoryState) : Map[BigInt, BitVecLiteral] = {
+  m.getMem("mem").map((k,v) => k.value -> v)
+}
+
 class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
-  var i: Interpreter = Interpreter()
+  // var i: Interpreter = Interpreter()
   Logger.setLevel(LogLevel.DEBUG)
 
-  def getProgram(name: String): (Program, Set[SpecGlobal]) = {
 
+  def getProgram(name: String): (Program, Set[SpecGlobal]) = {
 
     val loading = ILLoadingConfig(
       inputFile = s"examples/$name/$name.adt",
@@ -41,7 +58,8 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   def testInterpret(name: String, expected: Map[String, Int]): Unit = {
     val (program, globals) = getProgram(name)
-    val regs = i.interpret(program)
+    val fstate = interpret(program)
+    val regs = fstate.memoryState.getGlobalVals
 
     // Show interpreted result
     Logger.info("Registers:")
@@ -50,68 +68,114 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     }
 
     Logger.info("Globals:")
+    //  def loadBV(vname: String, addr: BasilValue, valueSize: Int, endian: Endian, size: Int): List[BitVecLiteral] = {
     globals.foreach { global =>
-      val mem = i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
-      Logger.info(s"$global := $mem")
+      val mem = load(fstate, global)
+      mem.foreach(mem => Logger.info(s"$global := $mem"))
     }
 
     // Test expected value
-    expected.foreach { (name, expected) =>
-      globals.find(_.name == name) match {
-        case Some(global) =>
-          val actual = i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems).value.toInt
-          assert(actual == expected)
-        case None => assert("None" == name)
-      }
-    }
+    val actual : Map[String, Int] = expected.flatMap ( (name, expected) =>
+      globals.find(_.name == name).flatMap(global =>
+          load(fstate, global).map(gv => name -> gv.value.toInt)
+      )
+    )
+    assert(expected == actual)
   }
 
-  before {
-    i = Interpreter()
-  }
 
-  test("getMemory in LittleEndian") {
-    i.mems(0) = BitVecLiteral(BigInt("0D", 16), 8)
-    i.mems(1) = BitVecLiteral(BigInt("0C", 16), 8)
-    i.mems(2) = BitVecLiteral(BigInt("0B", 16), 8)
-    i.mems(3) = BitVecLiteral(BigInt("0A", 16), 8)
-    val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-    val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
+  test("Store = Load LittleEndian") {
+    val ts = List(
+      BitVecLiteral(BigInt("0D", 16), 8),
+      BitVecLiteral(BigInt("0C", 16), 8),
+      BitVecLiteral(BigInt("0B", 16), 8),
+      BitVecLiteral(BigInt("0A", 16), 8))
+
+    val s = initialState().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+    val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
+    val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     assert(actual == expected)
+
+    val s2 = initialState().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+    val actual2: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+    assert(actual2 == actual)
+
   }
 
-  test("getMemory in BigEndian") {
-    i.mems(0) = BitVecLiteral(BigInt("0A", 16), 8)
-    i.mems(1) = BitVecLiteral(BigInt("0B", 16), 8)
-    i.mems(2) = BitVecLiteral(BigInt("0C", 16), 8)
-    i.mems(3) = BitVecLiteral(BigInt("0D", 16), 8)
+
+  test("Store = Load BigEndian") {
+    val ts = List(
+      BitVecLiteral(BigInt("0D", 16), 8),
+      BitVecLiteral(BigInt("0C", 16), 8),
+      BitVecLiteral(BigInt("0B", 16), 8),
+      BitVecLiteral(BigInt("0A", 16), 8))
+
+    val s = initialState().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-    val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
+    val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
     assert(actual == expected)
+
+
   }
 
-  test("setMemory in LittleEndian") {
-    i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
-    i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
-    i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
-    i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
+  test("getMemory in LittleEndian") {
+    val ts = List((BitVecLiteral(0, 64), BitVecLiteral(BigInt("0D", 16), 8)),
+    (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
+    (BitVecLiteral(2, 64) , BitVecLiteral(BigInt("0B", 16), 8)),
+    (BitVecLiteral(3, 64) , BitVecLiteral(BigInt("0A", 16), 8)))
+    val s = ts.foldLeft(initialState())((m, v) => m.storeSingle("mem", Scalar(v._1), Scalar(v._2)))
+    // val s = initialState().store("mem")
+    // val r = s.loadBV("mem", BitVecLiteral(0, 64))
+
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-    i.setMemory(0, 32, Endian.LittleEndian, expected, i.mems)
-    val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
+
+  // def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
+     val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     assert(actual == expected)
   }
 
-  test("setMemory in BigEndian") {
-    i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
-    i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
-    i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
-    i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
+
+  test("StoreBV = LoadBV LE ") {
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-    i.setMemory(0, 32, Endian.BigEndian, expected, i.mems)
-    val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
+
+    val s = initialState().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+    val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+    println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
     assert(actual == expected)
   }
 
+  // test("getMemory in BigEndian") {
+  //   i.mems(0) = BitVecLiteral(BigInt("0A", 16), 8)
+  //   i.mems(1) = BitVecLiteral(BigInt("0B", 16), 8)
+  //   i.mems(2) = BitVecLiteral(BigInt("0C", 16), 8)
+  //   i.mems(3) = BitVecLiteral(BigInt("0D", 16), 8)
+  //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+  //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
+  //   assert(actual == expected)
+  // }
+
+  // test("setMemory in LittleEndian") {
+  //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+  //   i.setMemory(0, 32, Endian.LittleEndian, expected, i.mems)
+  //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
+  //   assert(actual == expected)
+  // }
+
+  // test("setMemory in BigEndian") {
+  //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
+  //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+  //   i.setMemory(0, 32, Endian.BigEndian, expected, i.mems)
+  //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
+  //   assert(actual == expected)
+  // }
+
   test("basic_arrays_read") {
     val expected = Map(
       "arr" -> 0
@@ -204,57 +268,69 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   }
 
   test("fibonacci") {
-    val fib = prog(
-      proc("begin", 
-        block("entry",
-          Assign(R8, Register("R31", 64)),
-          Assign(R0, bv64(8)),
-          directCall("fib"),
-          goto("done")
-        ),
-        block("done",
-          Assert(BinaryExpr(BVEQ, R0, bv64(21))),
-          ret
-        )),
-      proc("fib",
-        block("base", goto("base1", "base2", "dofib")),
-        block("base1", 
-          Assume(BinaryExpr(BVEQ, R0, bv64(0))),
-          ret),
-        block("base2", 
-          Assume(BinaryExpr(BVEQ, R0, bv64(1))),
-          ret),
-        block("dofib",
-          Assume(BinaryExpr(BoolAND, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVNEQ, R0, bv64(1)))),
-          // R8 stack pointer preserved across calls
-          Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),  
-          MemoryAssign(stack, R7, R8, Endian.LittleEndian, 64), // sp
-          Assign(R8, R7),
-          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 8
-          MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 8] = arg0
-          Assign(R0, BinaryExpr(BVSUB, R0, bv64(1))),
-          directCall("fib"),
-          Assign(R2, R8), // sp + 8
-          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 16
-          MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 16] = r1
-          Assign(R0, MemoryLoad(stack, R2, Endian.LittleEndian, 64)), // [sp + 8]
-          Assign(R0, BinaryExpr(BVSUB, R0, bv64(2))),
-          directCall("fib"),
-          Assign(R2, MemoryLoad(stack, R8, Endian.LittleEndian, 64)), // [sp + 16] (r1)
-          Assign(R0, BinaryExpr(BVADD, R0, R2)),
-          Assign(R8, MemoryLoad(stack, BinaryExpr(BVSUB, R8, bv64(16)), Endian.LittleEndian, 64)),
-          ret
+
+    def fibonacciProg(n: Int) = {
+      def expected(n: Int) : Int = {
+        n match {
+          case 0 => 0
+          case 1 => 1
+          case n => expected(n - 1) + expected(n - 2)
+        }
+      }
+      prog(
+        proc("begin", 
+          block("entry",
+            Assign(R8, Register("R31", 64)),
+            Assign(R0, bv64(n)),
+            directCall("fib"),
+            goto("done")
+          ),
+          block("done",
+            Assert(BinaryExpr(BVEQ, R0, bv64(expected(n)))),
+            ret
+          )),
+        proc("fib",
+          block("base", goto("base1", "base2", "dofib")),
+          block("base1", 
+            Assume(BinaryExpr(BVEQ, R0, bv64(0))),
+            ret),
+          block("base2", 
+            Assume(BinaryExpr(BVEQ, R0, bv64(1))),
+            ret),
+          block("dofib",
+            Assume(BinaryExpr(BoolAND, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVNEQ, R0, bv64(1)))),
+            // R8 stack pointer preserved across calls
+            Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),  
+            MemoryAssign(stack, R7, R8, Endian.LittleEndian, 64), // sp
+            Assign(R8, R7),
+            Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 8
+            MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 8] = arg0
+            Assign(R0, BinaryExpr(BVSUB, R0, bv64(1))),
+            directCall("fib"),
+            Assign(R2, R8), // sp + 8
+            Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 16
+            MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 16] = r1
+            Assign(R0, MemoryLoad(stack, R2, Endian.LittleEndian, 64)), // [sp + 8]
+            Assign(R0, BinaryExpr(BVSUB, R0, bv64(2))),
+            directCall("fib"),
+            Assign(R2, MemoryLoad(stack, R8, Endian.LittleEndian, 64)), // [sp + 16] (r1)
+            Assign(R0, BinaryExpr(BVADD, R0, R2)),
+            Assign(R8, MemoryLoad(stack, BinaryExpr(BVSUB, R8, bv64(16)), Endian.LittleEndian, 64)),
+            ret
+            )
           )
         )
-      )
+    }
 
-    val regs = i.interpret(fib)
 
+    val fib = fibonacciProg(8)
+    val r = interpret(fib)
+    assert(r.nextCmd == Stopped())
     // Show interpreted result
     Logger.info("Registers:")
-    regs.foreach { (key, value) =>
-      Logger.info(s"$key := $value")
-    }
+    // r.regs.foreach { (key, value) =>
+    //   Logger.info(s"$key := $value")
+    // }
 
   }
 }

From 74c4bc275d9efb89ebb68a40c585f48a64890f39 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 22 Aug 2024 17:29:23 +1000
Subject: [PATCH 008/127] cleanup call/return

---
 src/main/scala/ir/eval/Interpreter.scala | 231 ++++++++++++++---------
 src/test/scala/ir/InterpreterTests.scala |  24 ++-
 2 files changed, 159 insertions(+), 96 deletions(-)

diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index e2fda9e6b..40d3e4bc5 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -9,22 +9,20 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-
 sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
-case class Stopped() extends ExecutionContinuation
 
-/** Normal stop * */
-case class Run(val next: Command) extends ExecutionContinuation
-case class EscapedControlFlow(val call: Jump | Call) extends ExecutionContinuation
+case class Stopped() extends ExecutionContinuation /* normal program stop  */
+case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
+
+case class EscapedControlFlow(val call: Jump | Call)
+    extends ExecutionContinuation /* controlflow has reached somewhere eunrecoverable */
 
-/** controlflow has reached somewhere eunrecoverable */
 case class Errored(val message: String = "") extends ExecutionContinuation
 case class TypeError(val message: String = "") extends ExecutionContinuation /* type mismatch appeared */
 case class EvalError(val message: String = "")
     extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
-case class MemoryError(val message: String = "")
-    extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
+case class MemoryError(val message: String = "") extends ExecutionContinuation /* An error to do with memory */
 
 case class InterpreterError(continue: ExecutionContinuation) extends Exception()
 
@@ -41,15 +39,6 @@ enum BasilValue(val irType: IRType):
   // \exists j . \forall v \in value.values, v.irType = j
   case MapValue(val value: Map[BasilValue, BasilValue], override val irType: MapType) extends BasilValue(irType)
 
-given Conversion[BitVecLiteral, Scalar] with
-  def apply(b: BitVecLiteral): Scalar = new Scalar(b)
-
-given Conversion[IntLiteral, Scalar] with
-  def apply(b: IntLiteral): Scalar = new Scalar(b)
-
-given Conversion[BoolLit, Scalar] with
-  def apply(b: BoolLit): Scalar = new Scalar(b)
-
 case object BasilValue:
 
   def size(v: IRType): Int = {
@@ -63,6 +52,7 @@ case object BasilValue:
 
   def unsafeAdd(l: BasilValue, vr: Int): BasilValue = {
     l match {
+      case _ if vr == 0              => l
       case Scalar(IntLiteral(vl))    => Scalar(IntLiteral(vl + vr))
       case Scalar(b1: BitVecLiteral) => Scalar(eval.evalBVBinExpr(BVADD, b1, BitVecLiteral(vr, b1.size)))
       case _                         => throw InterpreterError(TypeError(s"Operation add $vr undefined on $l"))
@@ -172,28 +162,30 @@ case class MemoryState(
 
   /* Variable retrieval and setting */
 
+  /* Set variable in a given frame */
   def setVar(frame: StackFrameID, varname: String, value: BasilValue): MemoryState = {
     val nv = stackFrames + (frame -> (stackFrames(frame) + (varname -> value)))
     MemoryState(nv, activations, activationCount)
   }
 
+  /* Find variable definition scope and set it in the correct frame  */
   def setVar(v: String, value: BasilValue): MemoryState = {
     val frame = findVarOpt(v).map(_._1).getOrElse(activations.head)
     setVar(frame, v, value)
   }
 
-  def setVar(v: String, value: Literal): MemoryState = {
-    setVar(v, Scalar(value))
-  }
-
-  def defVar(v: Variable, value: Literal): MemoryState = {
-    val frame = v.toBoogie.scope match {
+  /* Define a variable in the scope specified
+   * ignoring whether it may already be defined
+   */
+  def defVar(name: String, s: Scope , value: BasilValue): MemoryState = {
+    val frame = s match {
       case Scope.Global => globalFrame
       case _            => activations.head
     }
-    setVar(frame, v.name, Scalar(value))
+    setVar(frame, name, value)
   }
 
+  /* Lookup the value of a variable */
   def findVarOpt(name: String): Option[(StackFrameID, BasilValue)] = {
     val searchScopes = globalFrame :: activations.headOption.toList
     searchScopes.foldRight(None: Option[(StackFrameID, BasilValue)])((r, acc) =>
@@ -296,7 +288,7 @@ case class MemoryState(
 
     val (mapval, keytype, valtype) = mem match {
       case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
-      case _ => throw InterpreterError(Errored("Invalid map store operation."))
+      case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : ${v.irType}"))
     }
     val keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
     val vals = endian match {
@@ -308,16 +300,21 @@ case class MemoryState(
     setVar(frame, vname, nmap)
   }
 
-  /** Store extract bitvec to bytes and store bytes */
+  /** Extract bitvec to bytes and store bytes */
   def storeBV(vname: String, addr: BasilValue, value: BitVecLiteral, endian: Endian) = {
     val (frame, mem) = findVar(vname)
     val (mapval, vsize) = mem match {
       case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
-      case _ => throw InterpreterError(Errored("Tried to extract-store non to bv map"))
+      case v =>
+        throw InterpreterError(
+          TypeError(
+            s"Invalid map store operation to $vname : ${v.irType} (expect [${addr.irType}] <- ${value.getType})"
+          )
+        )
     }
     val cells = value.size / vsize
     if (cells < 1) {
-      throw InterpreterError(Errored("Tried to execute fractional store"))
+      throw InterpreterError(MemoryError("Tried to execute fractional store"))
     }
 
     val extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
@@ -376,18 +373,6 @@ case object Eval {
 
 }
 
-def initialState(): MemoryState = {
-  val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-  val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-  val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-
-  MemoryState()
-    .setVar(globalFrame, "mem", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-    .setVar(globalFrame, "stack", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-    .setVar(globalFrame, "R31", Scalar(SP))
-    .setVar(globalFrame, "R29", Scalar(FP))
-    .setVar(globalFrame, "R30", Scalar(LR))
-}
 
 sealed trait Effects[T <: Effects[T]] {
   /* evaluation (may side-effect via InterpreterException on evaluation failure) */
@@ -400,22 +385,69 @@ sealed trait Effects[T <: Effects[T]] {
   /** effects * */
   def setNext(c: ExecutionContinuation): T
 
-  def call(c: DirectCall): T
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): T
 
   def doReturn(): T
 
-  def storeVar(v: Variable, value: Literal): T
+  def storeVar(v: String, scope: Scope, value: BasilValue): T
 
   def storeMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int): T
 
-  def initialiseProgram(p: Program): T
+  def storeMultiMem(vname: String, addr: Literal, value: List[Literal], endian: Endian): T
 }
 
-case class InterpreterCFState(
+
+
+// enum Effect:
+//   case Call(c: DirectCall)
+//   case SetNext(c: ExecutionContinuation)
+//   case Return
+//   case StoreVar(v: Variable, value: Literal)
+//   case StoreMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int)
+//   case StoreMultiMem(vname: String, addr: Literal, value: List[Literal], endian: Endian)
+// 
+// case class TracingInterpreter(
+//     val s: InterpreterState,
+//     val trace: List[Effect]
+// ) extends Effects[TracingInterpreter] {
+// 
+// 
+//   def evalBV(e: Expr): BitVecLiteral = s.evalBV(e)
+//   def evalInt(e: Expr): BigInt = s.evalInt(e)
+//   def evalBool(e: Expr): Boolean = s.evalBool(e)
+// 
+//   /** effects * */
+//   def setNext(c: ExecutionContinuation) = {
+//     TracingInterpreter(s.setNext(c), Effect.SetNext(c)::trace)
+//   }
+// 
+//   def call(c: DirectCall) = {
+//     TracingInterpreter(s.call(c), Effect.Call(c)::trace)
+//   }
+// 
+//   def doReturn() = {
+//     TracingInterpreter(s.doReturn(), Effect.Return::trace)
+//   }
+// 
+//   def storeVar(v: Variable, value: Literal) = {
+//     TracingInterpreter(s.storeVar(v, value), Effect.StoreVar(v,value)::trace)
+//   }
+// 
+//   def storeMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int) = {
+//     TracingInterpreter(s.storeMem(vname, addr, value, endian, size), Effect.StoreMem(vname,addr,value,endian,size)::trace)
+//   }
+// 
+//   def storeMultiMem(vname: String, addr: Literal, value: List[Literal], endian: Endian) = {
+//     TracingInterpreter(s.storeMultiMem(vname, addr, value, endian), Effect.StoreMultiMem(vname,addr,value,endian)::trace)
+//   }
+// 
+// }
+
+case class InterpreterState(
     val nextCmd: ExecutionContinuation = Stopped(),
-    val callStack: List[DirectCall] = List.empty,
+    val callStack: List[ExecutionContinuation] = List.empty,
     val memoryState: MemoryState = MemoryState()
-) extends Effects[InterpreterCFState] {
+) extends Effects[InterpreterState] {
 
   /** eval * */
   def evalBV(e: Expr): BitVecLiteral = Eval.evalBV(memoryState, e)
@@ -425,36 +457,32 @@ case class InterpreterCFState(
   def evalBool(e: Expr): Boolean = Eval.evalBool(memoryState, e)
 
   /** effects * */
-  def setNext(c: ExecutionContinuation): InterpreterCFState = {
-    InterpreterCFState(c, callStack, memoryState)
-  }
-
-  def call(c: DirectCall): InterpreterCFState = {
-    Logger.debug(s"    eff : CALL $c")
-    c.target.entryBlock match {
-      case Some(block) =>
-        InterpreterCFState(
-          Run(block.statements.headOption.getOrElse(block.jump)),
-          c :: callStack,
-          memoryState.pushStackFrame(c.target.name)
-        )
-      case None => setNext(Run(c.successor))
-    }
+  def setNext(c: ExecutionContinuation): InterpreterState = {
+    InterpreterState(c, callStack, memoryState)
+  }
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): InterpreterState = {
+    Logger.debug(s"    eff : CALL $target")
+    InterpreterState(
+      beginFrom,
+      returnTo :: callStack,
+      memoryState.pushStackFrame(target)
+    )
   }
 
-  def doReturn(): InterpreterCFState = {
+  def doReturn(): InterpreterState = {
     callStack match {
-      case Nil => InterpreterCFState(Stopped(), Nil, memoryState)
+      case Nil => InterpreterState(Stopped(), Nil, memoryState)
       case h :: tl => {
         Logger.debug(s"    eff : RETURN $h")
-        InterpreterCFState(Run(h.successor), tl, memoryState.popStackFrame())
+        InterpreterState(h, tl, memoryState.popStackFrame())
       }
     }
   }
 
-  def storeVar(v: Variable, value: Literal) = {
+  def storeVar(v: String, scope: Scope, value: BasilValue)  = {
     Logger.debug(s"    eff : SET $v := $value")
-    InterpreterCFState(nextCmd, callStack, memoryState.defVar(v, value))
+    InterpreterState(nextCmd, callStack, memoryState.defVar(v, scope, value))
   }
 
   def storeMem(
@@ -463,31 +491,50 @@ case class InterpreterCFState(
       value: BitVecLiteral,
       endian: Endian,
       size: Int
-  ): InterpreterCFState = {
+  ): InterpreterState = {
     Logger.debug(s"    eff : STORE $vname[$addr..$addr + $size] := $value ($endian)")
-    InterpreterCFState(nextCmd, callStack, memoryState.storeBV(vname, Scalar(addr), value, endian))
+    InterpreterState(nextCmd, callStack, memoryState.storeBV(vname, Scalar(addr), value, endian))
+  }
+
+  def storeMultiMem(
+      vname: String,
+      addr: Literal,
+      value: List[Literal],
+      endian: Endian
+  ): InterpreterState = {
+    Logger.debug(s"    eff : STOREMULTI $vname[$addr] := $value ($endian)")
+    InterpreterState(nextCmd, callStack, memoryState.store(vname, Scalar(addr), value.map(Scalar(_)), endian))
+  }
+
+}
+
+case object InterpFuns {
+
+  def initialState[T <: Effects[T]](s: T): T = {
+    val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+    val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+    val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
+
+    s.storeVar("mem",   Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+     .storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+     .storeVar("R31",   Scope.Global, Scalar(SP))
+     .storeVar("R29",   Scope.Global, Scalar(FP))
+     .storeVar("R30",   Scope.Global, Scalar(LR))
   }
 
-  def initialiseProgram(p: Program): InterpreterCFState = {
-    val mem = p.initialMemory.foldLeft(initialState())((s, memory) => {
-      s.store("mem", Scalar(BitVecLiteral(memory.address, 64)), memory.bytes.map(Scalar(_)).toList, Endian.LittleEndian)
-      s.store(
+  def initialiseProgram[T <: Effects[T]](p: Program, s: T): T = {
+    val mem = p.initialMemory.foldLeft(initialState(s))((s, memory) => {
+      s.storeMultiMem("mem", BitVecLiteral(memory.address, 64), memory.bytes.toList, Endian.LittleEndian)
+      s.storeMultiMem(
         "stack",
-        Scalar(BitVecLiteral(memory.address, 64)),
-        memory.bytes.map(Scalar(_)).toList,
+        BitVecLiteral(memory.address, 64),
+        memory.bytes.toList,
         Endian.LittleEndian
       )
     })
 
-    InterpreterCFState(
-      Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)),
-      callStack,
-      mem.pushStackFrame(p.mainProcedure.name)
-    )
+    mem.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
   }
-}
-
-case object InterpFuns {
 
   def interpretJump[T <: Effects[T]](s: T, j: Jump): T = {
     j match {
@@ -520,8 +567,7 @@ case object InterpFuns {
     s match {
       case assign: Assign => {
         val rhs = st.evalBV(assign.rhs)
-        st.storeVar(assign.lhs, rhs).setNext(Run(s.successor))
-
+        st.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs)).setNext(Run(s.successor))
       }
       case assign: MemoryAssign => {
         val index: BitVecLiteral = st.evalBV(assign.index)
@@ -545,7 +591,12 @@ case object InterpFuns {
 
         }
       case dc: DirectCall =>
-        st.call(dc)
+        if (dc.target.entryBlock.isDefined) {
+          val block = dc.target.entryBlock.get
+          st.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
+        } else {
+          st.setNext(Run(dc.successor))
+        }
       case ic: IndirectCall =>
         if (ic.target == Register("R30", 64)) {
           st.doReturn()
@@ -565,12 +616,12 @@ case object InterpFuns {
   }
 
   @tailrec
-  def interpret(s: InterpreterCFState): InterpreterCFState = {
+  def interpret(s: InterpreterState): InterpreterState = {
     Logger.debug(s"interpret ${s.nextCmd}")
     s.nextCmd match {
       case Run(c: Statement) =>
         interpret(
-          protect[InterpreterCFState](
+          protect[InterpreterState](
             () => interpretStatement(s, c),
             {
               case InterpreterError(e)         => s.setNext(e)
@@ -580,7 +631,7 @@ case object InterpFuns {
         )
       case Run(c: Jump) =>
         interpret(
-          protect[InterpreterCFState](
+          protect[InterpreterState](
             () => interpretJump(s, c),
             {
               case InterpreterError(e)         => s.setNext(e)
@@ -593,8 +644,8 @@ case object InterpFuns {
     }
   }
 
-  def interpretProg(p: Program): InterpreterCFState = {
-    var s = InterpreterCFState().initialiseProgram(p)
+  def interpretProg(p: Program): InterpreterState = {
+    var s = initialiseProgram(p, InterpreterState())
     interpret(s)
   }
 
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 85e8c5c70..30a36af91 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -10,6 +10,18 @@ import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
 import util.ILLoadingConfig
 
+def initialMem(): MemoryState = {
+  val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+  val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+  val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
+
+  MemoryState()
+    .setVar(globalFrame, "mem", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+    .setVar(globalFrame, "stack", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+    .setVar(globalFrame, "R31", Scalar(SP))
+    .setVar(globalFrame, "R29", Scalar(FP))
+    .setVar(globalFrame, "R30", Scalar(LR))
+}
 
 def load[T <: Effects[T]](s: T, global: SpecGlobal) : Option[BitVecLiteral] = {
  //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
@@ -91,12 +103,12 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       BitVecLiteral(BigInt("0B", 16), 8),
       BitVecLiteral(BigInt("0A", 16), 8))
 
-    val s = initialState().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+    val s = initialMem().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
     val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     assert(actual == expected)
 
-    val s2 = initialState().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+    val s2 = initialMem().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
     val actual2: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     assert(actual2 == actual)
 
@@ -110,7 +122,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       BitVecLiteral(BigInt("0B", 16), 8),
       BitVecLiteral(BigInt("0A", 16), 8))
 
-    val s = initialState().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+    val s = initialMem().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
     val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
     assert(actual == expected)
@@ -123,8 +135,8 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
     (BitVecLiteral(2, 64) , BitVecLiteral(BigInt("0B", 16), 8)),
     (BitVecLiteral(3, 64) , BitVecLiteral(BigInt("0A", 16), 8)))
-    val s = ts.foldLeft(initialState())((m, v) => m.storeSingle("mem", Scalar(v._1), Scalar(v._2)))
-    // val s = initialState().store("mem")
+    val s = ts.foldLeft(initialMem())((m, v) => m.storeSingle("mem", Scalar(v._1), Scalar(v._2)))
+    // val s = initialMem().store("mem")
     // val r = s.loadBV("mem", BitVecLiteral(0, 64))
 
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
@@ -138,7 +150,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   test("StoreBV = LoadBV LE ") {
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
 
-    val s = initialState().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+    val s = initialMem().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
     val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
     assert(actual == expected)

From 9e235589220d2fc2a8d2f844a73dad38c244cad7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 22 Aug 2024 19:29:21 +1000
Subject: [PATCH 009/127] cleanup memory ops to enter effects

---
 src/main/scala/ir/eval/Interpreter.scala | 352 ++++++++++++-----------
 src/test/scala/ir/InterpreterTests.scala |  53 ++--
 2 files changed, 219 insertions(+), 186 deletions(-)

diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 40d3e4bc5..3d52be5cf 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -32,12 +32,19 @@ case class InterpreterSummary(
     val memory: Map[Int, BitVecLiteral]
 )
 
-enum BasilValue(val irType: IRType):
-  case Scalar(val value: Literal) extends BasilValue(value.getType)
-  // Erase the type of basil values and enforce the invariant that
-  // \exists i . \forall v \in value.keys , v.irType = i  and
-  // \exists j . \forall v \in value.values, v.irType = j
-  case MapValue(val value: Map[BasilValue, BasilValue], override val irType: MapType) extends BasilValue(irType)
+sealed trait BasilValue(val irType: IRType)
+case class Scalar(val value: Literal) extends BasilValue(value.getType) {
+  override def toString = value match {
+    case b: BitVecLiteral => "0x%x:bv%d".format(b.value, b.size)
+    case c                => c.toString
+  }
+}
+// Erase the type of basil values and enforce the invariant that
+// \exists i . \forall v \in value.keys , v.irType = i  and
+// \exists j . \forall v \in value.values, v.irType = j
+case class MapValue(val value: Map[BasilValue, BasilValue], override val irType: MapType) extends BasilValue(irType) {
+  override def toString = s"MapValue : $irType"
+}
 
 case object BasilValue:
 
@@ -177,7 +184,7 @@ case class MemoryState(
   /* Define a variable in the scope specified
    * ignoring whether it may already be defined
    */
-  def defVar(name: String, s: Scope , value: BasilValue): MemoryState = {
+  def defVar(name: String, s: Scope, value: BasilValue): MemoryState = {
     val frame = s match {
       case Scope.Global => globalFrame
       case _            => activations.head
@@ -225,26 +232,90 @@ case class MemoryState(
   }
 
   /* Map variable accessing ; load and store operations */
-
-  /* canonical load operation */
-  def load(vname: String, addr: Scalar, endian: Endian, count: Int): List[BasilValue] = {
+  def doLoad(vname: String, addr: List[BasilValue]): List[BasilValue] = {
     val (frame, mem) = findVar(vname)
-
     val mapv: MapValue = mem match {
       case m @ MapValue(innerMap, ty) => m
-      case _                          => throw InterpreterError(Errored("Load from nonmap"))
+      case m                          => throw InterpreterError(TypeError(s"Load from nonmap ${m.irType}"))
+    }
+
+    addr.map(k =>
+      mapv.value.get(k).getOrElse(throw InterpreterError(MemoryError(s"Read from uninitialised $vname[$k]")))
+    )
+  }
+
+  /** typecheck and some fields of a map variable */
+  def doStore(vname: String, values: Map[BasilValue, BasilValue]) = {
+    val (frame, mem) = findVar(vname)
+
+    val (mapval, keytype, valtype) = mem match {
+      case m @ MapValue(_, MapType(kt, vt)) => (m, kt, vt)
+      case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : ${v.irType}"))
+    }
+
+    (values.find((k, v) => k.irType != keytype || v.irType != valtype)) match {
+      case Some(v) =>
+        throw InterpreterError(
+          TypeError(
+            s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($keytype, $valtype)"
+          )
+        )
+      case None => ()
+    }
+
+    val nmap = MapValue(mapval.value ++ values, mapval.irType)
+    setVar(frame, vname, nmap)
+  }
+}
+
+case object Eval {
+  def getVar[T <: Effects[T]](s: T)(v: Variable): Option[Literal] = s.loadVar(v.name) match {
+    case Scalar(l) => Some(l)
+    case _         => None
+  }
+
+  def doLoad[T <: Effects[T]](s: T)(m: Memory, addr: Expr, endian: Endian, sz: Int): Option[Literal] = {
+    addr match {
+      case l: Literal if sz == 1 => (
+        loadSingle(s, m.name, Scalar(l)) match {
+          case Scalar(v) => Some(v)
+          case _         => None
+        }
+      )
+      case l: Literal => Some(loadBV(s, m.name, Scalar(l), endian, sz))
+      case _          => None
+    }
+  }
+
+  def evalBV[T <: Effects[T]](s: T, e: Expr): BitVecLiteral = {
+    ir.eval.evalBVExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
+      case Right(e) => e
+      case Left(e)  => throw InterpreterError(Errored(s"Eval BV residual $e"))
+    }
+  }
+
+  def evalInt[T <: Effects[T]](s: T, e: Expr): BigInt = {
+    ir.eval.evalIntExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
+      case Right(e) => e
+      case Left(e)  => throw InterpreterError(Errored(s"Eval int residual $e"))
+    }
+  }
+
+  def evalBool[T <: Effects[T]](s: T, e: Expr): Boolean = {
+    ir.eval.evalLogExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
+      case Right(e) => e
+      case Left(e)  => throw InterpreterError(Errored(s"Eval bool residual $e"))
     }
+  }
 
+  /** Load helpers * */
+  def load[T <: Effects[T]](s: T, vname: String, addr: Scalar, endian: Endian, count: Int): List[BasilValue] = {
     if (count == 0) {
       throw InterpreterError(Errored(s"Attempted fractional load"))
     }
 
     val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
-
-    val values = keys.map(k =>
-      mapv.value.get(k).getOrElse(throw InterpreterError(MemoryError(s"Read from uninitialised $vname[$k]")))
-    )
-
+    val values = s.loadMem(vname, keys.toList)
     val vals = endian match {
       case Endian.LittleEndian => values.reverse
       case Endian.BigEndian    => values
@@ -254,21 +325,22 @@ case class MemoryState(
   }
 
   /** Load and concat bitvectors */
-  def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
-    val (frame, mem) = findVar(vname)
+  def loadBV[T <: Effects[T]](s: T, vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
+    val mem = s.loadVar(vname)
 
     val (valsize, mapv) = mem match {
       case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
       case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
     }
 
-    val cells = size / BasilValue.size(mapv.irType.result)
+    val cells = size / valsize
 
     val bvs: List[BitVecLiteral] = {
-      val res = load(vname, addr, endian, cells)
+      val res = load(s, vname, addr, endian, cells)
       val rr = res.map {
         case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
-        case _ => throw InterpreterError(Errored(s"Loaded value that did not match expected type bv$valsize"))
+        case c =>
+          throw InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
       }
       rr
     }
@@ -278,13 +350,16 @@ case class MemoryState(
     bvres
   }
 
-  def loadSingle(vname: String, addr: Scalar): BasilValue = {
-    load(vname, addr, Endian.LittleEndian, 1).head
+  def loadSingle[T <: Effects[T]](s: T, vname: String, addr: Scalar): BasilValue = {
+    load(s, vname, addr, Endian.LittleEndian, 1).head
   }
 
-  /** Canonical store operation */
-  def store(vname: String, addr: BasilValue, values: List[BasilValue], endian: Endian) = {
-    val (frame, mem) = findVar(vname)
+  /** State modifying helpers, e.g. store
+    */
+
+  /* Expand addr for number of values to store */
+  def store[T <: Effects[T]](st: T, vname: String, addr: BasilValue, values: List[BasilValue], endian: Endian): T = {
+    val mem = st.loadVar(vname)
 
     val (mapval, keytype, valtype) = mem match {
       case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
@@ -296,13 +371,12 @@ case class MemoryState(
       case Endian.BigEndian    => values
     }
 
-    val nmap = MapValue(mapval.value ++ keys.zip(vals), mapval.irType)
-    setVar(frame, vname, nmap)
+    st.storeMem(vname, keys.zip(vals).toMap)
   }
 
   /** Extract bitvec to bytes and store bytes */
-  def storeBV(vname: String, addr: BasilValue, value: BitVecLiteral, endian: Endian) = {
-    val (frame, mem) = findVar(vname)
+  def storeBV[T <: Effects[T]](st: T, vname: String, addr: BasilValue, value: BitVecLiteral, endian: Endian): T = {
+    val mem = st.loadVar(vname)
     val (mapval, vsize) = mem match {
       case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
       case v =>
@@ -320,60 +394,20 @@ case class MemoryState(
     val extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
 
     val vs = endian match {
-      case Endian.LittleEndian => extractVals.reverse.map(Scalar(_))
-      case Endian.BigEndian    => extractVals.map(Scalar(_))
+      case Endian.LittleEndian => extractVals.map(Scalar(_))
+      case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
     }
 
-    store(vname, addr, vs, endian)
+    val keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
+    st.storeMem(vname, keys.zip(vs).toMap)
   }
 
-  def storeSingle(vname: String, addr: BasilValue, value: BasilValue) = {
-    store(vname, addr, List(value), Endian.LittleEndian)
+  def storeSingle[T <: Effects[T]](st: T, vname: String, addr: BasilValue, value: BasilValue): T = {
+    st.storeMem(vname, Map((addr -> value)))
   }
 
 }
 
-case object Eval {
-
-  def getVar(s: MemoryState)(v: Variable) = s.getVarLiteralOpt(v)
-
-  def doLoad(s: MemoryState)(m: Memory, addr: Expr, endian: Endian, sz: Int): Option[Literal] = {
-    addr match {
-      case l: Literal if sz == 1 => (
-        s.loadSingle(m.name, Scalar(l)) match {
-          case Scalar(v) => Some(v)
-          case _         => None
-        }
-      )
-      case l: Literal => Some(s.loadBV(m.name, Scalar(l), endian, sz))
-      case _          => None
-    }
-  }
-
-  def evalBV(s: MemoryState, e: Expr): BitVecLiteral = {
-    ir.eval.evalBVExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
-      case Right(e) => e
-      case Left(e)  => throw InterpreterError(Errored(s"Eval BV residual $e"))
-    }
-  }
-
-  def evalInt(s: MemoryState, e: Expr): BigInt = {
-    ir.eval.evalIntExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
-      case Right(e) => e
-      case Left(e)  => throw InterpreterError(Errored(s"Eval int residual $e"))
-    }
-  }
-
-  def evalBool(s: MemoryState, e: Expr): Boolean = {
-    ir.eval.evalLogExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
-      case Right(e) => e
-      case Left(e)  => throw InterpreterError(Errored(s"Eval bool residual $e"))
-    }
-  }
-
-}
-
-
 sealed trait Effects[T <: Effects[T]] {
   /* evaluation (may side-effect via InterpreterException on evaluation failure) */
   def evalBV(e: Expr): BitVecLiteral
@@ -382,6 +416,10 @@ sealed trait Effects[T <: Effects[T]] {
 
   def evalBool(e: Expr): Boolean
 
+  def loadVar(v: String): BasilValue
+
+  def loadMem(v: String, addrs: List[BasilValue]): List[BasilValue]
+
   /** effects * */
   def setNext(c: ExecutionContinuation): T
 
@@ -391,57 +429,56 @@ sealed trait Effects[T <: Effects[T]] {
 
   def storeVar(v: String, scope: Scope, value: BasilValue): T
 
-  def storeMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int): T
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]): T
 
-  def storeMultiMem(vname: String, addr: Literal, value: List[Literal], endian: Endian): T
 }
 
+enum Effect:
+  case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
+  case SetNext(c: ExecutionContinuation)
+  case Return
+  case StoreVar(v: String, s: Scope, value: BasilValue)
+  case StoreMem(vname: String, update: Map[BasilValue, BasilValue])
+
+case class TracingInterpreter(
+    val s: InterpreterState,
+    val trace: List[Effect]
+) extends Effects[TracingInterpreter] {
+
+  def evalBV(e: Expr): BitVecLiteral = s.evalBV(e)
+  def evalInt(e: Expr): BigInt = s.evalInt(e)
+  def evalBool(e: Expr): Boolean = s.evalBool(e)
+
+  def loadVar(v: String): BasilValue = s.loadVar(v)
+  def loadMem(v: String, addrs: List[BasilValue]) = s.loadMem(v, addrs)
 
+  /** effects * */
+  def setNext(c: ExecutionContinuation) = {
+    Logger.debug(s"    eff : DONEXT $c")
+    TracingInterpreter(s.setNext(c), Effect.SetNext(c)::trace)
+  }
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = {
+    Logger.debug(s"    eff : CALL $target")
+    TracingInterpreter(s.call(target, beginFrom, returnTo), Effect.Call(target, beginFrom, returnTo)::trace)
+  }
 
-// enum Effect:
-//   case Call(c: DirectCall)
-//   case SetNext(c: ExecutionContinuation)
-//   case Return
-//   case StoreVar(v: Variable, value: Literal)
-//   case StoreMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int)
-//   case StoreMultiMem(vname: String, addr: Literal, value: List[Literal], endian: Endian)
-// 
-// case class TracingInterpreter(
-//     val s: InterpreterState,
-//     val trace: List[Effect]
-// ) extends Effects[TracingInterpreter] {
-// 
-// 
-//   def evalBV(e: Expr): BitVecLiteral = s.evalBV(e)
-//   def evalInt(e: Expr): BigInt = s.evalInt(e)
-//   def evalBool(e: Expr): Boolean = s.evalBool(e)
-// 
-//   /** effects * */
-//   def setNext(c: ExecutionContinuation) = {
-//     TracingInterpreter(s.setNext(c), Effect.SetNext(c)::trace)
-//   }
-// 
-//   def call(c: DirectCall) = {
-//     TracingInterpreter(s.call(c), Effect.Call(c)::trace)
-//   }
-// 
-//   def doReturn() = {
-//     TracingInterpreter(s.doReturn(), Effect.Return::trace)
-//   }
-// 
-//   def storeVar(v: Variable, value: Literal) = {
-//     TracingInterpreter(s.storeVar(v, value), Effect.StoreVar(v,value)::trace)
-//   }
-// 
-//   def storeMem(vname: String, addr: BitVecLiteral, value: BitVecLiteral, endian: Endian, size: Int) = {
-//     TracingInterpreter(s.storeMem(vname, addr, value, endian, size), Effect.StoreMem(vname,addr,value,endian,size)::trace)
-//   }
-// 
-//   def storeMultiMem(vname: String, addr: Literal, value: List[Literal], endian: Endian) = {
-//     TracingInterpreter(s.storeMultiMem(vname, addr, value, endian), Effect.StoreMultiMem(vname,addr,value,endian)::trace)
-//   }
-// 
-// }
+  def doReturn() = {
+    Logger.debug(s"    eff : RETURN")
+    TracingInterpreter(s.doReturn(), Effect.Return::trace)
+  }
+
+  def storeVar(v: String, c: Scope,  value: BasilValue) = {
+    Logger.debug(s"    eff : SET $v := $value")
+    TracingInterpreter(s.storeVar(v, c, value), Effect.StoreVar(v, c, value)::trace)
+  }
+
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue])  = {
+    Logger.debug(s"    eff : STORE $vname <- $update")
+    TracingInterpreter(s.storeMem(vname, update), Effect.StoreMem(vname, update)::trace)
+  }
+
+}
 
 case class InterpreterState(
     val nextCmd: ExecutionContinuation = Stopped(),
@@ -449,12 +486,16 @@ case class InterpreterState(
     val memoryState: MemoryState = MemoryState()
 ) extends Effects[InterpreterState] {
 
-  /** eval * */
-  def evalBV(e: Expr): BitVecLiteral = Eval.evalBV(memoryState, e)
+  /* eval */
+  def evalBV(e: Expr): BitVecLiteral = Eval.evalBV(this, e)
+
+  def evalInt(e: Expr): BigInt = Eval.evalInt(this, e)
 
-  def evalInt(e: Expr): BigInt = Eval.evalInt(memoryState, e)
+  def evalBool(e: Expr): Boolean = Eval.evalBool(this, e)
 
-  def evalBool(e: Expr): Boolean = Eval.evalBool(memoryState, e)
+  def loadVar(v: String): BasilValue = memoryState.getVar(v)
+
+  def loadMem(v: String, addrs: List[BasilValue]): List[BasilValue] = memoryState.doLoad(v, addrs)
 
   /** effects * */
   def setNext(c: ExecutionContinuation): InterpreterState = {
@@ -462,7 +503,6 @@ case class InterpreterState(
   }
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): InterpreterState = {
-    Logger.debug(s"    eff : CALL $target")
     InterpreterState(
       beginFrom,
       returnTo :: callStack,
@@ -474,36 +514,17 @@ case class InterpreterState(
     callStack match {
       case Nil => InterpreterState(Stopped(), Nil, memoryState)
       case h :: tl => {
-        Logger.debug(s"    eff : RETURN $h")
         InterpreterState(h, tl, memoryState.popStackFrame())
       }
     }
   }
 
-  def storeVar(v: String, scope: Scope, value: BasilValue)  = {
-    Logger.debug(s"    eff : SET $v := $value")
+  def storeVar(v: String, scope: Scope, value: BasilValue) = {
     InterpreterState(nextCmd, callStack, memoryState.defVar(v, scope, value))
   }
 
-  def storeMem(
-      vname: String,
-      addr: BitVecLiteral,
-      value: BitVecLiteral,
-      endian: Endian,
-      size: Int
-  ): InterpreterState = {
-    Logger.debug(s"    eff : STORE $vname[$addr..$addr + $size] := $value ($endian)")
-    InterpreterState(nextCmd, callStack, memoryState.storeBV(vname, Scalar(addr), value, endian))
-  }
-
-  def storeMultiMem(
-      vname: String,
-      addr: Literal,
-      value: List[Literal],
-      endian: Endian
-  ): InterpreterState = {
-    Logger.debug(s"    eff : STOREMULTI $vname[$addr] := $value ($endian)")
-    InterpreterState(nextCmd, callStack, memoryState.store(vname, Scalar(addr), value.map(Scalar(_)), endian))
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = {
+    InterpreterState(nextCmd, callStack, memoryState.doStore(vname, update))
   }
 
 }
@@ -515,20 +536,27 @@ case object InterpFuns {
     val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
     val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
 
-    s.storeVar("mem",   Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-     .storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-     .storeVar("R31",   Scope.Global, Scalar(SP))
-     .storeVar("R29",   Scope.Global, Scalar(FP))
-     .storeVar("R30",   Scope.Global, Scalar(LR))
+    s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      .storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      .storeVar("R31", Scope.Global, Scalar(SP))
+      .storeVar("R29", Scope.Global, Scalar(FP))
+      .storeVar("R30", Scope.Global, Scalar(LR))
   }
 
   def initialiseProgram[T <: Effects[T]](p: Program, s: T): T = {
     val mem = p.initialMemory.foldLeft(initialState(s))((s, memory) => {
-      s.storeMultiMem("mem", BitVecLiteral(memory.address, 64), memory.bytes.toList, Endian.LittleEndian)
-      s.storeMultiMem(
+      val s1 = Eval.store(
+        s,
+        "mem",
+        Scalar(BitVecLiteral(memory.address, 64)),
+        memory.bytes.toList.map(Scalar(_)),
+        Endian.LittleEndian
+      )
+      Eval.store(
+        s1,
         "stack",
-        BitVecLiteral(memory.address, 64),
-        memory.bytes.toList,
+        Scalar(BitVecLiteral(memory.address, 64)),
+        memory.bytes.toList.map(Scalar(_)),
         Endian.LittleEndian
       )
     })
@@ -555,7 +583,6 @@ case object InterpFuns {
           case h :: Nil => h
           case h :: tl  => throw InterpreterError(Errored(s"More than one jump guard satisfied $gt"))
         }
-        Logger.debug(s"Goto ${chosen._1.parent.label}")
 
         s.setNext(Run(chosen._1.successor))
       case r: Return      => s.doReturn()
@@ -572,15 +599,14 @@ case object InterpFuns {
       case assign: MemoryAssign => {
         val index: BitVecLiteral = st.evalBV(assign.index)
         val value: BitVecLiteral = st.evalBV(assign.value)
-        st.storeMem(assign.mem.name, index, value, assign.endian, assign.size).setNext(Run(s.successor))
-
+        // st.storeMem(assign.mem.name, index, value, assign.endian, assign.size).setNext(Run(s.successor))
+        Eval.storeBV(st, assign.mem.name, Scalar(index), value, assign.endian).setNext(Run(s.successor))
       }
       case assert: Assert => {
         if (!st.evalBool(assert.body)) then {
           st.setNext(FailedAssertion(assert))
         } else {
           st.setNext(Run(s.successor))
-
         }
       }
       case assume: Assume =>
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 30a36af91..05bf954d5 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -10,18 +10,21 @@ import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
 import util.ILLoadingConfig
 
-def initialMem(): MemoryState = {
-  val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-  val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-  val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-
-  MemoryState()
-    .setVar(globalFrame, "mem", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-    .setVar(globalFrame, "stack", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-    .setVar(globalFrame, "R31", Scalar(SP))
-    .setVar(globalFrame, "R29", Scalar(FP))
-    .setVar(globalFrame, "R30", Scalar(LR))
-}
+// def initialMem(): MemoryState = {
+//   val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+//   val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+//   val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
+// 
+//   MemoryState()
+//     .setVar(globalFrame, "mem", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+//     .setVar(globalFrame, "stack", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+//     .setVar(globalFrame, "R31", Scalar(SP))
+//     .setVar(globalFrame, "R29", Scalar(FP))
+//     .setVar(globalFrame, "R30", Scalar(LR))
+// }
+
+
+def initialMem() = InterpFuns.initialState(TracingInterpreter(InterpreterState(), List()))
 
 def load[T <: Effects[T]](s: T, global: SpecGlobal) : Option[BitVecLiteral] = {
  //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
@@ -103,17 +106,21 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       BitVecLiteral(BigInt("0B", 16), 8),
       BitVecLiteral(BigInt("0A", 16), 8))
 
-    val s = initialMem().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+    val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-    val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+    val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     assert(actual == expected)
 
-    val s2 = initialMem().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
-    val actual2: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-    assert(actual2 == actual)
 
   }
 
+  test("store bv = loadbv le") {
+    val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
+    val s2 = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+    val actual2: BitVecLiteral = Eval.loadBV(s2, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+    assert(actual2 == expected)
+  }
+
 
   test("Store = Load BigEndian") {
     val ts = List(
@@ -122,9 +129,9 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       BitVecLiteral(BigInt("0B", 16), 8),
       BitVecLiteral(BigInt("0A", 16), 8))
 
-    val s = initialMem().store("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+    val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-    val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
+    val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
     assert(actual == expected)
 
 
@@ -135,14 +142,14 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
     (BitVecLiteral(2, 64) , BitVecLiteral(BigInt("0B", 16), 8)),
     (BitVecLiteral(3, 64) , BitVecLiteral(BigInt("0A", 16), 8)))
-    val s = ts.foldLeft(initialMem())((m, v) => m.storeSingle("mem", Scalar(v._1), Scalar(v._2)))
+    val s = ts.foldLeft(initialMem())((m, v) => Eval.storeSingle(m, "mem", Scalar(v._1), Scalar(v._2)))
     // val s = initialMem().store("mem")
     // val r = s.loadBV("mem", BitVecLiteral(0, 64))
 
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
 
   // def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
-     val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     assert(actual == expected)
   }
 
@@ -150,8 +157,8 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   test("StoreBV = LoadBV LE ") {
     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
 
-    val s = initialMem().storeBV("mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
-    val actual: BitVecLiteral = s.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+    val s = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+    val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
     println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
     assert(actual == expected)
   }

From 7571aa3a82d5454a3513e2fcf980139b68524b67 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 26 Aug 2024 14:12:52 +1000
Subject: [PATCH 010/127] tracing interpreter

---
 src/main/scala/ir/eval/Interpreter.scala |  42 ++++++---
 src/test/scala/ir/InterpreterTests.scala | 113 +++++++++++++----------
 2 files changed, 90 insertions(+), 65 deletions(-)

diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 3d52be5cf..6e4a60555 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -431,6 +431,8 @@ sealed trait Effects[T <: Effects[T]] {
 
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]): T
 
+  def getNext : ExecutionContinuation 
+
 }
 
 enum Effect:
@@ -454,30 +456,32 @@ case class TracingInterpreter(
 
   /** effects * */
   def setNext(c: ExecutionContinuation) = {
-    Logger.debug(s"    eff : DONEXT $c")
-    TracingInterpreter(s.setNext(c), Effect.SetNext(c)::trace)
+    // Logger.debug(s"    eff : DONEXT $c")
+     TracingInterpreter(s.setNext(c), trace)
   }
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = {
-    Logger.debug(s"    eff : CALL $target")
+    //Logger.debug(s"    eff : CALL $target")
     TracingInterpreter(s.call(target, beginFrom, returnTo), Effect.Call(target, beginFrom, returnTo)::trace)
   }
 
   def doReturn() = {
-    Logger.debug(s"    eff : RETURN")
+    //Logger.debug(s"    eff : RETURN")
     TracingInterpreter(s.doReturn(), Effect.Return::trace)
   }
 
   def storeVar(v: String, c: Scope,  value: BasilValue) = {
-    Logger.debug(s"    eff : SET $v := $value")
+    //Logger.debug(s"    eff : SET $v := $value")
     TracingInterpreter(s.storeVar(v, c, value), Effect.StoreVar(v, c, value)::trace)
   }
 
   def storeMem(vname: String, update: Map[BasilValue, BasilValue])  = {
-    Logger.debug(s"    eff : STORE $vname <- $update")
+    //Logger.debug(s"    eff : STORE $vname <- $update")
     TracingInterpreter(s.storeMem(vname, update), Effect.StoreMem(vname, update)::trace)
   }
 
+  def getNext = s.getNext
+
 }
 
 case class InterpreterState(
@@ -497,6 +501,8 @@ case class InterpreterState(
 
   def loadMem(v: String, addrs: List[BasilValue]): List[BasilValue] = memoryState.doLoad(v, addrs)
 
+  def getNext = nextCmd
+
   /** effects * */
   def setNext(c: ExecutionContinuation): InterpreterState = {
     InterpreterState(c, callStack, memoryState)
@@ -642,12 +648,12 @@ case object InterpFuns {
   }
 
   @tailrec
-  def interpret(s: InterpreterState): InterpreterState = {
-    Logger.debug(s"interpret ${s.nextCmd}")
-    s.nextCmd match {
+  def interpret[T <: Effects[T]](s: T): T = {
+    Logger.debug(s"interpret ${s.getNext}")
+    s.getNext match {
       case Run(c: Statement) =>
         interpret(
-          protect[InterpreterState](
+          protect[T](
             () => interpretStatement(s, c),
             {
               case InterpreterError(e)         => s.setNext(e)
@@ -657,7 +663,7 @@ case object InterpFuns {
         )
       case Run(c: Jump) =>
         interpret(
-          protect[InterpreterState](
+          protect[T](
             () => interpretJump(s, c),
             {
               case InterpreterError(e)         => s.setNext(e)
@@ -670,13 +676,19 @@ case object InterpFuns {
     }
   }
 
-  def interpretProg(p: Program): InterpreterState = {
-    var s = initialiseProgram(p, InterpreterState())
+  def interpretProg[T <: Effects[T]](p: Program, i: T): T = {
+    var s = initialiseProgram(p, i)
     interpret(s)
   }
 
 }
 
-def interpret(IRProgram: Program) = {
-  InterpFuns.interpretProg(IRProgram)
+def interpret(IRProgram: Program) : InterpreterState = {
+  InterpFuns.interpretProg(IRProgram, InterpreterState())
 }
+
+def interpretTrace(IRProgram: Program) :  TracingInterpreter = {
+  val s : TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
+  s
+}
+
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 05bf954d5..ecf521a51 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -286,61 +286,61 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("no_interference_update_y", expected)
   }
 
-  test("fibonacci") {
 
-    def fibonacciProg(n: Int) = {
-      def expected(n: Int) : Int = {
-        n match {
-          case 0 => 0
-          case 1 => 1
-          case n => expected(n - 1) + expected(n - 2)
-        }
+  def fibonacciProg(n: Int) = {
+    def expected(n: Int) : Int = {
+      n match {
+        case 0 => 0
+        case 1 => 1
+        case n => expected(n - 1) + expected(n - 2)
       }
-      prog(
-        proc("begin", 
-          block("entry",
-            Assign(R8, Register("R31", 64)),
-            Assign(R0, bv64(n)),
-            directCall("fib"),
-            goto("done")
-          ),
-          block("done",
-            Assert(BinaryExpr(BVEQ, R0, bv64(expected(n)))),
-            ret
-          )),
-        proc("fib",
-          block("base", goto("base1", "base2", "dofib")),
-          block("base1", 
-            Assume(BinaryExpr(BVEQ, R0, bv64(0))),
-            ret),
-          block("base2", 
-            Assume(BinaryExpr(BVEQ, R0, bv64(1))),
-            ret),
-          block("dofib",
-            Assume(BinaryExpr(BoolAND, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVNEQ, R0, bv64(1)))),
-            // R8 stack pointer preserved across calls
-            Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),  
-            MemoryAssign(stack, R7, R8, Endian.LittleEndian, 64), // sp
-            Assign(R8, R7),
-            Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 8
-            MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 8] = arg0
-            Assign(R0, BinaryExpr(BVSUB, R0, bv64(1))),
-            directCall("fib"),
-            Assign(R2, R8), // sp + 8
-            Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 16
-            MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 16] = r1
-            Assign(R0, MemoryLoad(stack, R2, Endian.LittleEndian, 64)), // [sp + 8]
-            Assign(R0, BinaryExpr(BVSUB, R0, bv64(2))),
-            directCall("fib"),
-            Assign(R2, MemoryLoad(stack, R8, Endian.LittleEndian, 64)), // [sp + 16] (r1)
-            Assign(R0, BinaryExpr(BVADD, R0, R2)),
-            Assign(R8, MemoryLoad(stack, BinaryExpr(BVSUB, R8, bv64(16)), Endian.LittleEndian, 64)),
-            ret
-            )
+    }
+    prog(
+      proc("begin", 
+        block("entry",
+          Assign(R8, Register("R31", 64)),
+          Assign(R0, bv64(n)),
+          directCall("fib"),
+          goto("done")
+        ),
+        block("done",
+          Assert(BinaryExpr(BVEQ, R0, bv64(expected(n)))),
+          ret
+        )),
+      proc("fib",
+        block("base", goto("base1", "base2", "dofib")),
+        block("base1", 
+          Assume(BinaryExpr(BVEQ, R0, bv64(0))),
+          ret),
+        block("base2", 
+          Assume(BinaryExpr(BVEQ, R0, bv64(1))),
+          ret),
+        block("dofib",
+          Assume(BinaryExpr(BoolAND, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVNEQ, R0, bv64(1)))),
+          // R8 stack pointer preserved across calls
+          Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),  
+          MemoryAssign(stack, R7, R8, Endian.LittleEndian, 64), // sp
+          Assign(R8, R7),
+          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 8
+          MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 8] = arg0
+          Assign(R0, BinaryExpr(BVSUB, R0, bv64(1))),
+          directCall("fib"),
+          Assign(R2, R8), // sp + 8
+          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 16
+          MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 16] = r1
+          Assign(R0, MemoryLoad(stack, R2, Endian.LittleEndian, 64)), // [sp + 8]
+          Assign(R0, BinaryExpr(BVSUB, R0, bv64(2))),
+          directCall("fib"),
+          Assign(R2, MemoryLoad(stack, R8, Endian.LittleEndian, 64)), // [sp + 16] (r1)
+          Assign(R0, BinaryExpr(BVADD, R0, R2)),
+          Assign(R8, MemoryLoad(stack, BinaryExpr(BVSUB, R8, bv64(16)), Endian.LittleEndian, 64)),
+          ret
           )
         )
-    }
+      )
+  }
 
+  test("fibonacci") {
 
     val fib = fibonacciProg(8)
     val r = interpret(fib)
@@ -352,4 +352,17 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     // }
 
   }
+
+
+  test("fibonacci Trace") {
+
+    val fib = fibonacciProg(8)
+    val r = interpretTrace(fib)
+    assert(r.getNext == Stopped())
+    // Show interpreted result
+    //
+    info(r.trace.reverse.mkString("\n"))
+
+  }
+
 }

From f36c13e0d0bd1e50d55df281ad6cf731b1037461 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 27 Aug 2024 16:02:38 +1000
Subject: [PATCH 011/127] compile with state monad

---
 src/main/scala/ir/eval/ExprEval.scala    | 141 +++--
 src/main/scala/ir/eval/Interpreter.scala | 700 +++++++++++++----------
 src/test/scala/ir/InterpreterTests.scala | 219 +++----
 3 files changed, 607 insertions(+), 453 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 7efcc8f7d..5cb5979f7 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -127,19 +127,68 @@ def evalUnOp(op: UnOp, body: Literal) : Expr = {
   }
 }
 
-def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
+
+
+def evalIntExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BigInt] = {
+  partialEvalExpr(exp, variableAssignment, memory) match {
+    case i: IntLiteral => Right(i.value)
+    case o => Left(o) 
+  }
+}
+
+def evalBVExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BitVecLiteral] = {
+  partialEvalExpr(exp, variableAssignment, memory) match {
+    case b: BitVecLiteral => Right(b)
+    case o => Left(o) 
+  }
+}
+
+def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c, d) => None)): Either[Expr, Boolean] = {
+  partialEvalExpr(exp, variableAssignment, memory) match {
+    case TrueLiteral => Right(true)
+    case FalseLiteral => Right(false)
+    case o => Left(o)
+  }
+}
+
+def evalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a,b,c) => None)): Option[Literal] = {
+  partialEvalExpr match {
+    case l: Literal => Some(l)
+    case _ => None
+  }
+}
+
+
+def mkSt[S, F](f: () => F): State[S, F] = for {
+    n <- get((s:S) => f())
+  } yield (n)
+
+/**
+ * typeclass defining variable and memory laoding from state S
+ */
+trait Loader[S] {
+  def getVariable(v: Variable) : State[S, Option[Expr]]
+  def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal]] = {
+    mkSt(() => None)
+  }
+}
+
+
+def statePartialEvalExpr[S](l: Loader[S])(exp: Expr): State[S, Expr] = {
+  val eval = statePartialEvalExpr(l)
   exp match {
-    case f: UninterpretedFunction => f
-    case unOp: UnaryExpr => {
-      val body = partialEvalExpr(unOp.arg, variableAssignment, memory)
+    case f: UninterpretedFunction => mkSt(() => f)
+    case unOp: UnaryExpr => for {
+      body <- eval(unOp.arg)
+    } yield (
       body match {
         case l: Literal => evalUnOp(unOp.op, l)
         case o => UnaryExpr(unOp.op, body)
-      }
-    }
-    case binOp: BinaryExpr =>
-      val lhs = partialEvalExpr(binOp.arg1, variableAssignment, memory)
-      val rhs = partialEvalExpr(binOp.arg2, variableAssignment, memory)
+      })
+    case binOp: BinaryExpr => for {
+      lhs <- eval(binOp.arg1)
+      rhs <- eval(binOp.arg2)
+    } yield (
       binOp.getType match {
         case m: MapType => binOp
         case b: BitVecType => {
@@ -163,21 +212,28 @@ def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], mem
             case _ => BinaryExpr(binOp.op, lhs, rhs)
           }
         }
-      }
-    case extend: ZeroExtend => partialEvalExpr(extend.body, variableAssignment, memory) match {
+      })
+    case extend: ZeroExtend => for {
+      body <- eval(extend.body)
+    } yield (body match {
       case b : BitVecLiteral => BitVectorEval.smt_zero_extend(extend.extension, b)
       case o => extend.copy(body=o)
-    }
-    case extend: SignExtend => partialEvalExpr(extend.body, variableAssignment, memory) match {
+    })
+    case extend: SignExtend => for {
+      body <- eval(extend.body) 
+    } yield (body match {
       case b: BitVecLiteral => BitVectorEval.smt_sign_extend(extend.extension, b)
       case o => extend.copy(body=o)
-    }
-    case e: Extract => partialEvalExpr(e.body, variableAssignment, memory) match {
+    })
+    case e: Extract =>  for {
+      body <- eval(e.body) 
+    } yield (body match {
       case b: BitVecLiteral => BitVectorEval.boogie_extract(e.end, e.start, b)
       case o => e.copy(body=o)
-    }
-    case r: Repeat => {
-      partialEvalExpr(r.body, variableAssignment, memory) match {
+    })
+    case r: Repeat => for {
+      body <- eval(r.body)
+      } yield (body match {
         case b: BitVecLiteral => {
           assert(r.repeats > 0)
           if (r.repeats == 1) b 
@@ -186,42 +242,29 @@ def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], mem
           }
         }
         case o => r.copy(body=o)
-      }
-
-    }
-    case variable: Variable => variableAssignment(variable).getOrElse(variable)
-    case l: MemoryLoad => memory(l.mem, partialEvalExpr(l.index, variableAssignment, memory), l.endian, l.size).getOrElse(l)
-    case b: BitVecLiteral => b
-    case b: IntLiteral => b
-    case b: BoolLit => b
+    })
+    case variable: Variable => for {
+      v <- l.getVariable(variable)
+    } yield (v.getOrElse(variable))
+    case ml: MemoryLoad => for {
+      addr <- eval(ml.index)
+      mem <- l.loadMemory(ml.mem, addr, ml.endian, ml.size)
+    }  yield (mem.getOrElse(ml))
+    case b: BitVecLiteral => mkSt(() => b)
+    case b: IntLiteral => mkSt(() => b)
+    case b: BoolLit => mkSt(() => b)
   }
 }
 
-def evalIntExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BigInt] = {
-  partialEvalExpr(exp, variableAssignment, memory) match {
-    case i: IntLiteral => Right(i.value)
-    case o => Left(o) 
-  }
-}
 
-def evalBVExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BitVecLiteral] = {
-  partialEvalExpr(exp, variableAssignment, memory) match {
-    case b: BitVecLiteral => Right(b)
-    case o => Left(o) 
-  }
+class StatelessLoader(getVar: Variable => Option[Expr], loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)) extends Loader[Unit] {
+  def getVariable(v: Variable) : State[Unit, Option[Expr]] = mkSt(() => getVar(v))
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[Unit, Option[Literal]] = mkSt(() => loadMem(m, addr, endian, size))
 }
 
-def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c, d) => None)): Either[Expr, Boolean] = {
-  partialEvalExpr(exp, variableAssignment, memory) match {
-    case TrueLiteral => Right(true)
-    case FalseLiteral => Right(false)
-    case o => Left(o)
-  }
-}
 
-def evalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a,b,c) => None)): Option[Literal] = {
-  partialEvalExpr match {
-    case l: Literal => Some(l)
-    case _ => None
-  }
+def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
+  val l = StatelessLoader(variableAssignment, memory)
+  statePartialEvalExpr(l)(exp).f(())._2
 }
+
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 6e4a60555..15165c199 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -3,12 +3,67 @@ import ir.eval.BitVectorEval.*
 import ir._
 import util.Logger
 import boogie.Scope
+import scala.collection.WithFilter
 
 import scala.annotation.tailrec
 import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
+
+case class State[S, +A](f: S => (S, A)) {// extends WithFilter[A, ({ type l[x] = State[S, x] })#l] {
+
+  def unit[A](a: A): State[S, A] = State(s => (s, a))
+
+  def foreach[U](f: A => U): Unit = ()
+
+  // def flatMap[B](f: A => IterableOnce[B]): ir.eval.State[S, B] = ???
+  def flatMap[B](f: A => State[S, B]): State[S, B] = State(s => {
+    val (s2, a) = this.f(s)
+    f(a).f(s2)
+  })
+
+  def map[B](f: A => B): State[S, B] = {
+    State(s => {
+      val (s2, a) = this.f(s)
+      (s2, f(a))
+    })
+  }
+
+  def withFilter(q : A => Boolean) = {
+    this
+  }
+}
+
+
+def stateCompose[S, A, B](s1: State[S, A], s2: State[S, B]) : State[S, B] = {
+  State((s: S) => s1.f(s) match {
+    case (s, _) => s2.f(s)
+  })
+}
+
+def pure[S, A](a: A) : State[S, A] = State((s:S) => (s, a))
+
+def sequence[S, V](xs: Iterable[State[S,V]]) : State[S,V] = {
+  xs.reduceRight(stateCompose) 
+}
+
+def sequence[V](xs: Iterable[Option[V]]) : Option[V] = {
+  xs.reduceRight((a, b) => a match {
+    case Some(x) => Some(x)
+    case None =>  b
+  }) 
+}
+
+def filterM[A, S](m : (A => State[S, Boolean]), xs: Iterable[A]): State[S, List[A]] = {
+  xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
+}
+
+
+def get[S,A](f: S => A) : State[S, A] = State(s => (s, f(s)))
+def modify[S](f: S => S) : State[S, Unit] = State(s => (f(s), ()))
+def execute[S, A](s: S, c: State[S,A]) = c.f(s)
+
 sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
 
@@ -102,6 +157,35 @@ case object BasilValue:
 
 export BasilValue._
 
+
+sealed trait Effects[T] {
+  /* evaluation (may side-effect via InterpreterException on evaluation failure) */
+  def evalBV(e: Expr): State[T, BitVecLiteral]
+
+  def evalInt(e: Expr): State[T, BigInt]
+
+  def evalBool(e: Expr): State[T, Boolean]
+
+  def loadVar(v: String): State[T, BasilValue]
+
+  def loadMem(v: String, addrs: List[BasilValue]): State[T, List[BasilValue]]
+
+  def getNext: State[T, ExecutionContinuation]
+
+  /** effects * */
+  def setNext(c: ExecutionContinuation): State[T, Unit]
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): State[T, Unit]
+
+  def doReturn(): State[T, Unit]
+
+  def storeVar(v: String, scope: Scope, value: BasilValue): State[T, Unit]
+
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]): State[T, Unit]
+}
+
+ 
+
 def evalToConst(
     to: IRType,
     exp: Expr,
@@ -268,116 +352,169 @@ case class MemoryState(
   }
 }
 
-case object Eval {
-  def getVar[T <: Effects[T]](s: T)(v: Variable): Option[Literal] = s.loadVar(v.name) match {
-    case Scalar(l) => Some(l)
-    case _         => None
-  }
+case class StVarLoader[S, F <: Effects[S]](f : F) extends Loader[S] {
 
-  def doLoad[T <: Effects[T]](s: T)(m: Memory, addr: Expr, endian: Endian, sz: Int): Option[Literal] = {
-    addr match {
-      case l: Literal if sz == 1 => (
-        loadSingle(s, m.name, Scalar(l)) match {
-          case Scalar(v) => Some(v)
-          case _         => None
-        }
-      )
-      case l: Literal => Some(loadBV(s, m.name, Scalar(l), endian, sz))
-      case _          => None
+  /** Load helpers * */
+  def load(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue]] = {
+    if (count == 0) {
+      throw InterpreterError(Errored(s"Attempted fractional load"))
     }
-  }
-
-  def evalBV[T <: Effects[T]](s: T, e: Expr): BitVecLiteral = {
-    ir.eval.evalBVExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
-      case Right(e) => e
-      case Left(e)  => throw InterpreterError(Errored(s"Eval BV residual $e"))
+    val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
+    for {
+      values <- f.loadMem(vname, keys.toList)
+      vals = endian match {
+        case Endian.LittleEndian => values.reverse
+        case Endian.BigEndian    => values
+      }
     }
+    yield (vals.toList)
   }
 
-  def evalInt[T <: Effects[T]](s: T, e: Expr): BigInt = {
-    ir.eval.evalIntExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
-      case Right(e) => e
-      case Left(e)  => throw InterpreterError(Errored(s"Eval int residual $e"))
-    }
-  }
 
-  def evalBool[T <: Effects[T]](s: T, e: Expr): Boolean = {
-    ir.eval.evalLogExpr(e, Eval.getVar(s), Eval.doLoad(s)) match {
-      case Right(e) => e
-      case Left(e)  => throw InterpreterError(Errored(s"Eval bool residual $e"))
-    }
-  }
+  /** Load and concat bitvectors */
+  def loadBV( vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral] = for {
+      mem <- f.loadVar(vname)
+      (valsize, mapv) = mem match {
+        case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
+        case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
+      }
 
-  /** Load helpers * */
-  def load[T <: Effects[T]](s: T, vname: String, addr: Scalar, endian: Endian, count: Int): List[BasilValue] = {
-    if (count == 0) {
-      throw InterpreterError(Errored(s"Attempted fractional load"))
-    }
+      cells = size / valsize
 
-    val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
-    val values = s.loadMem(vname, keys.toList)
-    val vals = endian match {
-      case Endian.LittleEndian => values.reverse
-      case Endian.BigEndian    => values
-    }
+      res <- load(vname, addr, endian, cells)
+      bvs: List[BitVecLiteral] = {
+        val rr = res.map {
+          case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
+          case c =>
+            throw InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
+        }
+        rr
+      }
 
-    vals.toList
+      bvres = bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r))
+      _ = {assert(bvres.size == size)}
+    } yield(bvres)
+
+  def loadSingle(vname: String, addr: Scalar): State[S, BasilValue] = {
+    for {
+      m <- load(vname, addr, Endian.LittleEndian, 1)
+    } yield (m.head)
   }
 
-  /** Load and concat bitvectors */
-  def loadBV[T <: Effects[T]](s: T, vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
-    val mem = s.loadVar(vname)
+  def getVariable(v: Variable) : State[S, Option[Expr]] = {
+    for {
+      v <- f.loadVar(v.name)
+    } yield (
+    v match {
+    case Scalar(l) => Some(l)
+    case _         => None
+    })
+  }
 
-    val (valsize, mapv) = mem match {
-      case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
-      case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal]] = {
+    for {
+      r <-  addr match {
+        case l: Literal if size== 1 => loadSingle(m.name, Scalar(l)).map((v : BasilValue) => v match {
+          case Scalar(l) => Some(l)
+          case _ => None
+        })
+        case l: Literal => loadBV(m.name, Scalar(l), endian, size).map(Some(_))
+        case _          => get((s:S) => None)
     }
+    } yield (r)
+  }
 
-    val cells = size / valsize
+}
 
-    val bvs: List[BitVecLiteral] = {
-      val res = load(s, vname, addr, endian, cells)
-      val rr = res.map {
-        case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
-        case c =>
-          throw InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
-      }
-      rr
-    }
 
-    val bvres = bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r))
-    assert(bvres.size == size)
-    bvres
+case object Eval {
+  //def getVar[S, F <: Effects[S]](f: F)(s: S)(v: Variable): Option[Literal] = 
+  //  f.loadVar(v.name).f(s) match {
+  //  case Scalar(l) => Some(l)
+  //  case _         => None
+  //}
+
+  //def doLoad[S, T <: Effects[S]](f: T)(s: S)(m: Memory, addr: Expr, endian: Endian, sz: Int): Option[Literal] = {
+  //  addr match {
+  //    case l: Literal if sz == 1 => (
+  //      loadSingle(f)(s)(m.name, Scalar(l)) match {
+  //        case Scalar(v) => Some(v)
+  //        case _         => None
+  //      }
+  //    )
+  //    case l: Literal => Some(loadBV(f)(s)(m.name, Scalar(l), endian, sz))
+  //    case _          => None
+  //  }
+  //}
+
+  def evalBV[S, T <: Effects[S]](f: T)(e: Expr): State[S, BitVecLiteral] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (
+      e match {
+        case l: BitVecLiteral => l
+        case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
+      })
+  }
+
+  def evalInt[S, T <: Effects[S]](f: T)(e: Expr): State[S, BigInt] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (
+      e match {
+        case l: IntLiteral => l.value
+        case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
+      })
+  }
+
+  def evalBool[S, T <: Effects[S]](f: T)(e: Expr): State[S, Boolean] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (
+      e match {
+        case l: BoolLit => l == TrueLiteral
+        case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
+      })
   }
 
-  def loadSingle[T <: Effects[T]](s: T, vname: String, addr: Scalar): BasilValue = {
-    load(s, vname, addr, Endian.LittleEndian, 1).head
-  }
+
 
   /** State modifying helpers, e.g. store
     */
 
   /* Expand addr for number of values to store */
-  def store[T <: Effects[T]](st: T, vname: String, addr: BasilValue, values: List[BasilValue], endian: Endian): T = {
-    val mem = st.loadVar(vname)
+  def store[S, T <: Effects[S]](f: T)(
+      vname: String,
+      addr: BasilValue,
+      values: List[BasilValue],
+      endian: Endian
+  ): State[S, Unit] = for {
+      mem <- f.loadVar(vname)
+      (mapval, keytype, valtype) = mem match {
+        case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
+        case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : $v"))
+      }
+      keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
+      vals = endian match {
+        case Endian.LittleEndian => values.reverse
+        case Endian.BigEndian    => values
+      }
+      x <- f.storeMem(vname, keys.zip(vals).toMap)
+    } yield (x)
 
-    val (mapval, keytype, valtype) = mem match {
-      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
-      case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : ${v.irType}"))
-    }
-    val keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
-    val vals = endian match {
-      case Endian.LittleEndian => values.reverse
-      case Endian.BigEndian    => values
-    }
-
-    st.storeMem(vname, keys.zip(vals).toMap)
-  }
 
   /** Extract bitvec to bytes and store bytes */
-  def storeBV[T <: Effects[T]](st: T, vname: String, addr: BasilValue, value: BitVecLiteral, endian: Endian): T = {
-    val mem = st.loadVar(vname)
-    val (mapval, vsize) = mem match {
+  def storeBV[S, T <: Effects[S]](f: T)(
+      vname: String,
+      addr: BasilValue,
+      value: BitVecLiteral,
+      endian: Endian
+  ): State[S, Unit] = for {
+    mem <- f.loadVar(vname)
+    (mapval, vsize) = mem match {
       case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
       case v =>
         throw InterpreterError(
@@ -386,54 +523,26 @@ case object Eval {
           )
         )
     }
-    val cells = value.size / vsize
+    cells = value.size / vsize
+    _ = {
     if (cells < 1) {
       throw InterpreterError(MemoryError("Tried to execute fractional store"))
-    }
-
-    val extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
+    }}
 
-    val vs = endian match {
+    extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
+    vs = endian match {
       case Endian.LittleEndian => extractVals.map(Scalar(_))
       case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
     }
 
-    val keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
-    st.storeMem(vname, keys.zip(vs).toMap)
-  }
+    keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
+  } yield (f.storeMem(vname, keys.zip(vs).toMap))
 
-  def storeSingle[T <: Effects[T]](st: T, vname: String, addr: BasilValue, value: BasilValue): T = {
-    st.storeMem(vname, Map((addr -> value)))
+  def storeSingle[S, T <: Effects[S]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit] = {
+    f.storeMem(vname, Map((addr -> value)))
   }
-
 }
 
-sealed trait Effects[T <: Effects[T]] {
-  /* evaluation (may side-effect via InterpreterException on evaluation failure) */
-  def evalBV(e: Expr): BitVecLiteral
-
-  def evalInt(e: Expr): BigInt
-
-  def evalBool(e: Expr): Boolean
-
-  def loadVar(v: String): BasilValue
-
-  def loadMem(v: String, addrs: List[BasilValue]): List[BasilValue]
-
-  /** effects * */
-  def setNext(c: ExecutionContinuation): T
-
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): T
-
-  def doReturn(): T
-
-  def storeVar(v: String, scope: Scope, value: BasilValue): T
-
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]): T
-
-  def getNext : ExecutionContinuation 
-
-}
 
 enum Effect:
   case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
@@ -442,200 +551,216 @@ enum Effect:
   case StoreVar(v: String, s: Scope, value: BasilValue)
   case StoreMem(vname: String, update: Map[BasilValue, BasilValue])
 
-case class TracingInterpreter(
-    val s: InterpreterState,
-    val trace: List[Effect]
-) extends Effects[TracingInterpreter] {
 
-  def evalBV(e: Expr): BitVecLiteral = s.evalBV(e)
-  def evalInt(e: Expr): BigInt = s.evalInt(e)
-  def evalBool(e: Expr): Boolean = s.evalBool(e)
-
-  def loadVar(v: String): BasilValue = s.loadVar(v)
-  def loadMem(v: String, addrs: List[BasilValue]) = s.loadMem(v, addrs)
-
-  /** effects * */
-  def setNext(c: ExecutionContinuation) = {
-    // Logger.debug(s"    eff : DONEXT $c")
-     TracingInterpreter(s.setNext(c), trace)
-  }
-
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = {
-    //Logger.debug(s"    eff : CALL $target")
-    TracingInterpreter(s.call(target, beginFrom, returnTo), Effect.Call(target, beginFrom, returnTo)::trace)
-  }
-
-  def doReturn() = {
-    //Logger.debug(s"    eff : RETURN")
-    TracingInterpreter(s.doReturn(), Effect.Return::trace)
-  }
-
-  def storeVar(v: String, c: Scope,  value: BasilValue) = {
-    //Logger.debug(s"    eff : SET $v := $value")
-    TracingInterpreter(s.storeVar(v, c, value), Effect.StoreVar(v, c, value)::trace)
-  }
-
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue])  = {
-    //Logger.debug(s"    eff : STORE $vname <- $update")
-    TracingInterpreter(s.storeMem(vname, update), Effect.StoreMem(vname, update)::trace)
-  }
-
-  def getNext = s.getNext
-
-}
+// case class TracingInterpreter(
+//     val s: InterpreterState,
+//     val trace: List[Effect]
+// ) extends Effects[TracingInterpreter] {
+// 
+//   def evalBV(e: Expr) = Eval.evalBV(this)(e)
+//   def evalInt(e: Expr) = Eval.evalInt(this)(e)
+//   def evalBool(e: Expr) = Eval.evalBool(this)(e)
+// 
+//   def loadVar(v: String) = 
+//   def loadMem(v: String, addrs: List[BasilValue]) = s.loadMem(v, addrs)
+// 
+//   /** effects * */
+//   def setNext(c: ExecutionContinuation) = {
+//     // Logger.debug(s"    eff : DONEXT $c")
+//     TracingInterpreter(s.setNext(c), trace)
+//   }
+// 
+//   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = {
+//     //Logger.debug(s"    eff : CALL $target")
+//     TracingInterpreter(s.call(target, beginFrom, returnTo), Effect.Call(target, beginFrom, returnTo) :: trace)
+//   }
+// 
+//   def doReturn() = {
+//     //Logger.debug(s"    eff : RETURN")
+//     TracingInterpreter(s.doReturn(), Effect.Return :: trace)
+//   }
+// 
+//   def storeVar(v: String, c: Scope, value: BasilValue) = {
+//     //Logger.debug(s"    eff : SET $v := $value")
+//     TracingInterpreter(s.storeVar(v, c, value), Effect.StoreVar(v, c, value) :: trace)
+//   }
+// 
+//   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = {
+//     //Logger.debug(s"    eff : STORE $vname <- $update")
+//     TracingInterpreter(s.storeMem(vname, update), Effect.StoreMem(vname, update) :: trace)
+//   }
+// 
+//   def getNext = s.getNext
+// 
+// }
 
 case class InterpreterState(
     val nextCmd: ExecutionContinuation = Stopped(),
     val callStack: List[ExecutionContinuation] = List.empty,
     val memoryState: MemoryState = MemoryState()
-) extends Effects[InterpreterState] {
+)
+
+case class NormalInterpreter() extends Effects[InterpreterState] {
 
   /* eval */
-  def evalBV(e: Expr): BitVecLiteral = Eval.evalBV(this, e)
+  def evalBV(e: Expr) = Eval.evalBV(this)(e)
 
-  def evalInt(e: Expr): BigInt = Eval.evalInt(this, e)
+  def evalInt(e: Expr) = Eval.evalInt(this)(e)
 
-  def evalBool(e: Expr): Boolean = Eval.evalBool(this, e)
+  def evalBool(e: Expr) = Eval.evalBool(this)(e)
 
-  def loadVar(v: String): BasilValue = memoryState.getVar(v)
+  def loadVar(v: String) = get((s: InterpreterState) => s.memoryState.getVar(v))
 
-  def loadMem(v: String, addrs: List[BasilValue]): List[BasilValue] = memoryState.doLoad(v, addrs)
+  def loadMem(v: String, addrs: List[BasilValue]) = get((s: InterpreterState) => s.memoryState.doLoad(v, addrs))
 
-  def getNext = nextCmd
+  def getNext = get ((s: InterpreterState) => s.nextCmd)
 
   /** effects * */
-  def setNext(c: ExecutionContinuation): InterpreterState = {
-    InterpreterState(c, callStack, memoryState)
-  }
+  def setNext(c: ExecutionContinuation) = modify ((s: InterpreterState) => {
+    InterpreterState(c, s.callStack, s.memoryState)
+  })
 
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): InterpreterState = {
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = modify ((s:InterpreterState) => {
+    Logger.info(s"    eff : CALL $target")
     InterpreterState(
       beginFrom,
-      returnTo :: callStack,
-      memoryState.pushStackFrame(target)
+      returnTo :: s.callStack,
+      s.memoryState.pushStackFrame(target)
     )
-  }
+  })
 
-  def doReturn(): InterpreterState = {
-    callStack match {
-      case Nil => InterpreterState(Stopped(), Nil, memoryState)
+  def doReturn() = {
+    modify ((s: InterpreterState) => {s.callStack match {
+      case Nil => InterpreterState(Stopped(), Nil, s.memoryState)
       case h :: tl => {
-        InterpreterState(h, tl, memoryState.popStackFrame())
+        InterpreterState(h, tl, s.memoryState.popStackFrame())
       }
     }
+    })
   }
 
   def storeVar(v: String, scope: Scope, value: BasilValue) = {
-    InterpreterState(nextCmd, callStack, memoryState.defVar(v, scope, value))
+    Logger.debug(s"    eff : SET $v := $value")
+    modify ((s: InterpreterState) => InterpreterState(s.nextCmd, s.callStack, s.memoryState.defVar(v, scope, value)))
   }
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = {
-    InterpreterState(nextCmd, callStack, memoryState.doStore(vname, update))
-  }
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = modify ((s:InterpreterState) => {
+    Logger.debug(s"    eff : STORE $vname <- $update")
+    InterpreterState(s.nextCmd, s.callStack, s.memoryState.doStore(vname, update))
+  })
 
 }
 
 case object InterpFuns {
 
-  def initialState[T <: Effects[T]](s: T): T = {
+  def initialState[S, T <: Effects[S]](s: T): State[S, Unit] = {
     val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
     val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
     val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
 
-    s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-      .storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-      .storeVar("R31", Scope.Global, Scalar(SP))
-      .storeVar("R29", Scope.Global, Scalar(FP))
-      .storeVar("R30", Scope.Global, Scalar(LR))
-  }
-
-  def initialiseProgram[T <: Effects[T]](p: Program, s: T): T = {
-    val mem = p.initialMemory.foldLeft(initialState(s))((s, memory) => {
-      val s1 = Eval.store(
-        s,
-        "mem",
-        Scalar(BitVecLiteral(memory.address, 64)),
-        memory.bytes.toList.map(Scalar(_)),
-        Endian.LittleEndian
-      )
-      Eval.store(
-        s1,
-        "stack",
-        Scalar(BitVecLiteral(memory.address, 64)),
-        memory.bytes.toList.map(Scalar(_)),
-        Endian.LittleEndian
-      )
-    })
-
-    mem.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
-  }
-
-  def interpretJump[T <: Effects[T]](s: T, j: Jump): T = {
+    for {
+      l <- s.storeVar("R30", Scope.Global, Scalar(LR))
+      h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      j <- s.storeVar("R31", Scope.Global, Scalar(SP))
+      k <- s.storeVar("R29", Scope.Global, Scalar(FP))
+    } yield (l)
+    // s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+  }
+
+  def initialiseProgram[S, T <: Effects[S]](f:T)(p: Program): State[S, Unit] = {
+    for {
+      d <- initialState(f)
+      mem <- sequence(p.initialMemory.map(memory => 
+          Eval.store(f)(
+          "mem",
+          Scalar(BitVecLiteral(memory.address, 64)),
+          memory.bytes.toList.map(Scalar(_)),
+          Endian.LittleEndian)))
+      mem <- sequence(p.initialMemory.map(memory => 
+          Eval.store(f)(
+          "stack",
+          Scalar(BitVecLiteral(memory.address, 64)),
+          memory.bytes.toList.map(Scalar(_)),
+          Endian.LittleEndian)))
+      r <- f.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
+    } yield (r)
+  }
+
+  def interpretJump[S, T <: Effects[S]](f: T)(j: Jump): State[S, Unit] = {
     j match {
       case gt: GoTo if gt.targets.size == 1 => {
-        s.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
+        f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
       }
       case gt: GoTo =>
-        val condition = gt.targets.flatMap(_.statements.headOption).collect { case a: Assume =>
-          (a, s.evalBool(a.body))
-        }
-
-        if (condition.size != gt.targets.size) {
+        val assumes = gt.targets.flatMap(_.statements.headOption).collect {
+            case a: Assume => a
+          }
+        if (assumes.size != gt.targets.size) {
           throw InterpreterError(Errored(s"Some goto target missing guard $gt"))
         }
+        for {
+          chosen : List[Assume] <- filterM((a:Assume) => f.evalBool(a.body), assumes)
 
-        val chosen = condition.filter(_._2).toList match {
-          case Nil      => throw InterpreterError(Errored(s"No jump target satisfied $gt"))
-          case h :: Nil => h
-          case h :: tl  => throw InterpreterError(Errored(s"More than one jump guard satisfied $gt"))
-        }
-
-        s.setNext(Run(chosen._1.successor))
-      case r: Return      => s.doReturn()
-      case h: Unreachable => s.setNext(EscapedControlFlow(h))
+          res <- chosen match {
+            case Nil      => f.setNext(Errored(s"No jump target satisfied $gt"))
+            case h :: Nil => f.setNext(Run(h))
+            case h :: tl  => f.setNext(Errored(s"More than one jump guard satisfied $gt"))
+          }
+        } yield (res)
+      case r: Return      => f.doReturn()
+      case h: Unreachable => f.setNext(EscapedControlFlow(h))
     }
   }
 
-  def interpretStatement[T <: Effects[T]](st: T, s: Statement): T = {
+  def interpretStatement[S, T <: Effects[S]](f: T)(s: Statement): State[S, Unit] = {
     s match {
       case assign: Assign => {
-        val rhs = st.evalBV(assign.rhs)
-        st.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs)).setNext(Run(s.successor))
+        for {
+          rhs <- f.evalBV(assign.rhs)
+          st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
+          n <- f.setNext(Run(s.successor))
+        } yield (st)
       }
-      case assign: MemoryAssign => {
-        val index: BitVecLiteral = st.evalBV(assign.index)
-        val value: BitVecLiteral = st.evalBV(assign.value)
+      case assign: MemoryAssign => for {
+        index : BitVecLiteral <- f.evalBV(assign.index)
+        value : BitVecLiteral <- f.evalBV(assign.value)
         // st.storeMem(assign.mem.name, index, value, assign.endian, assign.size).setNext(Run(s.successor))
-        Eval.storeBV(st, assign.mem.name, Scalar(index), value, assign.endian).setNext(Run(s.successor))
-      }
-      case assert: Assert => {
-        if (!st.evalBool(assert.body)) then {
-          st.setNext(FailedAssertion(assert))
+        _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
+        n <- f.setNext(Run(s.successor))
+      } yield (n)
+      case assert: Assert => for {
+        b <- f.evalBool(assert.body) 
+        n <- (if (!b) then {
+          f.setNext(FailedAssertion(assert))
         } else {
-          st.setNext(Run(s.successor))
-        }
-      }
-      case assume: Assume =>
-        if (!st.evalBool(assume.body)) {
-          st.setNext(Errored(s"Assumption not satisfied: $assume"))
+          f.setNext(Run(s.successor))
+        }) 
+      } yield (n)
+      case assume: Assume => for {
+        b <- f.evalBool(assume.body) 
+        n <- (if (!b) {
+          f.setNext(Errored(s"Assumption not satisfied: $assume"))
         } else {
-          st.setNext(Run(s.successor))
-
-        }
-      case dc: DirectCall =>
-        if (dc.target.entryBlock.isDefined) {
+          f.setNext(Run(s.successor))
+        })
+      } yield (n)
+      case dc: DirectCall => for {
+        n <- if (dc.target.entryBlock.isDefined) {
           val block = dc.target.entryBlock.get
-          st.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
+          f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
         } else {
-          st.setNext(Run(dc.successor))
+          f.setNext(Run(dc.successor))
         }
-      case ic: IndirectCall =>
-        if (ic.target == Register("R30", 64)) {
-          st.doReturn()
+      } yield (n)
+      case ic: IndirectCall => for {
+        n <- (if (ic.target == Register("R30", 64)) {
+          f.doReturn()
         } else {
-          st.setNext(EscapedControlFlow(ic))
-        }
-      case _: NOP => st.setNext(Run(s.successor))
+          f.setNext(EscapedControlFlow(ic))
+        })
+      } yield (n)
+      case _: NOP => f.setNext(Run(s.successor))
     }
   }
 
@@ -647,48 +772,33 @@ case object InterpFuns {
     }
   }
 
-  @tailrec
-  def interpret[T <: Effects[T]](s: T): T = {
-    Logger.debug(s"interpret ${s.getNext}")
-    s.getNext match {
-      case Run(c: Statement) =>
-        interpret(
-          protect[T](
-            () => interpretStatement(s, c),
-            {
-              case InterpreterError(e)         => s.setNext(e)
-              case e: IllegalArgumentException => s.setNext(Errored(s"Evaluation error $e"))
-            }
-          )
-        )
-      case Run(c: Jump) =>
-        interpret(
-          protect[T](
-            () => interpretJump(s, c),
-            {
-              case InterpreterError(e)         => s.setNext(e)
-              case e: IllegalArgumentException => s.setNext(Errored(s"Evaluation error $e"))
-            }
-          )
-        )
-      case Stopped() => s
-      case errorstop => s
-    }
+  def interpret[S, T <: Effects[S]](f: T, m: State[S, Unit]): State[S, Unit] = {
+    for {
+      n <- f.getNext 
+      _ = {
+        Logger.debug(s"interpret ${n}")
+      }
+      c <- n match {
+        case Run(c: Statement) => interpret(f, interpretStatement(f)(c))
+        case Run(c: Jump) => interpret(f, interpretJump(f)(c))
+        case Stopped() => State((s:S) => (s,()))
+        case errorstop => State((s:S) => (s,()))
+      }
+    } yield(c)
   }
 
-  def interpretProg[T <: Effects[T]](p: Program, i: T): T = {
-    var s = initialiseProgram(p, i)
-    interpret(s)
+  def interpretProg[S, T <: Effects[S]](f: T)(p: Program, is: S): S = {
+    val (fs: S,_) = execute[S, Unit](is, interpret(f, initialiseProgram(f)(p)))
+    fs
   }
 
 }
 
-def interpret(IRProgram: Program) : InterpreterState = {
-  InterpFuns.interpretProg(IRProgram, InterpreterState())
-}
-
-def interpretTrace(IRProgram: Program) :  TracingInterpreter = {
-  val s : TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
-  s
+def interpret(IRProgram: Program): InterpreterState = {
+  InterpFuns.interpretProg(NormalInterpreter())(IRProgram, InterpreterState())
 }
 
+// def interpretTrace(IRProgram: Program): TracingInterpreter = {
+//   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
+//   s
+// }
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index ecf521a51..1efabf0c1 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -24,14 +24,15 @@ import util.ILLoadingConfig
 // }
 
 
-def initialMem() = InterpFuns.initialState(TracingInterpreter(InterpreterState(), List()))
+// def initialMem() = InterpFuns.initialState(InterpreterState(), List())
 
-def load[T <: Effects[T]](s: T, global: SpecGlobal) : Option[BitVecLiteral] = {
+def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
+  val f = NormalInterpreter()
  //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   
   try {
-    Some(s.evalBV(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)))
+    Some(f.evalBV(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)).f(s)._2)
   } catch {
     case e : InterpreterError => None
   }
@@ -99,102 +100,102 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   }
 
 
-  test("Store = Load LittleEndian") {
-    val ts = List(
-      BitVecLiteral(BigInt("0D", 16), 8),
-      BitVecLiteral(BigInt("0C", 16), 8),
-      BitVecLiteral(BigInt("0B", 16), 8),
-      BitVecLiteral(BigInt("0A", 16), 8))
-
-    val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
-    val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-    val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-    assert(actual == expected)
-
-
-  }
-
-  test("store bv = loadbv le") {
-    val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-    val s2 = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
-    val actual2: BitVecLiteral = Eval.loadBV(s2, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-    assert(actual2 == expected)
-  }
-
-
-  test("Store = Load BigEndian") {
-    val ts = List(
-      BitVecLiteral(BigInt("0D", 16), 8),
-      BitVecLiteral(BigInt("0C", 16), 8),
-      BitVecLiteral(BigInt("0B", 16), 8),
-      BitVecLiteral(BigInt("0A", 16), 8))
-
-    val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
-    val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-    val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
-    assert(actual == expected)
-
-
-  }
-
-  test("getMemory in LittleEndian") {
-    val ts = List((BitVecLiteral(0, 64), BitVecLiteral(BigInt("0D", 16), 8)),
-    (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
-    (BitVecLiteral(2, 64) , BitVecLiteral(BigInt("0B", 16), 8)),
-    (BitVecLiteral(3, 64) , BitVecLiteral(BigInt("0A", 16), 8)))
-    val s = ts.foldLeft(initialMem())((m, v) => Eval.storeSingle(m, "mem", Scalar(v._1), Scalar(v._2)))
-    // val s = initialMem().store("mem")
-    // val r = s.loadBV("mem", BitVecLiteral(0, 64))
-
-    val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-
-  // def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
-     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-    assert(actual == expected)
-  }
-
-
-  test("StoreBV = LoadBV LE ") {
-    val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-
-    val s = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
-    val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-    println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
-    assert(actual == expected)
-  }
-
-  // test("getMemory in BigEndian") {
-  //   i.mems(0) = BitVecLiteral(BigInt("0A", 16), 8)
-  //   i.mems(1) = BitVecLiteral(BigInt("0B", 16), 8)
-  //   i.mems(2) = BitVecLiteral(BigInt("0C", 16), 8)
-  //   i.mems(3) = BitVecLiteral(BigInt("0D", 16), 8)
-  //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-  //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
-  //   assert(actual == expected)
-  // }
-
-  // test("setMemory in LittleEndian") {
-  //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-  //   i.setMemory(0, 32, Endian.LittleEndian, expected, i.mems)
-  //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
-  //   assert(actual == expected)
-  // }
-
-  // test("setMemory in BigEndian") {
-  //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
-  //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-  //   i.setMemory(0, 32, Endian.BigEndian, expected, i.mems)
-  //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
-  //   assert(actual == expected)
-  // }
-
+//   test("Store = Load LittleEndian") {
+//     val ts = List(
+//       BitVecLiteral(BigInt("0D", 16), 8),
+//       BitVecLiteral(BigInt("0C", 16), 8),
+//       BitVecLiteral(BigInt("0B", 16), 8),
+//       BitVecLiteral(BigInt("0A", 16), 8))
+// 
+//     val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
+//     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+//     assert(actual == expected)
+// 
+// 
+//   }
+// 
+//   test("store bv = loadbv le") {
+//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
+//     val s2 = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+//     val actual2: BitVecLiteral = Eval.loadBV(s2, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+//     assert(actual2 == expected)
+//   }
+// 
+// 
+//   test("Store = Load BigEndian") {
+//     val ts = List(
+//       BitVecLiteral(BigInt("0D", 16), 8),
+//       BitVecLiteral(BigInt("0C", 16), 8),
+//       BitVecLiteral(BigInt("0B", 16), 8),
+//       BitVecLiteral(BigInt("0A", 16), 8))
+// 
+//     val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+//     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
+//     assert(actual == expected)
+// 
+// 
+//   }
+// 
+//   test("getMemory in LittleEndian") {
+//     val ts = List((BitVecLiteral(0, 64), BitVecLiteral(BigInt("0D", 16), 8)),
+//     (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
+//     (BitVecLiteral(2, 64) , BitVecLiteral(BigInt("0B", 16), 8)),
+//     (BitVecLiteral(3, 64) , BitVecLiteral(BigInt("0A", 16), 8)))
+//     val s = ts.foldLeft(initialMem())((m, v) => Eval.storeSingle(m, "mem", Scalar(v._1), Scalar(v._2)))
+//     // val s = initialMem().store("mem")
+//     // val r = s.loadBV("mem", BitVecLiteral(0, 64))
+// 
+//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+// 
+//   // def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
+//      val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+//     assert(actual == expected)
+//   }
+// 
+// 
+//   test("StoreBV = LoadBV LE ") {
+//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+// 
+//     val s = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
+//     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+//     println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
+//     assert(actual == expected)
+//   }
+// 
+//   // test("getMemory in BigEndian") {
+//   //   i.mems(0) = BitVecLiteral(BigInt("0A", 16), 8)
+//   //   i.mems(1) = BitVecLiteral(BigInt("0B", 16), 8)
+//   //   i.mems(2) = BitVecLiteral(BigInt("0C", 16), 8)
+//   //   i.mems(3) = BitVecLiteral(BigInt("0D", 16), 8)
+//   //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+//   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
+//   //   assert(actual == expected)
+//   // }
+// 
+//   // test("setMemory in LittleEndian") {
+//   //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+//   //   i.setMemory(0, 32, Endian.LittleEndian, expected, i.mems)
+//   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
+//   //   assert(actual == expected)
+//   // }
+// 
+//   // test("setMemory in BigEndian") {
+//   //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
+//   //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
+//   //   i.setMemory(0, 32, Endian.BigEndian, expected, i.mems)
+//   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
+//   //   assert(actual == expected)
+//   // }
+// 
   test("basic_arrays_read") {
     val expected = Map(
       "arr" -> 0
@@ -354,15 +355,15 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   }
 
 
-  test("fibonacci Trace") {
-
-    val fib = fibonacciProg(8)
-    val r = interpretTrace(fib)
-    assert(r.getNext == Stopped())
-    // Show interpreted result
-    //
-    info(r.trace.reverse.mkString("\n"))
-
-  }
+//   test("fibonacci Trace") {
+// 
+//     val fib = fibonacciProg(8)
+//     val r = interpretTrace(fib)
+//     assert(r.getNext == Stopped())
+//     // Show interpreted result
+//     //
+//     info(r.trace.reverse.mkString("\n"))
+// 
+//   }
 
 }

From 2c16c838ec1f911e532f472d3734d16a36c2c9e3 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 28 Aug 2024 10:47:36 +1000
Subject: [PATCH 012/127] fix state monad interp

---
 src/main/scala/ir/eval/ExprEval.scala    |  27 ++-
 src/main/scala/ir/eval/Interpreter.scala | 234 +++++++++++------------
 src/main/scala/util/functional.scala     |  59 ++++++
 src/test/scala/ir/InterpreterTests.scala |  63 ++++--
 src/test/scala/util/StateMonad.scala     |  31 +++
 5 files changed, 265 insertions(+), 149 deletions(-)
 create mode 100644 src/main/scala/util/functional.scala
 create mode 100644 src/test/scala/util/StateMonad.scala

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 5cb5979f7..85d71d7cb 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -1,5 +1,6 @@
 package ir.eval
 import ir.eval.BitVectorEval
+import util.functional.State
 import ir._
 
 /**
@@ -159,17 +160,13 @@ def evalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory:
 }
 
 
-def mkSt[S, F](f: () => F): State[S, F] = for {
-    n <- get((s:S) => f())
-  } yield (n)
-
 /**
  * typeclass defining variable and memory laoding from state S
  */
 trait Loader[S] {
-  def getVariable(v: Variable) : State[S, Option[Expr]]
+  def getVariable(v: Variable) : State[S, Option[Literal]]
   def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal]] = {
-    mkSt(() => None)
+    State.pure(None)
   }
 }
 
@@ -177,7 +174,7 @@ trait Loader[S] {
 def statePartialEvalExpr[S](l: Loader[S])(exp: Expr): State[S, Expr] = {
   val eval = statePartialEvalExpr(l)
   exp match {
-    case f: UninterpretedFunction => mkSt(() => f)
+    case f: UninterpretedFunction => State.pure(f)
     case unOp: UnaryExpr => for {
       body <- eval(unOp.arg)
     } yield (
@@ -244,26 +241,26 @@ def statePartialEvalExpr[S](l: Loader[S])(exp: Expr): State[S, Expr] = {
         case o => r.copy(body=o)
     })
     case variable: Variable => for {
-      v <- l.getVariable(variable)
+      v : Option[Literal] <- l.getVariable(variable)
     } yield (v.getOrElse(variable))
     case ml: MemoryLoad => for {
       addr <- eval(ml.index)
       mem <- l.loadMemory(ml.mem, addr, ml.endian, ml.size)
     }  yield (mem.getOrElse(ml))
-    case b: BitVecLiteral => mkSt(() => b)
-    case b: IntLiteral => mkSt(() => b)
-    case b: BoolLit => mkSt(() => b)
+    case b: BitVecLiteral => State.pure(b)
+    case b: IntLiteral => State.pure(b)
+    case b: BoolLit => State.pure(b)
   }
 }
 
 
-class StatelessLoader(getVar: Variable => Option[Expr], loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)) extends Loader[Unit] {
-  def getVariable(v: Variable) : State[Unit, Option[Expr]] = mkSt(() => getVar(v))
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[Unit, Option[Literal]] = mkSt(() => loadMem(m, addr, endian, size))
+class StatelessLoader(getVar: Variable => Option[Literal], loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)) extends Loader[Unit] {
+  def getVariable(v: Variable) : State[Unit, Option[Literal]] = State.pure(getVar(v))
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[Unit, Option[Literal]] = State.pure(loadMem(m, addr, endian, size))
 }
 
 
-def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Expr], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
+def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
   val l = StatelessLoader(variableAssignment, memory)
   statePartialEvalExpr(l)(exp).f(())._2
 }
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 15165c199..d68ec467e 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -1,7 +1,9 @@
 package ir.eval
 import ir.eval.BitVectorEval.*
-import ir._
+import ir.*
 import util.Logger
+import util.functional.*
+import util.functional.State.*
 import boogie.Scope
 import scala.collection.WithFilter
 
@@ -11,58 +13,6 @@ import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
 
-case class State[S, +A](f: S => (S, A)) {// extends WithFilter[A, ({ type l[x] = State[S, x] })#l] {
-
-  def unit[A](a: A): State[S, A] = State(s => (s, a))
-
-  def foreach[U](f: A => U): Unit = ()
-
-  // def flatMap[B](f: A => IterableOnce[B]): ir.eval.State[S, B] = ???
-  def flatMap[B](f: A => State[S, B]): State[S, B] = State(s => {
-    val (s2, a) = this.f(s)
-    f(a).f(s2)
-  })
-
-  def map[B](f: A => B): State[S, B] = {
-    State(s => {
-      val (s2, a) = this.f(s)
-      (s2, f(a))
-    })
-  }
-
-  def withFilter(q : A => Boolean) = {
-    this
-  }
-}
-
-
-def stateCompose[S, A, B](s1: State[S, A], s2: State[S, B]) : State[S, B] = {
-  State((s: S) => s1.f(s) match {
-    case (s, _) => s2.f(s)
-  })
-}
-
-def pure[S, A](a: A) : State[S, A] = State((s:S) => (s, a))
-
-def sequence[S, V](xs: Iterable[State[S,V]]) : State[S,V] = {
-  xs.reduceRight(stateCompose) 
-}
-
-def sequence[V](xs: Iterable[Option[V]]) : Option[V] = {
-  xs.reduceRight((a, b) => a match {
-    case Some(x) => Some(x)
-    case None =>  b
-  }) 
-}
-
-def filterM[A, S](m : (A => State[S, Boolean]), xs: Iterable[A]): State[S, List[A]] = {
-  xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
-}
-
-
-def get[S,A](f: S => A) : State[S, A] = State(s => (s, f(s)))
-def modify[S](f: S => S) : State[S, Unit] = State(s => (f(s), ()))
-def execute[S, A](s: S, c: State[S,A]) = c.f(s)
 
 sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
@@ -186,19 +136,6 @@ sealed trait Effects[T] {
 
  
 
-def evalToConst(
-    to: IRType,
-    exp: Expr,
-    variable: Variable => Option[Expr],
-    load: (Memory, Expr, Endian, Int) => Option[Literal]
-): BasilValue = {
-
-  val res: Expr = ir.eval.partialEvalExpr(exp, variable, load)
-  res match {
-    case e: Literal if e.getType == to => Scalar(e)
-    case res => throw InterpreterError(EvalError(s"Failed to evaluate expr to constant ${to} literal: residual $res"))
-  }
-}
 
 // case class BasilConstant(val basilType: BasilValue, val value: basilType.ReprType)
 
@@ -381,7 +318,7 @@ case class StVarLoader[S, F <: Effects[S]](f : F) extends Loader[S] {
 
       cells = size / valsize
 
-      res <- load(vname, addr, endian, cells)
+      res <- load(vname, addr, endian, cells) // actual load
       bvs: List[BitVecLiteral] = {
         val rr = res.map {
           case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
@@ -390,10 +327,7 @@ case class StVarLoader[S, F <: Effects[S]](f : F) extends Loader[S] {
         }
         rr
       }
-
-      bvres = bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r))
-      _ = {assert(bvres.size == size)}
-    } yield(bvres)
+    } yield(bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
 
   def loadSingle(vname: String, addr: Scalar): State[S, BasilValue] = {
     for {
@@ -401,14 +335,14 @@ case class StVarLoader[S, F <: Effects[S]](f : F) extends Loader[S] {
     } yield (m.head)
   }
 
-  def getVariable(v: Variable) : State[S, Option[Expr]] = {
+  def getVariable(v: Variable) : State[S, Option[Literal]] = {
     for {
       v <- f.loadVar(v.name)
     } yield (
-    v match {
+    (v match {
     case Scalar(l) => Some(l)
     case _         => None
-    })
+    }))
   }
 
   override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal]] = {
@@ -452,7 +386,7 @@ case object Eval {
     for {
       res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
     } yield (
-      e match {
+      res match {
         case l: BitVecLiteral => l
         case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
       })
@@ -463,7 +397,7 @@ case object Eval {
     for {
       res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
     } yield (
-      e match {
+      res match {
         case l: IntLiteral => l.value
         case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
       })
@@ -474,7 +408,7 @@ case object Eval {
     for {
       res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
     } yield (
-      e match {
+      res match {
         case l: BoolLit => l == TrueLiteral
         case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
       })
@@ -536,7 +470,8 @@ case object Eval {
     }
 
     keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
-  } yield (f.storeMem(vname, keys.zip(vs).toMap))
+    s <- f.storeMem(vname, keys.zip(vs).toMap)
+  } yield (s)
 
   def storeSingle[S, T <: Effects[S]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit] = {
     f.storeMem(vname, Map((addr -> value)))
@@ -600,28 +535,83 @@ case class InterpreterState(
     val memoryState: MemoryState = MemoryState()
 )
 
-case class NormalInterpreter() extends Effects[InterpreterState] {
+object NormalInterpreter extends Effects[InterpreterState] {
 
   /* eval */
-  def evalBV(e: Expr) = Eval.evalBV(this)(e)
+  def evalBV(e: Expr) = {
+    Eval.evalBV(this)(e)
+  }
 
-  def evalInt(e: Expr) = Eval.evalInt(this)(e)
+  def evalInt(e: Expr) = {
+    Eval.evalInt(this)(e)
+  }
 
-  def evalBool(e: Expr) = Eval.evalBool(this)(e)
+  def evalBool(e: Expr) = {
+    Eval.evalBool(this)(e)
+  }
 
-  def loadVar(v: String) = get((s: InterpreterState) => s.memoryState.getVar(v))
+  def loadVar(v: String) = {
+    State.get((s: InterpreterState) => {
+      s.memoryState.getVar(v)
+    })
+  }
 
-  def loadMem(v: String, addrs: List[BasilValue]) = get((s: InterpreterState) => s.memoryState.doLoad(v, addrs))
+  def formatStore(varname: String, update: Map[BasilValue, BasilValue]) = {
+    val ks = update.toList.sortWith((x,y) => {
+      def conv(v:BasilValue): BigInt = v match {
+        case (Scalar(b: BitVecLiteral)) => b.value
+        case (Scalar(b: IntLiteral)) => b.value
+        case _ => BigInt(0) 
+      }
+      conv(x._1) <= conv(y._1)
+    })
 
-  def getNext = get ((s: InterpreterState) => s.nextCmd)
+    val rs = ks.foldLeft(Some((None,List[BitVecLiteral]())): Option[(Option[BigInt], List[BitVecLiteral])])((acc, v) => 
+      v match {
+      case (Scalar(bv : BitVecLiteral), Scalar(bv2 : BitVecLiteral)) => {
+        acc match {
+          case None => None
+          case Some(None, l) => Some(Some(bv.value), bv2::l)
+          case Some(Some(v), l) if bv.value == v + 1 => Some(Some(bv.value), bv2::l)
+          case Some(Some(v), l) if bv.value != v + 1 => {
+            println(s"$v != ${bv.value} + 1")
+            None
+          }
+        }
+      }
+      case (bv, bv2) => None
+      }
+    )
+
+    rs match {
+      case Some(_, l) => {
+        val vs = Scalar(l.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r))).toString
+        s"$varname[${ks.head._1}] := $vs"
+      }
+      case None if ks.length < 8 => s"$varname[${ks.map(_._1).mkString(",")}] := ${ks.map(_._2).mkString(",")}"
+      case None => s"$varname[${ks.map(_._1).take(8).mkString(",")}...] := ${ks.map(_._2).take(8).mkString(", ")}... "
+    }
+
+  }
+
+  def loadMem(v: String, addrs: List[BasilValue]) = {
+    State.get((s: InterpreterState) => {
+      val r = s.memoryState.doLoad(v, addrs)
+      Logger.debug(s"    eff : LOAD ${addrs.head} x ${addrs.size}")
+      r
+    })
+  }
+
+  def getNext = State.get ((s: InterpreterState) => s.nextCmd)
 
   /** effects * */
-  def setNext(c: ExecutionContinuation) = modify ((s: InterpreterState) => {
+  def setNext(c: ExecutionContinuation) = State.modify ((s: InterpreterState) => {
+    // Logger.debug(s"    eff : setNext $c")
     InterpreterState(c, s.callStack, s.memoryState)
   })
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = modify ((s:InterpreterState) => {
-    Logger.info(s"    eff : CALL $target")
+    Logger.debug(s"    eff : CALL $target")
     InterpreterState(
       beginFrom,
       returnTo :: s.callStack,
@@ -630,6 +620,7 @@ case class NormalInterpreter() extends Effects[InterpreterState] {
   })
 
   def doReturn() = {
+    Logger.debug(s"    eff : RETURN")
     modify ((s: InterpreterState) => {s.callStack match {
       case Nil => InterpreterState(Stopped(), Nil, s.memoryState)
       case h :: tl => {
@@ -639,13 +630,13 @@ case class NormalInterpreter() extends Effects[InterpreterState] {
     })
   }
 
-  def storeVar(v: String, scope: Scope, value: BasilValue) = {
+  def storeVar(v: String, scope: Scope, value: BasilValue) : State[InterpreterState, Unit] = {
     Logger.debug(s"    eff : SET $v := $value")
-    modify ((s: InterpreterState) => InterpreterState(s.nextCmd, s.callStack, s.memoryState.defVar(v, scope, value)))
+    State.modify ((s: InterpreterState) => InterpreterState(s.nextCmd, s.callStack, s.memoryState.defVar(v, scope, value)))
   }
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = modify ((s:InterpreterState) => {
-    Logger.debug(s"    eff : STORE $vname <- $update")
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.modify ((s:InterpreterState) => {
+    Logger.debug(s"    eff : STORE ${formatStore(vname, update)}")
     InterpreterState(s.nextCmd, s.callStack, s.memoryState.doStore(vname, update))
   })
 
@@ -659,11 +650,11 @@ case object InterpFuns {
     val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
 
     for {
-      l <- s.storeVar("R30", Scope.Global, Scalar(LR))
       h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       j <- s.storeVar("R31", Scope.Global, Scalar(SP))
       k <- s.storeVar("R29", Scope.Global, Scalar(FP))
+      l <- s.storeVar("R30", Scope.Global, Scalar(LR))
     } yield (l)
     // s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
   }
@@ -671,13 +662,13 @@ case object InterpFuns {
   def initialiseProgram[S, T <: Effects[S]](f:T)(p: Program): State[S, Unit] = {
     for {
       d <- initialState(f)
-      mem <- sequence(p.initialMemory.map(memory => 
+      mem <- State.sequence(State.pure(()), p.initialMemory.map(memory => 
           Eval.store(f)(
           "mem",
           Scalar(BitVecLiteral(memory.address, 64)),
           memory.bytes.toList.map(Scalar(_)),
           Endian.LittleEndian)))
-      mem <- sequence(p.initialMemory.map(memory => 
+      mem <- State.sequence(State.pure(()), p.initialMemory.map(memory => 
           Eval.store(f)(
           "stack",
           Scalar(BitVecLiteral(memory.address, 64)),
@@ -764,41 +755,48 @@ case object InterpFuns {
     }
   }
 
-  def protect[T](x: () => T, fnly: PartialFunction[Exception, T]): T = {
-    try {
-      x()
-    } catch {
-      case e: Exception if fnly.isDefinedAt(e) => fnly(e)
-    }
-  }
 
-  def interpret[S, T <: Effects[S]](f: T, m: State[S, Unit]): State[S, Unit] = {
-    for {
-      n <- f.getNext 
-      _ = {
-        Logger.debug(s"interpret ${n}")
-      }
-      c <- n match {
-        case Run(c: Statement) => interpret(f, interpretStatement(f)(c))
-        case Run(c: Jump) => interpret(f, interpretJump(f)(c))
-        case Stopped() => State((s:S) => (s,()))
-        case errorstop => State((s:S) => (s,()))
-      }
-    } yield(c)
+  def interpret[S, T <: Effects[S]](f: T, m: S): S = {
+    val next = State.evaluate(m, f.getNext)
+    next match {
+        case Run(c: Statement) => interpret(f, 
+          protect((() => execute(m, interpretStatement(f)(c))), 
+            {
+              case x @ InterpreterError(e) => {
+                Logger.error(s"${x.getStackTrace.mkString("\n")}")
+                execute(m, f.setNext(e))
+              }
+              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
+            } 
+            ))
+        case Run(c: Jump) => interpret(f, 
+          protect((() => execute(m, interpretJump(f)(c))), 
+            {
+              case x @ InterpreterError(e) => {
+                Logger.error(s"${x.getStackTrace.mkString("\n")}")
+                execute(m, f.setNext(e))
+              }
+              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
+            } 
+            ))
+        case Stopped() => m
+        case errorstop => m 
+    }
   }
 
   def interpretProg[S, T <: Effects[S]](f: T)(p: Program, is: S): S = {
-    val (fs: S,_) = execute[S, Unit](is, interpret(f, initialiseProgram(f)(p)))
-    fs
+    val begin = State.execute(is, initialiseProgram(f)(p))
+    // State.execute[S,Unit](is, )
+    interpret(f, begin)
   }
 
 }
 
 def interpret(IRProgram: Program): InterpreterState = {
-  InterpFuns.interpretProg(NormalInterpreter())(IRProgram, InterpreterState())
+  InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
 }
 
 // def interpretTrace(IRProgram: Program): TracingInterpreter = {
 //   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
 //   s
-// }
+//e
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
new file mode 100644
index 000000000..410fa5f71
--- /dev/null
+++ b/src/main/scala/util/functional.scala
@@ -0,0 +1,59 @@
+package util.functional
+
+case class State[S, +A](f: S => (S, A)) {
+
+  def unit[A](a: A): State[S, A] = State(s => (s, a))
+
+
+  def flatMap[B](f: A => State[S, B]): State[S, B] = State(s => {
+    // println(s"flatmap ${this.f} $f")
+    val (s2, a) = this.f(s)
+    f(a).f(s2)
+  })
+
+
+  def map[B](f: A => B): State[S, B] = {
+    State(s => {
+      val (s2, a) = this.f(s)
+      (s2, f(a))
+    })
+  }
+}
+
+
+object State {
+  def get[S,A](f: S => A) : State[S, A] = State(s => (s, f(s)))
+  def getS[S] : State[S,S] = State((s:S) => (s,s))
+  def putS[S](s: S) : State[S,_] = State((_) => (s,()))
+  def modify[S](f: S => S) : State[S, Unit] = State(s => (f(s), ()))
+  def execute[S, A](s: S, c: State[S,A]) : S = c.f(s)._1
+  def evaluate[S, A](s: S, c: State[S,A])  : A = c.f(s)._2
+
+  def pure[S, A](a: A) : State[S, A] = State((s:S) => (s, a))
+
+  def sequence[S, V](ident: State[S,V], xs: Iterable[State[S,V]]) : State[S,V] = {
+    xs.foldRight(ident)((l,r) => for {
+      x <- l
+      y <- r
+    } yield(y)) 
+  }
+
+  def sequence[V](xs: Iterable[Option[V]]) : Option[V] = {
+    xs.reduceRight((a, b) => a match {
+      case Some(x) => Some(x)
+      case None =>  b
+    }) 
+  }
+
+  def filterM[A, S](m : (A => State[S, Boolean]), xs: Iterable[A]): State[S, List[A]] = {
+    xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
+  }
+}
+
+def protect[T](x: () => T, fnly: PartialFunction[Exception, T]): T = {
+  try {
+    x()
+  } catch {
+    case e: Exception if fnly.isDefinedAt(e) => fnly(e)
+  }
+}
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 1efabf0c1..15da62074 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -1,5 +1,6 @@
 package ir
 
+import util.functional._
 import ir.eval._
 import ir.dsl._
 import org.scalatest.funsuite.AnyFunSuite
@@ -27,7 +28,8 @@ import util.ILLoadingConfig
 // def initialMem() = InterpFuns.initialState(InterpreterState(), List())
 
 def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
-  val f = NormalInterpreter()
+  println(s)
+  val f = NormalInterpreter
  //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   
@@ -96,25 +98,54 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
           load(fstate, global).map(gv => name -> gv.value.toInt)
       )
     )
+    assert(fstate.nextCmd == Stopped())
     assert(expected == actual)
   }
 
+  test("initialise") {
 
-//   test("Store = Load LittleEndian") {
-//     val ts = List(
-//       BitVecLiteral(BigInt("0D", 16), 8),
-//       BitVecLiteral(BigInt("0C", 16), 8),
-//       BitVecLiteral(BigInt("0B", 16), 8),
-//       BitVecLiteral(BigInt("0A", 16), 8))
-// 
-//     val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
-//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-//     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-//     assert(actual == expected)
-// 
-// 
-//   }
-// 
+    val init = InterpFuns.initialState(NormalInterpreter)
+
+    val s = State.execute(InterpreterState(), init)
+    assert(s.memoryState.getVarOpt("mem").isDefined)
+    assert(s.memoryState.getVarOpt("stack").isDefined)
+    assert(s.memoryState.getVarOpt("R31").isDefined)
+    assert(s.memoryState.getVarOpt("R29").isDefined)
+
+
+  }
+  test("var load store") {
+  val s = for {
+       s <- InterpFuns.initialState(NormalInterpreter)
+       v <- NormalInterpreter.loadVar("R31")
+   } yield (v)
+  val l = State.evaluate(InterpreterState(), s)
+
+  assert(l == Scalar(BitVecLiteral(4096 - 16, 64)))
+
+  }
+
+   test("Store = Load LittleEndian") {
+     val ts = List(
+       BitVecLiteral(BigInt("0D", 16), 8),
+       BitVecLiteral(BigInt("0C", 16), 8),
+       BitVecLiteral(BigInt("0B", 16), 8),
+       BitVecLiteral(BigInt("0A", 16), 8))
+ 
+     val loader = StVarLoader(NormalInterpreter)
+
+     val s = for {
+       _ <- InterpFuns.initialState(NormalInterpreter)
+       _ <- Eval.store(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+       r <- loader.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+     } yield(r)
+     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
+     val actual: BitVecLiteral = State.evaluate(InterpreterState(), s)
+     assert(actual == expected)
+ 
+ 
+   }
+ 
 //   test("store bv = loadbv le") {
 //     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
 //     val s2 = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
diff --git a/src/test/scala/util/StateMonad.scala b/src/test/scala/util/StateMonad.scala
new file mode 100644
index 000000000..29721174a
--- /dev/null
+++ b/src/test/scala/util/StateMonad.scala
@@ -0,0 +1,31 @@
+import ir._
+import util.functional._
+
+
+import ir.eval._
+import ir.dsl._
+import org.scalatest.funsuite.AnyFunSuite
+import org.scalatest.BeforeAndAfter
+import specification.SpecGlobal
+import translating.BAPToIR
+import util.{LogLevel, Logger}
+import util.IRLoading.{loadBAP, loadReadELF}
+import util.ILLoadingConfig
+
+
+def add: State[Int, Unit] = State(s => (s+1, ()))
+
+class StateMonadTest extends AnyFunSuite {
+
+  test("forcompre") {
+    val s = for {
+      _ <- add
+      _ <- add
+      _ <- add
+    } yield ()
+
+
+    val res = State.execute(0, s)
+    assert(res == 3)
+  }
+}

From dd11175d2c935d79364a3f18ebb410546cc0631d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 28 Aug 2024 13:38:36 +1000
Subject: [PATCH 013/127] indirect calls

---
 src/main/scala/ir/eval/Interpreter.scala | 110 ++++++++++++++++-------
 src/test/scala/ir/InterpreterTests.scala |  10 ++-
 2 files changed, 84 insertions(+), 36 deletions(-)

diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index d68ec467e..07cec32d3 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -44,6 +44,9 @@ case class Scalar(val value: Literal) extends BasilValue(value.getType) {
     case c                => c.toString
   }
 }
+
+case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation) extends BasilValue(addr.getType)
+
 // Erase the type of basil values and enforce the invariant that
 // \exists i . \forall v \in value.keys , v.irType = i  and
 // \exists j . \forall v \in value.values, v.irType = j
@@ -120,6 +123,8 @@ sealed trait Effects[T] {
 
   def loadMem(v: String, addrs: List[BasilValue]): State[T, List[BasilValue]]
 
+  def evalAddrToProc(addr: Int): State[T, Option[FunPointer]] 
+
   def getNext: State[T, ExecutionContinuation]
 
   /** effects * */
@@ -253,16 +258,27 @@ case class MemoryState(
   }
 
   /* Map variable accessing ; load and store operations */
-  def doLoad(vname: String, addr: List[BasilValue]): List[BasilValue] = {
+  def doLoadOpt(vname: String, addr: List[BasilValue]): Option[List[BasilValue]] = {
     val (frame, mem) = findVar(vname)
     val mapv: MapValue = mem match {
       case m @ MapValue(innerMap, ty) => m
       case m                          => throw InterpreterError(TypeError(s"Load from nonmap ${m.irType}"))
     }
 
-    addr.map(k =>
-      mapv.value.get(k).getOrElse(throw InterpreterError(MemoryError(s"Read from uninitialised $vname[$k]")))
-    )
+    val rs = addr.map(k => mapv.value.get(k))
+    if (rs.forall(_.isDefined)) {
+      Some(rs.map(_.get))
+    } else {
+      None
+    }
+  }
+  def doLoad(vname: String, addr: List[BasilValue]): List[BasilValue] = {
+    doLoadOpt(vname, addr) match {
+      case Some(vs) => vs
+      case None => {
+        throw InterpreterError(MemoryError(s"Read from uninitialised $vname[${addr.head} .. ${addr.last}]"))
+      }
+    }
   }
 
   /** typecheck and some fields of a map variable */
@@ -556,6 +572,18 @@ object NormalInterpreter extends Effects[InterpreterState] {
     })
   }
 
+  def evalAddrToProc(addr: Int): State[InterpreterState, Option[FunPointer]] = 
+    Logger.debug(s"    eff : FIND PROC $addr")
+    val load = StVarLoader(this)
+    for {
+      res <- get ((s: InterpreterState) => s.memoryState.doLoadOpt("funtable", List(Scalar(BitVecLiteral(addr, 64)))))
+  } yield {
+    res match {
+      case Some((f: FunPointer)::Nil) => Some(f)
+      case _ => None
+    }
+  }
+
   def formatStore(varname: String, update: Map[BasilValue, BasilValue]) = {
     val ks = update.toList.sortWith((x,y) => {
       def conv(v:BasilValue): BigInt = v match {
@@ -573,7 +601,7 @@ object NormalInterpreter extends Effects[InterpreterState] {
           case None => None
           case Some(None, l) => Some(Some(bv.value), bv2::l)
           case Some(Some(v), l) if bv.value == v + 1 => Some(Some(bv.value), bv2::l)
-          case Some(Some(v), l) if bv.value != v + 1 => {
+          case Some(Some(v), l) => {
             println(s"$v != ${bv.value} + 1")
             None
           }
@@ -607,37 +635,35 @@ object NormalInterpreter extends Effects[InterpreterState] {
   /** effects * */
   def setNext(c: ExecutionContinuation) = State.modify ((s: InterpreterState) => {
     // Logger.debug(s"    eff : setNext $c")
-    InterpreterState(c, s.callStack, s.memoryState)
+    s.copy(nextCmd = c)
   })
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = modify ((s:InterpreterState) => {
     Logger.debug(s"    eff : CALL $target")
-    InterpreterState(
-      beginFrom,
-      returnTo :: s.callStack,
-      s.memoryState.pushStackFrame(target)
+    s.copy(
+      nextCmd=beginFrom,
+      callStack=returnTo :: s.callStack,
+      memoryState=s.memoryState.pushStackFrame(target)
     )
   })
 
   def doReturn() = {
     Logger.debug(s"    eff : RETURN")
     modify ((s: InterpreterState) => {s.callStack match {
-      case Nil => InterpreterState(Stopped(), Nil, s.memoryState)
-      case h :: tl => {
-        InterpreterState(h, tl, s.memoryState.popStackFrame())
-      }
+      case Nil => s.copy(nextCmd=Stopped())
+      case h :: tl => s.copy(nextCmd=h,callStack=tl,memoryState=s.memoryState.popStackFrame())
     }
     })
   }
 
   def storeVar(v: String, scope: Scope, value: BasilValue) : State[InterpreterState, Unit] = {
     Logger.debug(s"    eff : SET $v := $value")
-    State.modify ((s: InterpreterState) => InterpreterState(s.nextCmd, s.callStack, s.memoryState.defVar(v, scope, value)))
+    State.modify ((s: InterpreterState) => s.copy(memoryState=s.memoryState.defVar(v, scope, value)))
   }
 
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.modify ((s:InterpreterState) => {
     Logger.debug(s"    eff : STORE ${formatStore(vname, update)}")
-    InterpreterState(s.nextCmd, s.callStack, s.memoryState.doStore(vname, update))
+    s.copy(memoryState=s.memoryState.doStore(vname, update))
   })
 
 }
@@ -650,30 +676,41 @@ case object InterpFuns {
     val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
 
     for {
+      h <- s.storeVar("funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
       h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       j <- s.storeVar("R31", Scope.Global, Scalar(SP))
       k <- s.storeVar("R29", Scope.Global, Scalar(FP))
       l <- s.storeVar("R30", Scope.Global, Scalar(LR))
     } yield (l)
-    // s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
   }
 
   def initialiseProgram[S, T <: Effects[S]](f:T)(p: Program): State[S, Unit] = {
-    for {
-      d <- initialState(f)
-      mem <- State.sequence(State.pure(()), p.initialMemory.map(memory => 
-          Eval.store(f)(
-          "mem",
-          Scalar(BitVecLiteral(memory.address, 64)),
-          memory.bytes.toList.map(Scalar(_)),
-          Endian.LittleEndian)))
-      mem <- State.sequence(State.pure(()), p.initialMemory.map(memory => 
+    def initMemory(mem: String, mems: Iterable[MemorySection]) ={
+       for {
+         m <- State.sequence(State.pure(()), mems.filter(m => m.address != 0).map(memory => 
           Eval.store(f)(
-          "stack",
+          mem,
           Scalar(BitVecLiteral(memory.address, 64)),
           memory.bytes.toList.map(Scalar(_)),
           Endian.LittleEndian)))
+      } yield ()
+    }
+
+    println(p.initialMemory)
+
+    for {
+      d <- initialState(f)
+      funs <- State.sequence(State.pure(()), p.procedures.filter(p => p.blocks.nonEmpty && p.address.isDefined).map((proc: Procedure) => 
+          Eval.storeSingle(f)(
+          "funtable",
+          Scalar(BitVecLiteral(proc.address.get, 64)),
+          FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
+        )))
+      mem <- initMemory("mem", p.initialMemory)
+      mem <- initMemory("stack", p.initialMemory)
+      mem <- initMemory("mem", p.readOnlyMemory)
+      mem <- initMemory("stack", p.readOnlyMemory)
       r <- f.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
     } yield (r)
   }
@@ -716,7 +753,6 @@ case object InterpFuns {
       case assign: MemoryAssign => for {
         index : BitVecLiteral <- f.evalBV(assign.index)
         value : BitVecLiteral <- f.evalBV(assign.value)
-        // st.storeMem(assign.mem.name, index, value, assign.endian, assign.size).setNext(Run(s.successor))
         _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
         n <- f.setNext(Run(s.successor))
       } yield (n)
@@ -744,13 +780,20 @@ case object InterpFuns {
           f.setNext(Run(dc.successor))
         }
       } yield (n)
-      case ic: IndirectCall => for {
-        n <- (if (ic.target == Register("R30", 64)) {
+      case ic: IndirectCall => {
+        if (ic.target == Register("R30", 64)) {
           f.doReturn()
         } else {
-          f.setNext(EscapedControlFlow(ic))
-        })
-      } yield (n)
+          for {
+           addr <- f.evalBV(ic.target)
+           fp <- f.evalAddrToProc(addr.value.toInt)
+           _ <- fp match {
+             case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
+             case none => f.setNext(EscapedControlFlow(ic))
+           }
+          } yield ()
+        }
+      }
       case _: NOP => f.setNext(Run(s.successor))
     }
   }
@@ -758,6 +801,7 @@ case object InterpFuns {
 
   def interpret[S, T <: Effects[S]](f: T, m: S): S = {
     val next = State.evaluate(m, f.getNext)
+    Logger.debug(s"eval $next")
     next match {
         case Run(c: Statement) => interpret(f, 
           protect((() => execute(m, interpretStatement(f)(c))), 
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 15da62074..f6bdd0198 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -66,9 +66,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     var IRProgram = IRTranslator.translate
     IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)
     IRProgram = Renamer(Set("free")).visitProgram(IRProgram)
-    transforms.stripUnreachableFunctions(IRProgram)
-    val stackIdentification = StackSubstituter()
-    stackIdentification.visitProgram(IRProgram)
+    // transforms.stripUnreachableFunctions(IRProgram)
     IRProgram.setModifies(Map())
 
     (IRProgram, globals)
@@ -289,6 +287,12 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("secret_write", expected)
   }
 
+  test("indirect_call") {
+    val expected = Map[String, Int]()
+    testInterpret("indirect_call_outparam", expected)
+  }
+
+
   test("ifglobal") {
     val expected = Map(
       "x" -> 1

From c7b4a56e95b79e49cbb79a1d7a1f529ca1650bb2 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 28 Aug 2024 15:54:58 +1000
Subject: [PATCH 014/127] tracing interpreter

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 402 ++++++++++++
 .../scala/ir/eval/InterpretBasilTrace.scala   |  82 +++
 src/main/scala/ir/eval/Interpreter.scala      | 570 +++---------------
 .../scala/ir/eval/InterpreterProduct.scala    |  98 +++
 src/main/scala/util/PerformanceTimer.scala    |   2 +-
 src/test/scala/ir/InterpreterTests.scala      |  71 ++-
 6 files changed, 709 insertions(+), 516 deletions(-)
 create mode 100644 src/main/scala/ir/eval/InterpretBasilIR.scala
 create mode 100644 src/main/scala/ir/eval/InterpretBasilTrace.scala
 create mode 100644 src/main/scala/ir/eval/InterpreterProduct.scala

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
new file mode 100644
index 000000000..8cf8f384b
--- /dev/null
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -0,0 +1,402 @@
+package ir.eval
+import ir._
+import ir.eval.BitVectorEval.*
+import ir.*
+import util.Logger
+import util.functional.*
+import util.functional.State.*
+import boogie.Scope
+import scala.collection.WithFilter
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.immutable
+import scala.util.control.Breaks.{break, breakable}
+
+
+/** Abstraction for memload and variable lookup used by the expression evaluator.
+  */
+case class StVarLoader[S, F <: Effects[S]](f: F) extends Loader[S] {
+
+  def getVariable(v: Variable): State[S, Option[Literal]] = {
+    for {
+      v <- f.loadVar(v.name)
+    } yield ((v match {
+      case Scalar(l) => Some(l)
+      case _         => None
+    }))
+  }
+
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal]] = {
+    for {
+      r <- addr match {
+        case l: Literal if size == 1 =>
+          Eval
+            .loadSingle(f)(m.name, Scalar(l))
+            .map((v: BasilValue) =>
+              v match {
+                case Scalar(l) => Some(l)
+                case _         => None
+              }
+            )
+        case l: Literal => Eval.loadBV(f)(m.name, Scalar(l), endian, size).map(Some(_))
+        case _          => get((s: S) => None)
+      }
+    } yield (r)
+  }
+
+}
+
+/*
+ * Helper functions for compiling high level structures to the interpreter effects.
+ * All are parametric in concrete state S and Effects[S]
+ */
+case object Eval {
+
+  /*--------------------------------------------------------------------------------*/
+  /* Eval functions                                                                 */
+  /*--------------------------------------------------------------------------------*/
+
+  def evalBV[S, T <: Effects[S]](f: T)(e: Expr): State[S, BitVecLiteral] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (res match {
+      case l: BitVecLiteral => l
+      case _                => throw InterpreterError(Errored(s"Eval BV residual $e"))
+    })
+  }
+
+  def evalInt[S, T <: Effects[S]](f: T)(e: Expr): State[S, BigInt] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (res match {
+      case l: IntLiteral => l.value
+      case _             => throw InterpreterError(Errored(s"Eval BV residual $e"))
+    })
+  }
+
+  def evalBool[S, T <: Effects[S]](f: T)(e: Expr): State[S, Boolean] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (res match {
+      case l: BoolLit => l == TrueLiteral
+      case _          => throw InterpreterError(Errored(s"Eval BV residual $e"))
+    })
+  }
+
+  /*--------------------------------------------------------------------------------*/
+  /* Load functions                                                                 */
+  /*--------------------------------------------------------------------------------*/
+
+  def load[S, T <: Effects[S]](
+      f: T
+  )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue]] = {
+    if (count == 0) {
+      throw InterpreterError(Errored(s"Attempted fractional load"))
+    }
+    val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
+    for {
+      values <- f.loadMem(vname, keys.toList)
+      vals = endian match {
+        case Endian.LittleEndian => values.reverse
+        case Endian.BigEndian    => values
+      }
+    } yield (vals.toList)
+  }
+
+  /** Load and concat bitvectors */
+  def loadBV[S, T <: Effects[S]](
+      f: T
+  )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral] = for {
+    mem <- f.loadVar(vname)
+    (valsize, mapv) = mem match {
+      case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
+      case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
+    }
+
+    cells = size / valsize
+
+    res <- load(f)(vname, addr, endian, cells) // actual load
+    bvs: List[BitVecLiteral] = {
+      val rr = res.map {
+        case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
+        case c =>
+          throw InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
+      }
+      rr
+    }
+  } yield (bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
+
+  def loadSingle[S, T <: Effects[S]](f: T)(vname: String, addr: Scalar): State[S, BasilValue] = {
+    for {
+      m <- load(f)(vname, addr, Endian.LittleEndian, 1)
+    } yield (m.head)
+  }
+
+  /*--------------------------------------------------------------------------------*/
+  /* Store functions                                                                */
+  /*--------------------------------------------------------------------------------*/
+
+  /* Expand addr for number of values to store */
+  def store[S, T <: Effects[S]](f: T)(
+      vname: String,
+      addr: BasilValue,
+      values: List[BasilValue],
+      endian: Endian
+  ): State[S, Unit] = for {
+    mem <- f.loadVar(vname)
+    (mapval, keytype, valtype) = mem match {
+      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
+      case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : $v"))
+    }
+    keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
+    vals = endian match {
+      case Endian.LittleEndian => values.reverse
+      case Endian.BigEndian    => values
+    }
+    x <- f.storeMem(vname, keys.zip(vals).toMap)
+  } yield (x)
+
+  /** Extract bitvec to bytes and store bytes */
+  def storeBV[S, T <: Effects[S]](f: T)(
+      vname: String,
+      addr: BasilValue,
+      value: BitVecLiteral,
+      endian: Endian
+  ): State[S, Unit] = for {
+    mem <- f.loadVar(vname)
+    (mapval, vsize) = mem match {
+      case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
+      case v =>
+        throw InterpreterError(
+          TypeError(
+            s"Invalid map store operation to $vname : ${v.irType} (expect [${addr.irType}] <- ${value.getType})"
+          )
+        )
+    }
+    cells = value.size / vsize
+    _ = {
+      if (cells < 1) {
+        throw InterpreterError(MemoryError("Tried to execute fractional store"))
+      }
+    }
+
+    extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
+    vs = endian match {
+      case Endian.LittleEndian => extractVals.map(Scalar(_))
+      case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
+    }
+
+    keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
+    s <- f.storeMem(vname, keys.zip(vs).toMap)
+  } yield (s)
+
+  def storeSingle[S, T <: Effects[S]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit] = {
+    f.storeMem(vname, Map((addr -> value)))
+  }
+}
+
+case object InterpFuns {
+
+  /** Functions which compile BASIL IR down to the minimal interpreter effects.
+    *
+    * Each function takes as parameter an implementation of Effects[S]
+    */
+
+  def initialState[S, T <: Effects[S]](s: T): State[S, Unit] = {
+    val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+    val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
+    val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
+
+    for {
+      h <- s.storeVar("funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
+      h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      j <- s.storeVar("R31", Scope.Global, Scalar(SP))
+      k <- s.storeVar("R29", Scope.Global, Scalar(FP))
+      l <- s.storeVar("R30", Scope.Global, Scalar(LR))
+    } yield (l)
+  }
+
+  def initialiseProgram[S, T <: Effects[S]](f: T)(p: Program): State[S, Unit] = {
+    def initMemory(mem: String, mems: Iterable[MemorySection]) = {
+      for {
+        m <- State.sequence(
+          State.pure(()),
+          mems
+            .filter(m => m.address != 0)
+            .map(memory =>
+              Eval.store(f)(
+                mem,
+                Scalar(BitVecLiteral(memory.address, 64)),
+                memory.bytes.toList.map(Scalar(_)),
+                Endian.LittleEndian
+              )
+            )
+        )
+      } yield ()
+    }
+
+    for {
+      d <- initialState(f)
+      funs <- State.sequence(
+        State.pure(()),
+        p.procedures
+          .filter(p => p.blocks.nonEmpty && p.address.isDefined)
+          .map((proc: Procedure) =>
+            Eval.storeSingle(f)(
+              "funtable",
+              Scalar(BitVecLiteral(proc.address.get, 64)),
+              FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
+            )
+          )
+      )
+      mem <- initMemory("mem", p.initialMemory)
+      mem <- initMemory("stack", p.initialMemory)
+      mem <- initMemory("mem", p.readOnlyMemory)
+      mem <- initMemory("stack", p.readOnlyMemory)
+      r <- f.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
+    } yield (r)
+  }
+
+  def interpretJump[S, T <: Effects[S]](f: T)(j: Jump): State[S, Unit] = {
+    j match {
+      case gt: GoTo if gt.targets.size == 1 => {
+        f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
+      }
+      case gt: GoTo =>
+        val assumes = gt.targets.flatMap(_.statements.headOption).collect { case a: Assume =>
+          a
+        }
+        if (assumes.size != gt.targets.size) {
+          throw InterpreterError(Errored(s"Some goto target missing guard $gt"))
+        }
+        for {
+          chosen: List[Assume] <- filterM((a: Assume) => f.evalBool(a.body), assumes)
+
+          res <- chosen match {
+            case Nil      => f.setNext(Errored(s"No jump target satisfied $gt"))
+            case h :: Nil => f.setNext(Run(h))
+            case h :: tl  => f.setNext(Errored(s"More than one jump guard satisfied $gt"))
+          }
+        } yield (res)
+      case r: Return      => f.doReturn()
+      case h: Unreachable => f.setNext(EscapedControlFlow(h))
+    }
+  }
+
+  def interpretStatement[S, T <: Effects[S]](f: T)(s: Statement): State[S, Unit] = {
+    s match {
+      case assign: Assign => {
+        for {
+          rhs <- f.evalBV(assign.rhs)
+          st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
+          n <- f.setNext(Run(s.successor))
+        } yield (st)
+      }
+      case assign: MemoryAssign =>
+        for {
+          index: BitVecLiteral <- f.evalBV(assign.index)
+          value: BitVecLiteral <- f.evalBV(assign.value)
+          _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
+          n <- f.setNext(Run(s.successor))
+        } yield (n)
+      case assert: Assert =>
+        for {
+          b <- f.evalBool(assert.body)
+          n <-
+            (if (!b) then {
+               f.setNext(FailedAssertion(assert))
+             } else {
+               f.setNext(Run(s.successor))
+             })
+        } yield (n)
+      case assume: Assume =>
+        for {
+          b <- f.evalBool(assume.body)
+          n <-
+            (if (!b) {
+               f.setNext(Errored(s"Assumption not satisfied: $assume"))
+             } else {
+               f.setNext(Run(s.successor))
+             })
+        } yield (n)
+      case dc: DirectCall =>
+        for {
+          n <-
+            if (dc.target.entryBlock.isDefined) {
+              val block = dc.target.entryBlock.get
+              f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
+            } else {
+              f.setNext(Run(dc.successor))
+            }
+        } yield (n)
+      case ic: IndirectCall => {
+        if (ic.target == Register("R30", 64)) {
+          f.doReturn()
+        } else {
+          for {
+            addr <- f.evalBV(ic.target)
+            fp <- f.evalAddrToProc(addr.value.toInt)
+            _ <- fp match {
+              case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
+              case none     => f.setNext(EscapedControlFlow(ic))
+            }
+          } yield ()
+        }
+      }
+      case _: NOP => f.setNext(Run(s.successor))
+    }
+  }
+
+  def interpret[S, T <: Effects[S]](f: T, m: S): S = {
+    val next = State.evaluate(m, f.getNext)
+    Logger.debug(s"eval $next")
+    next match {
+      case Run(c: Statement) =>
+        interpret(
+          f,
+          protect(
+            (() => execute(m, interpretStatement(f)(c))),
+            {
+              case x @ InterpreterError(e) => {
+                Logger.error(s"${x.getStackTrace.mkString("\n")}")
+                execute(m, f.setNext(e))
+              }
+              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
+            }
+          )
+        )
+      case Run(c: Jump) =>
+        interpret(
+          f,
+          protect(
+            (() => execute(m, interpretJump(f)(c))),
+            {
+              case x @ InterpreterError(e) => {
+                Logger.error(s"${x.getStackTrace.mkString("\n")}")
+                execute(m, f.setNext(e))
+              }
+              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
+            }
+          )
+        )
+      case Stopped() => m
+      case errorstop => m
+    }
+  }
+
+  def interpretProg[S, T <: Effects[S]](f: T)(p: Program, is: S): S = {
+    val begin = State.execute(is, initialiseProgram(f)(p))
+    // State.execute[S,Unit](is, )
+    interpret(f, begin)
+  }
+}
+
+def interpret(IRProgram: Program): InterpreterState = {
+  InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
+}
+
diff --git a/src/main/scala/ir/eval/InterpretBasilTrace.scala b/src/main/scala/ir/eval/InterpretBasilTrace.scala
new file mode 100644
index 000000000..4ba8c6836
--- /dev/null
+++ b/src/main/scala/ir/eval/InterpretBasilTrace.scala
@@ -0,0 +1,82 @@
+package ir.eval
+import ir._
+import ir.eval.BitVectorEval.*
+import ir.*
+import util.Logger
+import util.functional.*
+import util.functional.State.*
+import boogie.Scope
+import scala.collection.WithFilter
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.immutable
+import scala.util.control.Breaks.{break, breakable}
+
+
+enum ExecEffect:
+  case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
+  case SetNext(c: ExecutionContinuation)
+  case Return
+  case StoreVar(v: String, s: Scope, value: BasilValue)
+  case LoadVar(v: String)
+  case StoreMem(vname: String, update: Map[BasilValue, BasilValue])
+  case LoadMem(vname: String, addrs: List[BasilValue])
+  case FindProc(addr: Int)
+
+case class Trace(val t: List[ExecEffect])
+
+case object Trace {
+  def add(e: ExecEffect) : State[Trace, Unit] = {
+    modify ((t: Trace) => Trace(t.t.appended(e)))
+  }
+}
+
+
+object TraceGen extends Effects[Trace] {
+  /** Values are discarded by ProductInterpreter so do not matter */
+  def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
+
+  def evalInt(e: Expr) = State.pure(BigInt(0))
+
+  def evalBool(e: Expr) = State.pure(false)
+
+  def loadVar(v: String) = for {
+    s <- Trace.add(ExecEffect.LoadVar(v))
+  } yield (Scalar(FalseLiteral))
+
+  def loadMem(v: String, addrs: List[BasilValue])  = for {
+    s <- Trace.add(ExecEffect.LoadMem(v, addrs))
+  } yield (List())
+
+  def evalAddrToProc(addr: Int) = for {
+    s <- Trace.add(ExecEffect.FindProc(addr))
+  } yield (None)
+
+  def getNext = State.pure(Stopped())
+
+  def setNext(c: ExecutionContinuation)  = State.pure(())
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
+    s <- Trace.add(ExecEffect.Call(target, beginFrom, returnTo))
+  } yield (())
+
+  def doReturn() = for {
+    s <- Trace.add(ExecEffect.Return)
+  } yield (())
+
+  def storeVar(v: String, scope: Scope, value: BasilValue) = for {
+    s <- Trace.add(ExecEffect.StoreVar(v, scope, value))
+  } yield (())
+
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
+    s <- Trace.add(ExecEffect.StoreMem(vname, update))
+  } yield (())
+}
+
+def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen)
+
+def interpretTrace(p: Program) : (InterpreterState, Trace) = {
+  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+}
+
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 07cec32d3..12ed90010 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -12,8 +12,8 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-
-
+/** Interpreter status type, either stopped, run next command or error
+  */
 sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
 
@@ -29,14 +29,11 @@ case class EvalError(val message: String = "")
     extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
 case class MemoryError(val message: String = "") extends ExecutionContinuation /* An error to do with memory */
 
+/** TODO: errors should be encapsualted in error monad, rather than mapping exceptions back into state transitions at
+  * State.execute() */
 case class InterpreterError(continue: ExecutionContinuation) extends Exception()
 
-case class InterpreterSummary(
-    val exitState: ExecutionContinuation,
-    val regs: Map[Variable, BitVecLiteral],
-    val memory: Map[Int, BitVecLiteral]
-)
-
+/* Concrete value type of the interpreter. */
 sealed trait BasilValue(val irType: IRType)
 case class Scalar(val value: Literal) extends BasilValue(value.getType) {
   override def toString = value match {
@@ -45,7 +42,9 @@ case class Scalar(val value: Literal) extends BasilValue(value.getType) {
   }
 }
 
-case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation) extends BasilValue(addr.getType)
+/** Slightly hacky way of mapping addresses to function calls within the interpreter dynamic state */
+case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation)
+    extends BasilValue(addr.getType)
 
 // Erase the type of basil values and enforce the invariant that
 // \exists i . \forall v \in value.keys , v.irType = i  and
@@ -54,7 +53,7 @@ case class MapValue(val value: Map[BasilValue, BasilValue], override val irType:
   override def toString = s"MapValue : $irType"
 }
 
-case object BasilValue:
+case object BasilValue {
 
   def size(v: IRType): Int = {
     v match {
@@ -83,36 +82,15 @@ case object BasilValue:
       case _ => throw InterpreterError(TypeError(s"Operation add undefined on $l $r"))
     }
   }
+}
 
-  def concat(l: BasilValue, r: BasilValue): BasilValue = {
-    (l, r) match {
-      case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Scalar(eval.evalBVBinExpr(BVCONCAT, b1, b2))
-      case _ => throw InterpreterError(TypeError(s"Operation concat undefined on $l $r"))
-    }
-  }
-
-  def extract(l: BasilValue, high: Int, low: Int): BasilValue = {
-    (l) match {
-      case Scalar(b: BitVecLiteral) => Scalar(eval.BitVectorEval.boogie_extract(high, low, b))
-      case _ => throw InterpreterError(TypeError(s"Operation extract($high, $low) undefined on $l"))
-    }
-  }
-
-  def fromIR(e: Expr) = {
-    e match {
-      case t: IntLiteral    => Scalar(t)
-      case v: BitVecLiteral => Scalar(v)
-      case b: BoolLit       => Scalar(b)
-      case _                => throw InterpreterError(EvalError(s"Failed to get value from non-literal expr $e"))
-
-    }
-  }
-
-export BasilValue._
-
+/**
+ * Minimal language defining all state transitions in the interpreter, 
+ * defined for the interpreter's concrete state T.
+ */
+trait Effects[T] {
+  /* evaluation (may side-effect on error) */
 
-sealed trait Effects[T] {
-  /* evaluation (may side-effect via InterpreterException on evaluation failure) */
   def evalBV(e: Expr): State[T, BitVecLiteral]
 
   def evalInt(e: Expr): State[T, BigInt]
@@ -123,13 +101,20 @@ sealed trait Effects[T] {
 
   def loadMem(v: String, addrs: List[BasilValue]): State[T, List[BasilValue]]
 
-  def evalAddrToProc(addr: Int): State[T, Option[FunPointer]] 
+  def evalAddrToProc(addr: Int): State[T, Option[FunPointer]]
 
   def getNext: State[T, ExecutionContinuation]
 
-  /** effects * */
+  /** state effects */
+
+  /* High-level implementation of a program counter that leverages the intrusive CFG. */
   def setNext(c: ExecutionContinuation): State[T, Unit]
 
+  /* Perform a call:
+   *  target: arbitrary target name
+   *  beginFrom: ExecutionContinuation which begins executing the procedure
+   *  returnTo: ExecutionContinuation which begins executing after procedure return
+   */
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): State[T, Unit]
 
   def doReturn(): State[T, Unit]
@@ -139,15 +124,20 @@ sealed trait Effects[T] {
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]): State[T, Unit]
 }
 
- 
 
+/** -------------------------------------------------------------------------------- 
+ * Definition of concrete state
+ * -------------------------------------------------------------------------------- */
 
-// case class BasilConstant(val basilType: BasilValue, val value: basilType.ReprType)
 
 type StackFrameID = String
 val globalFrame: StackFrameID = "GLOBAL"
 
 case class MemoryState(
+    /* We have a very permissive value reprsentation and store all dynamic state in `stackFrames`.
+     * - activations is the call stack, the top of which indicates the current stackFrame.
+     * - activationCount: (procedurename -> int) is used to create uniquely-named stackframes.
+     */
     val stackFrames: Map[StackFrameID, Map[String, BasilValue]] = Map((globalFrame -> Map.empty)),
     val activations: List[StackFrameID] = List.empty,
     val activationCount: Map[String, Int] = Map.empty.withDefault(_ => 0)
@@ -305,245 +295,6 @@ case class MemoryState(
   }
 }
 
-case class StVarLoader[S, F <: Effects[S]](f : F) extends Loader[S] {
-
-  /** Load helpers * */
-  def load(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue]] = {
-    if (count == 0) {
-      throw InterpreterError(Errored(s"Attempted fractional load"))
-    }
-    val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
-    for {
-      values <- f.loadMem(vname, keys.toList)
-      vals = endian match {
-        case Endian.LittleEndian => values.reverse
-        case Endian.BigEndian    => values
-      }
-    }
-    yield (vals.toList)
-  }
-
-
-  /** Load and concat bitvectors */
-  def loadBV( vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral] = for {
-      mem <- f.loadVar(vname)
-      (valsize, mapv) = mem match {
-        case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
-        case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
-      }
-
-      cells = size / valsize
-
-      res <- load(vname, addr, endian, cells) // actual load
-      bvs: List[BitVecLiteral] = {
-        val rr = res.map {
-          case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
-          case c =>
-            throw InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
-        }
-        rr
-      }
-    } yield(bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
-
-  def loadSingle(vname: String, addr: Scalar): State[S, BasilValue] = {
-    for {
-      m <- load(vname, addr, Endian.LittleEndian, 1)
-    } yield (m.head)
-  }
-
-  def getVariable(v: Variable) : State[S, Option[Literal]] = {
-    for {
-      v <- f.loadVar(v.name)
-    } yield (
-    (v match {
-    case Scalar(l) => Some(l)
-    case _         => None
-    }))
-  }
-
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal]] = {
-    for {
-      r <-  addr match {
-        case l: Literal if size== 1 => loadSingle(m.name, Scalar(l)).map((v : BasilValue) => v match {
-          case Scalar(l) => Some(l)
-          case _ => None
-        })
-        case l: Literal => loadBV(m.name, Scalar(l), endian, size).map(Some(_))
-        case _          => get((s:S) => None)
-    }
-    } yield (r)
-  }
-
-}
-
-
-case object Eval {
-  //def getVar[S, F <: Effects[S]](f: F)(s: S)(v: Variable): Option[Literal] = 
-  //  f.loadVar(v.name).f(s) match {
-  //  case Scalar(l) => Some(l)
-  //  case _         => None
-  //}
-
-  //def doLoad[S, T <: Effects[S]](f: T)(s: S)(m: Memory, addr: Expr, endian: Endian, sz: Int): Option[Literal] = {
-  //  addr match {
-  //    case l: Literal if sz == 1 => (
-  //      loadSingle(f)(s)(m.name, Scalar(l)) match {
-  //        case Scalar(v) => Some(v)
-  //        case _         => None
-  //      }
-  //    )
-  //    case l: Literal => Some(loadBV(f)(s)(m.name, Scalar(l), endian, sz))
-  //    case _          => None
-  //  }
-  //}
-
-  def evalBV[S, T <: Effects[S]](f: T)(e: Expr): State[S, BitVecLiteral] = {
-    val ldr = StVarLoader[S, T](f)
-    for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
-    } yield (
-      res match {
-        case l: BitVecLiteral => l
-        case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
-      })
-  }
-
-  def evalInt[S, T <: Effects[S]](f: T)(e: Expr): State[S, BigInt] = {
-    val ldr = StVarLoader[S, T](f)
-    for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
-    } yield (
-      res match {
-        case l: IntLiteral => l.value
-        case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
-      })
-  }
-
-  def evalBool[S, T <: Effects[S]](f: T)(e: Expr): State[S, Boolean] = {
-    val ldr = StVarLoader[S, T](f)
-    for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
-    } yield (
-      res match {
-        case l: BoolLit => l == TrueLiteral
-        case _  => throw InterpreterError(Errored(s"Eval BV residual $e"))
-      })
-  }
-
-
-
-  /** State modifying helpers, e.g. store
-    */
-
-  /* Expand addr for number of values to store */
-  def store[S, T <: Effects[S]](f: T)(
-      vname: String,
-      addr: BasilValue,
-      values: List[BasilValue],
-      endian: Endian
-  ): State[S, Unit] = for {
-      mem <- f.loadVar(vname)
-      (mapval, keytype, valtype) = mem match {
-        case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
-        case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : $v"))
-      }
-      keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
-      vals = endian match {
-        case Endian.LittleEndian => values.reverse
-        case Endian.BigEndian    => values
-      }
-      x <- f.storeMem(vname, keys.zip(vals).toMap)
-    } yield (x)
-
-
-  /** Extract bitvec to bytes and store bytes */
-  def storeBV[S, T <: Effects[S]](f: T)(
-      vname: String,
-      addr: BasilValue,
-      value: BitVecLiteral,
-      endian: Endian
-  ): State[S, Unit] = for {
-    mem <- f.loadVar(vname)
-    (mapval, vsize) = mem match {
-      case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
-      case v =>
-        throw InterpreterError(
-          TypeError(
-            s"Invalid map store operation to $vname : ${v.irType} (expect [${addr.irType}] <- ${value.getType})"
-          )
-        )
-    }
-    cells = value.size / vsize
-    _ = {
-    if (cells < 1) {
-      throw InterpreterError(MemoryError("Tried to execute fractional store"))
-    }}
-
-    extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
-    vs = endian match {
-      case Endian.LittleEndian => extractVals.map(Scalar(_))
-      case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
-    }
-
-    keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
-    s <- f.storeMem(vname, keys.zip(vs).toMap)
-  } yield (s)
-
-  def storeSingle[S, T <: Effects[S]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit] = {
-    f.storeMem(vname, Map((addr -> value)))
-  }
-}
-
-
-enum Effect:
-  case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
-  case SetNext(c: ExecutionContinuation)
-  case Return
-  case StoreVar(v: String, s: Scope, value: BasilValue)
-  case StoreMem(vname: String, update: Map[BasilValue, BasilValue])
-
-
-// case class TracingInterpreter(
-//     val s: InterpreterState,
-//     val trace: List[Effect]
-// ) extends Effects[TracingInterpreter] {
-// 
-//   def evalBV(e: Expr) = Eval.evalBV(this)(e)
-//   def evalInt(e: Expr) = Eval.evalInt(this)(e)
-//   def evalBool(e: Expr) = Eval.evalBool(this)(e)
-// 
-//   def loadVar(v: String) = 
-//   def loadMem(v: String, addrs: List[BasilValue]) = s.loadMem(v, addrs)
-// 
-//   /** effects * */
-//   def setNext(c: ExecutionContinuation) = {
-//     // Logger.debug(s"    eff : DONEXT $c")
-//     TracingInterpreter(s.setNext(c), trace)
-//   }
-// 
-//   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = {
-//     //Logger.debug(s"    eff : CALL $target")
-//     TracingInterpreter(s.call(target, beginFrom, returnTo), Effect.Call(target, beginFrom, returnTo) :: trace)
-//   }
-// 
-//   def doReturn() = {
-//     //Logger.debug(s"    eff : RETURN")
-//     TracingInterpreter(s.doReturn(), Effect.Return :: trace)
-//   }
-// 
-//   def storeVar(v: String, c: Scope, value: BasilValue) = {
-//     //Logger.debug(s"    eff : SET $v := $value")
-//     TracingInterpreter(s.storeVar(v, c, value), Effect.StoreVar(v, c, value) :: trace)
-//   }
-// 
-//   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = {
-//     //Logger.debug(s"    eff : STORE $vname <- $update")
-//     TracingInterpreter(s.storeMem(vname, update), Effect.StoreMem(vname, update) :: trace)
-//   }
-// 
-//   def getNext = s.getNext
-// 
-// }
 
 case class InterpreterState(
     val nextCmd: ExecutionContinuation = Stopped(),
@@ -551,6 +302,8 @@ case class InterpreterState(
     val memoryState: MemoryState = MemoryState()
 )
 
+/** Implementation of Effects for InterpreterState concrete state representation.
+  */
 object NormalInterpreter extends Effects[InterpreterState] {
 
   /* eval */
@@ -572,42 +325,40 @@ object NormalInterpreter extends Effects[InterpreterState] {
     })
   }
 
-  def evalAddrToProc(addr: Int): State[InterpreterState, Option[FunPointer]] = 
+  def evalAddrToProc(addr: Int): State[InterpreterState, Option[FunPointer]] =
     Logger.debug(s"    eff : FIND PROC $addr")
-    val load = StVarLoader(this)
     for {
-      res <- get ((s: InterpreterState) => s.memoryState.doLoadOpt("funtable", List(Scalar(BitVecLiteral(addr, 64)))))
-  } yield {
-    res match {
-      case Some((f: FunPointer)::Nil) => Some(f)
-      case _ => None
+      res <- get((s: InterpreterState) => s.memoryState.doLoadOpt("funtable", List(Scalar(BitVecLiteral(addr, 64)))))
+    } yield {
+      res match {
+        case Some((f: FunPointer) :: Nil) => Some(f)
+        case _                            => None
+      }
     }
-  }
 
-  def formatStore(varname: String, update: Map[BasilValue, BasilValue]) = {
-    val ks = update.toList.sortWith((x,y) => {
-      def conv(v:BasilValue): BigInt = v match {
+  def formatStore(varname: String, update: Map[BasilValue, BasilValue]) : String = {
+    val ks = update.toList.sortWith((x, y) => {
+      def conv(v: BasilValue): BigInt = v match {
         case (Scalar(b: BitVecLiteral)) => b.value
-        case (Scalar(b: IntLiteral)) => b.value
-        case _ => BigInt(0) 
+        case (Scalar(b: IntLiteral))    => b.value
+        case _                          => BigInt(0)
       }
       conv(x._1) <= conv(y._1)
     })
 
-    val rs = ks.foldLeft(Some((None,List[BitVecLiteral]())): Option[(Option[BigInt], List[BitVecLiteral])])((acc, v) => 
+    val rs = ks.foldLeft(Some((None, List[BitVecLiteral]())): Option[(Option[BigInt], List[BitVecLiteral])])((acc, v) =>
       v match {
-      case (Scalar(bv : BitVecLiteral), Scalar(bv2 : BitVecLiteral)) => {
-        acc match {
-          case None => None
-          case Some(None, l) => Some(Some(bv.value), bv2::l)
-          case Some(Some(v), l) if bv.value == v + 1 => Some(Some(bv.value), bv2::l)
-          case Some(Some(v), l) => {
-            println(s"$v != ${bv.value} + 1")
-            None
+        case (Scalar(bv: BitVecLiteral), Scalar(bv2: BitVecLiteral)) => {
+          acc match {
+            case None                                  => None
+            case Some(None, l)                         => Some(Some(bv.value), bv2 :: l)
+            case Some(Some(v), l) if bv.value == v + 1 => Some(Some(bv.value), bv2 :: l)
+            case Some(Some(v), l) => {
+              None
+            }
           }
         }
-      }
-      case (bv, bv2) => None
+        case (bv, bv2) => None
       }
     )
 
@@ -630,215 +381,46 @@ object NormalInterpreter extends Effects[InterpreterState] {
     })
   }
 
-  def getNext = State.get ((s: InterpreterState) => s.nextCmd)
+  def getNext = State.get((s: InterpreterState) => s.nextCmd)
 
   /** effects * */
-  def setNext(c: ExecutionContinuation) = State.modify ((s: InterpreterState) => {
+  def setNext(c: ExecutionContinuation) = State.modify((s: InterpreterState) => {
     // Logger.debug(s"    eff : setNext $c")
     s.copy(nextCmd = c)
   })
 
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = modify ((s:InterpreterState) => {
-    Logger.debug(s"    eff : CALL $target")
-    s.copy(
-      nextCmd=beginFrom,
-      callStack=returnTo :: s.callStack,
-      memoryState=s.memoryState.pushStackFrame(target)
-    )
-  })
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) =
+    modify((s: InterpreterState) => {
+      Logger.debug(s"    eff : CALL $target")
+      s.copy(
+        nextCmd = beginFrom,
+        callStack = returnTo :: s.callStack,
+        memoryState = s.memoryState.pushStackFrame(target)
+      )
+    })
 
   def doReturn() = {
     Logger.debug(s"    eff : RETURN")
-    modify ((s: InterpreterState) => {s.callStack match {
-      case Nil => s.copy(nextCmd=Stopped())
-      case h :: tl => s.copy(nextCmd=h,callStack=tl,memoryState=s.memoryState.popStackFrame())
-    }
+    modify((s: InterpreterState) => {
+      s.callStack match {
+        case Nil     => s.copy(nextCmd = Stopped())
+        case h :: tl => s.copy(nextCmd = h, callStack = tl, memoryState = s.memoryState.popStackFrame())
+      }
     })
   }
 
-  def storeVar(v: String, scope: Scope, value: BasilValue) : State[InterpreterState, Unit] = {
+  def storeVar(v: String, scope: Scope, value: BasilValue): State[InterpreterState, Unit] = {
     Logger.debug(s"    eff : SET $v := $value")
-    State.modify ((s: InterpreterState) => s.copy(memoryState=s.memoryState.defVar(v, scope, value)))
+    State.modify((s: InterpreterState) => s.copy(memoryState = s.memoryState.defVar(v, scope, value)))
   }
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.modify ((s:InterpreterState) => {
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.modify((s: InterpreterState) => {
     Logger.debug(s"    eff : STORE ${formatStore(vname, update)}")
-    s.copy(memoryState=s.memoryState.doStore(vname, update))
+    s.copy(memoryState = s.memoryState.doStore(vname, update))
   })
 
 }
 
-case object InterpFuns {
-
-  def initialState[S, T <: Effects[S]](s: T): State[S, Unit] = {
-    val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-    val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-    val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-
-    for {
-      h <- s.storeVar("funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
-      h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-      i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-      j <- s.storeVar("R31", Scope.Global, Scalar(SP))
-      k <- s.storeVar("R29", Scope.Global, Scalar(FP))
-      l <- s.storeVar("R30", Scope.Global, Scalar(LR))
-    } yield (l)
-  }
-
-  def initialiseProgram[S, T <: Effects[S]](f:T)(p: Program): State[S, Unit] = {
-    def initMemory(mem: String, mems: Iterable[MemorySection]) ={
-       for {
-         m <- State.sequence(State.pure(()), mems.filter(m => m.address != 0).map(memory => 
-          Eval.store(f)(
-          mem,
-          Scalar(BitVecLiteral(memory.address, 64)),
-          memory.bytes.toList.map(Scalar(_)),
-          Endian.LittleEndian)))
-      } yield ()
-    }
-
-    println(p.initialMemory)
-
-    for {
-      d <- initialState(f)
-      funs <- State.sequence(State.pure(()), p.procedures.filter(p => p.blocks.nonEmpty && p.address.isDefined).map((proc: Procedure) => 
-          Eval.storeSingle(f)(
-          "funtable",
-          Scalar(BitVecLiteral(proc.address.get, 64)),
-          FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
-        )))
-      mem <- initMemory("mem", p.initialMemory)
-      mem <- initMemory("stack", p.initialMemory)
-      mem <- initMemory("mem", p.readOnlyMemory)
-      mem <- initMemory("stack", p.readOnlyMemory)
-      r <- f.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
-    } yield (r)
-  }
-
-  def interpretJump[S, T <: Effects[S]](f: T)(j: Jump): State[S, Unit] = {
-    j match {
-      case gt: GoTo if gt.targets.size == 1 => {
-        f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
-      }
-      case gt: GoTo =>
-        val assumes = gt.targets.flatMap(_.statements.headOption).collect {
-            case a: Assume => a
-          }
-        if (assumes.size != gt.targets.size) {
-          throw InterpreterError(Errored(s"Some goto target missing guard $gt"))
-        }
-        for {
-          chosen : List[Assume] <- filterM((a:Assume) => f.evalBool(a.body), assumes)
-
-          res <- chosen match {
-            case Nil      => f.setNext(Errored(s"No jump target satisfied $gt"))
-            case h :: Nil => f.setNext(Run(h))
-            case h :: tl  => f.setNext(Errored(s"More than one jump guard satisfied $gt"))
-          }
-        } yield (res)
-      case r: Return      => f.doReturn()
-      case h: Unreachable => f.setNext(EscapedControlFlow(h))
-    }
-  }
-
-  def interpretStatement[S, T <: Effects[S]](f: T)(s: Statement): State[S, Unit] = {
-    s match {
-      case assign: Assign => {
-        for {
-          rhs <- f.evalBV(assign.rhs)
-          st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
-          n <- f.setNext(Run(s.successor))
-        } yield (st)
-      }
-      case assign: MemoryAssign => for {
-        index : BitVecLiteral <- f.evalBV(assign.index)
-        value : BitVecLiteral <- f.evalBV(assign.value)
-        _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
-        n <- f.setNext(Run(s.successor))
-      } yield (n)
-      case assert: Assert => for {
-        b <- f.evalBool(assert.body) 
-        n <- (if (!b) then {
-          f.setNext(FailedAssertion(assert))
-        } else {
-          f.setNext(Run(s.successor))
-        }) 
-      } yield (n)
-      case assume: Assume => for {
-        b <- f.evalBool(assume.body) 
-        n <- (if (!b) {
-          f.setNext(Errored(s"Assumption not satisfied: $assume"))
-        } else {
-          f.setNext(Run(s.successor))
-        })
-      } yield (n)
-      case dc: DirectCall => for {
-        n <- if (dc.target.entryBlock.isDefined) {
-          val block = dc.target.entryBlock.get
-          f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
-        } else {
-          f.setNext(Run(dc.successor))
-        }
-      } yield (n)
-      case ic: IndirectCall => {
-        if (ic.target == Register("R30", 64)) {
-          f.doReturn()
-        } else {
-          for {
-           addr <- f.evalBV(ic.target)
-           fp <- f.evalAddrToProc(addr.value.toInt)
-           _ <- fp match {
-             case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
-             case none => f.setNext(EscapedControlFlow(ic))
-           }
-          } yield ()
-        }
-      }
-      case _: NOP => f.setNext(Run(s.successor))
-    }
-  }
-
-
-  def interpret[S, T <: Effects[S]](f: T, m: S): S = {
-    val next = State.evaluate(m, f.getNext)
-    Logger.debug(s"eval $next")
-    next match {
-        case Run(c: Statement) => interpret(f, 
-          protect((() => execute(m, interpretStatement(f)(c))), 
-            {
-              case x @ InterpreterError(e) => {
-                Logger.error(s"${x.getStackTrace.mkString("\n")}")
-                execute(m, f.setNext(e))
-              }
-              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
-            } 
-            ))
-        case Run(c: Jump) => interpret(f, 
-          protect((() => execute(m, interpretJump(f)(c))), 
-            {
-              case x @ InterpreterError(e) => {
-                Logger.error(s"${x.getStackTrace.mkString("\n")}")
-                execute(m, f.setNext(e))
-              }
-              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
-            } 
-            ))
-        case Stopped() => m
-        case errorstop => m 
-    }
-  }
-
-  def interpretProg[S, T <: Effects[S]](f: T)(p: Program, is: S): S = {
-    val begin = State.execute(is, initialiseProgram(f)(p))
-    // State.execute[S,Unit](is, )
-    interpret(f, begin)
-  }
-
-}
-
-def interpret(IRProgram: Program): InterpreterState = {
-  InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
-}
 
 // def interpretTrace(IRProgram: Program): TracingInterpreter = {
 //   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
new file mode 100644
index 000000000..53bc8f779
--- /dev/null
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -0,0 +1,98 @@
+
+package ir.eval
+import ir._
+import ir.eval.BitVectorEval.*
+import ir.*
+import util.Logger
+import util.functional.*
+import util.functional.State.*
+import boogie.Scope
+import scala.collection.WithFilter
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.immutable
+import scala.util.control.Breaks.{break, breakable}
+
+/**
+ * Runs two interpreters independently, the returns the value from inner, and ignores before
+ */
+case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T]) extends Effects[(L, T)] {
+  def doLeft[V](f: State[L, V]) : State[(L, T), V] = for {
+    f <- State[(L, T), V]((s: (L, T)) => {
+      val r = f.f(s._1)
+      ((r._1, s._2), r._2)
+    })
+  } yield (f)
+
+  def doRight[V](f: State[T, V]) : State[(L, T), V] = for {
+    f <- State[(L, T), V]((s: (L, T)) => {
+      val r = f.f(s._2)
+      ((s._1, r._1), r._2)
+    })
+  } yield (f)
+
+
+  def evalBV(e: Expr) = for {
+    n <- doRight(before.evalBV(e))
+    f <- doLeft(inner.evalBV(e))
+  } yield (f)
+
+  def evalInt(e: Expr) = for {
+    n <- doRight(before.evalBV(e))
+    f <- doLeft(inner.evalInt(e))
+  } yield (f)
+
+  def evalBool(e: Expr) = for {
+    n <- doRight(before.evalBool(e)) 
+    f <- doLeft(inner.evalBool(e))
+  } yield (f)
+
+  def loadVar(v: String) = for {
+    n <- doRight(before.loadVar(v))
+    f <- doLeft(inner.loadVar(v))
+  } yield (f)
+
+  def loadMem(v: String, addrs: List[BasilValue]) = for {
+    n <- doRight(before.loadMem(v, addrs))
+    f <- doLeft(inner.loadMem(v, addrs))
+  } yield (f)
+
+  def evalAddrToProc(addr: Int) = for {
+    n <- doRight(before.evalAddrToProc(addr: Int))
+    f <- doLeft(inner.evalAddrToProc(addr))
+  } yield(f)
+
+  def getNext = for {
+    n <- doRight(before.getNext)
+    f <- doLeft(inner.getNext)
+  } yield(f)
+
+  /** state effects */
+  def setNext(c: ExecutionContinuation) = for {
+    n <- doRight(before.setNext(c))
+    f <- doLeft(inner.setNext(c))
+  } yield (f)
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
+    n <- doRight(before.call(target, beginFrom, returnTo))
+    f <- doLeft(inner.call(target, beginFrom, returnTo))
+  } yield (f)
+
+  def doReturn() = for {
+    n <- doRight(before.doReturn())
+    f <- doLeft(inner.doReturn())
+  } yield (f)
+
+  def storeVar(v: String, scope: Scope, value: BasilValue) = for {
+    n <- doRight(before.storeVar(v, scope, value))
+    f <- doLeft(inner.storeVar(v, scope, value))
+  } yield(f)
+
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
+    n <- doRight(before.storeMem(vname,update))
+    f <- doLeft(inner.storeMem(vname, update))
+  } yield(f)
+}
+
+
diff --git a/src/main/scala/util/PerformanceTimer.scala b/src/main/scala/util/PerformanceTimer.scala
index a0be917f3..d233513cb 100644
--- a/src/main/scala/util/PerformanceTimer.scala
+++ b/src/main/scala/util/PerformanceTimer.scala
@@ -15,7 +15,7 @@ case class PerformanceTimer(timerName: String = "") {
       Logger.info(s"PerformanceTimer $timerName [$name]: ${delta}ms")
       delta
   }
-  private def elapsed() :  Long = {
+  def elapsed() :  Long = {
       System.currentTimeMillis() - lastCheckpoint
   }
 
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index f6bdd0198..51c2e7218 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -1,5 +1,6 @@
 package ir
 
+import util.PerformanceTimer
 import util.functional._
 import ir.eval._
 import ir.dsl._
@@ -28,7 +29,6 @@ import util.ILLoadingConfig
 // def initialMem() = InterpFuns.initialState(InterpreterState(), List())
 
 def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
-  println(s)
   val f = NormalInterpreter
  //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
@@ -135,7 +135,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
      val s = for {
        _ <- InterpFuns.initialState(NormalInterpreter)
        _ <- Eval.store(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
-       r <- loader.loadBV("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+       r <- Eval.loadBV(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
      } yield(r)
      val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
      val actual: BitVecLiteral = State.evaluate(InterpreterState(), s)
@@ -323,14 +323,15 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   }
 
 
-  def fibonacciProg(n: Int) = {
-    def expected(n: Int) : Int = {
-      n match {
-        case 0 => 0
-        case 1 => 1
-        case n => expected(n - 1) + expected(n - 2)
-      }
+  def fib(n: Int) : Int = {
+    n match {
+      case 0 => 0
+      case 1 => 1
+      case n => fib(n - 1) + fib(n - 2)
     }
+  }
+
+  def fibonacciProg(n: Int) = {
     prog(
       proc("begin", 
         block("entry",
@@ -340,7 +341,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
           goto("done")
         ),
         block("done",
-          Assert(BinaryExpr(BVEQ, R0, bv64(expected(n)))),
+          Assert(BinaryExpr(BVEQ, R0, bv64(fib(n)))),
           ret
         )),
       proc("fib",
@@ -378,27 +379,55 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   test("fibonacci") {
 
+    Logger.setLevel(LogLevel.ERROR)
     val fib = fibonacciProg(8)
     val r = interpret(fib)
     assert(r.nextCmd == Stopped())
     // Show interpreted result
-    Logger.info("Registers:")
     // r.regs.foreach { (key, value) =>
     //   Logger.info(s"$key := $value")
     // }
 
   }
 
+  test("fibonaccistress") {
 
-//   test("fibonacci Trace") {
-// 
-//     val fib = fibonacciProg(8)
-//     val r = interpretTrace(fib)
-//     assert(r.getNext == Stopped())
-//     // Show interpreted result
-//     //
-//     info(r.trace.reverse.mkString("\n"))
-// 
-//   }
+    Logger.setLevel(LogLevel.ERROR)
+    var res = List[(Int, Double, Double)]()
+
+    for (i <- 0 to 25) {
+      val prog = fibonacciProg(i)
+
+      val t = PerformanceTimer("native")
+      val r = fib(i)
+      val native = t.elapsed()
+
+      val intt = PerformanceTimer("interp")
+      val ir = interpret(prog)
+      val it = intt.elapsed()
+
+      res = (i,native,it)::res
+
+      println(s"${res.head}")
+    }
+
+    println(("fib number,native time,interp time"::(res.map(x => s"${x._1},${x._2},${x._3}"))).mkString("\n"))
+
+  }
+
+
+
+   test("fibonacci Trace") {
+
+     val fib = fibonacciProg(8)
+
+      val r = interpretTrace(fib)
+ 
+     assert(r._1.nextCmd == Stopped())
+     info(r._2.t.mkString("\n"))
+     // Show interpreted result
+     //
+ 
+   }
 
 }

From f64f904999192fee7e3a52c66ec514aaddc56f6c Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 28 Aug 2024 17:26:57 +1000
Subject: [PATCH 015/127] breakpoints

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 29 +-----
 .../scala/ir/eval/InterpretBasilTrace.scala   | 14 ++-
 src/main/scala/ir/eval/Interpreter.scala      | 38 ++++++++
 .../scala/ir/eval/InterpreterProduct.scala    | 89 ++++++++++++++++++-
 src/test/scala/ir/InterpreterTests.scala      | 12 +++
 5 files changed, 151 insertions(+), 31 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 8cf8f384b..7eb6cf671 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -356,34 +356,7 @@ case object InterpFuns {
     val next = State.evaluate(m, f.getNext)
     Logger.debug(s"eval $next")
     next match {
-      case Run(c: Statement) =>
-        interpret(
-          f,
-          protect(
-            (() => execute(m, interpretStatement(f)(c))),
-            {
-              case x @ InterpreterError(e) => {
-                Logger.error(s"${x.getStackTrace.mkString("\n")}")
-                execute(m, f.setNext(e))
-              }
-              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
-            }
-          )
-        )
-      case Run(c: Jump) =>
-        interpret(
-          f,
-          protect(
-            (() => execute(m, interpretJump(f)(c))),
-            {
-              case x @ InterpreterError(e) => {
-                Logger.error(s"${x.getStackTrace.mkString("\n")}")
-                execute(m, f.setNext(e))
-              }
-              case e: IllegalArgumentException => execute(m, f.setNext(Errored(e.toString)))
-            }
-          )
-        )
+      case Run(c) =>  interpret(f, State.execute(m, f.interpretOne))
       case Stopped() => m
       case errorstop => m
     }
diff --git a/src/main/scala/ir/eval/InterpretBasilTrace.scala b/src/main/scala/ir/eval/InterpretBasilTrace.scala
index 4ba8c6836..4ae1af9ed 100644
--- a/src/main/scala/ir/eval/InterpretBasilTrace.scala
+++ b/src/main/scala/ir/eval/InterpretBasilTrace.scala
@@ -16,7 +16,6 @@ import scala.util.control.Breaks.{break, breakable}
 
 enum ExecEffect:
   case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
-  case SetNext(c: ExecutionContinuation)
   case Return
   case StoreVar(v: String, s: Scope, value: BasilValue)
   case LoadVar(v: String)
@@ -32,7 +31,6 @@ case object Trace {
   }
 }
 
-
 object TraceGen extends Effects[Trace] {
   /** Values are discarded by ProductInterpreter so do not matter */
   def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
@@ -72,6 +70,8 @@ object TraceGen extends Effects[Trace] {
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
     s <- Trace.add(ExecEffect.StoreMem(vname, update))
   } yield (())
+
+  def interpretOne = State.pure(())
 }
 
 def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen)
@@ -80,3 +80,13 @@ def interpretTrace(p: Program) : (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
 
+
+case class RememberBreakpoints[T, I <: Effects[T]](val f: I, val breaks: Set[Command]) extends NopEffects[(T, List[(Command, T)])] {
+  override def interpretOne = {
+    State.modify ((thisState, sl) => State.evaluate(thisState, f.getNext) match {
+      case Run(s) if breaks.contains(s) => (thisState, (s,thisState)::sl)
+      case _ => (thisState, sl)
+    }) 
+  }
+}
+
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 12ed90010..7834daddd 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -89,6 +89,10 @@ case object BasilValue {
  * defined for the interpreter's concrete state T.
  */
 trait Effects[T] {
+
+  // perform an execution step
+  def interpretOne: State[T, Unit]
+
   /* evaluation (may side-effect on error) */
 
   def evalBV(e: Expr): State[T, BitVecLiteral]
@@ -125,6 +129,25 @@ trait Effects[T] {
 }
 
 
+
+trait NopEffects[T] extends Effects[T] {
+  def interpretOne = State.pure(())
+  def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
+  def evalInt(e: Expr) = State.pure(BigInt(0))
+  def evalBool(e: Expr) = State.pure(false)
+  def loadVar(v: String) = State.pure(Scalar(FalseLiteral))
+  def loadMem(v: String, addrs: List[BasilValue])  = State.pure(List())
+  def evalAddrToProc(addr: Int) = State.pure(None)
+  def getNext = State.pure(Stopped())
+  def setNext(c: ExecutionContinuation)  = State.pure(())
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = State.pure(())
+  def doReturn() = State.pure(())
+
+  def storeVar(v: String, scope: Scope, value: BasilValue) = State.pure(())
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.pure(())
+}
+
 /** -------------------------------------------------------------------------------- 
  * Definition of concrete state
  * -------------------------------------------------------------------------------- */
@@ -419,6 +442,21 @@ object NormalInterpreter extends Effects[InterpreterState] {
     s.copy(memoryState = s.memoryState.doStore(vname, update))
   })
 
+  def interpretOne: State[InterpreterState, Unit] = for {
+    next <- getNext
+    _ <- try {
+      next match {
+        case Run(c: Statement) => InterpFuns.interpretStatement(this)(c)
+        case Run(c: Jump) => InterpFuns.interpretJump(this)(c)
+        case Stopped() => State.pure (()) 
+        case errorstop => State.pure (())
+      }
+    } catch {
+      case InterpreterError(e) => setNext(e)
+      case e: java.lang.IllegalArgumentException => setNext(Errored(e.getStackTrace.take(5).mkString("\n")))
+    }
+  } yield ()
+
 }
 
 
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index 53bc8f779..e908cdd84 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -15,7 +15,7 @@ import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
 /**
- * Runs two interpreters independently, the returns the value from inner, and ignores before
+ * Runs two interpreters inner and before simultaneously, returning the value from inner, and ignoring before
  */
 case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T]) extends Effects[(L, T)] {
   def doLeft[V](f: State[L, V]) : State[(L, T), V] = for {
@@ -33,6 +33,11 @@ case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T
   } yield (f)
 
 
+  def interpretOne = for {
+    n <- doRight(before.interpretOne)
+    f <- doLeft(inner.interpretOne)
+  } yield ()
+
   def evalBV(e: Expr) = for {
     n <- doRight(before.evalBV(e))
     f <- doLeft(inner.evalBV(e))
@@ -96,3 +101,85 @@ case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T
 }
 
 
+case class LayerInterpreter[L, T](val inner: Effects[L], val before: Effects[(L, T)]) extends Effects[(L, T)] {
+  def doLeft[V](f: State[L, V]) : State[(L, T), V] = for {
+    f <- State[(L, T), V]((s: (L, T)) => {
+      val r = f.f(s._1)
+      ((r._1, s._2), r._2)
+    })
+  } yield (f)
+
+  def doRight[V](f: State[T, V]) : State[(L, T), V] = for {
+    f <- State[(L, T), V]((s: (L, T)) => {
+      val r = f.f(s._2)
+      ((s._1, r._1), r._2)
+    })
+  } yield (f)
+
+  def interpretOne = for {
+    n <- (before.interpretOne)
+    f <- doLeft(inner.interpretOne)
+  } yield ()
+
+  def evalBV(e: Expr) = for {
+    n <- (before.evalBV(e))
+    f <- doLeft(inner.evalBV(e))
+  } yield (f)
+
+  def evalInt(e: Expr) = for {
+    n <- (before.evalBV(e))
+    f <- doLeft(inner.evalInt(e))
+  } yield (f)
+
+  def evalBool(e: Expr) = for {
+    n <- (before.evalBool(e)) 
+    f <- doLeft(inner.evalBool(e))
+  } yield (f)
+
+  def loadVar(v: String) = for {
+    n <- (before.loadVar(v))
+    f <- doLeft(inner.loadVar(v))
+  } yield (f)
+
+  def loadMem(v: String, addrs: List[BasilValue]) = for {
+    n <- (before.loadMem(v, addrs))
+    f <- doLeft(inner.loadMem(v, addrs))
+  } yield (f)
+
+  def evalAddrToProc(addr: Int) = for {
+    n <- (before.evalAddrToProc(addr: Int))
+    f <- doLeft(inner.evalAddrToProc(addr))
+  } yield(f)
+
+  def getNext = for {
+    n <- (before.getNext)
+    f <- doLeft(inner.getNext)
+  } yield(f)
+
+  /** state effects */
+  def setNext(c: ExecutionContinuation) = for {
+    n <- (before.setNext(c))
+    f <- doLeft(inner.setNext(c))
+  } yield (f)
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
+    n <- (before.call(target, beginFrom, returnTo))
+    f <- doLeft(inner.call(target, beginFrom, returnTo))
+  } yield (f)
+
+  def doReturn() = for {
+    n <- (before.doReturn())
+    f <- doLeft(inner.doReturn())
+  } yield (f)
+
+  def storeVar(v: String, scope: Scope, value: BasilValue) = for {
+    n <- (before.storeVar(v, scope, value))
+    f <- doLeft(inner.storeVar(v, scope, value))
+  } yield(f)
+
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
+    n <- (before.storeMem(vname,update))
+    f <- doLeft(inner.storeMem(vname, update))
+  } yield(f)
+}
+
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 51c2e7218..6fec8bf78 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -430,4 +430,16 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
  
    }
 
+   test("fib breakpoints") {
+
+     // Logger.setLevel(LogLevel.ERROR)
+     val fib = fibonacciProg(8)
+     val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get)
+     val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, Set(watch)))
+     val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List[(Command, InterpreterState)]()))
+     println(res)
+
+
+   }
+
 }

From 897c5655743429ab13c6dfb9995aafca3c2a4b79 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 29 Aug 2024 11:44:02 +1000
Subject: [PATCH 016/127] improve breakpoints

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 21 ++++--
 .../scala/ir/eval/InterpretBasilTrace.scala   | 62 +++++++++++++--
 src/main/scala/ir/eval/Interpreter.scala      | 23 ------
 .../scala/ir/eval/InterpreterProduct.scala    | 75 ++++---------------
 src/main/scala/util/functional.scala          |  6 ++
 src/test/scala/ir/InterpreterTests.scala      |  9 ++-
 6 files changed, 96 insertions(+), 100 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 7eb6cf671..35b5000fb 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -57,6 +57,13 @@ case object Eval {
   /* Eval functions                                                                 */
   /*--------------------------------------------------------------------------------*/
 
+  def evalExpr[S, T <: Effects[S]](f: T)(e: Expr): State[S, Expr] = {
+    val ldr = StVarLoader[S, T](f)
+    for {
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+    } yield (res)
+  }
+
   def evalBV[S, T <: Effects[S]](f: T)(e: Expr): State[S, BitVecLiteral] = {
     val ldr = StVarLoader[S, T](f)
     for {
@@ -275,7 +282,7 @@ case object InterpFuns {
           throw InterpreterError(Errored(s"Some goto target missing guard $gt"))
         }
         for {
-          chosen: List[Assume] <- filterM((a: Assume) => f.evalBool(a.body), assumes)
+          chosen: List[Assume] <- filterM((a: Assume) => Eval.evalBool(f)(a.body), assumes)
 
           res <- chosen match {
             case Nil      => f.setNext(Errored(s"No jump target satisfied $gt"))
@@ -292,21 +299,21 @@ case object InterpFuns {
     s match {
       case assign: Assign => {
         for {
-          rhs <- f.evalBV(assign.rhs)
+          rhs <- Eval.evalBV(f)(assign.rhs)
           st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
           n <- f.setNext(Run(s.successor))
         } yield (st)
       }
       case assign: MemoryAssign =>
         for {
-          index: BitVecLiteral <- f.evalBV(assign.index)
-          value: BitVecLiteral <- f.evalBV(assign.value)
+          index: BitVecLiteral <- Eval.evalBV(f)(assign.index)
+          value: BitVecLiteral <- Eval.evalBV(f)(assign.value)
           _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
           n <- f.setNext(Run(s.successor))
         } yield (n)
       case assert: Assert =>
         for {
-          b <- f.evalBool(assert.body)
+          b <- Eval.evalBool(f)(assert.body)
           n <-
             (if (!b) then {
                f.setNext(FailedAssertion(assert))
@@ -316,7 +323,7 @@ case object InterpFuns {
         } yield (n)
       case assume: Assume =>
         for {
-          b <- f.evalBool(assume.body)
+          b <- Eval.evalBool(f)(assume.body)
           n <-
             (if (!b) {
                f.setNext(Errored(s"Assumption not satisfied: $assume"))
@@ -339,7 +346,7 @@ case object InterpFuns {
           f.doReturn()
         } else {
           for {
-            addr <- f.evalBV(ic.target)
+            addr <- Eval.evalBV(f)(ic.target)
             fp <- f.evalAddrToProc(addr.value.toInt)
             _ <- fp match {
               case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
diff --git a/src/main/scala/ir/eval/InterpretBasilTrace.scala b/src/main/scala/ir/eval/InterpretBasilTrace.scala
index 4ae1af9ed..fba0adb11 100644
--- a/src/main/scala/ir/eval/InterpretBasilTrace.scala
+++ b/src/main/scala/ir/eval/InterpretBasilTrace.scala
@@ -27,7 +27,7 @@ case class Trace(val t: List[ExecEffect])
 
 case object Trace {
   def add(e: ExecEffect) : State[Trace, Unit] = {
-    modify ((t: Trace) => Trace(t.t.appended(e)))
+    State.modify ((t: Trace) => Trace(t.t.appended(e)))
   }
 }
 
@@ -80,13 +80,61 @@ def interpretTrace(p: Program) : (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
 
+enum BreakPointLoc:
+  case CMD(c: Command)
+  case CMDCond(c: Command, condition: Expr)
 
-case class RememberBreakpoints[T, I <: Effects[T]](val f: I, val breaks: Set[Command]) extends NopEffects[(T, List[(Command, T)])] {
-  override def interpretOne = {
-    State.modify ((thisState, sl) => State.evaluate(thisState, f.getNext) match {
-      case Run(s) if breaks.contains(s) => (thisState, (s,thisState)::sl)
-      case _ => (thisState, sl)
-    }) 
+case class BreakPointAction(saveState: Boolean = true, stop: Boolean = false, evalExprs: List[Expr] = List(), log: Boolean = false)
+
+case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
+
+case class RememberBreakpoints[T, I <: Effects[T]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])])] {
+
+
+  def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint]]  = {
+    State.filterM[BreakPoint, (T,R)](b => b.location match {
+      case BreakPointLoc.CMD(bc) if (bc == c) => State.pure(true)
+      case BreakPointLoc.CMDCond(bc, e) if bc == c => doLeft(Eval.evalBool(f)(e))
+      case _ => State.pure(false)
+    }, breaks)
   }
+
+  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit] = for {
+    v : ExecutionContinuation <- doLeft(f.getNext)
+    n <- v match {
+      case Run(s) => for {
+        breaks : List[BreakPoint] <- findBreaks(s)
+        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit](State.pure(()), 
+          breaks.map((breakpoint: BreakPoint) => (breakpoint match {
+            case breakpoint @ BreakPoint(name, stopcond, action) => (for {
+                saved <- doLeft(if action.saveState then State.getS[T].map(s => Some(s)) else State.pure(None))
+                evals <- (State.mapM((e:Expr) => for {
+                  ev <- doLeft(Eval.evalExpr(f)(e))
+                  } yield (e, ev)
+                , action.evalExprs))
+                _ <- if action.stop then doLeft(f.setNext(Errored(s"Stopped at breakpoint ${name}"))) else doLeft(State.pure(()))
+                _ <- State.pure({
+                  if (action.log) {
+                    val bpn = breakpoint.name
+                    val bpcond = breakpoint.location match {
+                      case BreakPointLoc.CMD(c) => c.toString
+                      case BreakPointLoc.CMDCond(c, e) => s"$c when $e"
+                    }
+                    val saving = if action.saveState then " stashing state, " else ""
+                    val stopping = if action.stop then " stopping. " else ""
+                    val evalstr = evals.map(e => s"\n  eval(${e._1}) = ${e._2}").mkString("")
+                    Logger.warn(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
+                  }
+                })
+                _ <-  State.modify ((istate:(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])])) => 
+                    (istate._1, ((breakpoint, saved, evals)::istate._2)))
+              } yield ()
+              )
+            })))
+      } yield ()
+      case _ => State.pure(())
+      }
+    } yield ()
+
 }
 
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 7834daddd..52d74d3cc 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -93,14 +93,6 @@ trait Effects[T] {
   // perform an execution step
   def interpretOne: State[T, Unit]
 
-  /* evaluation (may side-effect on error) */
-
-  def evalBV(e: Expr): State[T, BitVecLiteral]
-
-  def evalInt(e: Expr): State[T, BigInt]
-
-  def evalBool(e: Expr): State[T, Boolean]
-
   def loadVar(v: String): State[T, BasilValue]
 
   def loadMem(v: String, addrs: List[BasilValue]): State[T, List[BasilValue]]
@@ -132,9 +124,6 @@ trait Effects[T] {
 
 trait NopEffects[T] extends Effects[T] {
   def interpretOne = State.pure(())
-  def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
-  def evalInt(e: Expr) = State.pure(BigInt(0))
-  def evalBool(e: Expr) = State.pure(false)
   def loadVar(v: String) = State.pure(Scalar(FalseLiteral))
   def loadMem(v: String, addrs: List[BasilValue])  = State.pure(List())
   def evalAddrToProc(addr: Int) = State.pure(None)
@@ -329,18 +318,6 @@ case class InterpreterState(
   */
 object NormalInterpreter extends Effects[InterpreterState] {
 
-  /* eval */
-  def evalBV(e: Expr) = {
-    Eval.evalBV(this)(e)
-  }
-
-  def evalInt(e: Expr) = {
-    Eval.evalInt(this)(e)
-  }
-
-  def evalBool(e: Expr) = {
-    Eval.evalBool(this)(e)
-  }
 
   def loadVar(v: String) = {
     State.get((s: InterpreterState) => {
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index e908cdd84..75e9a50fa 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -14,45 +14,30 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-/**
- * Runs two interpreters inner and before simultaneously, returning the value from inner, and ignoring before
- */
-case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T]) extends Effects[(L, T)] {
-  def doLeft[V](f: State[L, V]) : State[(L, T), V] = for {
-    f <- State[(L, T), V]((s: (L, T)) => {
-      val r = f.f(s._1)
-      ((r._1, s._2), r._2)
-    })
-  } yield (f)
 
-  def doRight[V](f: State[T, V]) : State[(L, T), V] = for {
-    f <- State[(L, T), V]((s: (L, T)) => {
-      val r = f.f(s._2)
-      ((s._1, r._1), r._2)
-    })
-  } yield (f)
+def doLeft[L, T, V](f: State[L, V]) : State[(L, T), V] = for {
+  f <- State[(L, T), V]((s: (L, T)) => {
+    val r = f.f(s._1)
+    ((r._1, s._2), r._2)
+  })
+} yield (f)
 
+def doRight[L, T, V](f: State[T, V]) : State[(L, T), V] = for {
+  f <- State[(L, T), V]((s: (L, T)) => {
+    val r = f.f(s._2)
+    ((s._1, r._1), r._2)
+  })
+} yield (f)
 
+/**
+ * Runs two interpreters "inner" and "before" simultaneously, returning the value from inner, and ignoring before
+ */
+case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T]) extends Effects[(L, T)] {
   def interpretOne = for {
     n <- doRight(before.interpretOne)
     f <- doLeft(inner.interpretOne)
   } yield ()
 
-  def evalBV(e: Expr) = for {
-    n <- doRight(before.evalBV(e))
-    f <- doLeft(inner.evalBV(e))
-  } yield (f)
-
-  def evalInt(e: Expr) = for {
-    n <- doRight(before.evalBV(e))
-    f <- doLeft(inner.evalInt(e))
-  } yield (f)
-
-  def evalBool(e: Expr) = for {
-    n <- doRight(before.evalBool(e)) 
-    f <- doLeft(inner.evalBool(e))
-  } yield (f)
-
   def loadVar(v: String) = for {
     n <- doRight(before.loadVar(v))
     f <- doLeft(inner.loadVar(v))
@@ -102,40 +87,12 @@ case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T
 
 
 case class LayerInterpreter[L, T](val inner: Effects[L], val before: Effects[(L, T)]) extends Effects[(L, T)] {
-  def doLeft[V](f: State[L, V]) : State[(L, T), V] = for {
-    f <- State[(L, T), V]((s: (L, T)) => {
-      val r = f.f(s._1)
-      ((r._1, s._2), r._2)
-    })
-  } yield (f)
-
-  def doRight[V](f: State[T, V]) : State[(L, T), V] = for {
-    f <- State[(L, T), V]((s: (L, T)) => {
-      val r = f.f(s._2)
-      ((s._1, r._1), r._2)
-    })
-  } yield (f)
 
   def interpretOne = for {
     n <- (before.interpretOne)
     f <- doLeft(inner.interpretOne)
   } yield ()
 
-  def evalBV(e: Expr) = for {
-    n <- (before.evalBV(e))
-    f <- doLeft(inner.evalBV(e))
-  } yield (f)
-
-  def evalInt(e: Expr) = for {
-    n <- (before.evalBV(e))
-    f <- doLeft(inner.evalInt(e))
-  } yield (f)
-
-  def evalBool(e: Expr) = for {
-    n <- (before.evalBool(e)) 
-    f <- doLeft(inner.evalBool(e))
-  } yield (f)
-
   def loadVar(v: String) = for {
     n <- (before.loadVar(v))
     f <- doLeft(inner.loadVar(v))
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index 410fa5f71..e666bee36 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -48,6 +48,12 @@ object State {
   def filterM[A, S](m : (A => State[S, Boolean]), xs: Iterable[A]): State[S, List[A]] = {
     xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
   }
+
+  def mapM[A, B, S](m : (A => State[S, B]), xs: Iterable[A]): State[S, List[B]] = {
+    xs.foldRight(pure(List[B]()))((b,acc) => acc.flatMap(c => m(b).map(v => v::c)))
+  }
+
+
 }
 
 def protect[T](x: () => T, fnly: PartialFunction[Exception, T]): T = {
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 6fec8bf78..d92161460 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -34,7 +34,7 @@ def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
   // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   
   try {
-    Some(f.evalBV(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)).f(s)._2)
+    Some(Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)).f(s)._2)
   } catch {
     case e : InterpreterError => None
   }
@@ -432,11 +432,12 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
    test("fib breakpoints") {
 
-     // Logger.setLevel(LogLevel.ERROR)
+     Logger.setLevel(LogLevel.WARN)
      val fib = fibonacciProg(8)
      val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get)
-     val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, Set(watch)))
-     val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List[(Command, InterpreterState)]()))
+     val bp = BreakPoint("Fibentry",  BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))), BreakPointAction(true, true, List(Register("R0", 64)), true))
+     val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
+     val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
      println(res)
 
 

From cc97052702274fb30767559958e1a07d703b4710 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 29 Aug 2024 12:02:41 +1000
Subject: [PATCH 017/127] reorg

---
 ...Trace.scala => InterpretBreakpoints.scala} | 72 ++--------------
 src/main/scala/ir/eval/InterpretTrace.scala   | 83 +++++++++++++++++++
 src/test/scala/ir/InterpreterTests.scala      |  5 +-
 3 files changed, 92 insertions(+), 68 deletions(-)
 rename src/main/scala/ir/eval/{InterpretBasilTrace.scala => InterpretBreakpoints.scala} (60%)
 create mode 100644 src/main/scala/ir/eval/InterpretTrace.scala

diff --git a/src/main/scala/ir/eval/InterpretBasilTrace.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
similarity index 60%
rename from src/main/scala/ir/eval/InterpretBasilTrace.scala
rename to src/main/scala/ir/eval/InterpretBreakpoints.scala
index fba0adb11..a21f2006f 100644
--- a/src/main/scala/ir/eval/InterpretBasilTrace.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -14,72 +14,6 @@ import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
 
-enum ExecEffect:
-  case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
-  case Return
-  case StoreVar(v: String, s: Scope, value: BasilValue)
-  case LoadVar(v: String)
-  case StoreMem(vname: String, update: Map[BasilValue, BasilValue])
-  case LoadMem(vname: String, addrs: List[BasilValue])
-  case FindProc(addr: Int)
-
-case class Trace(val t: List[ExecEffect])
-
-case object Trace {
-  def add(e: ExecEffect) : State[Trace, Unit] = {
-    State.modify ((t: Trace) => Trace(t.t.appended(e)))
-  }
-}
-
-object TraceGen extends Effects[Trace] {
-  /** Values are discarded by ProductInterpreter so do not matter */
-  def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
-
-  def evalInt(e: Expr) = State.pure(BigInt(0))
-
-  def evalBool(e: Expr) = State.pure(false)
-
-  def loadVar(v: String) = for {
-    s <- Trace.add(ExecEffect.LoadVar(v))
-  } yield (Scalar(FalseLiteral))
-
-  def loadMem(v: String, addrs: List[BasilValue])  = for {
-    s <- Trace.add(ExecEffect.LoadMem(v, addrs))
-  } yield (List())
-
-  def evalAddrToProc(addr: Int) = for {
-    s <- Trace.add(ExecEffect.FindProc(addr))
-  } yield (None)
-
-  def getNext = State.pure(Stopped())
-
-  def setNext(c: ExecutionContinuation)  = State.pure(())
-
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
-    s <- Trace.add(ExecEffect.Call(target, beginFrom, returnTo))
-  } yield (())
-
-  def doReturn() = for {
-    s <- Trace.add(ExecEffect.Return)
-  } yield (())
-
-  def storeVar(v: String, scope: Scope, value: BasilValue) = for {
-    s <- Trace.add(ExecEffect.StoreVar(v, scope, value))
-  } yield (())
-
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
-    s <- Trace.add(ExecEffect.StoreMem(vname, update))
-  } yield (())
-
-  def interpretOne = State.pure(())
-}
-
-def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen)
-
-def interpretTrace(p: Program) : (InterpreterState, Trace) = {
-  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
-}
-
 enum BreakPointLoc:
   case CMD(c: Command)
   case CMDCond(c: Command, condition: Expr)
@@ -138,3 +72,9 @@ case class RememberBreakpoints[T, I <: Effects[T]](val f: I, val breaks: List[Br
 
 }
 
+
+def interpretWithBreakPoints[I](p: Program, breakpoints: List[BreakPoint], innerInterpreter: Effects[I], innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(Expr, Expr)])]) = {
+   val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
+   val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
+   res
+}
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
new file mode 100644
index 000000000..455e4d43d
--- /dev/null
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -0,0 +1,83 @@
+package ir.eval
+import ir._
+import ir.eval.BitVectorEval.*
+import ir.*
+import util.Logger
+import util.functional.*
+import util.functional.State.*
+import boogie.Scope
+import scala.collection.WithFilter
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.immutable
+import scala.util.control.Breaks.{break, breakable}
+
+
+enum ExecEffect:
+  case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
+  case Return
+  case StoreVar(v: String, s: Scope, value: BasilValue)
+  case LoadVar(v: String)
+  case StoreMem(vname: String, update: Map[BasilValue, BasilValue])
+  case LoadMem(vname: String, addrs: List[BasilValue])
+  case FindProc(addr: Int)
+
+case class Trace(val t: List[ExecEffect])
+
+case object Trace {
+  def add(e: ExecEffect) : State[Trace, Unit] = {
+    State.modify ((t: Trace) => Trace(t.t.appended(e)))
+  }
+}
+
+object TraceGen extends Effects[Trace] {
+  /** Values are discarded by ProductInterpreter so do not matter */
+  def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
+
+  def evalInt(e: Expr) = State.pure(BigInt(0))
+
+  def evalBool(e: Expr) = State.pure(false)
+
+  def loadVar(v: String) = for {
+    s <- Trace.add(ExecEffect.LoadVar(v))
+  } yield (Scalar(FalseLiteral))
+
+  def loadMem(v: String, addrs: List[BasilValue])  = for {
+    s <- Trace.add(ExecEffect.LoadMem(v, addrs))
+  } yield (List())
+
+  def evalAddrToProc(addr: Int) = for {
+    s <- Trace.add(ExecEffect.FindProc(addr))
+  } yield (None)
+
+  def getNext = State.pure(Stopped())
+
+  def setNext(c: ExecutionContinuation)  = State.pure(())
+
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
+    s <- Trace.add(ExecEffect.Call(target, beginFrom, returnTo))
+  } yield (())
+
+  def doReturn() = for {
+    s <- Trace.add(ExecEffect.Return)
+  } yield (())
+
+  def storeVar(v: String, scope: Scope, value: BasilValue) = for {
+    s <- Trace.add(ExecEffect.StoreVar(v, scope, value))
+  } yield (())
+
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
+    s <- Trace.add(ExecEffect.StoreMem(vname, update))
+  } yield (())
+
+  def interpretOne = State.pure(())
+}
+
+def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen)
+
+def interpretTrace(p: Program) : (InterpreterState, Trace) = {
+  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+}
+
+
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index d92161460..a085f6ae8 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -436,8 +436,9 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
      val fib = fibonacciProg(8)
      val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get)
      val bp = BreakPoint("Fibentry",  BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))), BreakPointAction(true, true, List(Register("R0", 64)), true))
-     val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
-     val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
+     // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
+     // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
+     val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())
      println(res)
 
 

From 695b2d236ad1001221cfd047ffa9a11ec252a83d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 29 Aug 2024 14:33:53 +1000
Subject: [PATCH 018/127] refactor with statemonad[s, either[v]]

---
 src/main/scala/ir/eval/ExprEval.scala         | 16 ++---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 62 +++++++++----------
 .../scala/ir/eval/InterpretBreakpoints.scala  | 14 ++---
 src/main/scala/ir/eval/InterpretTrace.scala   |  6 +-
 src/main/scala/ir/eval/Interpreter.scala      | 36 ++++++-----
 .../scala/ir/eval/InterpreterProduct.scala    | 12 ++--
 src/main/scala/util/functional.scala          | 52 ++++++++--------
 src/test/scala/ir/InterpreterTests.scala      |  4 +-
 src/test/scala/util/StateMonad.scala          |  2 +-
 9 files changed, 104 insertions(+), 100 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 85d71d7cb..999155ae1 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -163,15 +163,15 @@ def evalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory:
 /**
  * typeclass defining variable and memory laoding from state S
  */
-trait Loader[S] {
-  def getVariable(v: Variable) : State[S, Option[Literal]]
-  def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal]] = {
+trait Loader[S, E] {
+  def getVariable(v: Variable) : State[S, Option[Literal], E]
+  def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal], E] = {
     State.pure(None)
   }
 }
 
 
-def statePartialEvalExpr[S](l: Loader[S])(exp: Expr): State[S, Expr] = {
+def statePartialEvalExpr[S, E](l: Loader[S, E])(exp: Expr): State[S, Expr, E] = {
   val eval = statePartialEvalExpr(l)
   exp match {
     case f: UninterpretedFunction => State.pure(f)
@@ -254,14 +254,14 @@ def statePartialEvalExpr[S](l: Loader[S])(exp: Expr): State[S, Expr] = {
 }
 
 
-class StatelessLoader(getVar: Variable => Option[Literal], loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)) extends Loader[Unit] {
-  def getVariable(v: Variable) : State[Unit, Option[Literal]] = State.pure(getVar(v))
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[Unit, Option[Literal]] = State.pure(loadMem(m, addr, endian, size))
+class StatelessLoader[E](getVar: Variable => Option[Literal], loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)) extends Loader[Unit, E] {
+  def getVariable(v: Variable) : State[Unit, Option[Literal], E] = State.pure(getVar(v))
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[Unit, Option[Literal], E] = State.pure(loadMem(m, addr, endian, size))
 }
 
 
 def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
   val l = StatelessLoader(variableAssignment, memory)
-  statePartialEvalExpr(l)(exp).f(())._2
+  State.evaluate((), statePartialEvalExpr(l)(exp))
 }
 
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 35b5000fb..9f47b7c1b 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -16,9 +16,9 @@ import scala.util.control.Breaks.{break, breakable}
 
 /** Abstraction for memload and variable lookup used by the expression evaluator.
   */
-case class StVarLoader[S, F <: Effects[S]](f: F) extends Loader[S] {
+case class StVarLoader[S, E, F <: Effects[S, E]](f: F) extends Loader[S, E] {
 
-  def getVariable(v: Variable): State[S, Option[Literal]] = {
+  def getVariable(v: Variable): State[S, Option[Literal], E] = {
     for {
       v <- f.loadVar(v.name)
     } yield ((v match {
@@ -27,7 +27,7 @@ case class StVarLoader[S, F <: Effects[S]](f: F) extends Loader[S] {
     }))
   }
 
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal]] = {
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal], E] = {
     for {
       r <- addr match {
         case l: Literal if size == 1 =>
@@ -57,37 +57,37 @@ case object Eval {
   /* Eval functions                                                                 */
   /*--------------------------------------------------------------------------------*/
 
-  def evalExpr[S, T <: Effects[S]](f: T)(e: Expr): State[S, Expr] = {
-    val ldr = StVarLoader[S, T](f)
+  def evalExpr[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, Expr, E] = {
+    val ldr = StVarLoader[S, E, T](f)
     for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
     } yield (res)
   }
 
-  def evalBV[S, T <: Effects[S]](f: T)(e: Expr): State[S, BitVecLiteral] = {
-    val ldr = StVarLoader[S, T](f)
+  def evalBV[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, BitVecLiteral, E] = {
+    val ldr = StVarLoader[S, E, T](f)
     for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
     } yield (res match {
       case l: BitVecLiteral => l
       case _                => throw InterpreterError(Errored(s"Eval BV residual $e"))
     })
   }
 
-  def evalInt[S, T <: Effects[S]](f: T)(e: Expr): State[S, BigInt] = {
-    val ldr = StVarLoader[S, T](f)
+  def evalInt[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, BigInt, E] = {
+    val ldr = StVarLoader[S, E, T](f)
     for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
     } yield (res match {
       case l: IntLiteral => l.value
       case _             => throw InterpreterError(Errored(s"Eval BV residual $e"))
     })
   }
 
-  def evalBool[S, T <: Effects[S]](f: T)(e: Expr): State[S, Boolean] = {
-    val ldr = StVarLoader[S, T](f)
+  def evalBool[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, Boolean, E] = {
+    val ldr = StVarLoader[S, E, T](f)
     for {
-      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
+      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
     } yield (res match {
       case l: BoolLit => l == TrueLiteral
       case _          => throw InterpreterError(Errored(s"Eval BV residual $e"))
@@ -98,9 +98,9 @@ case object Eval {
   /* Load functions                                                                 */
   /*--------------------------------------------------------------------------------*/
 
-  def load[S, T <: Effects[S]](
+  def load[S, E, T <: Effects[S, E]](
       f: T
-  )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue]] = {
+  )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue], E] = {
     if (count == 0) {
       throw InterpreterError(Errored(s"Attempted fractional load"))
     }
@@ -115,9 +115,9 @@ case object Eval {
   }
 
   /** Load and concat bitvectors */
-  def loadBV[S, T <: Effects[S]](
+  def loadBV[S, E, T <: Effects[S, E]](
       f: T
-  )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral] = for {
+  )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral, E] = for {
     mem <- f.loadVar(vname)
     (valsize, mapv) = mem match {
       case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
@@ -137,7 +137,7 @@ case object Eval {
     }
   } yield (bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
 
-  def loadSingle[S, T <: Effects[S]](f: T)(vname: String, addr: Scalar): State[S, BasilValue] = {
+  def loadSingle[S, E, T <: Effects[S, E]](f: T)(vname: String, addr: Scalar): State[S, BasilValue, E] = {
     for {
       m <- load(f)(vname, addr, Endian.LittleEndian, 1)
     } yield (m.head)
@@ -148,12 +148,12 @@ case object Eval {
   /*--------------------------------------------------------------------------------*/
 
   /* Expand addr for number of values to store */
-  def store[S, T <: Effects[S]](f: T)(
+  def store[S, E, T <: Effects[S, E]](f: T)(
       vname: String,
       addr: BasilValue,
       values: List[BasilValue],
       endian: Endian
-  ): State[S, Unit] = for {
+  ): State[S, Unit, E] = for {
     mem <- f.loadVar(vname)
     (mapval, keytype, valtype) = mem match {
       case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
@@ -168,12 +168,12 @@ case object Eval {
   } yield (x)
 
   /** Extract bitvec to bytes and store bytes */
-  def storeBV[S, T <: Effects[S]](f: T)(
+  def storeBV[S, E, T <: Effects[S, E]](f: T)(
       vname: String,
       addr: BasilValue,
       value: BitVecLiteral,
       endian: Endian
-  ): State[S, Unit] = for {
+  ): State[S, Unit, E] = for {
     mem <- f.loadVar(vname)
     (mapval, vsize) = mem match {
       case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
@@ -201,7 +201,7 @@ case object Eval {
     s <- f.storeMem(vname, keys.zip(vs).toMap)
   } yield (s)
 
-  def storeSingle[S, T <: Effects[S]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit] = {
+  def storeSingle[S, E, T <: Effects[S, E]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit, E] = {
     f.storeMem(vname, Map((addr -> value)))
   }
 }
@@ -213,7 +213,7 @@ case object InterpFuns {
     * Each function takes as parameter an implementation of Effects[S]
     */
 
-  def initialState[S, T <: Effects[S]](s: T): State[S, Unit] = {
+  def initialState[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
     val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
     val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
     val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
@@ -228,7 +228,7 @@ case object InterpFuns {
     } yield (l)
   }
 
-  def initialiseProgram[S, T <: Effects[S]](f: T)(p: Program): State[S, Unit] = {
+  def initialiseProgram[S, E, T <: Effects[S, E]](f: T)(p: Program): State[S, Unit, E] = {
     def initMemory(mem: String, mems: Iterable[MemorySection]) = {
       for {
         m <- State.sequence(
@@ -269,7 +269,7 @@ case object InterpFuns {
     } yield (r)
   }
 
-  def interpretJump[S, T <: Effects[S]](f: T)(j: Jump): State[S, Unit] = {
+  def interpretJump[S, E, T <: Effects[S, E]](f: T)(j: Jump): State[S, Unit, E] = {
     j match {
       case gt: GoTo if gt.targets.size == 1 => {
         f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
@@ -295,7 +295,7 @@ case object InterpFuns {
     }
   }
 
-  def interpretStatement[S, T <: Effects[S]](f: T)(s: Statement): State[S, Unit] = {
+  def interpretStatement[S, E, T <: Effects[S, E]](f: T)(s: Statement): State[S, Unit, E] = {
     s match {
       case assign: Assign => {
         for {
@@ -359,7 +359,7 @@ case object InterpFuns {
     }
   }
 
-  def interpret[S, T <: Effects[S]](f: T, m: S): S = {
+  def interpret[S, E, T <: Effects[S, E]](f: T, m: S): S = {
     val next = State.evaluate(m, f.getNext)
     Logger.debug(s"eval $next")
     next match {
@@ -369,7 +369,7 @@ case object InterpFuns {
     }
   }
 
-  def interpretProg[S, T <: Effects[S]](f: T)(p: Program, is: S): S = {
+  def interpretProg[S, E, T <: Effects[S, E]](f: T)(p: Program, is: S): S = {
     val begin = State.execute(is, initialiseProgram(f)(p))
     // State.execute[S,Unit](is, )
     interpret(f, begin)
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index a21f2006f..29ad8d57b 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -22,26 +22,26 @@ case class BreakPointAction(saveState: Boolean = true, stop: Boolean = false, ev
 
 case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
 
-case class RememberBreakpoints[T, I <: Effects[T]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])])] {
+case class RememberBreakpoints[T, E, I <: Effects[T, E]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), E] {
 
 
-  def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint]]  = {
-    State.filterM[BreakPoint, (T,R)](b => b.location match {
+  def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint], E]  = {
+    State.filterM(b => b.location match {
       case BreakPointLoc.CMD(bc) if (bc == c) => State.pure(true)
       case BreakPointLoc.CMDCond(bc, e) if bc == c => doLeft(Eval.evalBool(f)(e))
       case _ => State.pure(false)
     }, breaks)
   }
 
-  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit] = for {
+  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, E] = for {
     v : ExecutionContinuation <- doLeft(f.getNext)
     n <- v match {
       case Run(s) => for {
         breaks : List[BreakPoint] <- findBreaks(s)
-        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit](State.pure(()), 
+        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, E](State.pure(()), 
           breaks.map((breakpoint: BreakPoint) => (breakpoint match {
             case breakpoint @ BreakPoint(name, stopcond, action) => (for {
-                saved <- doLeft(if action.saveState then State.getS[T].map(s => Some(s)) else State.pure(None))
+                saved <- doLeft(if action.saveState then State.getS[T, E].map(s => Some(s)) else State.pure(None))
                 evals <- (State.mapM((e:Expr) => for {
                   ev <- doLeft(Eval.evalExpr(f)(e))
                   } yield (e, ev)
@@ -73,7 +73,7 @@ case class RememberBreakpoints[T, I <: Effects[T]](val f: I, val breaks: List[Br
 }
 
 
-def interpretWithBreakPoints[I](p: Program, breakpoints: List[BreakPoint], innerInterpreter: Effects[I], innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(Expr, Expr)])]) = {
+def interpretWithBreakPoints[I, E](p: Program, breakpoints: List[BreakPoint], innerInterpreter: Effects[I, E], innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(Expr, Expr)])]) = {
    val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
    val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
    res
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 455e4d43d..4a3e78891 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -26,12 +26,12 @@ enum ExecEffect:
 case class Trace(val t: List[ExecEffect])
 
 case object Trace {
-  def add(e: ExecEffect) : State[Trace, Unit] = {
+  def add[E](e: ExecEffect) : State[Trace, Unit, E] = {
     State.modify ((t: Trace) => Trace(t.t.appended(e)))
   }
 }
 
-object TraceGen extends Effects[Trace] {
+case class TraceGen[E]() extends Effects[Trace, E] {
   /** Values are discarded by ProductInterpreter so do not matter */
   def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
 
@@ -74,7 +74,7 @@ object TraceGen extends Effects[Trace] {
   def interpretOne = State.pure(())
 }
 
-def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen)
+def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen())
 
 def interpretTrace(p: Program) : (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 52d74d3cc..da4fd87b0 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -17,6 +17,7 @@ import scala.util.control.Breaks.{break, breakable}
 sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
 
+
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
 case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
 
@@ -29,6 +30,9 @@ case class EvalError(val message: String = "")
     extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
 case class MemoryError(val message: String = "") extends ExecutionContinuation /* An error to do with memory */
 
+
+// type InterpreterError = EscapedControlFlow | Errored | TypeError | EvalError | MemoryError
+
 /** TODO: errors should be encapsualted in error monad, rather than mapping exceptions back into state transitions at
   * State.execute() */
 case class InterpreterError(continue: ExecutionContinuation) extends Exception()
@@ -88,41 +92,41 @@ case object BasilValue {
  * Minimal language defining all state transitions in the interpreter, 
  * defined for the interpreter's concrete state T.
  */
-trait Effects[T] {
+trait Effects[T, E] {
 
   // perform an execution step
-  def interpretOne: State[T, Unit]
+  def interpretOne: State[T, Unit, E]
 
-  def loadVar(v: String): State[T, BasilValue]
+  def loadVar(v: String): State[T, BasilValue, E]
 
-  def loadMem(v: String, addrs: List[BasilValue]): State[T, List[BasilValue]]
+  def loadMem(v: String, addrs: List[BasilValue]): State[T, List[BasilValue], E]
 
-  def evalAddrToProc(addr: Int): State[T, Option[FunPointer]]
+  def evalAddrToProc(addr: Int): State[T, Option[FunPointer], E]
 
-  def getNext: State[T, ExecutionContinuation]
+  def getNext: State[T, ExecutionContinuation, E]
 
   /** state effects */
 
   /* High-level implementation of a program counter that leverages the intrusive CFG. */
-  def setNext(c: ExecutionContinuation): State[T, Unit]
+  def setNext(c: ExecutionContinuation): State[T, Unit, E]
 
   /* Perform a call:
    *  target: arbitrary target name
    *  beginFrom: ExecutionContinuation which begins executing the procedure
    *  returnTo: ExecutionContinuation which begins executing after procedure return
    */
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): State[T, Unit]
+  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): State[T, Unit, E]
 
-  def doReturn(): State[T, Unit]
+  def doReturn(): State[T, Unit, E]
 
-  def storeVar(v: String, scope: Scope, value: BasilValue): State[T, Unit]
+  def storeVar(v: String, scope: Scope, value: BasilValue): State[T, Unit, E]
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]): State[T, Unit]
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]): State[T, Unit, E]
 }
 
 
 
-trait NopEffects[T] extends Effects[T] {
+trait NopEffects[T, E] extends Effects[T, E] {
   def interpretOne = State.pure(())
   def loadVar(v: String) = State.pure(Scalar(FalseLiteral))
   def loadMem(v: String, addrs: List[BasilValue])  = State.pure(List())
@@ -316,7 +320,7 @@ case class InterpreterState(
 
 /** Implementation of Effects for InterpreterState concrete state representation.
   */
-object NormalInterpreter extends Effects[InterpreterState] {
+object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
 
   def loadVar(v: String) = {
@@ -325,7 +329,7 @@ object NormalInterpreter extends Effects[InterpreterState] {
     })
   }
 
-  def evalAddrToProc(addr: Int): State[InterpreterState, Option[FunPointer]] =
+  def evalAddrToProc(addr: Int) =
     Logger.debug(s"    eff : FIND PROC $addr")
     for {
       res <- get((s: InterpreterState) => s.memoryState.doLoadOpt("funtable", List(Scalar(BitVecLiteral(addr, 64)))))
@@ -409,7 +413,7 @@ object NormalInterpreter extends Effects[InterpreterState] {
     })
   }
 
-  def storeVar(v: String, scope: Scope, value: BasilValue): State[InterpreterState, Unit] = {
+  def storeVar(v: String, scope: Scope, value: BasilValue): State[InterpreterState, Unit, InterpreterError] = {
     Logger.debug(s"    eff : SET $v := $value")
     State.modify((s: InterpreterState) => s.copy(memoryState = s.memoryState.defVar(v, scope, value)))
   }
@@ -419,7 +423,7 @@ object NormalInterpreter extends Effects[InterpreterState] {
     s.copy(memoryState = s.memoryState.doStore(vname, update))
   })
 
-  def interpretOne: State[InterpreterState, Unit] = for {
+  def interpretOne: State[InterpreterState, Unit, InterpreterError] = for {
     next <- getNext
     _ <- try {
       next match {
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index 75e9a50fa..7383e46d5 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -15,15 +15,15 @@ import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
 
-def doLeft[L, T, V](f: State[L, V]) : State[(L, T), V] = for {
-  f <- State[(L, T), V]((s: (L, T)) => {
+def doLeft[L, T, V, E](f: State[L, V, E]) : State[(L, T), V, E] = for {
+  f <- State[(L, T), V, E]((s: (L, T)) => {
     val r = f.f(s._1)
     ((r._1, s._2), r._2)
   })
 } yield (f)
 
-def doRight[L, T, V](f: State[T, V]) : State[(L, T), V] = for {
-  f <- State[(L, T), V]((s: (L, T)) => {
+def doRight[L, T, V, E](f: State[T, V, E]) : State[(L, T), V, E] = for {
+  f <- State[(L, T), V, E]((s: (L, T)) => {
     val r = f.f(s._2)
     ((s._1, r._1), r._2)
   })
@@ -32,7 +32,7 @@ def doRight[L, T, V](f: State[T, V]) : State[(L, T), V] = for {
 /**
  * Runs two interpreters "inner" and "before" simultaneously, returning the value from inner, and ignoring before
  */
-case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T]) extends Effects[(L, T)] {
+case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[T, E]) extends Effects[(L, T), E] {
   def interpretOne = for {
     n <- doRight(before.interpretOne)
     f <- doLeft(inner.interpretOne)
@@ -86,7 +86,7 @@ case class ProductInterpreter[L, T](val inner: Effects[L], val before: Effects[T
 }
 
 
-case class LayerInterpreter[L, T](val inner: Effects[L], val before: Effects[(L, T)]) extends Effects[(L, T)] {
+case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[(L, T), E]) extends Effects[(L, T), E] {
 
   def interpretOne = for {
     n <- (before.interpretOne)
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index e666bee36..d81b12e93 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -1,59 +1,59 @@
 package util.functional
 
-case class State[S, +A](f: S => (S, A)) {
+case class State[S, +A, E](f: S => (S, Either[E, A])) {
 
-  def unit[A](a: A): State[S, A] = State(s => (s, a))
+  def unit[A](a: A): State[S, A, E] = State(s => (s, Right(a)))
 
-
-  def flatMap[B](f: A => State[S, B]): State[S, B] = State(s => {
-    // println(s"flatmap ${this.f} $f")
+  def flatMap[B](f: A => State[S, B, E]): State[S, B, E] = State(s => {
     val (s2, a) = this.f(s)
-    f(a).f(s2)
+    val r  = a match {
+      case Left(l) => (s2, Left(l))
+      case Right(a) => f(a).f(s2)
+    }
+    r
   })
 
 
-  def map[B](f: A => B): State[S, B] = {
+  def map[B](f: A => B): State[S, B, E] = {
     State(s => {
       val (s2, a) = this.f(s)
-      (s2, f(a))
+      a match {
+        case Left(l) => (s2, Left(l))
+        case Right(a) => (s2, Right(f(a)))
+      }
     })
   }
 }
 
 
 object State {
-  def get[S,A](f: S => A) : State[S, A] = State(s => (s, f(s)))
-  def getS[S] : State[S,S] = State((s:S) => (s,s))
-  def putS[S](s: S) : State[S,_] = State((_) => (s,()))
-  def modify[S](f: S => S) : State[S, Unit] = State(s => (f(s), ()))
-  def execute[S, A](s: S, c: State[S,A]) : S = c.f(s)._1
-  def evaluate[S, A](s: S, c: State[S,A])  : A = c.f(s)._2
+  def get[S, A, E](f: S => A) : State[S, A, E] = State(s => (s, Right(f(s))))
+  def getS[S,E] : State[S,S,E] = State((s:S) => (s,Right(s)))
+  def putS[S,E](s: S) : State[S,Unit,E] = State((_) => (s,Right(())))
+  def modify[S, E](f: S => S) : State[S, Unit, E] = State(s => (f(s), Right(())))
+  def execute[S, A, E](s: S, c: State[S,A, E]) : S = c.f(s)._1
+  def evaluate[S, A, E](s: S, c: State[S,A, E])  : A = c.f(s)._2 match {
+    case Right(r) => r
+    case Left(l) => throw Exception(s"Wrong $l")
+  }
 
-  def pure[S, A](a: A) : State[S, A] = State((s:S) => (s, a))
+  def pure[S, A, E](a: A) : State[S, A, E] = State((s:S) => (s, Right(a)))
 
-  def sequence[S, V](ident: State[S,V], xs: Iterable[State[S,V]]) : State[S,V] = {
+  def sequence[S, V, E](ident: State[S,V, E], xs: Iterable[State[S,V, E]]) : State[S, V, E] = {
     xs.foldRight(ident)((l,r) => for {
       x <- l
       y <- r
     } yield(y)) 
   }
 
-  def sequence[V](xs: Iterable[Option[V]]) : Option[V] = {
-    xs.reduceRight((a, b) => a match {
-      case Some(x) => Some(x)
-      case None =>  b
-    }) 
-  }
-
-  def filterM[A, S](m : (A => State[S, Boolean]), xs: Iterable[A]): State[S, List[A]] = {
+  def filterM[A, S, E](m : (A => State[S, Boolean, E]), xs: Iterable[A]): State[S, List[A], E] = {
     xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
   }
 
-  def mapM[A, B, S](m : (A => State[S, B]), xs: Iterable[A]): State[S, List[B]] = {
+  def mapM[A, B, S, E](m : (A => State[S, B, E]), xs: Iterable[A]): State[S, List[B], E] = {
     xs.foldRight(pure(List[B]()))((b,acc) => acc.flatMap(c => m(b).map(v => v::c)))
   }
 
-
 }
 
 def protect[T](x: () => T, fnly: PartialFunction[Exception, T]): T = {
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index a085f6ae8..edadf1295 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -34,14 +34,14 @@ def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
   // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   
   try {
-    Some(Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)).f(s)._2)
+    Some(State.evaluate(s, Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))))
   } catch {
     case e : InterpreterError => None
   }
 }
 
 
-def mems[T <: Effects[T]](m: MemoryState) : Map[BigInt, BitVecLiteral] = {
+def mems[E, T <: Effects[T, E]](m: MemoryState) : Map[BigInt, BitVecLiteral] = {
   m.getMem("mem").map((k,v) => k.value -> v)
 }
 
diff --git a/src/test/scala/util/StateMonad.scala b/src/test/scala/util/StateMonad.scala
index 29721174a..efcf4e767 100644
--- a/src/test/scala/util/StateMonad.scala
+++ b/src/test/scala/util/StateMonad.scala
@@ -13,7 +13,7 @@ import util.IRLoading.{loadBAP, loadReadELF}
 import util.ILLoadingConfig
 
 
-def add: State[Int, Unit] = State(s => (s+1, ()))
+def add: State[Int, Unit, Unit] = State(s => (s+1, Right(())))
 
 class StateMonadTest extends AnyFunSuite {
 

From 00b482abbffc3d874c698266af115cc559e28c0e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 29 Aug 2024 16:57:53 +1000
Subject: [PATCH 019/127] redo error handling

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 110 ++++-----
 .../scala/ir/eval/InterpretBreakpoints.scala  |  12 +-
 src/main/scala/ir/eval/Interpreter.scala      | 228 +++++++++---------
 src/main/scala/util/functional.scala          |  25 +-
 4 files changed, 199 insertions(+), 176 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 9f47b7c1b..3dc394a61 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -16,9 +16,9 @@ import scala.util.control.Breaks.{break, breakable}
 
 /** Abstraction for memload and variable lookup used by the expression evaluator.
   */
-case class StVarLoader[S, E, F <: Effects[S, E]](f: F) extends Loader[S, E] {
+case class StVarLoader[S, F <: Effects[S, InterpreterError]](f: F) extends Loader[S, InterpreterError] {
 
-  def getVariable(v: Variable): State[S, Option[Literal], E] = {
+  def getVariable(v: Variable): State[S, Option[Literal], InterpreterError] = {
     for {
       v <- f.loadVar(v.name)
     } yield ((v match {
@@ -27,7 +27,7 @@ case class StVarLoader[S, E, F <: Effects[S, E]](f: F) extends Loader[S, E] {
     }))
   }
 
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal], E] = {
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal], InterpreterError] = {
     for {
       r <- addr match {
         case l: Literal if size == 1 =>
@@ -57,55 +57,53 @@ case object Eval {
   /* Eval functions                                                                 */
   /*--------------------------------------------------------------------------------*/
 
-  def evalExpr[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, Expr, E] = {
-    val ldr = StVarLoader[S, E, T](f)
+  def evalExpr[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, Expr, InterpreterError] = {
+    val ldr = StVarLoader[S, T](f)
     for {
-      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
+      res <- ir.eval.statePartialEvalExpr[S, InterpreterError](ldr)(e)
     } yield (res)
   }
 
-  def evalBV[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, BitVecLiteral, E] = {
-    val ldr = StVarLoader[S, E, T](f)
+  def evalBV[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, BitVecLiteral, InterpreterError] = {
     for {
-      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
-    } yield (res match {
-      case l: BitVecLiteral => l
-      case _                => throw InterpreterError(Errored(s"Eval BV residual $e"))
+      res <- evalExpr(f)(e)
+      r <- State.pureE(res match {
+      case l: BitVecLiteral => Right(l)
+      case _                => Left(InterpreterError(Errored(s"Eval BV residual $e")))
     })
+    } yield (r)
   }
 
-  def evalInt[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, BigInt, E] = {
-    val ldr = StVarLoader[S, E, T](f)
+  def evalInt[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, BigInt, InterpreterError] = {
     for {
-      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
-    } yield (res match {
-      case l: IntLiteral => l.value
-      case _             => throw InterpreterError(Errored(s"Eval BV residual $e"))
+      res <- evalExpr(f)(e)
+      r <- State.pureE(res match {
+      case l: IntLiteral => Right(l.value)
+      case _                => Left(InterpreterError(Errored(s"Eval Int residual $e")))
     })
+    } yield (r)
   }
 
-  def evalBool[S, E, T <: Effects[S, E]](f: T)(e: Expr): State[S, Boolean, E] = {
-    val ldr = StVarLoader[S, E, T](f)
+  def evalBool[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, Boolean, InterpreterError] = {
     for {
-      res <- ir.eval.statePartialEvalExpr[S, E](ldr)(e)
-    } yield (res match {
-      case l: BoolLit => l == TrueLiteral
-      case _          => throw InterpreterError(Errored(s"Eval BV residual $e"))
+      res <- evalExpr(f)(e)
+      r <- State.pureE(res match {
+      case l: BoolLit => Right(l == TrueLiteral)
+      case _                => Left(InterpreterError(Errored(s"Eval Bool residual $e")))
     })
+    } yield (r)
   }
 
   /*--------------------------------------------------------------------------------*/
   /* Load functions                                                                 */
   /*--------------------------------------------------------------------------------*/
 
-  def load[S, E, T <: Effects[S, E]](
+  def load[S, T <: Effects[S, InterpreterError]](
       f: T
-  )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue], E] = {
-    if (count == 0) {
-      throw InterpreterError(Errored(s"Attempted fractional load"))
-    }
-    val keys = (0 until count).map(i => BasilValue.unsafeAdd(addr, i))
+  )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue], InterpreterError] = {
     for {
+      _ <- if (count == 0) then State.setError(InterpreterError(Errored(s"Attempted fractional load"))) else State.pure(())
+      keys <- State.mapM(((i:Int) => State.pureE(BasilValue.unsafeAdd(addr, i))), (0 until count))
       values <- f.loadMem(vname, keys.toList)
       vals = endian match {
         case Endian.LittleEndian => values.reverse
@@ -115,29 +113,26 @@ case object Eval {
   }
 
   /** Load and concat bitvectors */
-  def loadBV[S, E, T <: Effects[S, E]](
+  def loadBV[S, T <: Effects[S, InterpreterError]](
       f: T
-  )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral, E] = for {
+  )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral, InterpreterError] = for {
     mem <- f.loadVar(vname)
-    (valsize, mapv) = mem match {
-      case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => (sz, mapv)
-      case _ => throw InterpreterError(Errored("Trued to load-concat non bv"))
+    x <- mem match {
+      case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => State.pure((sz, mapv))
+      case _ => State.setError(InterpreterError(Errored("Trued to load-concat non bv")))
     }
+    (valsize, mapv) = x
 
     cells = size / valsize
 
     res <- load(f)(vname, addr, endian, cells) // actual load
-    bvs: List[BitVecLiteral] = {
-      val rr = res.map {
-        case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => bv
-        case c =>
-          throw InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
-      }
-      rr
-    }
+    bvs: List[BitVecLiteral] <- (State.mapM ((c : BasilValue) => c match {
+        case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => State.pure(bv)
+        case c => State.setError(InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize")))
+      },res))
   } yield (bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
 
-  def loadSingle[S, E, T <: Effects[S, E]](f: T)(vname: String, addr: Scalar): State[S, BasilValue, E] = {
+  def loadSingle[S, T <: Effects[S, InterpreterError]](f: T)(vname: String, addr: Scalar): State[S, BasilValue, InterpreterError] = {
     for {
       m <- load(f)(vname, addr, Endian.LittleEndian, 1)
     } yield (m.head)
@@ -148,18 +143,19 @@ case object Eval {
   /*--------------------------------------------------------------------------------*/
 
   /* Expand addr for number of values to store */
-  def store[S, E, T <: Effects[S, E]](f: T)(
+  def store[S, T <: Effects[S, InterpreterError]](f: T)(
       vname: String,
       addr: BasilValue,
       values: List[BasilValue],
       endian: Endian
-  ): State[S, Unit, E] = for {
+  ): State[S, Unit, InterpreterError] = for {
     mem <- f.loadVar(vname)
-    (mapval, keytype, valtype) = mem match {
-      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => (m, kt, vt)
-      case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : $v"))
+    x <- mem match {
+      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => State.pure((m, kt, vt))
+      case v => State.setError(InterpreterError(TypeError(s"Invalid map store operation to $vname : $v")))
     }
-    keys = (0 until values.size).map(i => BasilValue.unsafeAdd(addr, i))
+    (mapval, keytype, valtype) = x
+    keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until values.size))
     vals = endian match {
       case Endian.LittleEndian => values.reverse
       case Endian.BigEndian    => values
@@ -168,12 +164,12 @@ case object Eval {
   } yield (x)
 
   /** Extract bitvec to bytes and store bytes */
-  def storeBV[S, E, T <: Effects[S, E]](f: T)(
+  def storeBV[S, T <: Effects[S, InterpreterError]](f: T)(
       vname: String,
       addr: BasilValue,
       value: BitVecLiteral,
       endian: Endian
-  ): State[S, Unit, E] = for {
+  ): State[S, Unit, InterpreterError] = for {
     mem <- f.loadVar(vname)
     (mapval, vsize) = mem match {
       case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
@@ -197,7 +193,7 @@ case object Eval {
       case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
     }
 
-    keys = (0 until cells).map(i => BasilValue.unsafeAdd(addr, i))
+    keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until cells))
     s <- f.storeMem(vname, keys.zip(vs).toMap)
   } yield (s)
 
@@ -228,7 +224,7 @@ case object InterpFuns {
     } yield (l)
   }
 
-  def initialiseProgram[S, E, T <: Effects[S, E]](f: T)(p: Program): State[S, Unit, E] = {
+  def initialiseProgram[S, T <: Effects[S, InterpreterError]](f: T)(p: Program): State[S, Unit, InterpreterError] = {
     def initMemory(mem: String, mems: Iterable[MemorySection]) = {
       for {
         m <- State.sequence(
@@ -269,7 +265,7 @@ case object InterpFuns {
     } yield (r)
   }
 
-  def interpretJump[S, E, T <: Effects[S, E]](f: T)(j: Jump): State[S, Unit, E] = {
+  def interpretJump[S, T <: Effects[S, InterpreterError]](f: T)(j: Jump): State[S, Unit, InterpreterError] = {
     j match {
       case gt: GoTo if gt.targets.size == 1 => {
         f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
@@ -295,7 +291,7 @@ case object InterpFuns {
     }
   }
 
-  def interpretStatement[S, E, T <: Effects[S, E]](f: T)(s: Statement): State[S, Unit, E] = {
+  def interpretStatement[S, T <: Effects[S, InterpreterError]](f: T)(s: Statement): State[S, Unit, InterpreterError] = {
     s match {
       case assign: Assign => {
         for {
@@ -369,7 +365,7 @@ case object InterpFuns {
     }
   }
 
-  def interpretProg[S, E, T <: Effects[S, E]](f: T)(p: Program, is: S): S = {
+  def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: Program, is: S): S = {
     val begin = State.execute(is, initialiseProgram(f)(p))
     // State.execute[S,Unit](is, )
     interpret(f, begin)
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 29ad8d57b..4668b7075 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -22,10 +22,10 @@ case class BreakPointAction(saveState: Boolean = true, stop: Boolean = false, ev
 
 case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
 
-case class RememberBreakpoints[T, E, I <: Effects[T, E]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), E] {
+case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), InterpreterError] {
 
 
-  def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint], E]  = {
+  def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint], InterpreterError]  = {
     State.filterM(b => b.location match {
       case BreakPointLoc.CMD(bc) if (bc == c) => State.pure(true)
       case BreakPointLoc.CMDCond(bc, e) if bc == c => doLeft(Eval.evalBool(f)(e))
@@ -33,15 +33,15 @@ case class RememberBreakpoints[T, E, I <: Effects[T, E]](val f: I, val breaks: L
     }, breaks)
   }
 
-  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, E] = for {
+  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, InterpreterError] = for {
     v : ExecutionContinuation <- doLeft(f.getNext)
     n <- v match {
       case Run(s) => for {
         breaks : List[BreakPoint] <- findBreaks(s)
-        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, E](State.pure(()), 
+        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, InterpreterError](State.pure(()), 
           breaks.map((breakpoint: BreakPoint) => (breakpoint match {
             case breakpoint @ BreakPoint(name, stopcond, action) => (for {
-                saved <- doLeft(if action.saveState then State.getS[T, E].map(s => Some(s)) else State.pure(None))
+                saved <- doLeft(if action.saveState then State.getS[T, InterpreterError].map(s => Some(s)) else State.pure(None))
                 evals <- (State.mapM((e:Expr) => for {
                   ev <- doLeft(Eval.evalExpr(f)(e))
                   } yield (e, ev)
@@ -73,7 +73,7 @@ case class RememberBreakpoints[T, E, I <: Effects[T, E]](val f: I, val breaks: L
 }
 
 
-def interpretWithBreakPoints[I, E](p: Program, breakpoints: List[BreakPoint], innerInterpreter: Effects[I, E], innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(Expr, Expr)])]) = {
+def interpretWithBreakPoints[I](p: Program, breakpoints: List[BreakPoint], innerInterpreter: Effects[I, InterpreterError], innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(Expr, Expr)])]) = {
    val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
    val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
    res
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index da4fd87b0..82f0aff71 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -17,7 +17,6 @@ import scala.util.control.Breaks.{break, breakable}
 sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
 
-
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
 case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
 
@@ -30,11 +29,11 @@ case class EvalError(val message: String = "")
     extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
 case class MemoryError(val message: String = "") extends ExecutionContinuation /* An error to do with memory */
 
-
 // type InterpreterError = EscapedControlFlow | Errored | TypeError | EvalError | MemoryError
 
 /** TODO: errors should be encapsualted in error monad, rather than mapping exceptions back into state transitions at
-  * State.execute() */
+  * State.execute()
+  */
 case class InterpreterError(continue: ExecutionContinuation) extends Exception()
 
 /* Concrete value type of the interpreter. */
@@ -68,30 +67,28 @@ case object BasilValue {
 
   def size(v: BasilValue): Int = size(v.irType)
 
-  def unsafeAdd(l: BasilValue, vr: Int): BasilValue = {
+  def unsafeAdd[S, E](l: BasilValue, vr: Int): Either[InterpreterError, BasilValue] = {
     l match {
-      case _ if vr == 0              => l
-      case Scalar(IntLiteral(vl))    => Scalar(IntLiteral(vl + vr))
-      case Scalar(b1: BitVecLiteral) => Scalar(eval.evalBVBinExpr(BVADD, b1, BitVecLiteral(vr, b1.size)))
-      case _                         => throw InterpreterError(TypeError(s"Operation add $vr undefined on $l"))
+      case _ if vr == 0              => Right(l)
+      case Scalar(IntLiteral(vl))    => Right(Scalar(IntLiteral(vl + vr)))
+      case Scalar(b1: BitVecLiteral) => Right(Scalar(eval.evalBVBinExpr(BVADD, b1, BitVecLiteral(vr, b1.size))))
+      case _ => Left(InterpreterError(TypeError(s"Operation add $vr undefined on $l")))
     }
   }
 
-  def add(l: BasilValue, r: BasilValue): BasilValue = {
-    (l, r) match {
-      case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))       => Scalar(IntLiteral(vl + vr))
-      case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Scalar(eval.evalBVBinExpr(BVADD, b1, b2))
-      case (Scalar(b1: BoolLit), Scalar(b2: BoolLit)) =>
-        Scalar(if (b2.value || b2.value) then TrueLiteral else FalseLiteral)
-      case _ => throw InterpreterError(TypeError(s"Operation add undefined on $l $r"))
-    }
-  }
+  // def add(l: BasilValue, r: BasilValue): BasilValue = {
+  //   (l, r) match {
+  //     case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))       => Scalar(IntLiteral(vl + vr))
+  //     case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Scalar(eval.evalBVBinExpr(BVADD, b1, b2))
+  //     case (Scalar(b1: BoolLit), Scalar(b2: BoolLit)) =>
+  //       Scalar(if (b2.value || b2.value) then TrueLiteral else FalseLiteral)
+  //     case _ => throw InterpreterError(TypeError(s"Operation add undefined on $l $r"))
+  //   }
+  // }
 }
 
-/**
- * Minimal language defining all state transitions in the interpreter, 
- * defined for the interpreter's concrete state T.
- */
+/** Minimal language defining all state transitions in the interpreter, defined for the interpreter's concrete state T.
+  */
 trait Effects[T, E] {
 
   // perform an execution step
@@ -124,15 +121,13 @@ trait Effects[T, E] {
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]): State[T, Unit, E]
 }
 
-
-
 trait NopEffects[T, E] extends Effects[T, E] {
   def interpretOne = State.pure(())
   def loadVar(v: String) = State.pure(Scalar(FalseLiteral))
-  def loadMem(v: String, addrs: List[BasilValue])  = State.pure(List())
+  def loadMem(v: String, addrs: List[BasilValue]) = State.pure(List())
   def evalAddrToProc(addr: Int) = State.pure(None)
   def getNext = State.pure(Stopped())
-  def setNext(c: ExecutionContinuation)  = State.pure(())
+  def setNext(c: ExecutionContinuation) = State.pure(())
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = State.pure(())
   def doReturn() = State.pure(())
@@ -141,10 +136,9 @@ trait NopEffects[T, E] extends Effects[T, E] {
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.pure(())
 }
 
-/** -------------------------------------------------------------------------------- 
- * Definition of concrete state
- * -------------------------------------------------------------------------------- */
-
+/** -------------------------------------------------------------------------------- Definition of concrete state
+  * --------------------------------------------------------------------------------
+  */
 
 type StackFrameID = String
 val globalFrame: StackFrameID = "GLOBAL"
@@ -189,14 +183,17 @@ case class MemoryState(
     MemoryState(frames, frameName :: activations, counts)
   }
 
-  def popStackFrame(): MemoryState = {
-    val (frame, remactivs) = activations match {
-      case Nil                          => throw InterpreterError(Errored("No stack frame to pop"))
-      case h :: Nil if h == globalFrame => throw InterpreterError(Errored("tried to pop global scope"))
-      case h :: tl                      => (h, tl)
+  def popStackFrame(): Either[InterpreterError, MemoryState] = {
+    val hv = activations match {
+      case Nil                          => Left(InterpreterError(Errored("No stack frame to pop")))
+      case h :: Nil if h == globalFrame => Left(InterpreterError(Errored("tried to pop global scope")))
+      case h :: tl                      => Right((h, tl))
     }
-    val frames = stackFrames.removed(frame)
-    MemoryState(frames, remactivs, activationCount)
+    hv.map((hv) => {
+      val (frame, remactivs) = hv
+      val frames = stackFrames.removed(frame)
+      MemoryState(frames, remactivs, activationCount)
+    })
   }
 
   /* Variable retrieval and setting */
@@ -235,83 +232,88 @@ case class MemoryState(
     )
   }
 
-  def findVar(name: String): (StackFrameID, BasilValue) = {
-    findVarOpt(name: String).getOrElse(throw InterpreterError(Errored(s"Access to undefined variable $name")))
+  def findVar(name: String): Either[InterpreterError, (StackFrameID, BasilValue)] = {
+    findVarOpt(name: String)
+      .map(Right(_))
+      .getOrElse(Left(InterpreterError(Errored(s"Access to undefined variable $name"))))
   }
 
   def getVarOpt(name: String): Option[BasilValue] = findVarOpt(name).map(_._2)
 
-  def getVar(name: String): BasilValue = {
-    getVarOpt(name).getOrElse(throw InterpreterError(Errored(s"Access undefined variable $name")))
+  def getVar(name: String): Either[InterpreterError, BasilValue] = {
+    getVarOpt(name).map(Right(_)).getOrElse(Left(InterpreterError(Errored(s"Access undefined variable $name"))))
   }
 
-  def getVar(v: Variable): BasilValue = {
+  def getVar(v: Variable): Either[InterpreterError, BasilValue] = {
     val value = getVar(v.name)
     value match {
-      case dv: BasilValue if v.getType != dv.irType =>
-        throw InterpreterError(
-          Errored(s"Type mismatch on variable definition and load: defined ${dv.irType}, variable ${v.getType}")
+      case Right(dv: BasilValue) if v.getType != dv.irType =>
+        Left(
+          InterpreterError(
+            Errored(s"Type mismatch on variable definition and load: defined ${dv.irType}, variable ${v.getType}")
+          )
         )
-      case o => o
+      case Right(o) => Right(o)
+      case o        => o
     }
   }
 
-  def getVarLiteralOpt(v: Variable): Option[Literal] = {
-    getVar(v) match {
-      case Scalar(v) => Some(v)
-      case _         => None
-    }
-  }
 
   /* Map variable accessing ; load and store operations */
-  def doLoadOpt(vname: String, addr: List[BasilValue]): Option[List[BasilValue]] = {
-    val (frame, mem) = findVar(vname)
-    val mapv: MapValue = mem match {
-      case m @ MapValue(innerMap, ty) => m
-      case m                          => throw InterpreterError(TypeError(s"Load from nonmap ${m.irType}"))
-    }
-
-    val rs = addr.map(k => mapv.value.get(k))
-    if (rs.forall(_.isDefined)) {
-      Some(rs.map(_.get))
-    } else {
-      None
-    }
-  }
-  def doLoad(vname: String, addr: List[BasilValue]): List[BasilValue] = {
-    doLoadOpt(vname, addr) match {
-      case Some(vs) => vs
-      case None => {
-        throw InterpreterError(MemoryError(s"Read from uninitialised $vname[${addr.head} .. ${addr.last}]"))
-      }
+  def doLoad(vname: String, addr: List[BasilValue]): Either[InterpreterError, List[BasilValue]] = for {
+    v <- findVar(vname)
+    mapv: MapValue <- v._2 match {
+      case m @ MapValue(innerMap, ty) => Right(m)
+      case m                          => Left(InterpreterError(TypeError(s"Load from nonmap ${m.irType}")))
     }
-  }
+    rs: List[Option[BasilValue]] = addr.map(k => mapv.value.get(k))
+    xs <-
+      (if (rs.forall(_.isDefined)) {
+         Right(rs.map(_.get))
+       } else {
+         Left(InterpreterError(MemoryError(s"Read from uninitialised $vname[${addr.head} .. ${addr.last}]")))
+       })
+  } yield (xs)
+
+  // def doLoad[S](vname: String, addr: List[BasilValue]): State[S, List[BasilValue], InterpreterError] = for {
+  //   v <- doLoadOpt(vname, addr)
+  //   r <- v match {
+  //     case Some(vs) => vs
+  //     case None => {
+  //       throw InterpreterError(MemoryError(s"Read from uninitialised "))
+  //     }
+  //   }
+  // }
 
   /** typecheck and some fields of a map variable */
-  def doStore(vname: String, values: Map[BasilValue, BasilValue]) = {
-    val (frame, mem) = findVar(vname)
-
-    val (mapval, keytype, valtype) = mem match {
-      case m @ MapValue(_, MapType(kt, vt)) => (m, kt, vt)
-      case v => throw InterpreterError(TypeError(s"Invalid map store operation to $vname : ${v.irType}"))
+  def doStore(vname: String, values: Map[BasilValue, BasilValue]): Either[InterpreterError, MemoryState] = for {
+    // val (frame, mem) = findVar(vname)
+    v <- findVar(vname)
+    (frame, mem) = v
+    // val (mapval, keytype, valtype) =
+    mapi <- mem match {
+      case m @ MapValue(_, MapType(kt, vt)) => Right((m, kt, vt))
+      case v => Left(InterpreterError(TypeError(s"Invalid map store operation to $vname : ${v.irType}")))
     }
+    (mapval, keytype, valtype) = mapi
 
-    (values.find((k, v) => k.irType != keytype || v.irType != valtype)) match {
+    checkTypes <- (values.find((k, v) => k.irType != keytype || v.irType != valtype)) match {
       case Some(v) =>
-        throw InterpreterError(
-          TypeError(
-            s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($keytype, $valtype)"
+        Left(
+          InterpreterError(
+            TypeError(
+              s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($keytype, $valtype)"
+            )
           )
         )
-      case None => ()
+      case None => Right(())
     }
 
-    val nmap = MapValue(mapval.value ++ values, mapval.irType)
-    setVar(frame, vname, nmap)
-  }
+    nmap = MapValue(mapval.value ++ values, mapval.irType)
+    ms <- Right(setVar(frame, vname, nmap))
+  } yield (ms)
 }
 
-
 case class InterpreterState(
     val nextCmd: ExecutionContinuation = Stopped(),
     val callStack: List[ExecutionContinuation] = List.empty,
@@ -322,9 +324,8 @@ case class InterpreterState(
   */
 object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
-
   def loadVar(v: String) = {
-    State.get((s: InterpreterState) => {
+    State.getE((s: InterpreterState) => {
       s.memoryState.getVar(v)
     })
   }
@@ -332,15 +333,17 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
   def evalAddrToProc(addr: Int) =
     Logger.debug(s"    eff : FIND PROC $addr")
     for {
-      res <- get((s: InterpreterState) => s.memoryState.doLoadOpt("funtable", List(Scalar(BitVecLiteral(addr, 64)))))
+      res: List[BasilValue] <- getE((s: InterpreterState) =>
+        s.memoryState.doLoad("funtable", List(Scalar(BitVecLiteral(addr, 64))))
+      )
     } yield {
       res match {
-        case Some((f: FunPointer) :: Nil) => Some(f)
-        case _                            => None
+        case ((f: FunPointer) :: Nil) => Some(f)
+        case _                        => None
       }
     }
 
-  def formatStore(varname: String, update: Map[BasilValue, BasilValue]) : String = {
+  def formatStore(varname: String, update: Map[BasilValue, BasilValue]): String = {
     val ks = update.toList.sortWith((x, y) => {
       def conv(v: BasilValue): BigInt = v match {
         case (Scalar(b: BitVecLiteral)) => b.value
@@ -378,7 +381,7 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
   }
 
   def loadMem(v: String, addrs: List[BasilValue]) = {
-    State.get((s: InterpreterState) => {
+    State.getE((s: InterpreterState) => {
       val r = s.memoryState.doLoad(v, addrs)
       Logger.debug(s"    eff : LOAD ${addrs.head} x ${addrs.size}")
       r
@@ -405,10 +408,12 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
   def doReturn() = {
     Logger.debug(s"    eff : RETURN")
-    modify((s: InterpreterState) => {
+    modifyE((s: InterpreterState) => {
       s.callStack match {
-        case Nil     => s.copy(nextCmd = Stopped())
-        case h :: tl => s.copy(nextCmd = h, callStack = tl, memoryState = s.memoryState.popStackFrame())
+        case Nil     => Right(s.copy(nextCmd = Stopped()))
+        case h :: tl => for {
+          ms <- s.memoryState.popStackFrame()
+        } yield (s.copy(nextCmd = h, callStack = tl, memoryState = ms))
       }
     })
   }
@@ -418,29 +423,30 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
     State.modify((s: InterpreterState) => s.copy(memoryState = s.memoryState.defVar(v, scope, value)))
   }
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.modify((s: InterpreterState) => {
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = 
+    State.modifyE((s: InterpreterState) => {
     Logger.debug(s"    eff : STORE ${formatStore(vname, update)}")
-    s.copy(memoryState = s.memoryState.doStore(vname, update))
+    for {
+      ms <- s.memoryState.doStore(vname, update)
+    } yield(s.copy(memoryState = ms))
   })
 
   def interpretOne: State[InterpreterState, Unit, InterpreterError] = for {
     next <- getNext
-    _ <- try {
-      next match {
-        case Run(c: Statement) => InterpFuns.interpretStatement(this)(c)
-        case Run(c: Jump) => InterpFuns.interpretJump(this)(c)
-        case Stopped() => State.pure (()) 
-        case errorstop => State.pure (())
-      }
-    } catch {
-      case InterpreterError(e) => setNext(e)
-      case e: java.lang.IllegalArgumentException => setNext(Errored(e.getStackTrace.take(5).mkString("\n")))
-    }
+    _ <- (next match {
+          case Run(c: Statement) => InterpFuns.interpretStatement(this)(c)
+          case Run(c: Jump)      => InterpFuns.interpretJump(this)(c)
+          case Stopped()         => State.pure(())
+          case errorstop         => State.pure(())
+      }).flatMapE((e: InterpreterError) => setNext(e.continue))
+      // } catch {
+      //   case InterpreterError(e)                   => setNext(e)
+      //   case e: java.lang.IllegalArgumentException => setNext(Errored(e.getStackTrace.take(5).mkString("\n")))
+      // }
   } yield ()
 
 }
 
-
 // def interpretTrace(IRProgram: Program): TracingInterpreter = {
 //   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
 //   s
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index d81b12e93..5f78e6d76 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -1,6 +1,9 @@
 package util.functional
 
-case class State[S, +A, E](f: S => (S, Either[E, A])) {
+/*
+ * Flattened state monad with error. 
+ */
+case class State[S, A, E](f: S => (S, Either[E, A])) {
 
   def unit[A](a: A): State[S, A, E] = State(s => (s, Right(a)))
 
@@ -23,21 +26,39 @@ case class State[S, +A, E](f: S => (S, Either[E, A])) {
       }
     })
   }
+
+  def flatMapE(f: E => State[S, A, E]): State[S, A, E] = {
+    State(s => {
+      val (s2, a) = this.f(s)
+      a match {
+        case Left(l) => f(l).f(s2)
+        case Right(_) => (s2, a)
+      }
+    })
+  }
 }
 
 
 object State {
   def get[S, A, E](f: S => A) : State[S, A, E] = State(s => (s, Right(f(s))))
+  def getE[S, A, E](f: S => Either[E,A]) : State[S, A, E] = State(s => (s, f(s)))
   def getS[S,E] : State[S,S,E] = State((s:S) => (s,Right(s)))
   def putS[S,E](s: S) : State[S,Unit,E] = State((_) => (s,Right(())))
   def modify[S, E](f: S => S) : State[S, Unit, E] = State(s => (f(s), Right(())))
+  def modifyE[S, E](f: S => Either[E, S]) : State[S, Unit, E] = State(s => f(s) match {
+    case Right(ns) => (ns, Right(()))
+    case Left(e) => (s, Left(e))
+  })
   def execute[S, A, E](s: S, c: State[S,A, E]) : S = c.f(s)._1
   def evaluate[S, A, E](s: S, c: State[S,A, E])  : A = c.f(s)._2 match {
     case Right(r) => r
-    case Left(l) => throw Exception(s"Wrong $l")
+    case Left(l) => throw Exception(s"Evaluation error $l")
   }
 
+  def setError[S,A,E](e: E) : State[S,A,E] =  State(s => (s, Left(e)))
+
   def pure[S, A, E](a: A) : State[S, A, E] = State((s:S) => (s, Right(a)))
+  def pureE[S, A, E](a: Either[E, A]) : State[S, A, E] = State((s:S) => (s, a))
 
   def sequence[S, V, E](ident: State[S,V, E], xs: Iterable[State[S,V, E]]) : State[S, V, E] = {
     xs.foldRight(ident)((l,r) => for {

From 1a139d24819bd43952d9cf497c947c594ef8aa1f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 11:55:23 +1000
Subject: [PATCH 020/127] refactor call to a statement & add unreachable and
 return jumps

---
 src/main/scala/analysis/Cfg.scala             | 137 ++++++++++--------
 src/main/scala/analysis/IDEAnalysis.scala     |   4 +-
 .../analysis/InterLiveVarsAnalysis.scala      |   6 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 src/main/scala/analysis/VSA.scala             |  10 +-
 .../scala/analysis/solvers/IDESolver.scala    |  36 ++---
 src/main/scala/ir/IRCursor.scala              |  63 ++++----
 src/main/scala/ir/Interpreter.scala           |  99 +++++++------
 src/main/scala/ir/Program.scala               |  74 ++++------
 src/main/scala/ir/Statement.scala             |  42 +++---
 src/main/scala/ir/Visitor.scala               |  31 +---
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   9 +-
 src/main/scala/ir/dsl/DSL.scala               |  29 ++--
 .../scala/ir/transforms/ReplaceReturn.scala   |  52 +++++++
 src/main/scala/translating/BAPToIR.scala      |  21 +--
 src/main/scala/translating/GTIRBToIR.scala    |  54 ++++---
 src/main/scala/translating/ILtoIL.scala       |   4 +-
 src/main/scala/translating/IRToBoogie.scala   |  55 +++----
 src/main/scala/util/RunUtils.scala            |  98 +++++++------
 19 files changed, 441 insertions(+), 387 deletions(-)
 create mode 100644 src/main/scala/ir/transforms/ReplaceReturn.scala

diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala
index d508353c1..59d512cd2 100644
--- a/src/main/scala/analysis/Cfg.scala
+++ b/src/main/scala/analysis/Cfg.scala
@@ -174,7 +174,7 @@ class CfgStatementNode(
 /** CFG's representation of a jump. This is used as a general jump node, for both indirect and direct calls.
   */
 class CfgJumpNode(
-    val data: Jump,
+    val data: Jump | DirectCall | IndirectCall,
     val block: Block,
     val parent: CfgFunctionEntryNode
 ) extends CfgCommandNode:
@@ -486,6 +486,72 @@ class ProgramCfgFactory:
         cfg.addEdge(prevNode, firstNode)
         visitedBlocks += (block -> firstNode) // This is guaranteed to be entrance to block if we are here
 
+        val statements = List.from(stmts).map(s => s match {
+          case d: DirectCall => CfgJumpNode(d, block, funcEntryNode)
+          case d: IndirectCall => CfgJumpNode(d, block, funcEntryNode)
+          case o => CfgStatementNode(o, block, funcEntryNode)
+        })
+        val succs = if (statements.nonEmpty) then statements.zip(statements.tail ++ List(CfgJumpNode(statements.head.data.parent.jump, block, funcEntryNode))) else List()
+
+        for ((s,nexts) <- succs) {
+          s.data match {
+          case dCall: DirectCall =>
+
+            var precNode = prevNode
+
+            val targetProc: Procedure = dCall.target
+            funcEntryNode.callers.add(procToCfg(targetProc)._1)
+
+            val callNode = CfgJumpNode(dCall, block, funcEntryNode)
+
+            // Branch to this call
+            cfg.addEdge(precNode, callNode)
+
+            procToCalls(proc) += callNode
+            procToCallers(targetProc) += callNode
+            callToNodes(funcEntryNode) += callNode
+
+            // Record call association
+
+            // Jump to return location
+            val returnTarget = nexts
+                // Add intermediary return node (split call into call and return)
+            val callRet = CfgCallReturnNode()
+            cfg.addEdge(callNode, callRet)
+            cfg.addEdge(callRet, returnTarget)
+          case iCall: IndirectCall =>
+            Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
+            var precNode = prevNode
+
+            val jmpNode = CfgJumpNode(iCall, block, funcEntryNode)
+            // Branch to this call
+            cfg.addEdge(precNode, jmpNode)
+
+            // Record call association
+            procToCalls(proc) += jmpNode
+            callToNodes(funcEntryNode) += jmpNode
+
+            // R30 is the link register - this stores the address to return to.
+            //  For now just add a node expressing that we are to return to the previous context.
+            if (iCall.target == Register("R30", 64)) {
+              val returnNode = CfgProcedureReturnNode()
+              cfg.addEdge(jmpNode, returnNode)
+              cfg.addEdge(returnNode, funcExitNode)
+            }
+
+            val callRet = CfgCallReturnNode()
+            cfg.addEdge(jmpNode, callRet)
+            val returnTarget = nexts
+            cfg.addEdge(callRet, jmpNode)
+          case h: Halt =>  {
+            assert(false);
+            // not possible since s is only Statement.
+          }
+          case _ => ()
+          }
+        }
+
+
         if (stmts.size == 1) {
           return firstNode
         }
@@ -548,42 +614,10 @@ class ProgramCfgFactory:
                 visitBlock(targetBlock, precNode)
               }
             }
-          case dCall: DirectCall =>
-            val targetProc: Procedure = dCall.target
-            funcEntryNode.callers.add(procToCfg(targetProc)._1)
-
-            val callNode = CfgJumpNode(dCall, block, funcEntryNode)
-
-            // Branch to this call
-            cfg.addEdge(precNode, callNode)
-
-            procToCalls(proc) += callNode
-            procToCallers(targetProc) += callNode
-            callToNodes(funcEntryNode) += callNode
-
-            // Record call association
-
-            // Jump to return location
-            dCall.returnTarget match {
-              case Some(retBlock) =>
-                // Add intermediary return node (split call into call and return)
-                val callRet = CfgCallReturnNode()
-
-                cfg.addEdge(callNode, callRet)
-                if (visitedBlocks.contains(retBlock)) {
-                  val retBlockEntry: CfgCommandNode = visitedBlocks(retBlock)
-                  cfg.addEdge(callRet, retBlockEntry)
-                } else {
-                  visitBlock(retBlock, callRet)
-                }
-              case None =>
-                val noReturn = CfgCallNoReturnNode()
-                cfg.addEdge(callNode, noReturn)
-                cfg.addEdge(noReturn, funcExitNode)
-            }
-          case iCall: IndirectCall =>
-            Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
-
+          case h: Halt =>  {
+            cfg.addEdge(jmpNode, funcExitNode)
+          }
+          case r: Return => 
             // Branch to this call
             cfg.addEdge(precNode, jmpNode)
 
@@ -591,32 +625,9 @@ class ProgramCfgFactory:
             procToCalls(proc) += jmpNode
             callToNodes(funcEntryNode) += jmpNode
 
-            // R30 is the link register - this stores the address to return to.
-            //  For now just add a node expressing that we are to return to the previous context.
-            if (iCall.target == Register("R30", 64)) {
-              val returnNode = CfgProcedureReturnNode()
-              cfg.addEdge(jmpNode, returnNode)
-              cfg.addEdge(returnNode, funcExitNode)
-              return
-            }
-
-            // Jump to return location
-            iCall.returnTarget match {
-              case Some(retBlock) => // Add intermediary return node (split call into call and return)
-                val callRet = CfgCallReturnNode()
-                cfg.addEdge(jmpNode, callRet)
-
-                if (visitedBlocks.contains(retBlock)) {
-                  val retBlockEntry = visitedBlocks(retBlock)
-                  cfg.addEdge(callRet, retBlockEntry)
-                } else {
-                  visitBlock(retBlock, callRet)
-                }
-              case None =>
-                val noReturn = CfgCallNoReturnNode()
-                cfg.addEdge(jmpNode, noReturn)
-                cfg.addEdge(noReturn, funcExitNode)
-            }
+            val returnNode = CfgProcedureReturnNode()
+            cfg.addEdge(jmpNode, returnNode)
+            cfg.addEdge(returnNode, funcExitNode)
         } // `jmps.head` match
       } // `visitJumps` function
     } // `visitBlocks` function
diff --git a/src/main/scala/analysis/IDEAnalysis.scala b/src/main/scala/analysis/IDEAnalysis.scala
index 8f2a7001c..e77627717 100644
--- a/src/main/scala/analysis/IDEAnalysis.scala
+++ b/src/main/scala/analysis/IDEAnalysis.scala
@@ -55,6 +55,6 @@ trait IDEAnalysis[E, EE, C, R, D, T, L <: Lattice[T]] {
 }
 
 // IndirectCall in these is because they are returns so that can be further tightened in future
-trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, IndirectCall, DirectCall, GoTo, D, T, L]
+trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, IndirectCall, DirectCall, Command, D, T, L]
 
-trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[IndirectCall, Procedure, GoTo, DirectCall, D, T, L]
+trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[IndirectCall, Procedure, Command, DirectCall, D, T, L]
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index 93a34d076..b20edf478 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -19,7 +19,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
   val edgelattice: EdgeFunctionLattice[TwoElement, TwoElementLattice] = EdgeFunctionLattice(valuelattice)
   import edgelattice.{IdEdge, ConstEdge}
 
-  def edgesCallToEntry(call: GoTo, entry: IndirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToEntry(call: Command, entry: IndirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     Map(d -> IdEdge())
   }
 
@@ -27,7 +27,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
     Map(d -> IdEdge())
   }
 
-  def edgesCallToAfterCall(call: GoTo, aftercall: DirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToAfterCall(call: Command, aftercall: DirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     d match
       case Left(value) => Map() // maps all variables before the call to bottom
       case Right(_) => Map(d -> IdEdge())
@@ -70,7 +70,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
             expr.variables.foldLeft(Map[DL, EdgeFunction[TwoElement]](d -> IdEdge())) {
               (mp, expVar) => mp + (Left(expVar) -> ConstEdge(TwoElementTop))
             }
-      case IndirectCall(variable, _, _) =>
+      case IndirectCall(variable, _) =>
         d match
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index 1624dcdfb..f3f322321 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -15,7 +15,7 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case MemoryAssign(_, index, value, _, _, _) => s ++ index.variables ++ value.variables
       case Assume(expr, _, _, _) => s ++ expr.variables
       case Assert(expr, _, _) => s ++ expr.variables
-      case IndirectCall(variable, _, _) => s + variable
+      case IndirectCall(variable, _) => s + variable
       case c: DirectCall => s
       case g: GoTo => s
       case _ => ???
@@ -25,4 +25,4 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
 class IntraLiveVarsAnalysis(program: Program)
   extends LivenessAnalysis(program)
     with SimpleWorklistFixpointSolver[CFGPosition, Set[Variable], PowersetLattice[Variable]]
-    with IRIntraproceduralBackwardDependencies
\ No newline at end of file
+    with IRIntraproceduralBackwardDependencies
diff --git a/src/main/scala/analysis/VSA.scala b/src/main/scala/analysis/VSA.scala
index 03ef8ff60..f7d9a55e7 100644
--- a/src/main/scala/analysis/VSA.scala
+++ b/src/main/scala/analysis/VSA.scala
@@ -121,7 +121,7 @@ trait ValueSetAnalysis(program: Program,
                     m = m + (localAssign.lhs -> m(r))
                     m
               case None =>
-                Logger.warn("could not find region for " + localAssign)
+                Logger.debug("could not find region for " + localAssign)
                 m
           case e: Expr =>
             evaluateExpression(e, constantProp(n)) match {
@@ -129,7 +129,7 @@ trait ValueSetAnalysis(program: Program,
                 m = m + (localAssign.lhs -> Set(getValueType(bv)))
                 m
               case None =>
-                Logger.warn("could not evaluate expression" + e)
+                Logger.debug("could not evaluate expression" + e)
                 m
             }
       case memAssign: MemoryAssign =>
@@ -154,11 +154,11 @@ trait ValueSetAnalysis(program: Program,
                         m = m + (r -> m(v))
                         m
                       case _ =>
-                        Logger.warn(s"Too Complex: $storeValue") // do nothing
+                        Logger.debug(s"Too Complex: $storeValue") // do nothing
                         m
                     }
               case None =>
-                Logger.warn("could not find region for " + memAssign)
+                Logger.debug("could not find region for " + memAssign)
                 m
           case _ =>
             m
@@ -207,4 +207,4 @@ class ValueSetAnalysisSolver(
       case _ => super.funsub(n, x)
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index ef1d34b54..cef0f6eb2 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -1,7 +1,7 @@
 package analysis.solvers
 
 import analysis.{BackwardIDEAnalysis, Dependencies, EdgeFunction, EdgeFunctionLattice, ForwardIDEAnalysis, IDEAnalysis, IRInterproceduralBackwardDependencies, IRInterproceduralForwardDependencies, Lambda, Lattice, MapLattice}
-import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, InterProcIRCursor, Procedure, Program, end, isAfterCall}
+import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, InterProcIRCursor, Procedure, Program, end, isAfterCall, Halt, Statement, Jump}
 import util.Logger
 
 import scala.collection.immutable.Map
@@ -12,7 +12,7 @@ import scala.collection.mutable
  * Adapted from Tip
  * https://github.com/cs-au-dk/TIP/blob/master/src/tip/solvers/IDESolver.scala
  */
-abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C <: DirectCall | GoTo, R <: DirectCall | GoTo, D, T, L <: Lattice[T]](val program: Program, val startNode: CFGPosition)
+abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C <: Command, R <: Command, D, T, L <: Lattice[T]](val program: Program, val startNode: CFGPosition)
   extends IDEAnalysis[E, EE, C, R, D, T, L], Dependencies[CFGPosition] {
 
   protected def entryToExit(entry: E): EE
@@ -208,22 +208,25 @@ abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C
 
 
 abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[Procedure, IndirectCall, DirectCall, GoTo, D, T, L](program, program.mainProcedure),
+  extends IDESolver[Procedure, IndirectCall, DirectCall, Command, D, T, L](program, program.mainProcedure),
     ForwardIDEAnalysis[D, T, L], IRInterproceduralForwardDependencies {
 
   protected def entryToExit(entry: Procedure): IndirectCall = entry.end.asInstanceOf[IndirectCall]
 
   protected def exitToEntry(exit: IndirectCall): Procedure = IRWalk.procedure(exit)
 
-  protected def callToReturn(call: DirectCall): GoTo = call.parent.fallthrough.get
+  protected def callToReturn(call: DirectCall): Command = call.successor
 
-  protected def returnToCall(ret: GoTo): DirectCall = ret.parent.jump.asInstanceOf[DirectCall]
+  protected def returnToCall(ret: Command): DirectCall = ret match {
+    case ret: Statement => ret.parent.statements.getPrev(ret).asInstanceOf[DirectCall]
+    case r: Jump => ret.parent.statements.last.asInstanceOf[DirectCall]
+  }
 
   protected def getCallee(call: DirectCall): Procedure = call.target
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall if directCall.returnTarget.isDefined && directCall.target.returnBlock.isDefined => true
+      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Halt]) => true
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
@@ -232,33 +235,32 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
       case command: Command => IRWalk.procedure(command).end == command
       case _ => false
 
-  protected def getAfterCalls(exit: IndirectCall): Set[GoTo] =
-    InterProcIRCursor.succ(exit).foreach(s => assert(s.isInstanceOf[GoTo]))
-    InterProcIRCursor.succ(exit).filter(_.isInstanceOf[GoTo]).map(_.asInstanceOf[GoTo])
+  protected def getAfterCalls(exit: IndirectCall): Set[Command] =
+    InterProcIRCursor.succ(exit).filter(_.isInstanceOf[Command]).map(_.asInstanceOf[Command])
 
 }
 
 
 abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[IndirectCall, Procedure, GoTo, DirectCall, D, T, L](program, program.mainProcedure.end),
+  extends IDESolver[IndirectCall, Procedure, Command, DirectCall, D, T, L](program, program.mainProcedure.end),
     BackwardIDEAnalysis[D, T, L], IRInterproceduralBackwardDependencies {
 
   protected def entryToExit(entry: IndirectCall): Procedure = IRWalk.procedure(entry)
 
   protected def exitToEntry(exit: Procedure): IndirectCall = exit.end.asInstanceOf[IndirectCall]
 
-  protected def callToReturn(call: GoTo): DirectCall = call.parent.jump.asInstanceOf[DirectCall]
+  protected def callToReturn(call: Command): DirectCall = call match {
+    case ret: Statement => ret.parent.statements.getPrev(ret).asInstanceOf[DirectCall]
+    case r: Jump => r.parent.statements.last.asInstanceOf[DirectCall]
+  }
 
-  protected def returnToCall(ret: DirectCall): GoTo = ret.parent.fallthrough.get
+  protected def returnToCall(ret: DirectCall): Command = ret.successor
 
-  protected def getCallee(call: GoTo): IndirectCall = callToReturn(call).target.end.asInstanceOf[IndirectCall]
+  protected def getCallee(call: Command): IndirectCall = callToReturn(call: Command).target.end.asInstanceOf[IndirectCall]
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case goto: GoTo if goto.isAfterCall =>
-        goto.parent.jump match
-          case directCall: DirectCall => directCall.returnTarget.isDefined && directCall.target.returnBlock.isDefined
-          case _ => false
+      case directCall: DirectCall => (!directCall.successor.isInstanceOf[Halt])
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 08ed26681..4e9cb3948 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -52,11 +52,11 @@ object IRWalk:
     }
   }
 
-extension (p: Jump)
+extension (p: Command)
   def isAfterCall : Boolean = {
     p match {
-      case g: GoTo => g.parent.fallthrough.contains(g)
-      case _ => false
+      case g: Jump => g.parent.statements.lastOption.map(_.isInstanceOf[Call]).getOrElse(false)
+      case g: Statement => g.parent.statements.prevOption(g).map(_.isInstanceOf[Call]).getOrElse(false)
     }
   }
 
@@ -82,9 +82,10 @@ trait IntraProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
     pos match {
       case proc: Procedure => proc.entryBlock.toSet
       case b: Block        => Set(b.statements.headOption.getOrElse(b.jump))
-      case s: Statement    =>  Set(s.succ().getOrElse(s.parent.jump))
+      case s: Statement    =>  Set(s.successor)
       case n: GoTo         => n.targets.asInstanceOf[Set[CFGPosition]]
-      case c: Call         => c.parent.fallthrough.toSet
+      case h: Halt         => Set()
+      case h: Return       => Set()
     }
   }
 
@@ -143,43 +144,43 @@ trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
   IntraProcIRCursor.succ(pos) ++
     (pos match
       case c: DirectCall if c.target.blocks.nonEmpty  => Set(c.target)
-      case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().flatMap(_.parent.fallthrough.toSet).toSet
+      case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
       case _ =>  Set.empty)
   }
 
   final def pred(pos: CFGPosition): Set[CFGPosition] = {
     IntraProcIRCursor.pred(pos) ++
     (pos match
+      case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
       case c: Procedure       => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
-      case b: GoTo if b.isAfterCall => b.parent.jump match {
-        case DirectCall(t,_, _) if t.blocks.nonEmpty => t.returnBlock.toSet
-        case _ => Set(b)
-      }
       case _ => Set.empty)
   }
 }
 
-trait InterProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
-
-  final def succ(pos: CFGPosition): Set[Block] = {
-    IntraProcBlockIRCursor.succ(pos) ++
-    (pos match {
-      case s: DirectCall if s.target.blocks.nonEmpty  => s.target.entryBlock.toSet
-      case b: Block if b.isProcReturn => b.parent.incomingCalls().map(_.parent).toSet
-      case _               => Set.empty 
-    })
-  }
+// less meaningful with call statements 
+
+// trait InterProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
+// 
+//   final def succ(pos: CFGPosition): Set[Block] = {
+//     IntraProcBlockIRCursor.succ(pos) ++
+//     (pos match {
+//       case s: DirectCall if s.target.blocks.nonEmpty  => s.target.entryBlock.toSet
+//       case b: Block if b.isProcReturn => b.parent.incomingCalls().map(_.parent).toSet
+//       case _               => Set.empty 
+//     })
+//   }
+// 
+//   final def pred(pos: CFGPosition): Set[Block] = {
+//     IntraProcBlockIRCursor.pred(pos) ++
+//     (pos match {
+//       case b: Block if b.isAfterCall => b.incomingJumps.collect {_.parent.jump match 
+//           case d: DirectCall => d.target }.flatMap(_.returnBlock).toSet
+//       case b: Block if b.isProcEntry => b.parent.incomingCalls().map(_.parent).toSet
+//       case _ => Set.empty 
+//     })
+//   }
+// }
 
-  final def pred(pos: CFGPosition): Set[Block] = {
-    IntraProcBlockIRCursor.pred(pos) ++
-    (pos match {
-      case b: Block if b.isAfterCall => b.incomingJumps.collect {_.parent.jump match 
-          case d: DirectCall => d.target }.flatMap(_.returnBlock).toSet
-      case b: Block if b.isProcEntry => b.parent.incomingCalls().map(_.parent).toSet
-      case _ => Set.empty 
-    })
-  }
-}
 object InterProcIRCursor extends InterProcIRCursor
 
 trait CallGraph extends IRWalk[Procedure, Procedure] {
@@ -190,7 +191,7 @@ trait CallGraph extends IRWalk[Procedure, Procedure] {
 
 object CallGraph extends CallGraph
 
-object InterProcBlockIRCursor extends InterProcBlockIRCursor
+// object InterProcBlockIRCursor extends InterProcBlockIRCursor
 
 /** Computes the reachability transitive closure of the CFGPositions in initial under the successor relation defined by
   * walker.
diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/Interpreter.scala
index f5437015b..de470d5d9 100644
--- a/src/main/scala/ir/Interpreter.scala
+++ b/src/main/scala/ir/Interpreter.scala
@@ -11,8 +11,8 @@ class Interpreter() {
   private val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
   private val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
   private val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-  private var nextBlock: Option[Block] = None
-  private val returnBlock: mutable.Stack[Block] = mutable.Stack()
+  private var nextCmd: Option[Command] = None
+  private val returnCmd: mutable.Stack[Command] = mutable.Stack()
 
   def eval(exp: Expr, env: mutable.Map[Variable, BitVecLiteral]): BitVecLiteral = {
     exp match {
@@ -220,23 +220,15 @@ class Interpreter() {
 
     // Procedure.Block
     p.entryBlock match {
-      case Some(block) => nextBlock = Some(block)
-      case None        => nextBlock = Some(returnBlock.pop())
+      case Some(block) => nextCmd = Some(block.statements.headOption.getOrElse(block.jump))
+      case None        => nextCmd = Some(returnCmd.pop())
     }
   }
 
-  private def interpretBlock(b: Block): Unit = {
-    Logger.debug(s"Block:${b.label} ${b.address}")
-    // Block.Statement
-    for ((statement, index) <- b.statements.zipWithIndex) {
-      Logger.debug(s"statement[$index]:")
-      interpretStatement(statement)
-    }
-
-    // Block.Jump
+  private def interpretJump(j: Jump) : Unit = {
+    Logger.debug(s"jump:")
     breakable {
-      Logger.debug(s"jump:")
-      b.jump match {
+      j match {
         case gt: GoTo =>
           Logger.debug(s"$gt")
           for (g <- gt.targets) {
@@ -244,40 +236,28 @@ class Interpreter() {
             condition match {
               case Some(e) => evalBool(e, regs) match {
                 case TrueLiteral =>
-                  nextBlock = Some(g)
+                  nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
                   break
                 case _ =>
               }
               case None =>
-                nextBlock = Some(g)
+                nextCmd = Some(g.statements.headOption.getOrElse(g.jump))
                 break
             }
           }
-        case dc: DirectCall =>
-          Logger.debug(s"$dc")
-          if (dc.returnTarget.isDefined) {
-            returnBlock.push(dc.returnTarget.get)
-          }
-          interpretProcedure(dc.target)
-          break
-        case ic: IndirectCall =>
-          Logger.debug(s"$ic")
-          if (ic.target == Register("R30", 64) && ic.returnTarget.isEmpty) {
-            if (returnBlock.nonEmpty) {
-              nextBlock = Some(returnBlock.pop())
-            } else {
-              //Exit Interpreter
-              nextBlock = None
-            }
-            break
-          } else {
-            ???
-          }
+        case r: Return => {
+          nextCmd = Some(returnCmd.pop())
+        }
+        case h: Halt => {
+          Logger.debug("Halt")
+          nextCmd = None
+        }
       }
     }
   }
 
   private def interpretStatement(s: Statement): Unit = {
+    Logger.debug(s"statement[$s]:")
     s match {
       case assign: Assign =>
         Logger.debug(s"LocalAssign ${assign.lhs} = ${assign.rhs}")
@@ -300,14 +280,42 @@ class Interpreter() {
           case BitVecLiteral(value, size) =>
             Logger.debug(s"MemoryAssign ${assign.mem} := 0x${value.toString(16)}[u$size]\n")
         }
-      case _ : NOP =>
+      case _ : NOP => ()
       case assert: Assert =>
-        Logger.debug(assert)
         // TODO
-
+        Logger.debug(assert)
+        evalBool(assert.body, regs) match {
+          case TrueLiteral => ()
+          case FalseLiteral => throw Exception(s"Assertion failed ${assert}")
+        }
       case assume: Assume =>
-        Logger.debug(assume)
         // TODO, but already taken into effect if it is a branch condition
+        Logger.debug(assume)
+        evalBool(assume.body, regs) match {
+          case TrueLiteral => ()
+          case FalseLiteral => {
+            nextCmd = None
+            Logger.debug(s"Assumption not satisfied: $assume")
+          }
+        }
+      case dc: DirectCall =>
+        Logger.debug(s"$dc")
+        returnCmd.push(dc.successor)
+        interpretProcedure(dc.target)
+        break
+      case ic: IndirectCall =>
+        Logger.debug(s"$ic")
+        if (ic.target == Register("R30", 64)) {
+          if (returnCmd.nonEmpty) {
+            nextCmd = Some(returnCmd.pop())
+          } else {
+            //Exit Interpreter
+            nextCmd = None
+          }
+          break
+        } else {
+          ???
+        }
     }
   }
 
@@ -334,10 +342,13 @@ class Interpreter() {
 
     // Program.Procedure
     interpretProcedure(IRProgram.mainProcedure)
-    while (nextBlock.isDefined) {
-      interpretBlock(nextBlock.get)
+    while (nextCmd.isDefined) {
+      nextCmd.get match  {
+        case c: Statement => interpretStatement(c) 
+        case c: Jump => interpretJump(c)
+      }
     }
 
     regs
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 9c87e3d6a..c2d479cca 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -141,7 +141,7 @@ class Program(var procedures: ArrayBuffer[Procedure],
 
       stack.pushAll(n match {
         case p: Procedure => p.blocks
-        case b: Block => Seq() ++ b.statements ++ Seq(b.jump) ++ b.fallthrough.toSet
+        case b: Block => Seq() ++ b.statements ++ Seq(b.jump)
         case s: Command => Seq()
       })
       n
@@ -291,30 +291,28 @@ class Procedure private (
     block
   }
 
-  /**
-   * Remove blocks with the semantics of replacing them with a noop. The incoming jumps to this are replaced
-   * with a jump(s) to this blocks jump target(s). If this block ends in a call then only its statements are removed.
-   * @param blocks the block/blocks to remove
-   */
-  def removeBlocksInline(blocks: Iterable[Block]): Unit = {
-    for (elem <- blocks) {
-      elem.jump match {
-        case g: GoTo =>
-          // rewrite all the jumps to include our jump targets
-          elem.incomingJumps.foreach(_.removeTarget(elem))
-          elem.incomingJumps.foreach(_.addAllTargets(g.targets))
-          removeBlocks(elem)
-        case c: Call =>
-          // just remove statements, keep call
-          elem.statements.clear()
-      }
-    }
-  }
-
-
-  def removeBlocksInline(blocks: Block*): Unit = {
-    removeBlocksInline(blocks.toSeq)
-  }
+// unused
+//   /**
+//    * Remove blocks with the semantics of replacing them with a noop. The incoming jumps to this are replaced
+//    * with a jump(s) to this blocks jump target(s). If this block ends in a call then only its statements are removed.
+//    * @param blocks the block/blocks to remove
+//    */
+//   def removeBlocksInline(blocks: Iterable[Block]): Unit = {
+//     for (elem <- blocks) {
+//       elem.jump match {
+//         case g: GoTo =>
+//           // rewrite all the jumps to include our jump targets
+//           elem.incomingJumps.foreach(_.removeTarget(elem))
+//           elem.incomingJumps.foreach(_.addAllTargets(g.targets))
+//           removeBlocks(elem)
+//       }
+//     }
+//   }
+// 
+// 
+//   def removeBlocksInline(blocks: Block*): Unit = {
+//     removeBlocksInline(blocks.toSeq)
+//   }
 
   /**
    * Remove block(s) and all jumps that target it
@@ -382,7 +380,6 @@ class Block private (
  val statements: IntrusiveList[Statement],
  private var _jump: Jump,
  private val _incomingJumps: mutable.HashSet[GoTo],
- var _fallthrough: Option[GoTo],
 ) extends HasParent[Procedure] {
   _jump.setParent(this)
   statements.foreach(_.setParent(this))
@@ -391,23 +388,11 @@ class Block private (
   statements.onRemove = x => x.deParent()
 
   def this(label: String, address: Option[Int] = None, statements: IterableOnce[Statement] = Set.empty, jump: Jump = GoTo(Set.empty)) = {
-    this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty, None)
+    this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty)
   }
 
   def jump: Jump = _jump
 
-  def fallthrough: Option[GoTo] = _fallthrough
-
-  def fallthrough_=(g: Option[GoTo]): Unit = {
-    /*
-     * Fallthrough is only set if Jump is a call, this is maintained maintained at the 
-     * linkParent implementation on FallThrough of Call.
-     */
-    _fallthrough.foreach(_.deParent())
-    g.foreach(x => x.parent = this)
-    _fallthrough = g
-  }
-
   private def jump_=(j: Jump): Unit = {
     require(!j.hasParent)
     if (j ne _jump) {
@@ -436,7 +421,9 @@ class Block private (
     assert(!incomingJumps.contains(g))
   }
 
-  def calls: Set[Procedure] = _jump.calls
+  def calls: Set[Procedure] = statements.toSet.collect {
+    case d: DirectCall => d.target
+  }
 
   def modifies: Set[Global] = statements.flatMap(_.modifies).toSet
   //def locals: Set[Variable] = statements.flatMap(_.locals).toSet ++ jumps.flatMap(_.locals).toSet
@@ -456,10 +443,7 @@ class Block private (
   def nextBlocks: Iterable[Block] = {
     jump match {
       case c: GoTo => c.targets
-      case c: Call => fallthrough match {
-        case Some(x) => x.targets
-        case _ => Seq()
-      }
+      case _ => Seq()
     }
   }
 
@@ -506,7 +490,7 @@ class Block private (
 
 object Block {
   def procedureReturn(from: Procedure): Block = {
-    Block(from.name + "_basil_return", None, List(), IndirectCall(Register("R30", 64)))
+    Block(from.name + "_basil_return", None, List(), Return())
   }
 }
 
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 8d89a9726..74aaa18b5 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -23,6 +23,9 @@ sealed trait Statement extends Command, IntrusiveListElement[Statement] {
   def acceptVisit(visitor: Visitor): Statement = throw new Exception(
     "visitor " + visitor + " unimplemented for: " + this
   )
+
+  def successor: Command = parent.statements.nextOption(this).getOrElse(parent.jump)
+
 }
 
 // invariant: rhs contains at most one MemoryLoad
@@ -76,10 +79,18 @@ object Assume:
 sealed trait Jump extends Command {
   def modifies: Set[Global] = Set()
   //def locals: Set[Variable] = Set()
-  def calls: Set[Procedure] = Set()
   def acceptVisit(visitor: Visitor): Jump = throw new Exception("visitor " + visitor + " unimplemented for: " + this)
 }
 
+class Halt(override val label: Option[String] = None) extends Jump {
+  override def acceptVisit(visitor: Visitor): Jump = this
+}
+
+class Return(override val label: Option[String] = None) extends Jump {
+  override def acceptVisit(visitor: Visitor): Jump = this
+}
+
+
 class GoTo private (private val _targets: mutable.LinkedHashSet[Block], override val label: Option[String]) extends Jump {
 
   def this(targets: Iterable[Block], label: Option[String] = None) = this(mutable.LinkedHashSet.from(targets), label)
@@ -125,30 +136,18 @@ object GoTo:
   def unapply(g: GoTo): Option[(Set[Block], Option[String])] = Some(g.targets, g.label)
 
 
-sealed trait Call extends Jump {
-  val returnTarget: Option[Block]
-
-  // moving a call between blocks
-  override def linkParent(p: Block): Unit = {
-    returnTarget.foreach(t => parent.fallthrough = Some(GoTo(Set(t))))
-  }
-
-  override def unlinkParent(): Unit = {
-    parent.fallthrough = None
-  }
-}
+sealed trait Call extends Statement
 
 class DirectCall(val target: Procedure,
-                 override val returnTarget: Option[Block] = None,
                  override val label: Option[String] = None
                 ) extends Call {
   /* override def locals: Set[Variable] = condition match {
     case Some(c) => c.locals
     case None => Set()
   } */
-  override def calls: Set[Procedure] = Set(target)
-  override def toString: String = s"${labelStr}DirectCall(${target.name}, ${returnTarget.map(_.label)})"
-  override def acceptVisit(visitor: Visitor): Jump = visitor.visitDirectCall(this)
+  def calls: Set[Procedure] = Set(target)
+  override def toString: String = s"${labelStr}DirectCall(${target.name})"
+  override def acceptVisit(visitor: Visitor): Statement = visitor.visitDirectCall(this)
 
   override def linkParent(p: Block): Unit = {
     super.linkParent(p)
@@ -163,19 +162,18 @@ class DirectCall(val target: Procedure,
 }
 
 object DirectCall:
-  def unapply(i: DirectCall): Option[(Procedure, Option[Block], Option[String])] = Some(i.target, i.returnTarget, i.label)
+  def unapply(i: DirectCall): Option[(Procedure, Option[String])] = Some(i.target, i.label)
 
 class IndirectCall(var target: Variable,
-                   override val returnTarget: Option[Block] = None,
                    override val label: Option[String] = None
                   ) extends Call {
   /* override def locals: Set[Variable] = condition match {
     case Some(c) => c.locals + target
     case None => Set(target)
   } */
-  override def toString: String = s"${labelStr}IndirectCall($target, ${returnTarget.map(_.label)})"
-  override def acceptVisit(visitor: Visitor): Jump = visitor.visitIndirectCall(this)
+  override def toString: String = s"${labelStr}IndirectCall($target)"
+  override def acceptVisit(visitor: Visitor): Statement = visitor.visitIndirectCall(this)
 }
 
 object IndirectCall:
-  def unapply(i: IndirectCall): Option[(Variable, Option[Block], Option[String])] = Some(i.target, i.returnTarget, i.label)
\ No newline at end of file
+  def unapply(i: IndirectCall): Option[(Variable, Option[String])] = Some(i.target, i.label)
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index b9fd91b3e..1cc9c1b40 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -39,11 +39,11 @@ abstract class Visitor {
     node
   }
 
-  def visitDirectCall(node: DirectCall): Jump = {
+  def visitDirectCall(node: DirectCall): Statement = {
     node
   }
 
-  def visitIndirectCall(node: IndirectCall): Jump = {
+  def visitIndirectCall(node: IndirectCall): Statement = {
     node.target = visitVariable(node.target)
     node
   }
@@ -199,11 +199,11 @@ abstract class ReadOnlyVisitor extends Visitor {
     node
   }
 
-  override def visitDirectCall(node: DirectCall): Jump = {
+  override def visitDirectCall(node: DirectCall): Statement = {
     node
   }
 
-  override def visitIndirectCall(node: IndirectCall): Jump = {
+  override def visitIndirectCall(node: IndirectCall): Statement = {
     visitVariable(node.target)
     node
   }
@@ -281,14 +281,12 @@ abstract class IntraproceduralControlFlowVisitor extends Visitor {
     node
   }
 
-  override def visitDirectCall(node: DirectCall): Jump = {
-    node.returnTarget.foreach(visitBlock)
+  override def visitDirectCall(node: DirectCall): Statement = {
     node
   }
 
-  override def visitIndirectCall(node: IndirectCall): Jump = {
+  override def visitIndirectCall(node: IndirectCall): Statement = {
     node.target = visitVariable(node.target)
-    node.returnTarget.foreach(visitBlock)
     node
   }
 }
@@ -431,20 +429,3 @@ class VariablesWithoutStoresLoads extends ReadOnlyVisitor {
   }
 
 }
-
-class ConvertToSingleProcedureReturn extends Visitor {
-  override def visitJump(node: Jump): Jump = {
-    node match
-      case c: IndirectCall =>
-        val returnBlock = node.parent.parent.returnBlock match {
-          case Some(b) => b
-          case None =>
-            val b = Block.procedureReturn(node.parent.parent)
-            node.parent.parent.returnBlock = b
-            b
-        }
-        // if we are return outside the return block then replace with a goto to the return block
-        if c.target.name == "R30" && c.returnTarget.isEmpty && !c.parent.isProcReturn then GoTo(Seq(returnBlock)) else node
-      case _ => node
-  }
-}
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index a405d4fa1..5583b12da 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -95,6 +95,11 @@ class CILVisitorImpl(val v: CILVisitor) {
 
   def visit_stmt(s: Statement): List[Statement] = {
     def continue(n: Statement) = n match {
+      case d: DirectCall => d
+      case i: IndirectCall => {
+        i.target = visit_var(i.target)
+        i
+      }
       case m: MemoryAssign => {
         m.mem = visit_mem(m.mem)
         m.index = visit_expr(m.index)
@@ -131,7 +136,6 @@ class CILVisitorImpl(val v: CILVisitor) {
         }
       })
       b.replaceJump(visit_jump(b.jump))
-      b.fallthrough = visit_fallthrough(b.fallthrough)
       b
     }
 
@@ -153,7 +157,7 @@ class CILVisitorImpl(val v: CILVisitor) {
     doVisitList(v, v.vproc(p), p, continue)
   }
 
-  def visit_proc(p: Program): Program = {
+  def visit_prog(p: Program): Program = {
     def continue(p: Program) = {
       p.procedures = p.procedures.flatMap(visit_proc)
       p
@@ -164,6 +168,7 @@ class CILVisitorImpl(val v: CILVisitor) {
 
 def visit_block(v: CILVisitor, b: Block): Block = CILVisitorImpl(v).visit_block(b)
 def visit_proc(v: CILVisitor, b: Procedure): List[Procedure] = CILVisitorImpl(v).visit_proc(b)
+def visit_prog(v: CILVisitor, b: Program): Program = CILVisitorImpl(v).visit_prog(b)
 def visit_stmt(v: CILVisitor, e: Statement): List[Statement] = CILVisitorImpl(v).visit_stmt(e)
 def visit_jump(v: CILVisitor, e: Jump): Jump = CILVisitorImpl(v).visit_jump(e)
 def visit_expr(v: CILVisitor, e: Expr): Expr = CILVisitorImpl(v).visit_expr(e)
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 7fdd8bdaa..3c55e2dfc 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -35,24 +35,31 @@ case class DelayNameResolve(ident: String) {
   }
 }
 
+trait EventuallyStatement {
+  def resolve(p: Program): Statement
+}
+
+case class ResolvableStatement(s: Statement) extends EventuallyStatement {
+  override def resolve(p: Program) = s
+}
+
 trait EventuallyJump {
   def resolve(p: Program): Jump
 }
 
-case class EventuallyIndirectCall(target: Variable, fallthrough: Option[DelayNameResolve]) extends EventuallyJump {
+case class EventuallyIndirectCall(target: Variable, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
   override def resolve(p: Program): IndirectCall = {
-    IndirectCall(target, fallthrough.flatMap(_.resolveBlock(p)))
+    IndirectCall(target)
   }
 }
 
-case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNameResolve]) extends EventuallyJump {
+case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
   override def resolve(p: Program): DirectCall = {
     val t = target.resolveProc(p) match {
       case Some(x) => x
       case None => throw Exception("can't resolve proc " + p)
     }
-    val ft = fallthrough.flatMap(_.resolveBlock(p))
-    DirectCall(t, ft)
+    DirectCall(t)
   }
 }
 
@@ -79,18 +86,20 @@ def indirectCall(tgt: Variable, fallthrough: Option[String]): EventuallyIndirect
 // def directcall(tgt: String) = EventuallyCall(DelayNameResolve(tgt), None)
 
 
-case class EventuallyBlock(label: String, sl: Seq[Statement], j: EventuallyJump) {
-  val tempBlock: Block = Block(label, None, sl, GoTo(List.empty))
+case class EventuallyBlock(label: String, sl: Seq[EventuallyStatement], j: EventuallyJump) {
+  val tempBlock: Block = Block(label, None, List(), GoTo(List.empty))
 
   def resolve(prog: Program): Block = {
+    tempBlock.statements.addAll(sl.map(_.resolve(prog)))
     tempBlock.replaceJump(j.resolve(prog))
     tempBlock
   }
 }
 
-def block(label: String, sl: (Statement | EventuallyJump)*): EventuallyBlock = {
-  val statements = sl.collect {
-    case s: Statement => s
+def block(label: String, sl: (Statement | EventuallyStatement | EventuallyJump)*): EventuallyBlock = {
+  val statements : Seq[EventuallyStatement] = sl.collect {
+    case s: Statement => ResolvableStatement(s)
+    case o: EventuallyStatement => o
   }
   val jump = sl.collectFirst {
     case j: EventuallyJump => j
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
new file mode 100644
index 000000000..61b276833
--- /dev/null
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -0,0 +1,52 @@
+package ir.transforms
+
+import util.Logger
+import ir.cilvisitor._
+import ir._
+
+
+class ReplaceReturns extends CILVisitor {
+  /**
+   * Assumes IR with 1 call per block which appears as the last statement.
+   */
+  override def vstmt(j: Statement): VisitAction[List[Statement]] = {
+    j match {
+      case IndirectCall(Register("R30", _), _) => {
+        assert(j.parent.statements.lastOption.contains(j))
+        if (j.parent.jump.isInstanceOf[Halt | Return]) {
+          j.parent.replaceJump(Return())
+          ChangeTo(List())
+        } else {
+          SkipChildren()
+        }
+      }
+      case _ => SkipChildren()
+    }
+  }
+
+  override def vjump(j: Jump) = SkipChildren()
+}
+
+
+def addReturnBlocks(p: Program) = {
+  p.procedures.foreach(p => {
+    val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
+    if (containsReturn) {
+      p.returnBlock = p.addBlocks(Block(label=p.name + "_return",jump=Return()))
+    }
+  })
+}
+
+
+class ConvertSingleReturn extends CILVisitor {
+  /**
+   * Assumes procedures have defined return blocks if they contain a return statement.
+   */
+  override def vjump(j: Jump) = j match {
+    case r: Return if !(j.parent.parent.returnBlock.contains(j.parent)) => ChangeTo(GoTo(Seq(j.parent.parent.returnBlock.get)))
+    case _ => SkipChildren()
+  }
+
+  override def vstmt(s: Statement) = SkipChildren()
+}
+
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index 85ed82f21..90ba61335 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -48,8 +48,9 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
         for (st <- b.statements) {
           block.statements.append(translate(st))
         }
-        val (jump, newBlocks) = translate(b.jumps, block)
+        val (call, jump, newBlocks) = translate(b.jumps, block)
         procedure.addBlocks(newBlocks)
+        call.foreach(c => block.statements.append(c))
         block.replaceJump(jump)
         assert(jump.hasParent)
       }
@@ -85,7 +86,7 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
     * Translates a list of jumps from BAP into a single Jump at the IR level by moving any conditions on jumps to
     * Assume statements in new blocks
     * */
-  private def translate(jumps: List[BAPJump], block: Block): (Jump, ArrayBuffer[Block]) = {
+  private def translate(jumps: List[BAPJump], block: Block): (Option[Call], Jump, ArrayBuffer[Block]) = {
     if (jumps.size > 1) {
       val targets = ArrayBuffer[Block]()
       val conditions = ArrayBuffer[BAPExpr]()
@@ -130,26 +131,28 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
           case _ => throw Exception("translation error, call where not expected: " + jumps.mkString(", "))
         }
       }
-      (GoTo(targets, Some(line)), newBlocks)
+      (None, GoTo(targets, Some(line)), newBlocks)
     } else {
       jumps.head match {
         case b: BAPDirectCall =>
-          val call = DirectCall(nameToProcedure(b.target), b.returnTarget.map(t => labelToBlock(t)), Some(b.line))
-          (call, ArrayBuffer())
+          val call = Some(DirectCall(nameToProcedure(b.target),Some(b.line)))
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          (call, ft, ArrayBuffer())
         case b: BAPIndirectCall =>
-          val call = IndirectCall(b.target.toIR, b.returnTarget.map(t => labelToBlock(t)), Some(b.line))
-          (call, ArrayBuffer())
+          val call = IndirectCall(b.target.toIR, Some(b.line))
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          (Some(call), ft, ArrayBuffer())
         case b: BAPGoTo =>
           val target = labelToBlock(b.target)
           b.condition match {
             // condition is true
             case l: BAPLiteral if l.value > BigInt(0) =>
-              (GoTo(ArrayBuffer(target), Some(b.line)), ArrayBuffer())
+              (None, GoTo(ArrayBuffer(target), Some(b.line)), ArrayBuffer())
             // non-true condition
             case _ =>
               val condition = convertConditionBool(b.condition, false)
               val newBlock = newBlockCondition(block, target, condition)
-              (GoTo(ArrayBuffer(newBlock), Some(b.line)), ArrayBuffer(newBlock))
+              (None, GoTo(ArrayBuffer(newBlock), Some(b.line)), ArrayBuffer(newBlock))
           }
       }
     }
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index 37f6360ae..eb8281599 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -182,12 +182,13 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
             throw Exception(s"block ${block.label} in subroutine ${procedure.name} has no outgoing edges")
           }
 
-          val jump = if (outgoingEdges.size == 1) {
+          val (calls, jump) = if (outgoingEdges.size == 1) {
             val edge = outgoingEdges.head
             handleSingleEdge(block, edge, procedure, procedures)
           } else {
             handleMultipleEdges(block, outgoingEdges, procedure)
           }
+          calls.foreach(c => block.statements.append(c))
           block.replaceJump(jump)
 
           if (block.statements.nonEmpty) {
@@ -363,8 +364,6 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // need to copy jump as it can't have multiple parents
       val jumpCopy = currentBlock.jump match {
         case GoTo(targets, label) => GoTo(targets, label)
-        case IndirectCall(target, returnTarget, label) => IndirectCall(target, returnTarget, label)
-        case DirectCall(target, returnTarget, label) => DirectCall(target, returnTarget, label)
         case _ => throw Exception("this shouldn't be reachable")
       }
       trueBlock.replaceJump(currentBlock.jump)
@@ -377,7 +376,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
   }
 
   // Handles the case where a block has one outgoing edge using gtirb cfg labelling
-  private def handleSingleEdge(block: Block, edge: Edge, procedure: Procedure, procedures: ArrayBuffer[Procedure]): Jump = {
+  private def handleSingleEdge(block: Block, edge: Edge, procedure: Procedure, procedures: ArrayBuffer[Procedure]): (Option[Call], Jump) = {
     edge.getLabel match {
       case EdgeLabel(false, false, Type_Branch, _) =>
         // indirect jump, possibly to external subroutine, possibly to another block in procedure
@@ -391,7 +390,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               case _ => throw Exception(s"no assignment to program counter found before indirect call in block ${block.label}")
             }
             block.statements.remove(block.statements.last) // remove _PC assignment
-            IndirectCall(target, None)
+            (Some(IndirectCall(target)), Halt())
           } else if (proxySymbols.size > 1) {
             // TODO requires further consideration once encountered
             throw Exception(s"multiple uuidToSymbol ${proxySymbols.map(_.name).mkString(", ")} associated with proxy block ${byteStringToString(edge.targetUuid)}, target of indirect call from block ${block.label}")
@@ -407,14 +406,14 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               proc
             }
             removePCAssign(block)
-            DirectCall(target, None)
+            (Some(DirectCall(target)), Halt())
           }
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           // resolved indirect jump
           // TODO consider possibility this can go to another procedure?
           val target = uuidToBlock(edge.targetUuid)
           removePCAssign(block)
-          GoTo(mutable.Set(target))
+          (None, GoTo(mutable.Set(target)))
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known block or proxy block")
         }
@@ -425,23 +424,23 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           // direct jump to start of own subroutine is treated as GoTo, not DirectCall
           // should probably investigate recursive cases to determine if this happens/is correct
           val jump = if (procedure == targetProc) {
-            GoTo(mutable.Set(uuidToBlock(edge.targetUuid)))
+            (None, GoTo(mutable.Set(uuidToBlock(edge.targetUuid))))
           } else {
-            DirectCall(targetProc, None)
+            (Some(DirectCall(targetProc)), Halt())
           }
           removePCAssign(block)
           jump
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           val target = uuidToBlock(edge.targetUuid)
           removePCAssign(block)
-          GoTo(mutable.Set(target))
+          (None, GoTo(mutable.Set(target)))
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known block")
         }
       case EdgeLabel(false, _, Type_Return, _) =>
         // return statement, value of 'direct' is just whether DDisasm has resolved the return target
         removePCAssign(block)
-        IndirectCall(Register("R30", 64), None)
+        (Some(IndirectCall(Register("R30", 64), None)), Halt())
       case EdgeLabel(false, true, Type_Fallthrough, _) =>
         // end of block that doesn't end in a control flow instruction and falls through to next
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
@@ -449,10 +448,10 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           // probably doesn't actually happen in practice since it seems to be after brk instructions?
           val targetProc = entranceUUIDtoProcedure(edge.targetUuid)
           // assuming fallthrough won't fall through to start of own procedure
-          DirectCall(targetProc, None)
+          (Some(DirectCall(targetProc)), Halt())
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           val target = uuidToBlock(edge.targetUuid)
-          GoTo(mutable.Set(target))
+          (None, GoTo(mutable.Set(target)))
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known block")
         }
@@ -462,7 +461,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
           val target = entranceUUIDtoProcedure(edge.targetUuid)
           removePCAssign(block)
-          DirectCall(target, None)
+          (Some(DirectCall(target)), Halt())
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known procedure entrance")
         }
@@ -473,14 +472,13 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
     }
   }
 
-  def handleMultipleEdges(block: Block, outgoingEdges: mutable.Set[Edge], procedure: Procedure): Jump = {
+  def handleMultipleEdges(block: Block, outgoingEdges: mutable.Set[Edge], procedure: Procedure): (Option[Call], Jump) = {
     val edgeLabels = outgoingEdges.map(_.getLabel)
 
     if (edgeLabels.forall { (e: EdgeLabel) => !e.conditional && e.direct && e.`type` == Type_Return }) {
       // multiple resolved returns, translate as single return
       removePCAssign(block)
-      IndirectCall(Register("R30", 64), None)
-
+      (None, Return())
     } else if (edgeLabels.forall { (e: EdgeLabel) => !e.conditional && !e.direct && e.`type` == Type_Branch }) {
       // resolved indirect call with multiple blocks as targets
       val targets = mutable.Set[Block]()
@@ -495,7 +493,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       }
       // TODO add assertion that target register is low
       removePCAssign(block)
-      GoTo(targets)
+      (None, GoTo(targets))
       // TODO possibility not yet encountered: resolved indirect call that goes to multiple procedures?
 
     } else if (outgoingEdges.size == 2) {
@@ -519,9 +517,9 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           handleIndirectCallWithReturn(edge1, edge0, block)
         // conditional branch
         case (EdgeLabel(true, true, Type_Fallthrough, _), EdgeLabel(true, true, Type_Branch, _)) =>
-          handleConditionalBranch(edge0, edge1, block, procedure)
+          (None, handleConditionalBranch(edge0, edge1, block, procedure))
         case (EdgeLabel(true, true, Type_Branch, _), EdgeLabel(true, true, Type_Fallthrough, _)) =>
-          handleConditionalBranch(edge1, edge0, block, procedure)
+          (None, handleConditionalBranch(edge1, edge0, block, procedure))
         case _ =>
           throw Exception(s"cannot resolve outgoing edges from block ${block.label}")
       }
@@ -542,7 +540,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       if (fallthroughs.size != 1 || indirectCallTargets.isEmpty) {
         throw Exception(s"cannot resolve outgoing edges from block ${block.label}")
       }
-      handleIndirectCallMultipleResolvedTargets(fallthroughs.head, indirectCallTargets, block, procedure)
+      (None, handleIndirectCallMultipleResolvedTargets(fallthroughs.head, indirectCallTargets, block, procedure))
     } else {
       throw Exception(s"cannot resolve outgoing edges from block ${block.label}")
     }
@@ -564,18 +562,18 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       }
 
       val target = entranceUUIDtoProcedure(call.targetUuid)
-      val resolvedCall = DirectCall(target, Some(returnTarget))
+      val resolvedCall = DirectCall(target)
 
       val assume = Assume(BinaryExpr(BVEQ, targetRegister, BitVecLiteral(target.address.get, 64)))
       val label = block.label + "$" + target.name
-      newBlocks.append(Block(label, None, ArrayBuffer(assume), resolvedCall))
+      newBlocks.append(Block(label, None, ArrayBuffer(assume, resolvedCall), GoTo(returnTarget)))
     }
     removePCAssign(block)
     procedure.addBlocks(newBlocks)
     GoTo(newBlocks)
   }
 
-  private def handleIndirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): Call = {
+  private def handleIndirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): (Option[Call], GoTo) = {
     if (!uuidToBlock.contains(fallthrough.targetUuid)) {
       throw Exception(s"block ${block.label} has fallthrough edge to ${byteStringToString(fallthrough.targetUuid)} that does not point to a known block")
     }
@@ -586,16 +584,16 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       val target = getPCTarget(block)
       removePCAssign(block)
 
-      IndirectCall(target, Some(returnTarget))
+      (Some(IndirectCall(target)), GoTo(Set(returnTarget)))
     } else {
       // resolved indirect call
       val target = entranceUUIDtoProcedure(call.targetUuid)
       removePCAssign(block)
-      DirectCall(target, Some(returnTarget))
+      (Some(DirectCall(target)), GoTo(Set(returnTarget)))
     }
   }
 
-  private def handleDirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): DirectCall = {
+  private def handleDirectCallWithReturn(fallthrough: Edge, call: Edge, block: Block): (Option[Call], GoTo) = {
     if (!entranceUUIDtoProcedure.contains(call.targetUuid)) {
       throw Exception(s"block ${block.label} has direct call edge to ${byteStringToString(call.targetUuid)} that does not point to a known procedure")
     }
@@ -607,7 +605,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
     val target = entranceUUIDtoProcedure(call.targetUuid)
     val returnTarget = uuidToBlock(fallthrough.targetUuid)
     removePCAssign(block)
-    DirectCall(target, Some(returnTarget))
+    (Some(DirectCall(target)), GoTo(Set(returnTarget)))
   }
 
   private def handleConditionalBranch(fallthrough: Edge, branch: Edge, block: Block, procedure: Procedure): GoTo = {
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index b34100704..99b64bc6e 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -74,7 +74,7 @@ private class ILSerialiser extends ReadOnlyVisitor {
   }
 
 
-  override def visitDirectCall(node: DirectCall): Jump = {
+  override def visitDirectCall(node: DirectCall): Statement = {
     program ++= "DirectCall("
     program ++= procedureIdentifier(node.target)
     program ++= ", "
@@ -82,7 +82,7 @@ private class ILSerialiser extends ReadOnlyVisitor {
     node
   }
 
-  override def visitIndirectCall(node: IndirectCall): Jump = {
+  override def visitIndirectCall(node: IndirectCall): Statement = {
     program ++= "IndirectCall("
     visitVariable(node.target)
     program ++= ", "
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 928517515..18c69a95f 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -632,39 +632,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       }
     )
   }
-
   def translate(j: Jump): List[BCmd] = j match {
-    case d: DirectCall =>
-      val call = BProcedureCall(d.target.name)
-      val returnTarget = d.returnTarget match {
-        case Some(r) => GoToCmd(Seq(r.label))
-        case None => BAssume(FalseBLiteral, Some("no return target"))
-      }
-
-      (config.procedureRely match {
-        case Some(ProcRelyVersion.Function) =>
-          if (libRelies.contains(d.target.name) && libGuarantees.contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) {
-            val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem))
-            val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1))
-            val libRGAssert = libRelies(d.target.name).map(r => BAssert(r.resolveSpecInv))
-            List(invCall1, invCall2) ++ libRGAssert
-          } else {
-            List()
-          }
-        case Some(ProcRelyVersion.IfCommandContradiction) => relyfun(d.target.name).toList
-        case None => List()
-      }) ++ List(call, returnTarget)
-    case i: IndirectCall =>
-      // TODO put this elsewhere
-      if (i.target.name == "R30") {
-        List(ReturnCmd)
-      } else {
-        val unresolved: List[BCmd] = List(Comment(s"UNRESOLVED: call ${i.target.name}"), BAssert(FalseBLiteral))
-        i.returnTarget match {
-          case Some(r) => unresolved :+ GoToCmd(Seq(r.label))
-          case None    => unresolved ++ List(Comment("no return target"), BAssume(FalseBLiteral))
-        }
-      }
     case g: GoTo =>
       // collects all targets of the goto with a branch condition that we need to check the security level for
       // and collects the variables for that
@@ -681,9 +649,32 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       }
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
+    case r: Return => List(ReturnCmd)
+    case r: Halt => List(BAssert(FalseBLiteral))
+  }
+
+  def translate(j: Call): List[BCmd] = j match {
+    case d: DirectCall =>
+      val call = BProcedureCall(d.target.name)
+
+      (config.procedureRely match {
+        case Some(ProcRelyVersion.Function) =>
+          if (libRelies.contains(d.target.name) && libGuarantees.contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) {
+            val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem))
+            val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1))
+            val libRGAssert = libRelies(d.target.name).map(r => BAssert(r.resolveSpecInv))
+            List(invCall1, invCall2) ++ libRGAssert
+          } else {
+            List()
+          }
+        case Some(ProcRelyVersion.IfCommandContradiction) => relyfun(d.target.name).toList
+        case None => List()
+      }) ++ List(call)
+    case i: IndirectCall => List(Comment(s"UNRESOLVED: call ${i.target.name}"), BAssert(FalseBLiteral))
   }
 
   def translate(s: Statement): List[BCmd] = s match {
+    case d: Call => translate(d)
     case m: NOP => List.empty
     case m: MemoryAssign =>
       val lhs = m.mem.toBoogie
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index d7dba1c42..cbc5cee37 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -29,6 +29,7 @@ import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
 import util.intrusive_list.IntrusiveList
 import analysis.CfgCommandNode
+import cilvisitor._
 
 import scala.annotation.tailrec
 import scala.collection.mutable
@@ -198,11 +199,13 @@ object IRTransform {
     }
     val externalRemover = ExternalRemover(externalNamesLibRemoved.toSet)
     val renamer = Renamer(boogieReserved)
-    val returnUnifier = ConvertToSingleProcedureReturn()
+
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
+    transforms.addReturnBlocks(ctx.program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
 
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
-    returnUnifier.visitProgram(ctx.program)
     ctx
   }
 
@@ -275,8 +278,8 @@ object IRTransform {
                   modified = true
 
                   // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-                  val newCall = DirectCall(targets.head, indirectCall.returnTarget, indirectCall.label)
-                  block.replaceJump(newCall)
+                  val newCall = DirectCall(targets.head, indirectCall.label)
+                  block.statements.replace(indirectCall, newCall) 
                 } else if (targets.size > 1) {
                   modified = true
                   val procedure = c.parent.data
@@ -284,10 +287,14 @@ object IRTransform {
                   for (t <- targets) {
                     val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
                     val newLabel: String = block.label + t.name
-                    val directCall = DirectCall(t, indirectCall.returnTarget)
+                    val directCall = DirectCall(t)
                     directCall.parent = indirectCall.parent
 
-                    newBlocks.append(Block(newLabel, None, ArrayBuffer(assume), directCall))
+                    // assume indircall is the last statement in block
+                    assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+                    val fallthrough = indirectCall.parent.jump
+
+                    newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
                   }
                   procedure.addBlocks(newBlocks)
                   val newCall = GoTo(newBlocks, indirectCall.label)
@@ -430,8 +437,8 @@ object IRTransform {
               modified = true
 
               // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-              val newCall = DirectCall(targets.head, indirectCall.returnTarget, indirectCall.label)
-              block.replaceJump(newCall)
+              val newCall = DirectCall(targets.head, indirectCall.label)
+              block.statements.replace(indirectCall, newCall)
             } else if (targets.size > 1) {
               modified = true
               val procedure = c.parent.data
@@ -449,17 +456,20 @@ object IRTransform {
                 addressExprs ::= addressExpr
                 val assume = Assume(addressExpr)
                 val newLabel: String = block.label + t.name
-                val directCall = DirectCall(t, indirectCall.returnTarget)
+                val directCall = DirectCall(t)
                 directCall.parent = indirectCall.parent
-                newBlocks.append(Block(newLabel, None, ArrayBuffer(assume), directCall))
+
+                assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+                val fallthrough = indirectCall.parent.jump
+                newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
               }
               procedure.addBlocks(newBlocks)
               val newCall = GoTo(newBlocks, indirectCall.label)
               val addressExprOr = addressExprs.tail.foldLeft(addressExprs.head) {
                 (a: BinaryExpr, b: BinaryExpr) => BinaryExpr(BoolOR, a, b)
               }
-              val assert = Assert(addressExprOr, Some("check indirect call underapproximation"))
-              block.statements.append(assert)
+              val assertion = Assert(addressExprOr, Some("check indirect call underapproximation"))
+              block.statements.append(assertion)
               block.replaceJump(newCall)
             }
           case _ =>
@@ -501,42 +511,40 @@ object IRTransform {
                   ): Unit = {
     
     // iterate over all commands - if call is to pthread_create, look up?
-    for (p <- program.procedures) {
-      for (b <- p.blocks) {
-        b.jump match {
-          case d: DirectCall if d.target.name == "pthread_create" =>
-
-            // R2 should hold the function pointer of the function that begins the thread
-            // look up R2 value using points to results
-            val R2 = Register("R2", 64)
-            val b = reachingDefs(d)
-            val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
-            val threadTargets = pointsTo(R2Wrapper)
-
-            if (threadTargets.size > 1) {
-              // currently can't handle case where the thread created is ambiguous
-              throw Exception("can't handle thread creation with more than one possible target")
-            }
+    program.foreach(c =>
+      c match {
+        case d: DirectCall if d.target.name == "pthread_create" =>
+
+          // R2 should hold the function pointer of the function that begins the thread
+          // look up R2 value using points to results
+          val R2 = Register("R2", 64)
+          val b = reachingDefs(d)
+          val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
+          val threadTargets = pointsTo(R2Wrapper)
+
+          if (threadTargets.size > 1) {
+            // currently can't handle case where the thread created is ambiguous
+            throw Exception("can't handle thread creation with more than one possible target")
+          }
 
-            if (threadTargets.size == 1) {
+          if (threadTargets.size == 1) {
 
-              // not trying to untangle the very messy region resolution at present, just dealing with simplest case
-              threadTargets.head match {
-                case data: DataRegion =>
-                  val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
-                    case Some(proc) => proc
-                    case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
-                  }
-                  val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
-                  program.threads.addOne(thread)
-                case _ =>
-                  throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
-              }
+            // not trying to untangle the very messy region resolution at present, just dealing with simplest case
+            threadTargets.head match {
+              case data: DataRegion =>
+                val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
+                  case Some(proc) => proc
+                  case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
+                }
+                val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
+                program.threads.addOne(thread)
+              case _ =>
+                throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
             }
-          case _ =>
-        }
-      }
-    }
+          }
+        case _ =>
+      })
+  
 
     if (program.threads.nonEmpty) {
       val mainThread = ProgramThread(program.mainProcedure, mutable.LinkedHashSet(program.mainProcedure), None)

From 7e9453693a339a9a928a61b1349a27feecdf741f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 11:56:49 +1000
Subject: [PATCH 021/127] move transforms out of RunUtils.scala

---
 src/main/scala/analysis/Cfg.scala             |   4 +-
 src/main/scala/analysis/IDEAnalysis.scala     |   6 +-
 .../analysis/InterLiveVarsAnalysis.scala      |  10 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 src/main/scala/analysis/VSA.scala             |   2 +-
 .../scala/analysis/solvers/IDESolver.scala    |  40 +-
 src/main/scala/ir/IRCursor.scala              | 171 ++++-----
 src/main/scala/ir/Program.scala               |  38 +-
 src/main/scala/ir/Statement.scala             |   8 +-
 src/main/scala/ir/dsl/DSL.scala               |  39 +-
 .../ir/invariant/EarlyCallStatement.scala     |  15 +
 .../transforms/IndirectCallResolution.scala   | 295 +++++++++++++++
 .../scala/ir/transforms/ReplaceReturn.scala   |  10 +-
 .../scala/ir/transforms/SplitThreads.scala    |  84 +++++
 src/main/scala/translating/GTIRBToIR.scala    |   4 +-
 src/main/scala/translating/IRToBoogie.scala   |   2 +-
 src/main/scala/util/RunUtils.scala            | 356 +-----------------
 src/test/scala/IndirectCallsTests.scala       |  87 +++--
 src/test/scala/LiveVarsAnalysisTests.scala    | 129 ++++---
 src/test/scala/PointsToTest.scala             |  24 +-
 src/test/scala/ir/IRTest.scala                |  90 ++---
 src/test/scala/ir/SingleCallInvariant.scala   |  83 ++++
 22 files changed, 829 insertions(+), 672 deletions(-)
 create mode 100644 src/main/scala/ir/invariant/EarlyCallStatement.scala
 create mode 100644 src/main/scala/ir/transforms/IndirectCallResolution.scala
 create mode 100644 src/main/scala/ir/transforms/SplitThreads.scala
 create mode 100644 src/test/scala/ir/SingleCallInvariant.scala

diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala
index 59d512cd2..8807f2d2a 100644
--- a/src/main/scala/analysis/Cfg.scala
+++ b/src/main/scala/analysis/Cfg.scala
@@ -502,7 +502,7 @@ class ProgramCfgFactory:
             val targetProc: Procedure = dCall.target
             funcEntryNode.callers.add(procToCfg(targetProc)._1)
 
-            val callNode = CfgJumpNode(dCall, block, funcEntryNode)
+            val callNode : CfgJumpNode = s.asInstanceOf[CfgJumpNode]
 
             // Branch to this call
             cfg.addEdge(precNode, callNode)
@@ -523,7 +523,7 @@ class ProgramCfgFactory:
             Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
             var precNode = prevNode
 
-            val jmpNode = CfgJumpNode(iCall, block, funcEntryNode)
+            val jmpNode = s.asInstanceOf[CfgJumpNode]
             // Branch to this call
             cfg.addEdge(precNode, jmpNode)
 
diff --git a/src/main/scala/analysis/IDEAnalysis.scala b/src/main/scala/analysis/IDEAnalysis.scala
index e77627717..c7ce74559 100644
--- a/src/main/scala/analysis/IDEAnalysis.scala
+++ b/src/main/scala/analysis/IDEAnalysis.scala
@@ -1,6 +1,6 @@
 package analysis
 
-import ir.{CFGPosition, Command, DirectCall, GoTo, IndirectCall, Procedure, Program}
+import ir.{CFGPosition, Command, DirectCall, GoTo, Return, IndirectCall, Procedure, Program}
 
 final case class Lambda()
 
@@ -55,6 +55,6 @@ trait IDEAnalysis[E, EE, C, R, D, T, L <: Lattice[T]] {
 }
 
 // IndirectCall in these is because they are returns so that can be further tightened in future
-trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, IndirectCall, DirectCall, Command, D, T, L]
+trait ForwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Procedure, Return, DirectCall, Command, D, T, L]
 
-trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[IndirectCall, Procedure, Command, DirectCall, D, T, L]
+trait BackwardIDEAnalysis[D, T, L <: Lattice[T]] extends IDEAnalysis[Return, Procedure, Command, DirectCall, D, T, L]
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index b20edf478..7a93266e8 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.BackwardIDESolver
-import ir.{Assert, Assume, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Procedure, Program, Variable, toShortString}
+import ir.{Assert, Assume, Block, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Halt, Return, Procedure, Program, Variable, toShortString}
 
 /**
  * Micro-transfer-functions for LiveVar analysis
@@ -19,7 +19,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
   val edgelattice: EdgeFunctionLattice[TwoElement, TwoElementLattice] = EdgeFunctionLattice(valuelattice)
   import edgelattice.{IdEdge, ConstEdge}
 
-  def edgesCallToEntry(call: Command, entry: IndirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToEntry(call: Command, entry: Return)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     Map(d -> IdEdge())
   }
 
@@ -74,7 +74,11 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
         d match
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
-      case _ => Map(d -> IdEdge())
+      case r: Return => Map(d -> IdEdge())
+      case h: Halt => Map(d -> IdEdge())
+      case c: DirectCall => Map(d -> IdEdge())
+      case c: Block => Map(d -> IdEdge())
+      case c: GoTo => Map(d -> IdEdge())
 
   }
 }
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index f3f322321..75fa1dbb0 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.SimpleWorklistFixpointSolver
-import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable}
+import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable, Return, Halt}
 
 abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
   val lattice: MapLattice[CFGPosition, Set[Variable], PowersetLattice[Variable]] = MapLattice(PowersetLattice())
@@ -18,6 +18,8 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case IndirectCall(variable, _) => s + variable
       case c: DirectCall => s
       case g: GoTo => s
+      case r: Return => s
+      case r: Halt => s
       case _ => ???
     }
   }
diff --git a/src/main/scala/analysis/VSA.scala b/src/main/scala/analysis/VSA.scala
index f7d9a55e7..734f9bf11 100644
--- a/src/main/scala/analysis/VSA.scala
+++ b/src/main/scala/analysis/VSA.scala
@@ -172,7 +172,7 @@ trait ValueSetAnalysis(program: Program,
     if (IRWalk.procedure(n) == n) {
       mmm.pushContext(n.asInstanceOf[Procedure].name)
       s
-    } else if (IRWalk.procedure(n).end == n) {
+    } else if (IRWalk.lastInProc(IRWalk.procedure(n)) == n) {
       mmm.popContext()
       s
     } else n match
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index cef0f6eb2..231c87521 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -1,7 +1,7 @@
 package analysis.solvers
 
 import analysis.{BackwardIDEAnalysis, Dependencies, EdgeFunction, EdgeFunctionLattice, ForwardIDEAnalysis, IDEAnalysis, IRInterproceduralBackwardDependencies, IRInterproceduralForwardDependencies, Lambda, Lattice, MapLattice}
-import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, InterProcIRCursor, Procedure, Program, end, isAfterCall, Halt, Statement, Jump}
+import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, Return, InterProcIRCursor, Procedure, Program, isAfterCall, Halt, Statement, Jump}
 import util.Logger
 
 import scala.collection.immutable.Map
@@ -208,10 +208,10 @@ abstract class IDESolver[E <: Procedure | Command, EE <: Procedure | Command, C
 
 
 abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[Procedure, IndirectCall, DirectCall, Command, D, T, L](program, program.mainProcedure),
+  extends IDESolver[Procedure, Return, DirectCall, Command, D, T, L](program, program.mainProcedure),
     ForwardIDEAnalysis[D, T, L], IRInterproceduralForwardDependencies {
 
-  protected def entryToExit(entry: Procedure): IndirectCall = entry.end.asInstanceOf[IndirectCall]
+  protected def entryToExit(entry: Procedure): Return = IRWalk.lastInProc(entry).asInstanceOf[Return]
 
   protected def exitToEntry(exit: IndirectCall): Procedure = IRWalk.procedure(exit)
 
@@ -222,7 +222,10 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
     case r: Jump => ret.parent.statements.last.asInstanceOf[DirectCall]
   }
 
-  protected def getCallee(call: DirectCall): Procedure = call.target
+  protected def getCallee(call: DirectCall): Procedure = {
+    require(isCall(call))
+    call.target
+  }
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
@@ -232,41 +235,46 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
       // only looking at functions with statements
-      case command: Command => IRWalk.procedure(command).end == command
+      case command: Command => IRWalk.lastInProc(IRWalk.procedure(command)) == command
       case _ => false
 
   protected def getAfterCalls(exit: IndirectCall): Set[Command] =
     InterProcIRCursor.succ(exit).filter(_.isInstanceOf[Command]).map(_.asInstanceOf[Command])
-
 }
 
 
 abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[IndirectCall, Procedure, Command, DirectCall, D, T, L](program, program.mainProcedure.end),
+  extends IDESolver[Return, Procedure, Command, DirectCall, D, T, L](program, IRWalk.lastInProc(program.mainProcedure)),
     BackwardIDEAnalysis[D, T, L], IRInterproceduralBackwardDependencies {
 
-  protected def entryToExit(entry: IndirectCall): Procedure = IRWalk.procedure(entry)
+  protected def entryToExit(entry: Return): Procedure = IRWalk.procedure(entry)
 
-  protected def exitToEntry(exit: Procedure): IndirectCall = exit.end.asInstanceOf[IndirectCall]
+  protected def exitToEntry(exit: Procedure): Return = exit.returnBlock.get.jump.asInstanceOf[Return]
 
-  protected def callToReturn(call: Command): DirectCall = call match {
-    case ret: Statement => ret.parent.statements.getPrev(ret).asInstanceOf[DirectCall]
-    case r: Jump => r.parent.statements.last.asInstanceOf[DirectCall]
+  protected def callToReturn(call: Command): DirectCall =  {
+    IRWalk.prevCommandInBlock(call) match {
+      case Some(x : DirectCall) => x
+      case p => throw Exception(s"Not a return/aftercall node $call  .... prev = $p")
+    }
   }
 
   protected def returnToCall(ret: DirectCall): Command = ret.successor
 
-  protected def getCallee(call: Command): IndirectCall = callToReturn(call: Command).target.end.asInstanceOf[IndirectCall]
+  protected def getCallee(call: Command): Return = {
+    require(isCall(call))
+    val procCalled = callToReturn(call).target
+    procCalled.returnBlock.getOrElse(throw Exception(s"No return node for procedure ${procCalled}")).jump.asInstanceOf[Return]
+  }
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall => (!directCall.successor.isInstanceOf[Halt])
+      case c : Command => isAfterCall(c) && IRWalk.prevCommandInBlock(c).map(_.isInstanceOf[DirectCall]).getOrElse(false)
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
-      case procedure: Procedure => procedure.blocks.nonEmpty
+      case procedure: Procedure => true
       case _ => false
 
-  protected def getAfterCalls(exit: Procedure): Set[DirectCall] = InterProcIRCursor.pred(exit).filter(_.isInstanceOf[DirectCall]).map(_.asInstanceOf[DirectCall])
+  protected def getAfterCalls(exit: Procedure): Set[DirectCall] = exit.incomingCalls().toSet
 }
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 4e9cb3948..52c585aaf 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -14,12 +14,19 @@ import scala.annotation.tailrec
  */
 type CFGPosition = Procedure | Block | Command
 
+def isAfterCall(c: Command) = {
+  (IRWalk.prevCommandInBlock(c)) match {
+    case Some(c: Call) => true
+    case _             => false
+  }
+}
+
 extension (p: CFGPosition)
   def toShortString: String =
     p match
       case procedure: Procedure => procedure.toString
-      case block: Block => s"Block ${block.label}"
-      case command: Command => command.toString
+      case block: Block         => s"Block ${block.label}"
+      case command: Command     => command.toString
 
 // todo: we could just use the dependencies trait directly instead to avoid the instantiation issue
 trait IRWalk[IN <: CFGPosition, NT <: CFGPosition & IN] {
@@ -28,75 +35,79 @@ trait IRWalk[IN <: CFGPosition, NT <: CFGPosition & IN] {
 }
 
 object IRWalk:
-  def procedure(pos: CFGPosition) : Procedure = {
+
+  def prevCommandInBlock(c: Command): Option[Command] = c match {
+    case s: Statement => c.parent.statements.prevOption(s)
+    case j: Jump      => c.parent.statements.lastOption
+  }
+
+  def nextCommandInBlock(c: Command): Option[Command] = c match {
+    case s: Statement => Some(s.successor)
+    case j: Jump      => None
+  }
+
+  def procedure(pos: CFGPosition): Procedure = {
     pos match {
       case p: Procedure => p
-      case b: Block => b.parent
-      case c: Command => c.parent.parent
+      case b: Block     => b.parent
+      case c: Command   => c.parent.parent
     }
   }
 
-  def blockBegin(pos: CFGPosition) : Option[Block] = {
+  def blockBegin(pos: CFGPosition): Option[Block] = {
     pos match {
       case p: Procedure => p.entryBlock
-      case b: Block => Some(b)
-      case c: Command => Some(c.parent)
+      case b: Block     => Some(b)
+      case c: Command   => Some(c.parent)
     }
   }
 
-  def commandBegin(pos: CFGPosition) : Option[Command] = {
+  def commandBegin(pos: CFGPosition): Option[Command] = {
     pos match {
       case p: Procedure => p.entryBlock.map(b => b.statements.headOption.getOrElse(b.jump))
-      case b: Block => Some(b.statements.headOption.getOrElse(b.jump))
-      case c: Command => Some(c)
-    }
-  }
-
-extension (p: Command)
-  def isAfterCall : Boolean = {
-    p match {
-      case g: Jump => g.parent.statements.lastOption.map(_.isInstanceOf[Call]).getOrElse(false)
-      case g: Statement => g.parent.statements.prevOption(g).map(_.isInstanceOf[Call]).getOrElse(false)
+      case b: Block     => Some(b.statements.headOption.getOrElse(b.jump))
+      case c: Command   => Some(c)
     }
   }
 
-extension (p: Block) 
-  def isProcEntry : Boolean =  p.parent.entryBlock.contains(p)
-  def isProcReturn : Boolean = p.parent.returnBlock.contains(p)
-  // TODO: this method doesn't require aftercall blocks only have 1 incoming jump 
-  def isAfterCall : Boolean = p.incomingJumps.nonEmpty && p.incomingJumps.forall(_.isAfterCall)
+  def lastInBlock(p: Block): Command = p.jump
+  def firstInBlock(p: Block): Command = p.statements.headOption.getOrElse(p.jump)
 
-  def begin: CFGPosition = p
-  def end: CFGPosition = p.jump
+  def firstInProc(p: Procedure): Command = firstInBlock(p.entryBlock.get)
+  def lastInProc(p: Procedure): Command = lastInBlock(p.returnBlock.get)
 
-extension (p: Procedure)
-  def begin: CFGPosition = p
-  def end: CFGPosition = p.returnBlock.map(_.end).getOrElse(p)
+// extension (p: Block)
+//   def isProcEntry: Boolean = p.parent.entryBlock.contains(p)
+//   def isProcReturn: Boolean = p.parent.returnBlock.contains(p)
+// 
+//   def begin: CFGPosition = p
+//   def end: CFGPosition = p.jump
+// 
+// extension (p: Procedure)
+//   def begin: CFGPosition = p
+//   def end: CFGPosition = p.returnBlock.map(_.end).getOrElse(p)
 
-/**
- * Does not include edges between procedures.
- */
+/** Does not include edges between procedures.
+  */
 trait IntraProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
 
   def succ(pos: CFGPosition): Set[CFGPosition] = {
     pos match {
       case proc: Procedure => proc.entryBlock.toSet
-      case b: Block        => Set(b.statements.headOption.getOrElse(b.jump))
-      case s: Statement    =>  Set(s.successor)
+      case b: Block        => b.statements.headOption.orElse(Some(b.jump)).toSet
       case n: GoTo         => n.targets.asInstanceOf[Set[CFGPosition]]
       case h: Halt         => Set()
       case h: Return       => Set()
+      case c: Statement    => IRWalk.nextCommandInBlock(c).toSet
     }
   }
 
   def pred(pos: CFGPosition): Set[CFGPosition] = {
     pos match {
-      case s: Statement => Set(s.pred().getOrElse(s.parent))
-      case j: GoTo if j.isAfterCall  => Set(j.parent.jump)
-      case j: Jump => Set(j.parent.statements.lastOption.getOrElse(j.parent))
-      case b: Block if b.isProcEntry => Set(b.parent)
-      case b: Block => b.incomingJumps.asInstanceOf[Set[CFGPosition]]
-      case proc: Procedure => Set() // intraproc
+      case c: Command                => Set(IRWalk.prevCommandInBlock(c).getOrElse(c.parent))
+      case b: Block if b.isEntry     => Set(b.parent)
+      case b: Block                  => b.incomingJumps.asInstanceOf[Set[CFGPosition]]
+      case proc: Procedure           => Set() // intraproc
     }
   }
 }
@@ -117,70 +128,44 @@ trait IntraProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
   @tailrec
   final def pred(pos: CFGPosition): Set[Block] = {
     pos match {
-      case b: Block if b.isProcEntry => Set.empty
-      case b: Block  => b.incomingJumps.map(_.parent).toSet
-      case j: Command   => pred(j.parent)
-      case s: Procedure => Set.empty
+      case b: Block if b.isEntry     => Set.empty
+      case b: Block                  => b.incomingJumps.map(_.parent).toSet
+      case j: Command                => pred(j.parent)
+      case s: Procedure              => Set.empty
     }
   }
 }
 object IntraProcBlockIRCursor extends IntraProcBlockIRCursor
 
-/**
- * Includes all intraproc edges as well as edges between procedures.
- *
- * forwards:
- * Direct call -> target
- * return indirect Call -> the procedure return block for all possible direct-call sites
- *
- * backwards:
- * Procedure -> all possible direct-call sites
- * Call-return block -> return Call of the procedure called
- *
- */
+/** Includes all intraproc edges as well as edges between procedures.
+  *
+  * forwards: Direct call -> target return indirect Call -> the procedure return block for all possible direct-call
+  * sites
+  *
+  * backwards: Procedure -> all possible direct-call sites Call-return block -> return Call of the procedure called
+  */
 trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
 
   final def succ(pos: CFGPosition): Set[CFGPosition] = {
-  IntraProcIRCursor.succ(pos) ++
-    (pos match
-      case c: DirectCall if c.target.blocks.nonEmpty  => Set(c.target)
-      case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
-      case _ =>  Set.empty)
+    IntraProcIRCursor.succ(pos) ++
+      (pos match
+        case c: DirectCall if c.target.blocks.nonEmpty => Set(c.target)
+        // case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
+        case c: Return => c.parent.parent.incomingCalls().map(_.successor).toSet
+        case _         => Set.empty
+      )
   }
 
   final def pred(pos: CFGPosition): Set[CFGPosition] = {
     IntraProcIRCursor.pred(pos) ++
-    (pos match
-      case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
-      case c: Procedure       => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
-      case _ => Set.empty)
+      (pos match
+        case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
+        case c: Procedure                              => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
+        case _                                         => Set.empty
+      )
   }
 }
 
-// less meaningful with call statements 
-
-// trait InterProcBlockIRCursor extends IRWalk[CFGPosition, Block] {
-// 
-//   final def succ(pos: CFGPosition): Set[Block] = {
-//     IntraProcBlockIRCursor.succ(pos) ++
-//     (pos match {
-//       case s: DirectCall if s.target.blocks.nonEmpty  => s.target.entryBlock.toSet
-//       case b: Block if b.isProcReturn => b.parent.incomingCalls().map(_.parent).toSet
-//       case _               => Set.empty 
-//     })
-//   }
-// 
-//   final def pred(pos: CFGPosition): Set[Block] = {
-//     IntraProcBlockIRCursor.pred(pos) ++
-//     (pos match {
-//       case b: Block if b.isAfterCall => b.incomingJumps.collect {_.parent.jump match 
-//           case d: DirectCall => d.target }.flatMap(_.returnBlock).toSet
-//       case b: Block if b.isProcEntry => b.parent.incomingCalls().map(_.parent).toSet
-//       case _ => Set.empty 
-//     })
-//   }
-// }
-
 object InterProcIRCursor extends InterProcIRCursor
 
 trait CallGraph extends IRWalk[Procedure, Procedure] {
@@ -316,17 +301,17 @@ def toDot[T <: CFGPosition](
 
   def getArrow(s: CFGPosition, n: CFGPosition) = {
     if (IRWalk.procedure(n) eq IRWalk.procedure(s)) {
-      DotRegularArrow(dotNodes(s),dotNodes(n))
+      DotRegularArrow(dotNodes(s), dotNodes(n))
     } else {
-      DotInterArrow(dotNodes(s),dotNodes(n))
+      DotInterArrow(dotNodes(s), dotNodes(n))
     }
   }
 
   for (node <- domain) {
     node match {
       case s =>
-        iterator.succ(s).foreach(n => dotArrows.addOne(getArrow(s,n)))
- //       iterator.pred(s).foreach(n => dotArrows.addOne(getArrow(s,n)))
+        iterator.succ(s).foreach(n => dotArrows.addOne(getArrow(s, n)))
+      //       iterator.pred(s).foreach(n => dotArrows.addOne(getArrow(s,n)))
     }
   }
 
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index c2d479cca..5911be3a8 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -5,6 +5,7 @@ import scala.collection.{IterableOnceExtensionMethods, View, immutable, mutable}
 import boogie.*
 import analysis.BitVectorEval
 import util.intrusive_list.*
+import translating.serialiseIL
 
 class Program(var procedures: ArrayBuffer[Procedure],
               var mainProcedure: Procedure,
@@ -13,6 +14,10 @@ class Program(var procedures: ArrayBuffer[Procedure],
 
   val threads: ArrayBuffer[ProgramThread] = ArrayBuffer()
 
+  override def toString(): String = {
+    serialiseIL(this)
+  }
+
   // This shouldn't be run before indirect calls are resolved
   def stripUnreachableFunctions(depth: Int = Int.MaxValue): Unit = {
     val procedureCalleeNames = procedures.map(f => f.name -> f.calls.map(_.name)).toMap
@@ -141,7 +146,7 @@ class Program(var procedures: ArrayBuffer[Procedure],
 
       stack.pushAll(n match {
         case p: Procedure => p.blocks
-        case b: Block => Seq() ++ b.statements ++ Seq(b.jump)
+        case b: Block => Seq() ++ b.statements.toSeq ++ Seq(b.jump)
         case s: Command => Seq()
       })
       n
@@ -211,7 +216,7 @@ class Procedure private (
 
   def returnBlock_=(value: Block): Unit = {
     if (!returnBlock.contains(value)) {
-      removeBlocks(_returnBlock)
+      _returnBlock.foreach(removeBlocks(_))
       _returnBlock = Some(addBlocks(value))
     }
   }
@@ -220,7 +225,7 @@ class Procedure private (
 
   def entryBlock_=(value: Block): Unit = {
     if (!entryBlock.contains(value)) {
-      removeBlocks(_entryBlock)
+      _entryBlock.foreach(removeBlocks(_))
       _entryBlock = Some(addBlocks(value))
     }
   }
@@ -230,9 +235,6 @@ class Procedure private (
     if (!_blocks.contains(block)) {
       block.parent = this
       _blocks.add(block)
-      if (entryBlock.isEmpty) {
-        entryBlock = block
-      }
     }
     block
   }
@@ -291,28 +293,6 @@ class Procedure private (
     block
   }
 
-// unused
-//   /**
-//    * Remove blocks with the semantics of replacing them with a noop. The incoming jumps to this are replaced
-//    * with a jump(s) to this blocks jump target(s). If this block ends in a call then only its statements are removed.
-//    * @param blocks the block/blocks to remove
-//    */
-//   def removeBlocksInline(blocks: Iterable[Block]): Unit = {
-//     for (elem <- blocks) {
-//       elem.jump match {
-//         case g: GoTo =>
-//           // rewrite all the jumps to include our jump targets
-//           elem.incomingJumps.foreach(_.removeTarget(elem))
-//           elem.incomingJumps.foreach(_.addAllTargets(g.targets))
-//           removeBlocks(elem)
-//       }
-//     }
-//   }
-// 
-// 
-//   def removeBlocksInline(blocks: Block*): Unit = {
-//     removeBlocksInline(blocks.toSeq)
-//   }
 
   /**
    * Remove block(s) and all jumps that target it
@@ -391,6 +371,8 @@ class Block private (
     this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty)
   }
 
+  def isEntry: Boolean = parent.entryBlock.contains(this)
+
   def jump: Jump = _jump
 
   private def jump_=(j: Jump): Unit = {
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 74aaa18b5..2dea68f46 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -83,6 +83,7 @@ sealed trait Jump extends Command {
 }
 
 class Halt(override val label: Option[String] = None) extends Jump {
+  /* Terminate / No successors / assume false */
   override def acceptVisit(visitor: Visitor): Jump = this
 }
 
@@ -136,7 +137,12 @@ object GoTo:
   def unapply(g: GoTo): Option[(Set[Block], Option[String])] = Some(g.targets, g.label)
 
 
-sealed trait Call extends Statement
+sealed trait Call extends Statement {
+  def returnTarget: Option[Command] = successor match {
+    case h: Halt => None
+    case o => Some(o)
+  }
+}
 
 class DirectCall(val target: Procedure,
                  override val label: Option[String] = None
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 3c55e2dfc..6a1b96742 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -14,7 +14,7 @@ val R7: Register = Register("R7", 64)
 val R29: Register = Register("R29", 64)
 val R30: Register = Register("R30", 64)
 val R31: Register = Register("R31", 64)
-val ret: EventuallyIndirectCall = EventuallyIndirectCall(Register("R30", 64), None)
+
 
 
 def bv32(i: Int): BitVecLiteral = BitVecLiteral(i, 32)
@@ -40,21 +40,21 @@ trait EventuallyStatement {
 }
 
 case class ResolvableStatement(s: Statement) extends EventuallyStatement {
-  override def resolve(p: Program) = s
+  override def resolve(p: Program) : Statement = s
 }
 
 trait EventuallyJump {
   def resolve(p: Program): Jump
 }
 
-case class EventuallyIndirectCall(target: Variable, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
-  override def resolve(p: Program): IndirectCall = {
+case class EventuallyIndirectCall(target: Variable) extends EventuallyStatement {
+  override def resolve(p: Program): Statement = {
     IndirectCall(target)
   }
 }
 
-case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNameResolve]) extends EventuallyStatement {
-  override def resolve(p: Program): DirectCall = {
+case class EventuallyCall(target: DelayNameResolve) extends EventuallyStatement {
+  override def resolve(p: Program): Statement = {
     val t = target.resolveProc(p) match {
       case Some(x) => x
       case None => throw Exception("can't resolve proc " + p)
@@ -63,12 +63,19 @@ case class EventuallyCall(target: DelayNameResolve, fallthrough: Option[DelayNam
   }
 }
 
+
 case class EventuallyGoto(targets: List[DelayNameResolve]) extends EventuallyJump {
   override def resolve(p: Program): GoTo = {
     val tgs = targets.flatMap(tn => tn.resolveBlock(p))
     GoTo(tgs)
   }
 }
+case class EventuallyReturn() extends EventuallyJump {
+  override def resolve(p: Program) = Return()
+}
+case class EventuallyHalt() extends EventuallyJump  {
+  override def resolve(p: Program) = Halt()
+}
 
 def goto(): EventuallyGoto = EventuallyGoto(List.empty)
 
@@ -76,13 +83,16 @@ def goto(targets: String*): EventuallyGoto = {
   EventuallyGoto(targets.map(p => DelayNameResolve(p)).toList)
 }
 
+def ret: EventuallyReturn = EventuallyReturn()
+def halt: EventuallyHalt= EventuallyHalt()
+
 def goto(targets: List[String]): EventuallyGoto = {
   EventuallyGoto(targets.map(p => DelayNameResolve(p)))
 }
 
-def directCall(tgt: String, fallthrough: Option[String]): EventuallyCall = EventuallyCall(DelayNameResolve(tgt), fallthrough.map(x => DelayNameResolve(x)))
+def directCall(tgt: String): EventuallyCall = EventuallyCall(DelayNameResolve(tgt))
 
-def indirectCall(tgt: Variable, fallthrough: Option[String]): EventuallyIndirectCall = EventuallyIndirectCall(tgt, fallthrough.map(x => DelayNameResolve(x)))
+def indirectCall(tgt: Variable): EventuallyIndirectCall = EventuallyIndirectCall(tgt)
 // def directcall(tgt: String) = EventuallyCall(DelayNameResolve(tgt), None)
 
 
@@ -90,16 +100,20 @@ case class EventuallyBlock(label: String, sl: Seq[EventuallyStatement], j: Event
   val tempBlock: Block = Block(label, None, List(), GoTo(List.empty))
 
   def resolve(prog: Program): Block = {
-    tempBlock.statements.addAll(sl.map(_.resolve(prog)))
+    val resolved = sl.map(_.resolve(prog))
+    tempBlock.statements.addAll(resolved)
     tempBlock.replaceJump(j.resolve(prog))
     tempBlock
   }
 }
 
 def block(label: String, sl: (Statement | EventuallyStatement | EventuallyJump)*): EventuallyBlock = {
-  val statements : Seq[EventuallyStatement] = sl.collect {
-    case s: Statement => ResolvableStatement(s)
-    case o: EventuallyStatement => o
+  val statements : Seq[EventuallyStatement] = sl.flatMap {
+    case s: Statement => Some(ResolvableStatement(s))
+    case o: EventuallyStatement => Some(o)
+    case o: EventuallyCall => Some(o)
+    case o: EventuallyIndirectCall => Some(o)
+    case g: EventuallyJump => None
   }
   val jump = sl.collectFirst {
     case j: EventuallyJump => j
@@ -113,6 +127,7 @@ case class EventuallyProcedure(label: String, blocks: Seq[EventuallyBlock]) {
   val jumps: Map[Block, EventuallyJump] = blocks.map(b => b.tempBlock -> b.j).toMap
 
   def resolve(prog: Program): Procedure = {
+    blocks.foreach(b => b.resolve(prog))
     jumps.map((b, j) => b.replaceJump(j.resolve(prog)))
     tempProc
   }
diff --git a/src/main/scala/ir/invariant/EarlyCallStatement.scala b/src/main/scala/ir/invariant/EarlyCallStatement.scala
new file mode 100644
index 000000000..bb4504343
--- /dev/null
+++ b/src/main/scala/ir/invariant/EarlyCallStatement.scala
@@ -0,0 +1,15 @@
+package ir.invariant
+import ir._
+
+
+def singleCallBlockEnd(p: Program) : Boolean = {
+  p.forall {
+    case b: Block => {
+      val calls = (b.statements.collect {
+        case c: Call => b.statements.lastOption.contains(c)
+      })
+      (calls.size <= 1) && calls.headOption.getOrElse(true)
+    }
+    case _ => true
+  }
+}
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
new file mode 100644
index 000000000..e9c9fddf7
--- /dev/null
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -0,0 +1,295 @@
+package ir.transforms
+
+
+
+import scala.collection.mutable.ListBuffer
+import scala.collection.mutable.ArrayBuffer
+import analysis.solvers.*
+import analysis.*
+import bap.*
+import ir.*
+import translating.*
+import util.Logger
+import util.intrusive_list.IntrusiveList
+import analysis.CfgCommandNode
+import scala.collection.mutable
+import cilvisitor._
+
+
+/** Resolve indirect calls to an address-conditional choice between direct calls using the Value Set Analysis results.
+ *  Dead code, and currently broken by statement calls 
+ *
+def resolveIndirectCalls(
+    cfg: ProgramCfg,
+    valueSets: Map[CfgNode, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]],
+    IRProgram: Program
+): Boolean = {
+  var modified: Boolean = false
+  val worklist = ListBuffer[CfgNode]()
+  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
+
+  val visited = mutable.Set[CfgNode]()
+  while (worklist.nonEmpty) {
+    val node = worklist.remove(0)
+    if (!visited.contains(node)) {
+      process(node)
+      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
+      visited.add(node)
+    }
+  }
+
+  def process(n: CfgNode): Unit = n match {
+    /*
+    case c: CfgStatementNode =>
+      c.data match
+
+      //We do not want to insert the VSA results into the IR like this
+        case localAssign: Assign =>
+          localAssign.rhs match
+            case _: MemoryLoad =>
+              if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size == 1) {
+                val extractedValue = extractExprFromValue(valueSets(n).get(localAssign.lhs).head.head)
+                localAssign.rhs = extractedValue
+                Logger.info(s"RESOLVED: Memory load ${localAssign.lhs} resolved to ${extractedValue}")
+              } else if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size > 1) {
+                Logger.info(s"RESOLVED: WARN Memory load ${localAssign.lhs} resolved to multiple values, cannot replace")
+
+                /*
+                // must merge into a single memory variable to represent the possible values
+                // Make a binary OR of all the possible values takes two at a time (incorrect to do BVOR)
+                val values = valueSets(n).get(localAssign.lhs).head
+                val exprValues = values.map(extractExprFromValue)
+                val result = exprValues.reduce((a, b) => BinaryExpr(BVOR, a, b)) // need to express nondeterministic
+                                                                                 // choice between these specific options
+                localAssign.rhs = result
+     */
+              }
+            case _ =>
+     */
+    case c: CfgJumpNode =>
+      val block = c.block
+      c.data match
+        case indirectCall: IndirectCall =>
+          if (block.jump != indirectCall) {
+            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
+            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
+            // to replace.
+            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
+            return
+          }
+          valueSets(n) match {
+            case Lift(valueSet) =>
+              val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted
+              val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head)
+
+              if (targets.size == 1) {
+                modified = true
+
+                // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
+                val newCall = DirectCall(targets.head, indirectCall.label)
+                block.statements.replace(indirectCall, newCall) 
+              } else if (targets.size > 1) {
+                modified = true
+                val procedure = c.parent.data
+                val newBlocks = ArrayBuffer[Block]()
+                for (t <- targets) {
+                  val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
+                  val newLabel: String = block.label + t.name
+                  val directCall = DirectCall(t)
+                  directCall.parent = indirectCall.parent
+
+                  // assume indircall is the last statement in block
+                  assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+                  val fallthrough = indirectCall.parent.jump
+
+                  newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
+                }
+                procedure.addBlocks(newBlocks)
+                val newCall = GoTo(newBlocks, indirectCall.label)
+                block.replaceJump(newCall)
+              }
+            case LiftedBottom =>
+          }
+        case _ =>
+    case _ =>
+  }
+
+  def nameExists(name: String): Boolean = {
+    IRProgram.procedures.exists(_.name.equals(name))
+  }
+
+  def addFakeProcedure(name: String): Unit = {
+    IRProgram.procedures += Procedure(name)
+  }
+
+  def resolveAddresses(valueSet: Set[Value]): Set[AddressValue] = {
+    var functionNames: Set[AddressValue] = Set()
+    valueSet.foreach {
+      case globalAddress: GlobalAddress =>
+        if (nameExists(globalAddress.name)) {
+          functionNames += globalAddress
+          Logger.info(s"RESOLVED: Call to Global address ${globalAddress.name} rt statuesolved.")
+        } else {
+          addFakeProcedure(globalAddress.name)
+          functionNames += globalAddress
+          Logger.info(s"Global address ${globalAddress.name} does not exist in the program.  Added a fake function.")
+        }
+      case localAddress: LocalAddress =>
+        if (nameExists(localAddress.name)) {
+          functionNames += localAddress
+          Logger.info(s"RESOLVED: Call to Local address ${localAddress.name}")
+        } else {
+          addFakeProcedure(localAddress.name)
+          functionNames += localAddress
+          Logger.info(s"Local address ${localAddress.name} does not exist in the program. Added a fake function.")
+        }
+      case _ =>
+    }
+    functionNames
+  }
+
+  modified
+}
+
+  */
+
+def resolveIndirectCallsUsingPointsTo(
+   cfg: ProgramCfg,
+   pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
+   regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
+   reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
+   IRProgram: Program
+ ): Boolean = {
+  var modified: Boolean = false
+  val worklist = ListBuffer[CfgNode]()
+  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
+
+  val visited = mutable.Set[CfgNode]()
+  while (worklist.nonEmpty) {
+    val node = worklist.remove(0)
+    if (!visited.contains(node)) {
+      process(node)
+      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
+      visited.add(node)
+    }
+  }
+
+  def searchRegion(region: MemoryRegion): mutable.Set[String] = {
+    val result = mutable.Set[String]()
+    region match {
+      case stackRegion: StackRegion =>
+        if (regionContents.contains(stackRegion)) {
+          for (c <- regionContents(stackRegion)) {
+            c match {
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case memoryRegion: MemoryRegion =>
+                result.addAll(searchRegion(memoryRegion))
+            }
+          }
+        }
+        result
+      case dataRegion: DataRegion =>
+        if (!regionContents.contains(dataRegion) || regionContents(dataRegion).isEmpty) {
+          result.add(dataRegion.regionIdentifier)
+        } else {
+          result.add(dataRegion.regionIdentifier) // TODO: may need to investigate if we should add the parent region
+          for (c <- regionContents(dataRegion)) {
+            c match {
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case memoryRegion: MemoryRegion =>
+                result.addAll(searchRegion(memoryRegion))
+            }
+          }
+        }
+        result
+    }
+  }
+
+  def addFakeProcedure(name: String): Procedure = {
+    val newProcedure = Procedure(name)
+    IRProgram.procedures += newProcedure
+    newProcedure
+  }
+
+  def resolveAddresses(variable: Variable, i: IndirectCall): mutable.Set[String] = {
+    val names = mutable.Set[String]()
+    val variableWrapper = RegisterVariableWrapper(variable, getUse(variable, i, reachingDefs))
+    pointsTos.get(variableWrapper) match {
+      case Some(value) =>
+        value.map {
+          case v: RegisterVariableWrapper => names.addAll(resolveAddresses(v.variable, i))
+          case m: MemoryRegion => names.addAll(searchRegion(m))
+        }
+        names
+      case None => names
+    }
+  }
+
+  def process(n: CfgNode): Unit = n match {
+    case c: CfgJumpNode =>
+      val block = c.block
+      c.data match
+        // don't try to resolve returns
+        case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
+          if (!indirectCall.hasParent) {
+            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
+            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
+            // to replace.
+            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
+            return
+          }
+          assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+
+          val targetNames = resolveAddresses(indirectCall.target, indirectCall)
+          Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
+          Logger.debug(IRProgram.procedures)
+          val targets: mutable.Set[Procedure] = targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
+
+          if (targets.size > 1) {
+            Logger.info(s"Resolved indirect call $indirectCall")
+          }
+
+
+          if (targets.size == 1) {
+            modified = true
+
+            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
+            val newCall = DirectCall(targets.head, indirectCall.label)
+            block.statements.replace(indirectCall, newCall)
+          } else if (targets.size > 1) {
+
+            val oft = indirectCall.parent.jump
+
+            modified = true
+            val procedure = c.parent.data
+            val newBlocks = ArrayBuffer[Block]()
+            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
+            for (t <- targets) {
+              Logger.debug(targets)
+              val address = t.address.match {
+                case Some(a) => a
+                case None => throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
+              }
+              val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
+              val newLabel: String = block.label + t.name
+              val directCall = DirectCall(t)
+
+              /* copy the goto node resulting */
+              val fallthrough = oft match {
+                case g: GoTo => GoTo(g.targets, g.label)
+                case h: Halt => Halt()
+                case r: Return => Return()
+              }
+              newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
+            }
+            block.statements.remove(indirectCall)
+            procedure.addBlocks(newBlocks)
+            val newCall = GoTo(newBlocks, indirectCall.label)
+            block.replaceJump(newCall)
+          }
+        case _ =>
+    case _ =>
+  }
+
+  modified
+}
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index 61b276833..91681ab8e 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -28,11 +28,15 @@ class ReplaceReturns extends CILVisitor {
 }
 
 
-def addReturnBlocks(p: Program) = {
+def addReturnBlocks(p: Program, toAll: Boolean = false) = {
   p.procedures.foreach(p => {
     val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
-    if (containsReturn) {
-      p.returnBlock = p.addBlocks(Block(label=p.name + "_return",jump=Return()))
+    if (toAll && p.blocks.isEmpty && p.entryBlock.isEmpty && p.returnBlock.isEmpty) {
+      Logger.info(s"proc ${p.name} ${p.entryBlock}, ${p.returnBlock}")
+      p.returnBlock = (Block(label=p.name + "_basil_return",jump=Return()))
+      p.entryBlock = (Block(label=p.name + "_basil_entry",jump=GoTo(p.returnBlock.get)))
+    } else if (p.returnBlock.isEmpty && (toAll || containsReturn)) {
+      p.returnBlock = p.addBlocks(Block(label=p.name + "_basil_return",jump=Return()))
     }
   })
 }
diff --git a/src/main/scala/ir/transforms/SplitThreads.scala b/src/main/scala/ir/transforms/SplitThreads.scala
new file mode 100644
index 000000000..7f36fdb3c
--- /dev/null
+++ b/src/main/scala/ir/transforms/SplitThreads.scala
@@ -0,0 +1,84 @@
+package ir.transforms
+
+import scala.collection.mutable.ListBuffer
+import scala.collection.mutable.ArrayBuffer
+import analysis.solvers.*
+import analysis.*
+import bap.*
+import ir.*
+import translating.*
+import util.Logger
+import java.util.Base64
+import spray.json.DefaultJsonProtocol.*
+import util.intrusive_list.IntrusiveList
+import analysis.CfgCommandNode
+import scala.collection.mutable
+import cilvisitor._
+
+// identify calls to pthread_create
+// use analysis result to determine the third parameter's value (the function pointer)
+// split off that procedure into new thread
+// do reachability analysis
+// also need a bit in the IR where it creates separate files
+def splitThreads(program: Program,
+                 pointsTo: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
+                 regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
+                 reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+                ): Unit = {
+  
+  // iterate over all commands - if call is to pthread_create, look up?
+  program.foreach(c =>
+    c match {
+      case d: DirectCall if d.target.name == "pthread_create" =>
+
+        // R2 should hold the function pointer of the function that begins the thread
+        // look up R2 value using points to results
+        val R2 = Register("R2", 64)
+        val b = reachingDefs(d)
+        val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
+        val threadTargets = pointsTo(R2Wrapper)
+
+        if (threadTargets.size > 1) {
+          // currently can't handle case where the thread created is ambiguous
+          throw Exception("can't handle thread creation with more than one possible target")
+        }
+
+        if (threadTargets.size == 1) {
+
+          // not trying to untangle the very messy region resolution at present, just dealing with simplest case
+          threadTargets.head match {
+            case data: DataRegion =>
+              val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
+                case Some(proc) => proc
+                case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
+              }
+              val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
+              program.threads.addOne(thread)
+            case _ =>
+              throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
+          }
+        }
+      case _ =>
+    })
+
+
+  if (program.threads.nonEmpty) {
+    val mainThread = ProgramThread(program.mainProcedure, mutable.LinkedHashSet(program.mainProcedure), None)
+    program.threads.addOne(mainThread)
+
+    val programProcs = program.procedures
+
+    // do reachability for all threads
+    for (thread <- program.threads) {
+      val reachable = thread.entry.reachableFrom
+
+      // add procedures to thread in way that maintains original ordering
+      for (p <- programProcs) {
+        if (reachable.contains(p)) {
+          thread.procedures.add(p)
+        }
+      }
+
+    }
+  }
+}
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index eb8281599..d47bd0b35 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -364,6 +364,8 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // need to copy jump as it can't have multiple parents
       val jumpCopy = currentBlock.jump match {
         case GoTo(targets, label) => GoTo(targets, label)
+        case h: Halt => Halt()
+        case r: Return => Return() 
         case _ => throw Exception("this shouldn't be reachable")
       }
       trueBlock.replaceJump(currentBlock.jump)
@@ -440,7 +442,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       case EdgeLabel(false, _, Type_Return, _) =>
         // return statement, value of 'direct' is just whether DDisasm has resolved the return target
         removePCAssign(block)
-        (Some(IndirectCall(Register("R30", 64), None)), Halt())
+        (None, Return())
       case EdgeLabel(false, true, Type_Fallthrough, _) =>
         // end of block that doesn't end in a control flow instruction and falls through to next
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 18c69a95f..3422c6daa 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -650,7 +650,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
     case r: Return => List(ReturnCmd)
-    case r: Halt => List(BAssert(FalseBLiteral))
+    case r: Halt => List(BAssume(FalseBLiteral))
   }
 
   def translate(j: Call): List[BCmd] = j match {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index cbc5cee37..8c8e85e66 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -201,7 +201,7 @@ object IRTransform {
     val renamer = Renamer(boogieReserved)
 
     cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
-    transforms.addReturnBlocks(ctx.program)
+    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
 
     externalRemover.visitProgram(ctx.program)
@@ -209,276 +209,6 @@ object IRTransform {
     ctx
   }
 
-  /** Resolve indirect calls to an address-conditional choice between direct calls using the Value Set Analysis results.
-    */
-  def resolveIndirectCalls(
-      cfg: ProgramCfg,
-      valueSets: Map[CfgNode, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]],
-      IRProgram: Program
-  ): Boolean = {
-    var modified: Boolean = false
-    val worklist = ListBuffer[CfgNode]()
-    cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-    val visited = mutable.Set[CfgNode]()
-    while (worklist.nonEmpty) {
-      val node = worklist.remove(0)
-      if (!visited.contains(node)) {
-        process(node)
-        node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
-        visited.add(node)
-      }
-    }
-
-    def process(n: CfgNode): Unit = n match {
-      /*
-      case c: CfgStatementNode =>
-        c.data match
-
-        //We do not want to insert the VSA results into the IR like this
-          case localAssign: Assign =>
-            localAssign.rhs match
-              case _: MemoryLoad =>
-                if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size == 1) {
-                  val extractedValue = extractExprFromValue(valueSets(n).get(localAssign.lhs).head.head)
-                  localAssign.rhs = extractedValue
-                  Logger.info(s"RESOLVED: Memory load ${localAssign.lhs} resolved to ${extractedValue}")
-                } else if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size > 1) {
-                  Logger.info(s"RESOLVED: WARN Memory load ${localAssign.lhs} resolved to multiple values, cannot replace")
-
-                  /*
-                  // must merge into a single memory variable to represent the possible values
-                  // Make a binary OR of all the possible values takes two at a time (incorrect to do BVOR)
-                  val values = valueSets(n).get(localAssign.lhs).head
-                  val exprValues = values.map(extractExprFromValue)
-                  val result = exprValues.reduce((a, b) => BinaryExpr(BVOR, a, b)) // need to express nondeterministic
-                                                                                   // choice between these specific options
-                  localAssign.rhs = result
-       */
-                }
-              case _ =>
-       */
-      case c: CfgJumpNode =>
-        val block = c.block
-        c.data match
-          case indirectCall: IndirectCall =>
-            if (block.jump != indirectCall) {
-              // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-              // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-              // to replace.
-              // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-              return
-            }
-            valueSets(n) match {
-              case Lift(valueSet) =>
-                val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted
-                val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head)
-
-                if (targets.size == 1) {
-                  modified = true
-
-                  // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-                  val newCall = DirectCall(targets.head, indirectCall.label)
-                  block.statements.replace(indirectCall, newCall) 
-                } else if (targets.size > 1) {
-                  modified = true
-                  val procedure = c.parent.data
-                  val newBlocks = ArrayBuffer[Block]()
-                  for (t <- targets) {
-                    val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
-                    val newLabel: String = block.label + t.name
-                    val directCall = DirectCall(t)
-                    directCall.parent = indirectCall.parent
-
-                    // assume indircall is the last statement in block
-                    assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-                    val fallthrough = indirectCall.parent.jump
-
-                    newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-                  }
-                  procedure.addBlocks(newBlocks)
-                  val newCall = GoTo(newBlocks, indirectCall.label)
-                  block.replaceJump(newCall)
-                }
-              case LiftedBottom =>
-            }
-          case _ =>
-      case _ =>
-    }
-
-    def nameExists(name: String): Boolean = {
-      IRProgram.procedures.exists(_.name.equals(name))
-    }
-
-    def addFakeProcedure(name: String): Unit = {
-      IRProgram.procedures += Procedure(name)
-    }
-
-    def resolveAddresses(valueSet: Set[Value]): Set[AddressValue] = {
-      var functionNames: Set[AddressValue] = Set()
-      valueSet.foreach {
-        case globalAddress: GlobalAddress =>
-          if (nameExists(globalAddress.name)) {
-            functionNames += globalAddress
-            Logger.info(s"RESOLVED: Call to Global address ${globalAddress.name} rt statuesolved.")
-          } else {
-            addFakeProcedure(globalAddress.name)
-            functionNames += globalAddress
-            Logger.info(s"Global address ${globalAddress.name} does not exist in the program.  Added a fake function.")
-          }
-        case localAddress: LocalAddress =>
-          if (nameExists(localAddress.name)) {
-            functionNames += localAddress
-            Logger.info(s"RESOLVED: Call to Local address ${localAddress.name}")
-          } else {
-            addFakeProcedure(localAddress.name)
-            functionNames += localAddress
-            Logger.info(s"Local address ${localAddress.name} does not exist in the program. Added a fake function.")
-          }
-        case _ =>
-      }
-      functionNames
-    }
-
-    modified
-  }
-
-  def resolveIndirectCallsUsingPointsTo(
-     cfg: ProgramCfg,
-     pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
-     regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
-     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
-     IRProgram: Program
-   ): Boolean = {
-    var modified: Boolean = false
-    val worklist = ListBuffer[CfgNode]()
-    cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-    val visited = mutable.Set[CfgNode]()
-    while (worklist.nonEmpty) {
-      val node = worklist.remove(0)
-      if (!visited.contains(node)) {
-        process(node)
-        node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
-        visited.add(node)
-      }
-    }
-
-    def searchRegion(region: MemoryRegion): mutable.Set[String] = {
-      val result = mutable.Set[String]()
-      region match {
-        case stackRegion: StackRegion =>
-          if (regionContents.contains(stackRegion)) {
-            for (c <- regionContents(stackRegion)) {
-              c match {
-                case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
-                case memoryRegion: MemoryRegion =>
-                  result.addAll(searchRegion(memoryRegion))
-              }
-            }
-          }
-          result
-        case dataRegion: DataRegion =>
-          if (!regionContents.contains(dataRegion) || regionContents(dataRegion).isEmpty) {
-            result.add(dataRegion.regionIdentifier)
-          } else {
-            result.add(dataRegion.regionIdentifier) // TODO: may need to investigate if we should add the parent region
-            for (c <- regionContents(dataRegion)) {
-              c match {
-                case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
-                case memoryRegion: MemoryRegion =>
-                  result.addAll(searchRegion(memoryRegion))
-              }
-            }
-          }
-          result
-      }
-    }
-
-    def addFakeProcedure(name: String): Procedure = {
-      val newProcedure = Procedure(name)
-      IRProgram.procedures += newProcedure
-      newProcedure
-    }
-
-    def resolveAddresses(variable: Variable, i: IndirectCall): mutable.Set[String] = {
-      val names = mutable.Set[String]()
-      val variableWrapper = RegisterVariableWrapper(variable, getUse(variable, i, reachingDefs))
-      pointsTos.get(variableWrapper) match {
-        case Some(value) =>
-          value.map {
-            case v: RegisterVariableWrapper => names.addAll(resolveAddresses(v.variable, i))
-            case m: MemoryRegion => names.addAll(searchRegion(m))
-          }
-          names
-        case None => names
-      }
-    }
-
-    def process(n: CfgNode): Unit = n match {
-      case c: CfgJumpNode =>
-        val block = c.block
-        c.data match
-          // don't try to resolve returns
-          case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
-            if (block.jump != indirectCall) {
-              // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-              // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-              // to replace.
-              // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-              return
-            }
-            val targetNames = resolveAddresses(indirectCall.target, indirectCall)
-            Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
-            Logger.debug(IRProgram.procedures)
-            val targets: mutable.Set[Procedure] = targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
-
-            if (targets.size == 1) {
-              modified = true
-
-              // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-              val newCall = DirectCall(targets.head, indirectCall.label)
-              block.statements.replace(indirectCall, newCall)
-            } else if (targets.size > 1) {
-              modified = true
-              val procedure = c.parent.data
-              val newBlocks = ArrayBuffer[Block]()
-              // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-              var addressExprs = List[BinaryExpr]()
-              for (t <- targets) {
-                Logger.debug(targets)
-                // TODO handle external procedures without a set address but this requires more information than the analysis gives at present
-                val address = t.address.match {
-                  case Some(a) => a
-                  case None => throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
-                }
-                val addressExpr = BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64))
-                addressExprs ::= addressExpr
-                val assume = Assume(addressExpr)
-                val newLabel: String = block.label + t.name
-                val directCall = DirectCall(t)
-                directCall.parent = indirectCall.parent
-
-                assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-                val fallthrough = indirectCall.parent.jump
-                newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-              }
-              procedure.addBlocks(newBlocks)
-              val newCall = GoTo(newBlocks, indirectCall.label)
-              val addressExprOr = addressExprs.tail.foldLeft(addressExprs.head) {
-                (a: BinaryExpr, b: BinaryExpr) => BinaryExpr(BoolOR, a, b)
-              }
-              val assertion = Assert(addressExprOr, Some("check indirect call underapproximation"))
-              block.statements.append(assertion)
-              block.replaceJump(newCall)
-            }
-          case _ =>
-      case _ =>
-    }
-
-    modified
-  }
-
   /** Cull unneccessary information that does not need to be included in the translation, and infer stack regions, and
     * add in modifies from the spec.
     */
@@ -497,75 +227,9 @@ object IRTransform {
 
     val specModifies = ctx.specification.subroutines.map(s => s.name -> s.modifies).toMap
     ctx.program.setModifies(specModifies)
+    assert(invariant.singleCallBlockEnd(ctx.program))
   }
 
-  // identify calls to pthread_create
-  // use analysis result to determine the third parameter's value (the function pointer)
-  // split off that procedure into new thread
-  // do reachability analysis
-  // also need a bit in the IR where it creates separate files
-  def splitThreads(program: Program,
-                   pointsTo: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
-                   regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
-                   reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
-                  ): Unit = {
-    
-    // iterate over all commands - if call is to pthread_create, look up?
-    program.foreach(c =>
-      c match {
-        case d: DirectCall if d.target.name == "pthread_create" =>
-
-          // R2 should hold the function pointer of the function that begins the thread
-          // look up R2 value using points to results
-          val R2 = Register("R2", 64)
-          val b = reachingDefs(d)
-          val R2Wrapper = RegisterVariableWrapper(R2, getDefinition(R2, d, reachingDefs))
-          val threadTargets = pointsTo(R2Wrapper)
-
-          if (threadTargets.size > 1) {
-            // currently can't handle case where the thread created is ambiguous
-            throw Exception("can't handle thread creation with more than one possible target")
-          }
-
-          if (threadTargets.size == 1) {
-
-            // not trying to untangle the very messy region resolution at present, just dealing with simplest case
-            threadTargets.head match {
-              case data: DataRegion =>
-                val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
-                  case Some(proc) => proc
-                  case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
-                }
-                val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
-                program.threads.addOne(thread)
-              case _ =>
-                throw Exception("unexpected non-data region " + threadTargets.head + " as PointsTo result for R2 at " + d)
-            }
-          }
-        case _ =>
-      })
-  
-
-    if (program.threads.nonEmpty) {
-      val mainThread = ProgramThread(program.mainProcedure, mutable.LinkedHashSet(program.mainProcedure), None)
-      program.threads.addOne(mainThread)
-
-      val programProcs = program.procedures
-
-      // do reachability for all threads
-      for (thread <- program.threads) {
-        val reachable = thread.entry.reachableFrom
-
-        // add procedures to thread in way that maintains original ordering
-        for (p <- programProcs) {
-          if (reachable.contains(p)) {
-            thread.procedures.add(p)
-          }
-        }
-
-      }
-    }
-  }
 
   def generateProcedureSummaries(
     ctx: IRContext,
@@ -736,18 +400,20 @@ object StaticAnalysis {
     val memoryRegionContents = steensgaardSolver.getMemoryRegionContents
     mmm.logRegions(memoryRegionContents)
 
+    // turn fake procedures into diamonds
+    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     Logger.info("[!] Running VSA")
     val vsaSolver =
       ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
     Logger.info("[!] Running Interprocedural Live Variables Analysis")
-    //val interLiveVarsResults = InterLiveVarsAnalysis(IRProgram).analyze()
-    val interLiveVarsResults = Map[CFGPosition, Map[Variable, TwoElement]]()
+    val interLiveVarsResults = InterLiveVarsAnalysis(IRProgram).analyze()
+    // val interLiveVarsResults = Map[CFGPosition, Map[Variable, TwoElement]]()
 
     Logger.info("[!] Running Parameter Analysis")
-    //val paramResults = ParamAnalysis(IRProgram).analyze()
-    val paramResults = Map[Procedure, Set[Variable]]()
+    val paramResults = ParamAnalysis(IRProgram).analyze()
+    // val paramResults = Map[Procedure, Set[Variable]]()
 
     StaticAnalysisContext(
       cfg = cfg,
@@ -963,6 +629,7 @@ object RunUtils {
       val boogieTranslator = IRToBoogie(ctx.program, ctx.specification, None, q.outputPrefix)
       ArrayBuffer(boogieTranslator.translate(q.boogieTranslation))
     }
+    assert(invariant.singleCallBlockEnd(ctx.program))
 
     BASILResult(ctx, analysis, boogiePrograms)
   }
@@ -978,7 +645,7 @@ object RunUtils {
       val result = StaticAnalysis.analyse(ctx, config, iteration)
       analysisResult.append(result)
       Logger.info("[!] Replacing Indirect Calls")
-      modified = IRTransform.resolveIndirectCallsUsingPointsTo(result.cfg,
+      modified = transforms.resolveIndirectCallsUsingPointsTo(result.cfg,
         result.steensgaardResults,
         result.memoryRegionContents,
         result.reachingDefs,
@@ -997,7 +664,7 @@ object RunUtils {
     // should later move this to be inside while (modified) loop and have splitting threads cause further iterations
 
     if (config.threadSplit) {
-      IRTransform.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.memoryRegionContents, analysisResult.last.reachingDefs)
+      transforms.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.memoryRegionContents, analysisResult.last.reachingDefs)
     }
 
     config.analysisDotPath.foreach { s =>
@@ -1005,6 +672,7 @@ object RunUtils {
       writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG.dot")
     }
 
+    assert(invariant.singleCallBlockEnd(ctx.program))
     Logger.info(s"[!] Finished indirect call resolution after $iteration iterations")
     analysisResult.last
   }
diff --git a/src/test/scala/IndirectCallsTests.scala b/src/test/scala/IndirectCallsTests.scala
index 60f7fdd67..15c635fc9 100644
--- a/src/test/scala/IndirectCallsTests.scala
+++ b/src/test/scala/IndirectCallsTests.scala
@@ -3,7 +3,7 @@ import ir.Endian.LittleEndian
 import org.scalatest.*
 import org.scalatest.funsuite.*
 import specification.*
-import util.{BASILConfig, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext}
+import util.{BASILConfig, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult}
 
 import java.io.IOException
 import java.nio.file.*
@@ -76,14 +76,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         // Traverse the statements in the main function
         result.ir.program.mainProcedure.blocks.foreach {
             block =>
-                block.jump match {
-                  case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+                block.statements.lastOption match {
+                  case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
                       val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
                       assert(callTransform._1 == directCall.target.name)
                       expectedCallTransform.remove(directCall.label.getOrElse(""))
-                  case _ =>
+                  case _ => 
                 }
         }
+        println(result.ir.program)
         assert(expectedCallTransform.isEmpty)
   }
 
@@ -113,14 +114,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
       result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -150,14 +152,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -193,14 +196,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -236,14 +240,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
       result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -278,14 +283,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -321,14 +327,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
       result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
               val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(directCall.label.getOrElse(""))
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -341,7 +348,7 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         dumpIL = Some(tempPath + testName),
       ),
       outputPrefix = tempPath + testName,
-      staticAnalysis = Some(StaticAnalysisConfig(None, None, None)),
+      staticAnalysis = Some(StaticAnalysisConfig(Some("functionpointer"), None, None)),
     )
     val result = loadAndTranslate(basilConfig)
       /* in this example we must find:
@@ -356,17 +363,19 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         "l000004f3set_seven" -> ("set_seven", "R0")
       )
 
+    println("prev " + result.ir.program)
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(block.label) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(block.label) =>
               val callTransform = expectedCallTransform(block.label)
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(block.label)
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -397,14 +406,15 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(block.label) =>
+          block.statements.lastOption match {
+            case Some(directCall: DirectCall) if expectedCallTransform.contains(block.label) =>
               val callTransform = expectedCallTransform(block.label)
               assert(callTransform._1 == directCall.target.name)
               expectedCallTransform.remove(block.label)
             case _ =>
           }
       }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -431,18 +441,19 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         "l0000044dset_two" -> ("set_two", "R0"),
         "l0000044dset_seven" -> ("set_seven", "R0")
       )
+      result.ir.program.mainProcedure.blocks.foreach {
+          block =>
+            block.statements.lastOption match {
+              case Some(directCall: DirectCall) if expectedCallTransform.contains(block.label) =>
+                val callTransform = expectedCallTransform(block.label)
+                assert(callTransform._1 == directCall.target.name)
+                expectedCallTransform.remove(block.label)
+              case _ =>
+            }
+        }
 
       // Traverse the statements in the main function
-      result.ir.program.mainProcedure.blocks.foreach {
-        block =>
-          block.jump match {
-            case directCall: DirectCall if expectedCallTransform.contains(block.label) =>
-              val callTransform = expectedCallTransform(block.label)
-              assert(callTransform._1 == directCall.target.name)
-              expectedCallTransform.remove(block.label)
-            case _ =>
-          }
-      }
+      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -470,8 +481,8 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
       block =>
-        block.jump match {
-          case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+        block.statements.lastOption match {
+          case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
             val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
             assert(callTransform._1 == directCall.target.name)
             expectedCallTransform.remove(directCall.label.getOrElse(""))
@@ -505,8 +516,8 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
       block =>
-        block.jump match {
-          case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+        block.statements.lastOption match {
+          case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
             val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
             assert(callTransform._1 == directCall.target.name)
             expectedCallTransform.remove(directCall.label.getOrElse(""))
@@ -540,8 +551,8 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
       block =>
-        block.jump match {
-          case directCall: DirectCall if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
+        block.statements.lastOption match {
+          case Some(directCall: DirectCall) if expectedCallTransform.contains(directCall.label.getOrElse("")) =>
             val callTransform = expectedCallTransform(directCall.label.getOrElse(""))
             assert(callTransform._1 == directCall.target.name)
             expectedCallTransform.remove(directCall.label.getOrElse(""))
@@ -550,4 +561,4 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
     }
     assert(expectedCallTransform.isEmpty)
   }
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/LiveVarsAnalysisTests.scala b/src/test/scala/LiveVarsAnalysisTests.scala
index 443dc011f..e1b142001 100644
--- a/src/test/scala/LiveVarsAnalysisTests.scala
+++ b/src/test/scala/LiveVarsAnalysisTests.scala
@@ -1,12 +1,14 @@
 import analysis.{InterLiveVarsAnalysis, TwoElementTop}
 import ir.dsl.*
-import ir.{BitVecLiteral, BitVecType, ConvertToSingleProcedureReturn, dsl, Assign, LocalVar, Program, Register, Statement, Variable}
+import ir.{BitVecLiteral, BitVecType, dsl, Assign, LocalVar, Program, Register, Statement, Variable, transforms, cilvisitor, Procedure}
+import util.{Logger, LogLevel}
 import org.scalatest.funsuite.AnyFunSuite
 import test_util.TestUtil
 import util.BASILResult
 
 
 class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
+  Logger.setLevel(LogLevel.ERROR)
 
   def createSimpleProc(name: String, statements: Seq[Statement | EventuallyJump]): EventuallyProcedure = {
     proc(name,
@@ -31,10 +33,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         block("first_call",
           r0ConstantAssign,
           r1ConstantAssign,
-          directCall("callee1", Some("second_call"))
+          directCall("callee1"),
+          goto("second_call")
         ),
         block("second_call",
-          directCall("callee2", Some("returnBlock"))
+          directCall("callee2"),
+          goto("returnBlock")
         ),
         block("returnBlock",
           ret
@@ -44,15 +48,21 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       createSimpleProc("callee2", Seq(r2r1Assign))
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
 
+    // fix for DSA pairs of results?
     val procs = program.procs
-    assert(liveVarAnalysisResults(procs("main")) == Map(R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
+    println(liveVarAnalysisResults.filter((k,n) => k match {
+      case p => true
+      case _ => false
+    }))
+    // assert(liveVarAnalysisResults(procs("main")) == Map(R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop))
+    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop))
   }
 
 
@@ -69,10 +79,10 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         block("first_call",
           r0ConstantAssign,
           r1ConstantAssign,
-          directCall("callee1", Some("second_call"))
+          directCall("callee1"), goto("second_call")
         ),
         block("second_call",
-          directCall("callee2", Some("returnBlock"))
+          directCall("callee2"), goto("returnBlock")
         ),
         block("returnBlock",
           ret
@@ -82,15 +92,16 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       createSimpleProc("callee2", Seq(r2r1Assign))
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
 
     val procs = program.procs
-    assert(liveVarAnalysisResults(procs("main")) == Map(R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
+    // assert(liveVarAnalysisResults(procs("main")) == Map())
+    assert(liveVarAnalysisResults(procs("callee1")) == Map(R0 -> TwoElementTop))
+    assert(liveVarAnalysisResults(procs("callee2")) == Map(R1 -> TwoElementTop))
   }
 
   def twoCallers(): Unit = {
@@ -104,10 +115,10 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
       proc("main",
         block("main_first_call",
-          directCall("wrapper1", Some("main_second_call"))
+          directCall("wrapper1"), goto("main_second_call")
         ),
         block("main_second_call",
-          directCall("wrapper2", Some("main_return"))
+          directCall("wrapper2"), goto("main_return")
         ),
         block("main_return", ret)
       ),
@@ -117,30 +128,31 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       proc("wrapper1",
         block("wrapper1_first_call",
           Assign(R1, constant1),
-          directCall("callee", Some("wrapper1_second_call"))
+          directCall("callee"), goto("wrapper1_second_call")
         ),
         block("wrapper1_second_call",
-          directCall("callee2", Some("wrapper1_return"))),
+          directCall("callee2"), goto("wrapper1_return")),
         block("wrapper1_return", ret)
       ),
       proc("wrapper2",
         block("wrapper2_first_call",
           Assign(R2, constant1),
-          directCall("callee", Some("wrapper2_second_call"))
+          directCall("callee"), goto("wrapper2_second_call")
         ),
         block("wrapper2_second_call",
-          directCall("callee3", Some("wrapper2_return"))),
+          directCall("callee3"), goto("wrapper2_return")),
         block("wrapper2_return", ret)
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
-    assert(liveVarAnalysisResults(blocks("wrapper1_first_call").jump) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("wrapper2_first_call").jump) == Map(R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("wrapper1_first_call").jump) == Map(R1 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("wrapper2_first_call").jump) == Map(R2 -> TwoElementTop))
 
   }
 
@@ -148,7 +160,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
       proc("main",
         block("lmain",
-          directCall("killer", Some("aftercall"))
+          directCall("killer"), goto("aftercall")
         ),
         block("aftercall",
           Assign(R0, R1),
@@ -158,14 +170,15 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       createSimpleProc("killer", Seq(Assign(R1, bv64(1))))
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
 
-    assert(liveVarAnalysisResults(blocks("aftercall")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("lmain")) == Map(R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("aftercall")) == Map(R1 -> TwoElementTop))
+    // assert(liveVarAnalysisResults(blocks("lmain")) == Map())
   }
 
   def simpleBranch(): Unit = {
@@ -193,15 +206,16 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val blocks = program.blocks
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
 
-    assert(liveVarAnalysisResults(blocks("branch1")) == Map(R1 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("branch2")) == Map(R2 -> TwoElementTop, R30 -> TwoElementTop))
-    assert(liveVarAnalysisResults(blocks("lmain")) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("branch1")) == Map(R1 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("branch2")) == Map(R2 -> TwoElementTop))
+    assert(liveVarAnalysisResults(blocks("lmain")) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop))
 
   }
 
@@ -212,7 +226,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         block(
           "lmain",
           Assign(R0, R1),
-          directCall("main", Some("return"))
+          directCall("main"), goto("return")
         ),
         block("return",
           Assign(R0, R2),
@@ -221,13 +235,14 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
 
-    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop))
   }
 
   def recursionBaseCase(): Unit = {
@@ -240,7 +255,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
         ),
         block(
           "recursion",
-          directCall("main", Some("assign"))
+          directCall("main"), goto("assign")
         ),
         block("assign",
           Assign(R0, R2),
@@ -256,13 +271,14 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val liveVarAnalysisResults = InterLiveVarsAnalysis(program).analyze()
     val blocks = program.blocks
 
-    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(liveVarAnalysisResults(program.mainProcedure) == Map(R1 -> TwoElementTop, R2 -> TwoElementTop))
   }
 
   test("differentCalleesBothAlive") {
@@ -299,7 +315,7 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // main has a parameter, R0 should be alive
-    assert(analysisResults(blocks("lmain")) == Map(R0 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lmain")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("function") {
@@ -309,9 +325,8 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
 
     // checks function call blocks
     assert(analysisResults(blocks("lmain")) == Map(R29 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("lget_two")) == Map(R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lget_two")) == Map(R31 -> TwoElementTop))
     assert(analysisResults(blocks("l00000946")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // aftercall block
-    assert(analysisResults(blocks("main_basil_return")) == Map(R30 -> TwoElementTop))
   }
 
 
@@ -323,9 +338,9 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
 
     // main has parameter, callee (zero) has return and no parameter
     assert(analysisResults(blocks("lmain")) == Map(R0 -> TwoElementTop, R29 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("lzero")) == Map(R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lzero")) == Map(R31 -> TwoElementTop))
     assert(analysisResults(blocks("l00000323")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // aftercall block
-    assert(analysisResults(blocks("zero_basil_return")) == Map(R0 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("zero_basil_return")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("function1") {
@@ -334,12 +349,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // main has no parameters, get_two has three and a return
-    assert(analysisResults(blocks("lmain")) == Map(R29 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("l000003ec")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
-    assert(analysisResults(blocks("l00000430")) == Map(R31 -> TwoElementTop)) // printf aftercall
-    assert(analysisResults(blocks("main_basil_return")) == Map(R30 -> TwoElementTop))
-    assert(analysisResults(blocks("lget_two")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("get_two_basil_return")) == Map(R0 -> TwoElementTop,  R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lmain").jump) == Map(R29 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("l000003ec").jump) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
+    assert(analysisResults(blocks("l00000430").jump) == Map(R31 -> TwoElementTop)) // printf aftercall
+    assert(analysisResults(blocks("main_basil_return").jump) == Map(R30 -> TwoElementTop))
+    assert(analysisResults(blocks("lget_two").jump) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("get_two_basil_return").jump) == Map(R0 -> TwoElementTop,  R30 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("ifbranches") {
@@ -348,11 +363,11 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // block after branch
-    assert(analysisResults(blocks("l00000342")) == Map(R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("l00000342")) == Map(R31 -> TwoElementTop))
     // branch blocks
     assert(analysisResults(blocks("lmain_goto_l00000330")) == Map(Register("ZF", 1) -> TwoElementTop,
-      R30 -> TwoElementTop, R31 -> TwoElementTop))
+      R31 -> TwoElementTop))
     assert(analysisResults(blocks("lmain_goto_l00000369")) == Map(Register("ZF", 1) -> TwoElementTop,
-      R30 -> TwoElementTop, R31 -> TwoElementTop))
+      R31 -> TwoElementTop))
   }
 }
diff --git a/src/test/scala/PointsToTest.scala b/src/test/scala/PointsToTest.scala
index 32131ed46..9534053a3 100644
--- a/src/test/scala/PointsToTest.scala
+++ b/src/test/scala/PointsToTest.scala
@@ -70,8 +70,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -99,8 +99,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
         )
       )
     )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -168,7 +168,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
           goto("0x1")
         ),
         block("0x1",
-          directCall("p2", Some("returntarget"))
+          directCall("p2"), goto("returntarget")
         ),
         block("returntarget",
           ret
@@ -186,8 +186,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -217,7 +217,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
           goto("0x1")
         ),
         block("0x1",
-          directCall("p2", Some("returntarget"))
+          directCall("p2"), goto("returntarget")
         ),
         block("returntarget",
           ret
@@ -227,7 +227,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
         block("l_foo",
           Assign(getRegister("R0"), MemoryLoad(mem, BinaryExpr(BVADD, getRegister("R31"), bv64(6)), LittleEndian, 64)),
           Assign(getRegister("R1"), BinaryExpr(BVADD, getRegister("R31"), bv64(10))),
-          directCall("p2", Some("l_foo_1"))
+          directCall("p2"), goto("l_foo_1")
         ),
         block("l_foo_1",
           ret,
@@ -245,8 +245,8 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
       )
     )
 
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    transforms.addReturnBlocks(program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val results = runAnalyses(program)
     results.mmmResults.pushContext("main")
@@ -303,4 +303,4 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
 //
 //    runSteensgaardAnalysis(program, globals = globals, globalOffsets = globalOffsets)
 //  }
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/ir/IRTest.scala b/src/test/scala/ir/IRTest.scala
index 7c06315d3..7421c2a28 100644
--- a/src/test/scala/ir/IRTest.scala
+++ b/src/test/scala/ir/IRTest.scala
@@ -4,7 +4,9 @@ import scala.collection.mutable
 import scala.collection.immutable.*
 import org.scalatest.funsuite.AnyFunSuite
 import util.intrusive_list.*
+import translating.serialiseIL
 import ir.dsl.*
+import ir._
 
 class IRTest extends AnyFunSuite {
 
@@ -57,31 +59,6 @@ class IRTest extends AnyFunSuite {
 
   }
 
-  test("removeblockinline") {
-
-    val p = prog(
-      proc("main",
-        block("lmain",
-          goto("lmain1")
-        ),
-        block("lmain1",
-          goto("lmain2")),
-        block("lmain2",
-          ret)
-      )
-    )
-
-    val blocks = p.collect {
-      case b: Block => b.label -> b
-    }.toMap
-
-    p.procedures.head.removeBlocksInline(blocks("lmain1"))
-
-    blocks("lmain").singleSuccessor.contains(blocks("lmain2"))
-    blocks("lmain2").singlePredecessor.contains(blocks("lmain"))
-
-  }
-
   test("simple replace jump") {
 
     val p = prog(
@@ -142,7 +119,8 @@ class IRTest extends AnyFunSuite {
         ),
         block("l_main_1",
           Assign(R0, bv64(22)),
-          directCall("p2", Some("returntarget"))
+          directCall("p2"), 
+          goto("returntarget")
         ),
         block("returntarget",
           ret
@@ -154,34 +132,32 @@ class IRTest extends AnyFunSuite {
       )
     )
 
+
     val blocks = p.collect {
       case b: Block => b.label -> b
     }.toMap
 
-
     val directcalls = p.collect {
       case c: DirectCall => c
     }
 
-    assert(blocks("l_main_1").fallthrough.nonEmpty)
-    assert(p.toSet.contains(blocks("l_main_1").fallthrough.get))
-    assert(directcalls.forall(c => IntraProcIRCursor.succ(c).count(_.asInstanceOf[GoTo].isAfterCall) == 1))
-    assert(directcalls.forall(c => IntraProcBlockIRCursor.succ(c).count(_.isAfterCall) == 1))
+    assert(p.toSet.contains(blocks("l_main_1").jump))
+    assert(directcalls.forall(c => IntraProcIRCursor.succ(c).count(c => isAfterCall(c.asInstanceOf[Command])) == 1))
 
     val afterCalls = p.collect {
-      case b: Block if b.isAfterCall => b
+      case b: Command if isAfterCall(b) => b
     }.toSet
 
-    assert(afterCalls.toSet == Set(blocks("returntarget")))
+    assert(afterCalls.toSet == Set(blocks("l_main_1").jump))
     val aftercallGotos = p.collect {
-      case c: Jump if c.isAfterCall => c
+      case c: Command if isAfterCall(c) => c
     }.toSet
-    assert(aftercallGotos == Set(blocks("l_main_1").fallthrough.get))
+    // assert(aftercallGotos == Set(blocks("l_main_1").fallthrough.get))
 
     assert(1 == aftercallGotos.count(b => IntraProcIRCursor.pred(b).contains(blocks("l_main_1").jump)))
-    assert(1 == aftercallGotos.count(b => IntraProcIRCursor.succ(b).contains(blocks("l_main_1").fallthrough.map(_.targets.head).head)))
-
-    assert(afterCalls.forall(b => IntraProcBlockIRCursor.pred(b).contains(blocks("l_main_1"))))
+    assert(1 == aftercallGotos.count(b => IntraProcIRCursor.succ(b).contains(blocks("l_main_1").jump match {
+      case GoTo(targets, _) => targets.head
+    })))
 
   }
 
@@ -246,7 +222,8 @@ class IRTest extends AnyFunSuite {
       Assign(R0, bv64(22)),
       Assign(R0, bv64(22)),
       Assign(R0, bv64(22)),
-      directCall("main", None)
+      directCall("main"),
+      halt
     ).resolve(p)
     val b2 = block("newblock1",
       Assign(R0, bv64(22)),
@@ -271,7 +248,8 @@ class IRTest extends AnyFunSuite {
     assert(called.incomingCalls().isEmpty)
     val b3 = block("newblock3",
       Assign(R0, bv64(22)),
-      directCall("called", None)
+      directCall("called"),
+      halt
     ).resolve(p)
 
     assert(b3.calls.toSet == Set(p.procs("called")))
@@ -283,11 +261,11 @@ class IRTest extends AnyFunSuite {
     assert(!oldb.hasParent)
     assert(oldb.incomingJumps.isEmpty)
     assert(!blocks("lmain").jump.asInstanceOf[GoTo].targets.contains(oldb))
-    assert(called.incomingCalls().toSet == Set(b3.jump))
+    assert(called.incomingCalls().toSet == Set(b3.statements.last))
     assert(called.incomingCalls().map(_.parent.parent).toSet == called.callers().toSet)
     val olds = blocks.size
     p.mainProcedure.replaceBlock(b3, b3)
-    assert(called.incomingCalls().toSet == Set(b3.jump))
+    assert(called.incomingCalls().toSet == Set(b3.statements.last))
     assert(olds == blocks.size)
     p.mainProcedure.addBlocks(block("test", ret).resolve(p))
     assert(olds != blocks.size)
@@ -333,35 +311,35 @@ class IRTest extends AnyFunSuite {
       proc("main",
         block("l_main",
           Assign(R0, bv64(10)),
-          directCall("p1", Some("returntarget"))
+          directCall("p1"), goto("returntarget")
         ),
         block("returntarget",
           ret
         )
       ),
     )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    returnUnifier.visitProgram(p)
+
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), p)
+    transforms.addReturnBlocks(p)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), p)
 
     val next = InterProcIRCursor.succ(p.blocks("l_main").jump)
     val prev = InterProcIRCursor.pred(p.blocks("returntarget"))
 
     assert(prev.size == 1 && prev.collect {
-      case c : GoTo => (c.parent == p.blocks("l_main")) && c.isAfterCall
+      case c : GoTo => (c.parent == p.blocks("l_main"))
     }.contains(true))
 
-    assert(next == Set(p.procs("p1"), p.blocks("l_main").fallthrough.get))
+    // assert(next == Set(p.procs("p1"), p.blocks("l_main").fallthrough.get))
 
-    val prevB: Block = (p.blocks("l_main").jump match
-      case c: IndirectCall => c.returnTarget
-      case c: DirectCall => c.returnTarget
-      case _ => None
+    val prevB: Command = (p.blocks("l_main").statements.lastOption match
+      case Some(c: IndirectCall) => c.returnTarget
+      case Some(c: DirectCall) => c.returnTarget
+      case o => None
     ).get
 
-    assert(prevB.isAfterCall)
+    assert(isAfterCall(prevB))
     assert(InterProcIRCursor.pred(prevB).size == 1)
-    assert(InterProcIRCursor.pred(prevB).head == p.blocks("l_main").fallthrough.get)
-    assert(InterProcBlockIRCursor.pred(prevB).head == p.blocks("l_main"), p.procs("p1").returnBlock.get)
 
   }
 
@@ -374,10 +352,10 @@ class IRTest extends AnyFunSuite {
       ),
       proc("main",
         block("l_main",
-          indirectCall(R1, Some("returntarget"))
+          indirectCall(R1), goto("returntarget")
         ),
         block("block2",
-          directCall("p1", Some("returntarget"))
+          directCall("p1"), goto("returntarget")
         ),
         block("returntarget",
           ret
diff --git a/src/test/scala/ir/SingleCallInvariant.scala b/src/test/scala/ir/SingleCallInvariant.scala
new file mode 100644
index 000000000..d8efb6fc2
--- /dev/null
+++ b/src/test/scala/ir/SingleCallInvariant.scala
@@ -0,0 +1,83 @@
+package ir
+
+
+import ir.dsl._
+
+import org.scalatest.funsuite.AnyFunSuite
+class InvariantTest extends AnyFunSuite {
+
+  test("sat singleCallBlockEnd case") {
+    var program: Program = prog(
+      proc("main",
+        block("first_call",
+          Assign(R0, bv64(10)),
+          Assign(R1, bv64(10)),
+          directCall("callee1"),
+          ret 
+        ),
+        block("second_call",
+          Assign(R0, bv64(10)),
+          directCall("callee2"),
+          ret
+        ),
+        block("returnBlock",
+          ret
+        )
+      ),
+      proc("callee1", block("bye1", ret)),
+      proc("callee2", block("bye2", ret)),
+    )
+
+    assert(invariant.singleCallBlockEnd(program))
+  }
+
+  test("unsat singleCallBlockEnd 1 (two calls)") {
+    var program: Program = prog(
+      proc("main",
+        block("first_call",
+          Assign(R0, bv64(10)),
+          directCall("callee2"),
+          Assign(R1, bv64(10)),
+          directCall("callee1"),
+          ret 
+        ),
+        block("second_call",
+          Assign(R0, bv64(10)),
+          ret
+        ),
+        block("returnBlock",
+          ret
+        )
+      ),
+      proc("callee1", block("bye1", ret)),
+      proc("callee2", block("bye2", ret)),
+    )
+
+    assert(!invariant.singleCallBlockEnd(program))
+  }
+
+  test("unsat singleCallBlockEnd 2 (not at end)") {
+    var program: Program = prog(
+      proc("main",
+        block("first_call",
+          Assign(R0, bv64(10)),
+          Assign(R1, bv64(10)),
+          ret 
+        ),
+        block("second_call",
+          directCall("callee2"),
+          Assign(R0, bv64(10)),
+          ret
+        ),
+        block("returnBlock",
+          ret
+        )
+      ),
+      proc("callee1", block("bye1", ret)),
+      proc("callee2", block("bye2", ret)),
+    )
+
+    assert(!invariant.singleCallBlockEnd(program))
+  }
+
+}

From aae006495876eb0a3f547076f4de2868f841e040 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 9 Aug 2024 16:43:58 +1000
Subject: [PATCH 022/127] remove old cfg

---
 src/main/scala/analysis/Cfg.scala             | 829 ------------------
 src/main/scala/analysis/Dependencies.scala    |  20 -
 .../analysis/InterLiveVarsAnalysis.scala      |   8 +-
 .../InterprocSteensgaardAnalysis.scala        |   4 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 .../scala/analysis/MemoryRegionAnalysis.scala |   6 +-
 .../scala/analysis/RegToMemAnalysis.scala     |  38 +-
 .../scala/analysis/solvers/IDESolver.scala    |  19 +-
 src/main/scala/cfg_visualiser/Output.scala    |  37 -
 src/main/scala/ir/IRCursor.scala              |  11 +-
 src/main/scala/ir/Interpreter.scala           |   4 +-
 src/main/scala/ir/Program.scala               |  39 +-
 src/main/scala/ir/Statement.scala             |   4 +-
 src/main/scala/ir/dsl/DSL.scala               |   8 +-
 .../transforms/IndirectCallResolution.scala   | 280 ++----
 .../scala/ir/transforms/ReplaceReturn.scala   |   3 +-
 .../scala/ir/transforms/SplitThreads.scala    |   1 -
 .../StripUnreachableFunctions.scala           |  38 +
 src/main/scala/translating/BAPToIR.scala      |   4 +-
 src/main/scala/translating/GTIRBToIR.scala    |  12 +-
 src/main/scala/translating/ILtoIL.scala       |  16 +-
 src/main/scala/translating/IRToBoogie.scala   |   2 +-
 src/main/scala/util/RunUtils.scala            | 142 +--
 src/test/scala/IndirectCallsTests.scala       |  11 -
 src/test/scala/LiveVarsAnalysisTests.scala    |  23 +-
 .../scala/MemoryRegionAnalysisMiscTest.scala  |   2 +-
 src/test/scala/ir/IRTest.scala                |   4 +-
 src/test/scala/ir/InterpreterTests.scala      |   2 +-
 28 files changed, 215 insertions(+), 1356 deletions(-)
 delete mode 100644 src/main/scala/analysis/Cfg.scala
 delete mode 100644 src/main/scala/cfg_visualiser/Output.scala
 create mode 100644 src/main/scala/ir/transforms/StripUnreachableFunctions.scala

diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala
deleted file mode 100644
index 8807f2d2a..000000000
--- a/src/main/scala/analysis/Cfg.scala
+++ /dev/null
@@ -1,829 +0,0 @@
-package analysis
-
-import scala.collection.mutable
-import ir.*
-import cfg_visualiser.{DotArrow, DotGraph, DotInlineArrow, DotInterArrow, DotIntraArrow, DotNode, DotRegularArrow}
-
-import scala.collection.mutable.{ArrayBuffer, ListBuffer}
-import scala.util.control.Breaks.break
-import util.Logger
-
-import scala.annotation.tailrec
-
-/** Node in the control-flow graph.
-  */
-object CfgNode:
-
-  var id: Int = 0
-
-  def nextId(): Int =
-    id += 1
-    id
-
-/** Node in the control-flow graph. Each node has a (simple incremental) unique identifier used to distinguish it from
-  * other nodes in the cfg - this is mainly used for copying procedure cfgs when inlining them.
-  *
-  * Each node will store four separate sets: ingoing/outgoing of both inter-/intra-procedural CFG edges. Both intra and
-  * inter will also store regular edges in the cfg. This is duplication of storage, however is done so knowingly.
-  *
-  * By separating sets into inter/intra we are able to return these directly without doing any processing. Alternative
-  * means of achieving this same behaviour would involve some form of set operations, or a filter operation, both of
-  * which can be expensive, especially as the successors/predecessors will be accessed frequently by analyses.
-  * Additionally, inspecting the space complexity of these sets, we note that their sizes should be relatively limited:
-  *   a. #(outgoing edges) <= 2 b. #(incoming edges) ~ N Thus in `succIntra` + `succInter` we have at most 4 elements.
-  *      For `predIntra` + `predInter` we have a maximum of 2N, resulting from the case that this node is a block entry
-  *      that is jumped to by N other nodes. It should be noted that in the majority of cases (statements which are
-  *      neither the start of blocks nor jumps), both sets will be of size 1, making the storage complexity negligible.
-  *      This is a point which can be optimised upon however.
-  *
-  * A node can have three main types of connected edges:
-  *   a. A regular edge A regular edge connects two statements which only relate to the current procedure's context. b.
-  *      Intra-procedural edge Intra-procedural edges connect a call node with the subsequent cfg node in a way that
-  *      bypasses dealing with the semantics of the callee - it is up to analyses to determine how to treat such a call.
-  *      c. Inter-procedural edge These are split into two cases:
-  *      i. Inline edge These connect call nodes with an inlined copy of the target's procedure body. The exit of the
-  *         target procedure's clone is also linked back to the caller via an inline edge. For an inline limit of `n`,
-  *         these are the inter-procedural edges for depth 0 <= i < n ii. Call edge These connect leaf call nodes (calls
-  *         which are not inlined) to the start of the independent cfg of the call's target. For an inline limit of `n`,
-  *         these are the inter-procedural edges at depth i == n.
-  */
-trait CfgNode:
-
-  /** Edges to this node from regular statements or ignored procedure calls.
-    *
-    */
-  val predIntra: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Edges to this node from procedure calls. Likely empty unless this node is a [[CfgFunctionEntryNode]]
-    *
-    */
-  val predInter: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Edges to successor nodes, either regular or ignored procedure calls
-    *
-    */
-  val succIntra: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Edges to successor procedure calls. Used when walking inter-proc cfg.
-    *
-    */
-  val succInter: mutable.Set[CfgNode] = mutable.Set()
-
-  /** Unique identifier. */
-  val id: Int = CfgNode.nextId()
-  def copyNode(): CfgNode
-
-  override def equals(obj: scala.Any): Boolean =
-    obj match
-      case o: CfgNode => o.id == this.id
-      case _          => false
-
-  override def hashCode(): Int = id.hashCode()
-
-/** Control-flow graph node that additionally stores an AST node.
-  */
-trait CfgNodeWithData[T] extends CfgNode {
-  val data: T
-}
-
-/** Control-flow graph node for the entry of a function.
-  */
-class CfgFunctionEntryNode(val data: Procedure) extends CfgNodeWithData[Procedure]:
-  val callers: mutable.Set[CfgFunctionEntryNode] = mutable.Set[CfgFunctionEntryNode]()
-  override def toString: String = s"[FunctionEntry] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgFunctionEntryNode = CfgFunctionEntryNode(data)
-
-/** Control-flow graph node for the exit of a function.
-  */
-class CfgFunctionExitNode(val data: Procedure) extends CfgNodeWithData[Procedure]:
-  override def toString: String = s"[FunctionExit] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgFunctionExitNode = CfgFunctionExitNode(data)
-
-/** CFG node immediately proceeding a indirect call. This signifies that the call is a return from the current context
-  * (i.e., likely an indirect call to R30). Its purpose is to provide a way for analyses to identify whether they should
-  * return to the previous function context, if it is a context dependent analyses, and otherwise can be ignored.
-  *
-  * In the cfg we treat this as a stepping stone to `CfgFunctionExitNode`, as a way to emphasise that the current
-  * procedure has no functionality past this point.
-  */
-class CfgProcedureReturnNode() extends CfgNode:
-  override def toString: String = s"[ProcedureReturn]"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgProcedureReturnNode = CfgProcedureReturnNode()
-
-/** CFG node immediately proceeding a direct/indirect call, if that call has no specified return block. There are a few
-  * reasons this can occur:
-  *   a. It is not expected that the program will return from the callee b. The lifter has erroneously labelled a call
-  *      as a jump / mislabelled a function name, which was then not associated with a block in some later stage. This
-  *      happened with a call to `__gmon_start_`, which was optimised from a call to a jump which was incorrectly
-  *      interpreted by the lifter. c. The indirect call is some other form of return-to-caller (which does not use
-  *      R30). These are currently unhandled, and could potentially be integrated - e.g., sometimes R17 and R16 can be
-  *      used in a similar way to R30.
-  *      https://blog.tomzhao.me/wp-content/uploads/2021/08/Procedure_Call_Standard_in_Armv8_54f88cbfe905409aaff956ac2d1ad059.pdf
-  *
-  * In the cfg this is similarly used as a stepping stone to `CfgFunctionExitNode`.
-  */
-class CfgCallNoReturnNode() extends CfgNode:
-  override def toString: String = s"[Call NoReturn]"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgCallNoReturnNode = CfgCallNoReturnNode()
-
-/** CFG node immediately proceeding a direct/indirect call, if that call has a return location specified. This serves as
-  * a point for analysis to stop and process update their states after handling a procedure call before continuing
-  * within the current contex. For example, a context sensitive analysis will return to this node after reaching a
-  * procedure return within the caller. It will then restore and update its context from before the call, before
-  * continuing on within the original procedure.
-  *
-  * Effectively, this just splits a procedure call from a single `Jmp` node into two - the call, and the return point.
-  * Incoming edges to the `Jmp` are then incoming edges to the respective `CfgJumpnode`, and outgoing edges from the
-  * `Jmp` are then outgoing edges of the `CfgCallReturnNode`. It is functionally in the same spirit as
-  * `CfgCallNoReturnNode`, though handles the case that this procedure still has functionality to be explored.
-  */
-class CfgCallReturnNode() extends CfgNode:
-  override def toString: String = s"[Call Return]"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgCallReturnNode = CfgCallReturnNode()
-
-/** Control-flow graph node for a command (statement or jump).
-  */
-trait CfgCommandNode extends CfgNodeWithData[Command] {
-  override def copyNode(): CfgCommandNode
-  val block: Block
-  val parent: CfgFunctionEntryNode
-}
-
-/** CFG's representation of a single statement.
-  */
-class CfgStatementNode(
-    val data: Statement,
-    val block: Block,
-    val parent: CfgFunctionEntryNode
-) extends CfgCommandNode:
-  override def toString: String = s"[Stmt] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgStatementNode = CfgStatementNode(data, block, parent)
-
-/** CFG's representation of a jump. This is used as a general jump node, for both indirect and direct calls.
-  */
-class CfgJumpNode(
-    val data: Jump | DirectCall | IndirectCall,
-    val block: Block,
-    val parent: CfgFunctionEntryNode
-) extends CfgCommandNode:
-  override def toString: String = s"[Jmp] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgJumpNode = CfgJumpNode(data, block, parent)
-
-/** A general purpose node which in terms of the IR has no functionality, but can have purpose in the CFG. As example,
-  * this is used as a "block" start node for the case that a block contains no statements, but has a `GoTo` as its jump.
-  * In this case we introduce a ghost node as the start of the block for the case that some part of the program jumps
-  * back to this conditional jump (e.g. in the case of loops).
-  */
-class CfgGhostNode(
-    val block: Block,
-    val parent: CfgFunctionEntryNode,
-    val data: NOP
-) extends CfgCommandNode:
-  override def toString: String = s"[NOP] $data"
-
-  /** Copy this node, but give unique ID and reset edges */
-  override def copyNode(): CfgGhostNode = CfgGhostNode(block, parent, data)
-
-/** A control-flow graph. Nodes provide the ability to walk it as both an intra and inter procedural CFG.
-  */
-class ProgramCfg:
-
-  var startNode: CfgFunctionEntryNode = _
-  var nodes: mutable.Set[CfgNode] = mutable.Set()
-  var funEntries: mutable.Set[CfgFunctionEntryNode] = mutable.Set()
-
-  /** Inline edges are for connecting an intraprocedural cfg with a copy of another procedure's intraprocedural cfg
-    * which is placed inside this one. They are considered interprocedural edges, and will not be followed if the caller
-    * requests an intraprocedural cfg.
-    */
-  def addInlineEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succInter += to
-    to.predInter += from
-  }
-
-  /** Interprocedural call edges connect an intraprocedural cfg with another procedure's intraprocedural cfg that it is
-    * calling.
-    */
-  def addInterprocCallEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succInter += to
-    to.predInter += from
-  }
-
-  /** Intraprocedural edges are for connecting call nodes to the call's return node, without following the call itself
-    * (stepping over the call).
-    */
-  def addIntraprocEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succIntra += to
-    to.predIntra += from
-  }
-
-  /** Regular edges are normal control flow - used in both inter-/intra-procedural cfgs.
-    */
-  def addRegularEdge(from: CfgNode, to: CfgNode): Unit = {
-    from.succInter += to
-    from.succIntra += to
-    to.predInter += from
-    to.predIntra += from
-  }
-
-  /** Add an outgoing edge from the current node, taking into account any conditionals on this jump. Note that we have
-    * some duplication of storage here - this is a performance consideration. We don't expect too many edges for any
-    * given node, and so the increased storage is relatively minimal. This saves having to filter / union sets when
-    * trying to retrieve only an intra/inter cfg, hopefully improving computation time.
-    *
-    * NOTE: this function attempts to "smartly" identify how to connect two edges. Perhaps as the CFG changes however
-    * different requirements will be made of nodes, and so the conditions on edges below may change. In that case,
-    * either update the below, or explicitly specify the edge to be added between two nodes.
-    *
-    * @param from
-    *   The originating node
-    * @param to
-    *   The destination node
-    */
-  def addEdge(from: CfgNode, to: CfgNode): Unit = {
-
-    (from, to) match {
-      // Ignored procedure (e.g. library calls such as @printf)
-      case (from: CfgFunctionEntryNode, to: CfgFunctionExitNode) => addRegularEdge(from, to)
-      // Calling procedure (follow as inline)
-      //  This to be used if inlining skips the call node and links the most recent statement to the first statement of the target
-      case (from: CfgCommandNode, to: CfgFunctionEntryNode) => addInlineEdge(from, to)
-      // Returning from procedure (follow as inline - see above)
-      case (from: CfgFunctionExitNode, to: CfgNode) => addInlineEdge(from, to)
-      // First instruction of procedure
-      case (from: CfgFunctionEntryNode, to: CfgNode) => addRegularEdge(from, to)
-      // Function call which returns to the previous context
-      case (from: CfgJumpNode, to: CfgProcedureReturnNode) => addRegularEdge(from, to)
-      // Edge to intermediary return node (no semantic meaning, a cfg convenience edge)
-      case (from: CfgJumpNode, to: (CfgCallReturnNode | CfgCallNoReturnNode)) => addIntraprocEdge(from, to)
-      // Pre-exit nodes
-      case (from: (CfgProcedureReturnNode | CfgCallNoReturnNode | CfgCallReturnNode), to: CfgFunctionExitNode) =>
-        addRegularEdge(from, to)
-      // Regular continuation of execution
-      case (from: CfgCallReturnNode, to: CfgCommandNode) => addRegularEdge(from, to)
-      // Regular flow of instructions
-      case (from: CfgCommandNode, to: (CfgCommandNode | CfgFunctionExitNode)) => addRegularEdge(from, to)
-      case _ => throw new Exception(s"[!] Unexpected edge combination when adding cfg edge between $from -> $to.")
-    }
-
-    nodes += from
-    nodes += to
-  }
-
-  /** Returns a Graphviz dot representation of the CFG. Each node is labeled using the given function labeler.
-    */
-  def toDot(labeler: CfgNode => String, idGen: (CfgNode, Int) => String): String = {
-    val dotNodes = mutable.Map[CfgNode, DotNode]()
-    var dotArrows = mutable.ListBuffer[DotArrow]()
-    var uniqueId = 0
-    nodes.foreach { n =>
-      dotNodes += (n -> DotNode(s"${idGen(n, uniqueId)}", labeler(n)))
-      uniqueId += 1
-    }
-    nodes.foreach { n =>
-
-      val successors = n.succIntra.toSet.union(n.succInter)
-
-      successors.foreach { s =>
-        (n, s) match {
-          case (from: CfgFunctionEntryNode, to: CfgNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgJumpNode, to: CfgProcedureReturnNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: (CfgProcedureReturnNode | CfgCallNoReturnNode | CfgCallReturnNode), to: CfgFunctionExitNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgCallReturnNode, to: CfgCommandNode) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgCommandNode, to: (CfgCommandNode | CfgFunctionExitNode)) =>
-            dotArrows += DotRegularArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgCommandNode, to: CfgFunctionEntryNode) =>
-            DotInlineArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgFunctionExitNode, to: CfgNode) =>
-            DotInlineArrow(dotNodes(n), dotNodes(to))
-          case (from: CfgJumpNode, to: (CfgCallReturnNode | CfgCallNoReturnNode)) =>
-            dotArrows += DotIntraArrow(dotNodes(n), dotNodes(to))
-          /*
-          Displaying the below in the CFG is mostly for debugging purposes. With it included the CFG becomes a little unreadable, but
-          will emphasise that the leaf-call nodes are linked to the start of the procedures they're calling (as green inter-procedural edges).
-          To verify this is still happening, simply uncomment the below and it will add these edges.
-          case (from: CfgCommandNode, to: CfgFunctionEntry) =>
-            dotArrows += DotInterArrow(dotNodes(n), dotNodes(to))
-            */
-
-          case _ =>
-        }
-      }
-    }
-    dotArrows = dotArrows.sortBy(arr => arr.fromNode.id + "-" + arr.toNode.id)
-    val allNodes = dotNodes.values.toList.sortBy(n => n.id)
-    DotGraph("CFG", allNodes, dotArrows).toDotString
-  }
-
-  override def toString: String = {
-    val sb = StringBuilder()
-    sb.append("CFG {")
-    sb.append(" nodes: ")
-    sb.append(nodes)
-    sb.append("}")
-    sb.toString()
-  }
-
-/** Control-flow graph for an entire program. We have a more granular approach, storing commands as nodes instead of
-  * basic blocks.
-  */
-class ProgramCfgFactory:
-  val cfg: ProgramCfg = ProgramCfg()
-
-  // Mapping from procedures to the start of their individual (intra) cfgs
-  val procToCfg: mutable.Map[Procedure, (CfgFunctionEntryNode, CfgFunctionExitNode)] = mutable.Map()
-  // Mapping from procedures to procedure call nodes (all the calls made within this procedure, including inlined functions)
-  val procToCalls: mutable.Map[Procedure, mutable.Set[CfgJumpNode]] = mutable.Map()
-  // Mapping from procedure entry instances to procedure call nodes within that procedure's instance (`CfgCommandNode.data <: DirectCall`)
-  //    Updated on first creation of a new procedure (e.g. in initial creation, or in cloning of a procedure's cfg)
-  val callToNodes: mutable.Map[CfgFunctionEntryNode, mutable.Set[CfgJumpNode]] = mutable.Map()
-  // Mapping from procedures to nodes in any node in the cfg which has a call to that procedure
-  val procToCallers: mutable.Map[Procedure, mutable.Set[CfgJumpNode]] = mutable.Map()
-
-  /** Generate the cfg for each function of the program. NOTE: is this functionally different to a constructor? Do we
-    * ever expect to generate a CFG from any other data structure? If not then the `class` could probably be absorbed
-    * into this object.
-    *
-    * @param program
-    *   Basil IR of the program
-    * @param inlineLimit
-    *   How many levels deep to inline function calls. Default is 3
-    */
-  def fromIR(program: Program, unify: Boolean = true, inlineLimit: Int = 0): ProgramCfg = {
-    CfgNode.id = 0
-    require(inlineLimit >= 0, "Can't inline procedures to negative depth...")
-    Logger.info("[+] Generating CFG...")
-
-    // Have to initialise the map entries manually. Scala maps have a `.withDefaulValue`, but this is buggy and doesn't
-    //  behave as you would expect: https://github.com/scala/bug/issues/8099 - thus the manual approach.
-    // We don't initialise `procToCfg` here, because it will never be accessed before `cfgForProcedure`,
-    //  and because it relies on the entry/exit nodes be initialised. It is initialised in `cfgForProcedure`.
-    program.procedures.foreach(proc =>
-      procToCalls += (proc -> mutable.Set())
-      procToCallers += (proc -> mutable.Set())
-    )
-
-    // Create CFG for individual procedures
-    program.procedures.foreach(
-      proc => {
-        val funcEntryNode: CfgFunctionEntryNode = CfgFunctionEntryNode(proc)
-        val funcExitNode: CfgFunctionExitNode = CfgFunctionExitNode(proc)
-        cfg.nodes += funcEntryNode
-        cfg.nodes += funcExitNode
-        cfg.funEntries += funcEntryNode
-
-        procToCfg += (proc -> (funcEntryNode, funcExitNode))
-        callToNodes += (funcEntryNode -> mutable.Set())
-      }
-    )
-    program.procedures.foreach(proc => cfgForProcedure(proc))
-
-    // Inline functions up to `inlineLimit` level
-    // EXTENSION; one way to improve this would be to specify inline depths for specific functions / situations.
-    //    i.e. we may not want to inline self-recursive functions too much.
-    // Of note is whether we want this at all or note. If not, then we can simply remove the below and pass `procCallNodes` to
-    //    `addInterprocEdges`.
-    val procCallNodes: Set[CfgJumpNode] = procToCalls.values.flatten.toSet
-    val leafCallNodes: Set[CfgJumpNode] =
-      if !unify then inlineProcedureCalls(procCallNodes, inlineLimit) else procCallNodes
-
-    // Add inter-proc edges to leaf call nodes
-    if (leafCallNodes.nonEmpty) {
-      addInterprocEdges(leafCallNodes)
-    }
-
-    cfg.startNode = procToCfg(program.mainProcedure)._1    
-
-    cfg
-  }
-
-  /** Create an intraprocedural CFG for the given IR procedure. The start of the CFG for a procedure is identified by
-    * its `CfgFunctionEntryNode`, and its closure is identified by the `CfgFunctionExitNode`.
-    *
-    * @param proc
-    *   Procedure for which to generate the intraprocedural cfg
-    */
-  private def cfgForProcedure(proc: Procedure): Unit = {
-    val funcEntryNode: CfgFunctionEntryNode = procToCfg(proc)._1
-    val funcExitNode: CfgFunctionExitNode = procToCfg(proc)._2
-
-    // Track blocks we've already processed so we don't double up
-    val visitedBlocks: mutable.Map[Block, CfgCommandNode] = mutable.Map()
-
-    // Procedure has no content (in our case this probably means it's an ignored procedure, e.g., an external function such as @printf)
-    if (proc.blocks.isEmpty) {
-      cfg.addEdge(funcEntryNode, funcExitNode)
-    } else {
-      // Recurse through blocks
-      visitBlock(proc.entryBlock.get, funcEntryNode)
-    }
-
-    /** Add a block to the CFG. A block in this case is a basic block, so it contains a list of consecutive statements
-      * followed by a jump at the end to another block. We process statements in this block (if they exist), and then
-      * follow the jump to recurse through all other blocks.
-      *
-      * This recursive approach is effectively a "reaches" approach, and will miss cases that we encounter a jump we
-      * can't resolve, or cases where the lifter has not identified a section of code. In each case:
-      *   a. The only jumps we can't resolve are indirect calls. It's the intent of the tool to attempt to resolve these
-      *      through analysis however. The CFG can then be updated as these are resolved to incorporate their jumps. In
-      *      construction we do a simple check for register R30 to identify if an indirect call is a return, but
-      *      otherwise consider it as unresolved. b. If the lifter has failed to identify a region of code, then the
-      *      problem exists at the lifter level. In that case we need a way to coerce the lifter into identifying it, or
-      *      to use a new lifter.
-      *
-      * These visitations will also only produce the intra-procedural CFG - the burden of "creating" the
-      * inter-procedural CFG is left to processes later during CFG construction. The benefit of doing this is that we
-      * can completely resolve a procedure's CFG without jumping to other procedures mid-way through processing, which
-      * assures we don't have any issues with referencing nodes before they exist. Essentially this is a depth-first
-      * approach to CFG construction, as opposed to a breadth-first.
-      *
-      * @param block
-      *   The block being added to the CFG.
-      * @param prevBlockEnd
-      *   Preceding block's end node (jump)
-      */
-    def visitBlock(block: Block, prevBlockEnd: CfgNode): Unit = {
-
-      if (block.statements.nonEmpty) {
-        val endStmt = visitStmts(block.statements, prevBlockEnd)
-        visitJump(block.jump, endStmt, false)
-      } else {
-        // Only jumps in this block
-        visitJump(block.jump, prevBlockEnd, true)
-      }
-
-      /** If a block has statements, we add them to the CFG. Blocks in this case are basic blocks, so we know
-        * consecutive statements will be linked by an unconditional, regular edge.
-        *
-        * @param stmts
-        *   Statements in this block
-        * @param prevNode
-        *   Preceding block's end node (jump)
-        * @return
-        *   The last statement's CFG node
-        */
-      def visitStmts(stmts: Iterable[Statement], prevNode: CfgNode): CfgCommandNode = {
-
-        val firstNode = CfgStatementNode(stmts.head, block, funcEntryNode)
-        cfg.addEdge(prevNode, firstNode)
-        visitedBlocks += (block -> firstNode) // This is guaranteed to be entrance to block if we are here
-
-        val statements = List.from(stmts).map(s => s match {
-          case d: DirectCall => CfgJumpNode(d, block, funcEntryNode)
-          case d: IndirectCall => CfgJumpNode(d, block, funcEntryNode)
-          case o => CfgStatementNode(o, block, funcEntryNode)
-        })
-        val succs = if (statements.nonEmpty) then statements.zip(statements.tail ++ List(CfgJumpNode(statements.head.data.parent.jump, block, funcEntryNode))) else List()
-
-        for ((s,nexts) <- succs) {
-          s.data match {
-          case dCall: DirectCall =>
-
-            var precNode = prevNode
-
-            val targetProc: Procedure = dCall.target
-            funcEntryNode.callers.add(procToCfg(targetProc)._1)
-
-            val callNode : CfgJumpNode = s.asInstanceOf[CfgJumpNode]
-
-            // Branch to this call
-            cfg.addEdge(precNode, callNode)
-
-            procToCalls(proc) += callNode
-            procToCallers(targetProc) += callNode
-            callToNodes(funcEntryNode) += callNode
-
-            // Record call association
-
-            // Jump to return location
-            val returnTarget = nexts
-                // Add intermediary return node (split call into call and return)
-            val callRet = CfgCallReturnNode()
-            cfg.addEdge(callNode, callRet)
-            cfg.addEdge(callRet, returnTarget)
-          case iCall: IndirectCall =>
-            Logger.debug(s"Indirect call found: $iCall in ${proc.name}")
-            var precNode = prevNode
-
-            val jmpNode = s.asInstanceOf[CfgJumpNode]
-            // Branch to this call
-            cfg.addEdge(precNode, jmpNode)
-
-            // Record call association
-            procToCalls(proc) += jmpNode
-            callToNodes(funcEntryNode) += jmpNode
-
-            // R30 is the link register - this stores the address to return to.
-            //  For now just add a node expressing that we are to return to the previous context.
-            if (iCall.target == Register("R30", 64)) {
-              val returnNode = CfgProcedureReturnNode()
-              cfg.addEdge(jmpNode, returnNode)
-              cfg.addEdge(returnNode, funcExitNode)
-            }
-
-            val callRet = CfgCallReturnNode()
-            cfg.addEdge(jmpNode, callRet)
-            val returnTarget = nexts
-            cfg.addEdge(callRet, jmpNode)
-          case h: Halt =>  {
-            assert(false);
-            // not possible since s is only Statement.
-          }
-          case _ => ()
-          }
-        }
-
-
-        if (stmts.size == 1) {
-          return firstNode
-        }
-
-        var prevStmtNode: CfgStatementNode = firstNode
-
-        stmts.tail.foreach(stmt =>
-          val stmtNode = CfgStatementNode(stmt, block, funcEntryNode)
-          cfg.addEdge(prevStmtNode, stmtNode)
-          prevStmtNode = stmtNode
-        )
-
-        prevStmtNode
-      }
-
-      /** All blocks end with jump(s), whereas some also start with a jump (in the case of no statements). Add these to
-        * the CFG and visit their target blocks for processing.
-        *
-        * @param jmps
-        *   Jumps in the current block being processed
-        * @param prevNode
-        *   Either the previous statement in the block, or the previous block's end node (in the case that this block
-        *   contains no statements)
-        * @param solitary
-        *   `True` if this block contains no statements, `False` otherwise
-        */
-      def visitJump(jmp: Jump, prevNode: CfgNode, solitary: Boolean): Unit = {
-        val jmpNode = CfgJumpNode(jmp, block, funcEntryNode)
-        var precNode = prevNode
-
-        if (solitary) {
-          /* If the block contains only jumps (no statements), then the "start" of the block is a jump.
-                If this is a direct call, then we simply use that call node as the start of the block.
-                However, GoTos in the CFG are resolved as edges, and so there doesn't exist a node to use as
-                the start. Thus we introduce a "ghost" node to act as that jump point - it has no functionality
-                and will simply be skipped by analyses.
-
-                Currently we display these nodes in the DOT view of the CFG, however these could be hidden if desired.
-           */
-          jmp match {
-            case jmp: GoTo =>
-              // `GoTo`s are just edges, so introduce a fake `start of block` that can be jmp'd to
-              val ghostNode = CfgGhostNode(block, funcEntryNode, NOP(jmp.label))
-              cfg.addEdge(prevNode, ghostNode)
-              precNode = ghostNode
-              visitedBlocks += (block -> ghostNode)
-            case _ =>
-              // (In)direct call - use this as entrance to block
-              visitedBlocks += (block -> jmpNode)
-          }
-        }
-
-        jmp match {
-          case n: GoTo =>
-            for (targetBlock <- n.targets) {
-              if (visitedBlocks.contains(targetBlock)) {
-                val targetBlockEntry: CfgCommandNode = visitedBlocks(targetBlock)
-                cfg.addEdge(precNode, targetBlockEntry)
-              } else {
-                visitBlock(targetBlock, precNode)
-              }
-            }
-          case h: Halt =>  {
-            cfg.addEdge(jmpNode, funcExitNode)
-          }
-          case r: Return => 
-            // Branch to this call
-            cfg.addEdge(precNode, jmpNode)
-
-            // Record call association
-            procToCalls(proc) += jmpNode
-            callToNodes(funcEntryNode) += jmpNode
-
-            val returnNode = CfgProcedureReturnNode()
-            cfg.addEdge(jmpNode, returnNode)
-            cfg.addEdge(returnNode, funcExitNode)
-        } // `jmps.head` match
-      } // `visitJumps` function
-    } // `visitBlocks` function
-  } // `cfgForProcedure` function
-
-  /** This takes an expression used in a conditional (jump) and tries to negate it in a (hopefully) nice way. Most
-    * conditional jumps are just bitvector comparisons.
-    *
-    * @param expr
-    *   The expression to negate
-    * @return
-    *   The negated expression
-    */
-  private def negateConditional(expr: Expr): Expr = expr match {
-    case binop: BinaryExpr =>
-      binop.op match {
-        case BVNEQ =>
-          BinaryExpr(
-            BVEQ,
-            binop.arg1,
-            binop.arg2
-          )
-        case BVEQ =>
-          BinaryExpr(
-            BVNEQ,
-            binop.arg1,
-            binop.arg2
-          )
-        case _ =>
-          // Worst case scenario we just take the logical not of everything
-          UnaryExpr(
-            BoolNOT,
-            binop
-          )
-      }
-    case unop: UnaryExpr =>
-      unop.op match {
-        case BVNOT | BoolNOT =>
-          unop.arg
-        case _ =>
-          UnaryExpr(
-            BoolNOT,
-            unop
-          )
-      }
-    case _ =>
-      UnaryExpr(
-        BoolNOT,
-        expr
-      )
-  }
-
-  /** Recursively inline procedures. This has a dumb/flat approach - we simply continue inlining each all direct calls
-    * until we either run out of direct calls, or we are at our max inline depth.
-    *
-    * For each direct call to be inlined we make a copy of the target's intraprocedural cfg, which is then linked to the
-    * calling procedure's cfg. We keep track of newly found direct calls that come from inlined functions, which is what
-    * we pass to the next recursive call. At the end of recursion this set stores the leaf nodes of the cfg - this is
-    * then used later to link interprocedural calls.
-    *
-    * @param procNodes
-    *   The call nodes to inline
-    * @param inlineAmount
-    *   Maximum amount of inlining from this depth allowed
-    * @return
-    *   Tthe next leaf call nodes
-    */
-  @tailrec
-  private def inlineProcedureCalls(procNodes: Set[CfgJumpNode], inlineAmount: Int): Set[CfgJumpNode] = {
-    assert(inlineAmount >= 0)
-    Logger.info(s"[+] Inlining ${procNodes.size} leaf call nodes with $inlineAmount level(s) left")
-
-    if (inlineAmount == 0 || procNodes.isEmpty) {
-      return procNodes
-    }
-
-    // Set of procedure calls to be discovered by inlining the ones in `procNodes`
-    val nextProcNodes: mutable.Set[CfgJumpNode] = mutable.Set()
-
-    procNodes.foreach { procNode =>
-      procNode.data match {
-        case targetCall: DirectCall =>
-          // Retrieve information about the call to the target procedure
-          val targetProc = targetCall.target
-          val (procEntry, procExit) = cloneProcedureCFG(targetProc)
-
-          // Add link between call node and the procedure's `Entry`.
-          cfg.addInlineEdge(procNode, procEntry)
-
-          // Link the procedure's `Exit` to the return point. There should only be one.
-          assert(
-            procNode.succIntra.size == 1,
-            s"More than 1 return node... $procNode has ${procNode.succIntra}"
-          )
-          val returnNode = procNode.succIntra.head
-          cfg.addInlineEdge(procExit, returnNode)
-
-          // Add new (un-inlined) function calls to be inlined
-          nextProcNodes ++= callToNodes(procEntry)
-        case _ =>
-      }
-    }
-
-    inlineProcedureCalls(nextProcNodes.toSet, inlineAmount - 1)
-  }
-
-  /** Clones the intraproc-cfg of the given procedure, with unique CfgNode ids. Adds the new nodes to the cfg, and
-    * returns the start/end nodes of the new procedure cfg.
-    *
-    * @param proc
-    *   The procedure to clone (used to index the pre-computed cfgs)
-    * @return
-    *   (CfgFunctionEntryNode, CfgFunctionExitNode) of the cloned cfg
-    */
-  private def cloneProcedureCFG(proc: Procedure): (CfgFunctionEntryNode, CfgFunctionExitNode) = {
-
-    val (entryNode: CfgFunctionEntryNode, exitNode: CfgFunctionExitNode) = procToCfg(proc)
-    val (newEntry: CfgFunctionEntryNode, newExit: CfgFunctionExitNode) = (entryNode.copyNode(), exitNode.copyNode())
-
-    callToNodes += (newEntry -> mutable.Set())
-
-    // Entry is guaranteed to only have one successor (by our cfg design)
-    val currNode: CfgNode = entryNode.succIntra.head
-    visitNode(currNode, newEntry)
-
-    /** Walk this proc's cfg until we reach the exit node on each branch. We do this recursively, tracking the previous
-      * node, to account for branches and loops.
-      *
-      * We can't represent the parameters as an edge as one node comes from the old cfg, and the other from the new cfg.
-      *
-      * @param node
-      *   Node in the original procedure's cfg we're up to cloning
-      * @param prevNewNode
-      *   The originating node in the new clone's cfg
-      */
-    def visitNode(node: CfgNode, prevNewNode: CfgNode): Unit = {
-
-      if (node == exitNode) {
-        cfg.addEdge(prevNewNode, newExit)
-        return
-      }
-
-      node match {
-        case n: CfgJumpNode =>
-          val newNode = n.copyNode()
-
-          // Link this node with predecessor in the new cfg
-          cfg.addEdge(prevNewNode, newNode)
-
-          n.data match {
-            case d: DirectCall =>
-              procToCalls(proc) += newNode
-              callToNodes(newEntry) += newNode
-              procToCallers(d.target) += newNode
-            case i: IndirectCall =>
-              procToCalls(proc) += newNode
-              callToNodes(newEntry) += newNode
-            case _ =>
-          }
-
-          // Get intra-cfg successors
-          val outNodes = node.succIntra
-          outNodes.foreach(node => visitNode(node, newNode))
-
-        // For other node types, link with predecessor and continue traversal
-        case _ =>
-          val newNode = node.copyNode()
-          cfg.addEdge(prevNewNode, newNode)
-
-          val outNodes = node.succIntra
-          outNodes.foreach(node => visitNode(node, newNode))
-      }
-    }
-
-    (newEntry, newExit)
-  }
-
-  /** After inlining has been done, we link all residual direct calls (leaf nodes) to the start of the intraprocedural
-    * that are the target of the call.
-    *
-    * @param leaves
-    *   The call nodes at edge of intraprocedural cfgs to be linked to their targets
-    */
-  private def addInterprocEdges(leaves: Set[CfgJumpNode]): Unit = {
-
-    leaves.foreach { callNode =>
-      callNode.data match {
-        case targetCall: DirectCall =>
-          val targetProc: Procedure = targetCall.target
-
-          // this does not add returns for any of the calls, so the interprocedural analysis will not work if any
-          // calls are not in-lined
-          val (targetEntry: CfgFunctionEntryNode, _) = procToCfg(targetProc)
-
-          cfg.addInterprocCallEdge(callNode, targetEntry)
-        case _ =>
-      }
-    }
-  }
diff --git a/src/main/scala/analysis/Dependencies.scala b/src/main/scala/analysis/Dependencies.scala
index 040861803..4b5e15106 100644
--- a/src/main/scala/analysis/Dependencies.scala
+++ b/src/main/scala/analysis/Dependencies.scala
@@ -22,26 +22,6 @@ trait Dependencies[N]:
     */
   def indep(n: N): Set[N]
 
-trait InterproceduralForwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.succInter.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.predInter.toSet
-}
-
-trait IntraproceduralForwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.succIntra.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.predIntra.toSet
-}
-
-trait InterproceduralBackwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.predInter.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.succInter.toSet
-}
-
-trait IntraproceduralBackwardDependencies extends Dependencies[CfgNode] {
-  override def outdep(n: CfgNode): Set[CfgNode] = n.predIntra.toSet
-  override def indep(n: CfgNode): Set[CfgNode] = n.succIntra.toSet
-}
-
 trait IRInterproceduralForwardDependencies extends Dependencies[CFGPosition] {
   override def outdep(n: CFGPosition): Set[CFGPosition] = InterProcIRCursor.succ(n)
   override def indep(n: CFGPosition): Set[CFGPosition] = InterProcIRCursor.pred(n)
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index 7a93266e8..cbe3076c6 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.BackwardIDESolver
-import ir.{Assert, Assume, Block, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Halt, Return, Procedure, Program, Variable, toShortString}
+import ir.{Assert, Assume, Block, GoTo, CFGPosition, Command, DirectCall, IndirectCall, Assign, MemoryAssign, Unreachable, Return, Procedure, Program, Variable, toShortString}
 
 /**
  * Micro-transfer-functions for LiveVar analysis
@@ -74,11 +74,7 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
         d match
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
-      case r: Return => Map(d -> IdEdge())
-      case h: Halt => Map(d -> IdEdge())
-      case c: DirectCall => Map(d -> IdEdge())
-      case c: Block => Map(d -> IdEdge())
-      case c: GoTo => Map(d -> IdEdge())
+      case _ => Map(d -> IdEdge())
 
   }
 }
diff --git a/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala b/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
index 38153e277..4e7ba81f1 100644
--- a/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
+++ b/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
@@ -39,7 +39,7 @@ case class RegisterWrapperEqualSets(variable: Variable, assigns: Set[Assign]) {
 class InterprocSteensgaardAnalysis(
       program: Program,
       constantProp: Map[CFGPosition, Map[RegisterWrapperEqualSets, Set[BitVecLiteral]]],
-      regionAccesses: Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]],
+      regionAccesses: Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]],
       mmm: MemoryModelMap,
       reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
       globalOffsets: Map[BigInt, BigInt]) extends Analysis[Any] {
@@ -431,4 +431,4 @@ object Fresh {
     n += 1
     n
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index 75fa1dbb0..a576b27fb 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -1,7 +1,7 @@
 package analysis
 
 import analysis.solvers.SimpleWorklistFixpointSolver
-import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable, Return, Halt}
+import ir.{Assert, Assume, Block, CFGPosition, Call, DirectCall, GoTo, IndirectCall, Jump, Assign, MemoryAssign, NOP, Procedure, Program, Statement, Variable, Return, Unreachable}
 
 abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
   val lattice: MapLattice[CFGPosition, Set[Variable], PowersetLattice[Variable]] = MapLattice(PowersetLattice())
@@ -19,7 +19,7 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case c: DirectCall => s
       case g: GoTo => s
       case r: Return => s
-      case r: Halt => s
+      case r: Unreachable => s
       case _ => ???
     }
   }
diff --git a/src/main/scala/analysis/MemoryRegionAnalysis.scala b/src/main/scala/analysis/MemoryRegionAnalysis.scala
index 65aa1cc20..c7d888a43 100644
--- a/src/main/scala/analysis/MemoryRegionAnalysis.scala
+++ b/src/main/scala/analysis/MemoryRegionAnalysis.scala
@@ -14,7 +14,7 @@ trait MemoryRegionAnalysis(val program: Program,
                            val constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
                            val ANRResult: Map[CFGPosition, Set[Variable]],
                            val RNAResult: Map[CFGPosition, Set[Variable]],
-                           val regionAccesses: Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]],
+                           val regionAccesses: Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]],
                            reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) {
 
   var mallocCount: Int = 0
@@ -234,7 +234,7 @@ class MemoryRegionAnalysisSolver(
     constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
     ANRResult: Map[CFGPosition, Set[Variable]],
     RNAResult: Map[CFGPosition, Set[Variable]],
-    regionAccesses: Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]],
+    regionAccesses: Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]],
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
   ) extends MemoryRegionAnalysis(program, globals, globalOffsets, subroutines, constantProp, ANRResult, RNAResult, regionAccesses, reachingDefs)
   with IRIntraproceduralForwardDependencies
@@ -249,4 +249,4 @@ class MemoryRegionAnalysisSolver(
       case _ => super.funsub(n, x)
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/RegToMemAnalysis.scala b/src/main/scala/analysis/RegToMemAnalysis.scala
index df7217f75..1afde6f4d 100644
--- a/src/main/scala/analysis/RegToMemAnalysis.scala
+++ b/src/main/scala/analysis/RegToMemAnalysis.scala
@@ -15,29 +15,29 @@ import scala.collection.immutable
  *
  * Both in which constant propagation mark as TOP which is not useful.
  */
-trait RegionAccessesAnalysis(cfg: ProgramCfg, constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) {
+trait RegionAccessesAnalysis(program: Program, constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) {
 
   val mapLattice: MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]] = MapLattice(FlatLattice[_root_.ir.Expr]())
 
-  val lattice: MapLattice[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] = MapLattice(mapLattice)
+  val lattice: MapLattice[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] = MapLattice(mapLattice)
 
-  val domain: Set[CfgNode] = cfg.nodes.toSet
+  val domain: Set[CFGPosition] = program.toSet 
 
-  val first: Set[CfgNode] = Set(cfg.startNode)
+  val first: Set[CFGPosition] = program.procedures.toSet
 
   /** Default implementation of eval.
    */
-  def eval(cmd: CfgCommandNode, constants: Map[Variable, FlatElement[BitVecLiteral]], s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = {
-    cmd.data match {
+  def eval(cmd: Statement, constants: Map[Variable, FlatElement[BitVecLiteral]], s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = {
+    cmd match {
       case assign: Assign =>
         assign.rhs match {
           case memoryLoad: MemoryLoad =>
-            s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd.data, reachingDefs)) -> FlatEl(memoryLoad))
+            s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd, reachingDefs)) -> FlatEl(memoryLoad))
           case binaryExpr: BinaryExpr =>
             if (evaluateExpression(binaryExpr.arg1, constants).isEmpty) { // approximates Base + Offset
               Logger.debug(s"Approximating $assign in $binaryExpr")
-              Logger.debug(s"Reaching defs: ${reachingDefs(cmd.data)}")
-              s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd.data, reachingDefs)) -> FlatEl(binaryExpr))
+              Logger.debug(s"Reaching defs: ${reachingDefs(cmd)}")
+              s + (RegisterVariableWrapper(assign.lhs, getDefinition(assign.lhs, cmd, reachingDefs)) -> FlatEl(binaryExpr))
             } else {
               s
             }
@@ -50,23 +50,23 @@ trait RegionAccessesAnalysis(cfg: ProgramCfg, constantProp: Map[CFGPosition, Map
 
   /** Transfer function for state lattice elements.
    */
-  def localTransfer(n: CfgNode, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = n match {
-    case cmd: CfgCommandNode =>
-      eval(cmd, constantProp(cmd.data), s)
+  def localTransfer(n: CFGPosition, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = n match {
+    case cmd: Statement =>
+      eval(cmd, constantProp(cmd), s)
     case _ => s // ignore other kinds of nodes
   }
 
   /** Transfer function for state lattice elements.
    */
-  def transfer(n: CfgNode, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = localTransfer(n, s)
+  def transfer(n: CFGPosition, s: Map[RegisterVariableWrapper, FlatElement[Expr]]): Map[RegisterVariableWrapper, FlatElement[Expr]] = localTransfer(n, s)
 }
 
 class RegionAccessesAnalysisSolver(
-                         cfg: ProgramCfg,
+                         program: Program,
                          constantProp: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
                          reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
-                       ) extends RegionAccessesAnalysis(cfg, constantProp, reachingDefs)
-  with InterproceduralForwardDependencies
-  with Analysis[Map[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]]]]
-  with SimpleWorklistFixpointSolver[CfgNode, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] {
-}
\ No newline at end of file
+                       ) extends RegionAccessesAnalysis(program, constantProp, reachingDefs)
+  with IRInterproceduralForwardDependencies
+  with Analysis[Map[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]]]]
+  with SimpleWorklistFixpointSolver[CFGPosition, Map[RegisterVariableWrapper, FlatElement[Expr]], MapLattice[RegisterVariableWrapper, FlatElement[Expr], FlatLattice[Expr]]] {
+}
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index 231c87521..eaa9a2369 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -1,7 +1,7 @@
 package analysis.solvers
 
 import analysis.{BackwardIDEAnalysis, Dependencies, EdgeFunction, EdgeFunctionLattice, ForwardIDEAnalysis, IDEAnalysis, IRInterproceduralBackwardDependencies, IRInterproceduralForwardDependencies, Lambda, Lattice, MapLattice}
-import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, Return, InterProcIRCursor, Procedure, Program, isAfterCall, Halt, Statement, Jump}
+import ir.{CFGPosition, Command, DirectCall, GoTo, IRWalk, IndirectCall, Return, InterProcIRCursor, Procedure, Program, isAfterCall, Unreachable, Statement, Jump}
 import util.Logger
 
 import scala.collection.immutable.Map
@@ -213,7 +213,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def entryToExit(entry: Procedure): Return = IRWalk.lastInProc(entry).asInstanceOf[Return]
 
-  protected def exitToEntry(exit: IndirectCall): Procedure = IRWalk.procedure(exit)
+  protected def exitToEntry(exit: Return): Procedure = IRWalk.procedure(exit)
 
   protected def callToReturn(call: DirectCall): Command = call.successor
 
@@ -229,13 +229,13 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Halt]) => true
+      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Unreachable]) => true
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
       // only looking at functions with statements
-      case command: Command => IRWalk.lastInProc(IRWalk.procedure(command)) == command
+      case command: Return => true
       case _ => false
 
   protected def getAfterCalls(exit: IndirectCall): Set[Command] =
@@ -268,12 +268,19 @@ abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case c : Command => isAfterCall(c) && IRWalk.prevCommandInBlock(c).map(_.isInstanceOf[DirectCall]).getOrElse(false)
+      case c: Unreachable => false /* don't process non-returning calls */
+      case c : Command => {
+        val call = IRWalk.prevCommandInBlock(c)
+        call match {
+          case Some(d: DirectCall) if d.target.returnBlock.isDefined => true
+          case _ => false
+        }
+      }
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
     exit match
-      case procedure: Procedure => true
+      case procedure: Procedure => procedure.blocks.nonEmpty
       case _ => false
 
   protected def getAfterCalls(exit: Procedure): Set[DirectCall] = exit.incomingCalls().toSet
diff --git a/src/main/scala/cfg_visualiser/Output.scala b/src/main/scala/cfg_visualiser/Output.scala
deleted file mode 100644
index cc730d62e..000000000
--- a/src/main/scala/cfg_visualiser/Output.scala
+++ /dev/null
@@ -1,37 +0,0 @@
-package cfg_visualiser
-
-import java.io.{File, PrintWriter}
-import analysis._
-
-/** Basic outputting functionality.
-  */
-object Output {
-
-  /** Helper function for producing string output for a control-flow graph node after an analysis.
-    * @param res
-    *   map from control-flow graph nodes to strings, as produced by the analysis
-    */
-  def labeler(res: Map[CfgNode, _], stateAfterNode: Boolean)(n: CfgNode): String = {
-    val r = res.getOrElse(n, "-")
-    val desc = n match {
-      case entry: CfgFunctionEntryNode => s"Function ${entry.data.name} entry"
-      case exit: CfgFunctionExitNode   => s"Function ${exit.data.name} exit"
-      case _                           => n.toString + s" ${n.id}"
-    }
-    if (stateAfterNode) s"$desc\n$r"
-    else s"$r\n$desc"
-  }
-
-  /** Generate an unique ID string for the given AST node.
-    */
-  def dotIder(n: CfgNode, uniqueId: Int): String =
-    n match {
-      case real: CfgCommandNode           => s"real${real.data}_$uniqueId"
-      case entry: CfgFunctionEntryNode    => s"entry${entry.data}_$uniqueId"
-      case exit: CfgFunctionExitNode      => s"exit${exit.data}_$uniqueId"
-      case ret: CfgProcedureReturnNode    => s"return_$uniqueId"
-      case noCallRet: CfgCallNoReturnNode => s"callnoreturn_$uniqueId"
-      case callRet: CfgCallReturnNode     => s"callreturn_$uniqueId"
-      case _                              => ???
-    }
-}
\ No newline at end of file
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 52c585aaf..0e79fa422 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -96,7 +96,7 @@ trait IntraProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
       case proc: Procedure => proc.entryBlock.toSet
       case b: Block        => b.statements.headOption.orElse(Some(b.jump)).toSet
       case n: GoTo         => n.targets.asInstanceOf[Set[CFGPosition]]
-      case h: Halt         => Set()
+      case h: Unreachable         => Set()
       case h: Return       => Set()
       case c: Statement    => IRWalk.nextCommandInBlock(c).toSet
     }
@@ -150,7 +150,6 @@ trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
     IntraProcIRCursor.succ(pos) ++
       (pos match
         case c: DirectCall if c.target.blocks.nonEmpty => Set(c.target)
-        // case c: IndirectCall if c.parent.isProcReturn => c.parent.parent.incomingCalls().map(_.successor).toSet
         case c: Return => c.parent.parent.incomingCalls().map(_.successor).toSet
         case _         => Set.empty
       )
@@ -159,7 +158,13 @@ trait InterProcIRCursor extends IRWalk[CFGPosition, CFGPosition] {
   final def pred(pos: CFGPosition): Set[CFGPosition] = {
     IntraProcIRCursor.pred(pos) ++
       (pos match
-        case d: DirectCall if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
+        case c: Command => {
+          IRWalk.prevCommandInBlock(c) match {
+            case Some(d: DirectCall) if d.target.blocks.nonEmpty => d.target.returnBlock.toSet
+            case o            => o.toSet
+          }
+
+        }
         case c: Procedure                              => c.incomingCalls().toSet.asInstanceOf[Set[CFGPosition]]
         case _                                         => Set.empty
       )
diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/Interpreter.scala
index de470d5d9..0430ef66a 100644
--- a/src/main/scala/ir/Interpreter.scala
+++ b/src/main/scala/ir/Interpreter.scala
@@ -248,8 +248,8 @@ class Interpreter() {
         case r: Return => {
           nextCmd = Some(returnCmd.pop())
         }
-        case h: Halt => {
-          Logger.debug("Halt")
+        case h: Unreachable => {
+          Logger.debug("Unreachable")
           nextCmd = None
         }
       }
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 5911be3a8..ba8c67239 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -18,40 +18,6 @@ class Program(var procedures: ArrayBuffer[Procedure],
     serialiseIL(this)
   }
 
-  // This shouldn't be run before indirect calls are resolved
-  def stripUnreachableFunctions(depth: Int = Int.MaxValue): Unit = {
-    val procedureCalleeNames = procedures.map(f => f.name -> f.calls.map(_.name)).toMap
-
-    val toVisit: mutable.LinkedHashSet[(Int, String)] = mutable.LinkedHashSet((0, mainProcedure.name))
-    var reachableFound = true
-    val reachableNames = mutable.HashMap[String, Int]()
-    while (toVisit.nonEmpty) {
-      val next = toVisit.head
-      toVisit.remove(next)
-
-      if (next._1 <= depth) {
-
-        def addName(depth: Int, name: String): Unit = {
-          val oldDepth = reachableNames.getOrElse(name, Integer.MAX_VALUE)
-          reachableNames.put(next._2, if depth < oldDepth then depth else oldDepth)
-        }
-        addName(next._1, next._2)
-
-        val callees = procedureCalleeNames(next._2)
-
-        toVisit.addAll(callees.diff(reachableNames.keySet).map(c => (next._1 + 1, c)))
-        callees.foreach(c => addName(next._1 + 1, c))
-      }
-    }
-    procedures = procedures.filter(f => reachableNames.keySet.contains(f.name))
-
-    for (elem <- procedures.filter(c => c.calls.exists(s => !procedures.contains(s)))) {
-      // last layer is analysed only as specifications so we remove the body for anything that calls
-      // a function we have removed
-
-      elem.clearBlocks()
-    }
-  }
 
   def setModifies(specModifies: Map[String, List[String]]): Unit = {
     val procToCalls: mutable.Map[Procedure, Set[Procedure]] = mutable.Map()
@@ -231,7 +197,6 @@ class Procedure private (
   }
 
   def addBlocks(block: Block): Block = {
-    block.parent = this
     if (!_blocks.contains(block)) {
       block.parent = this
       _blocks.add(block)
@@ -320,7 +285,8 @@ class Procedure private (
 
   def clearBlocks(): Unit = {
     // O(n) because we are careful to unlink the parents etc.
-    removeBlocks(_blocks)
+    // .toList to avoid modifying our own iterator
+    removeBlocksDisconnect(_blocks.toList)
   }
 
   def callers(): Iterable[Procedure] = _callers.map(_.parent.parent).toSet[Procedure]
@@ -371,6 +337,7 @@ class Block private (
     this(label, address, IntrusiveList().addAll(statements), jump, mutable.HashSet.empty)
   }
 
+  def isReturn: Boolean = parent.returnBlock.contains(this)
   def isEntry: Boolean = parent.entryBlock.contains(this)
 
   def jump: Jump = _jump
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 2dea68f46..ce49bc82e 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -82,7 +82,7 @@ sealed trait Jump extends Command {
   def acceptVisit(visitor: Visitor): Jump = throw new Exception("visitor " + visitor + " unimplemented for: " + this)
 }
 
-class Halt(override val label: Option[String] = None) extends Jump {
+class Unreachable(override val label: Option[String] = None) extends Jump {
   /* Terminate / No successors / assume false */
   override def acceptVisit(visitor: Visitor): Jump = this
 }
@@ -139,7 +139,7 @@ object GoTo:
 
 sealed trait Call extends Statement {
   def returnTarget: Option[Command] = successor match {
-    case h: Halt => None
+    case h: Unreachable => None
     case o => Some(o)
   }
 }
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 6a1b96742..3ebeefbc4 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -73,8 +73,8 @@ case class EventuallyGoto(targets: List[DelayNameResolve]) extends EventuallyJum
 case class EventuallyReturn() extends EventuallyJump {
   override def resolve(p: Program) = Return()
 }
-case class EventuallyHalt() extends EventuallyJump  {
-  override def resolve(p: Program) = Halt()
+case class EventuallyUnreachable() extends EventuallyJump  {
+  override def resolve(p: Program) = Unreachable()
 }
 
 def goto(): EventuallyGoto = EventuallyGoto(List.empty)
@@ -84,7 +84,7 @@ def goto(targets: String*): EventuallyGoto = {
 }
 
 def ret: EventuallyReturn = EventuallyReturn()
-def halt: EventuallyHalt= EventuallyHalt()
+def unreachable: EventuallyUnreachable= EventuallyUnreachable()
 
 def goto(targets: List[String]): EventuallyGoto = {
   EventuallyGoto(targets.map(p => DelayNameResolve(p)))
@@ -111,8 +111,6 @@ def block(label: String, sl: (Statement | EventuallyStatement | EventuallyJump)*
   val statements : Seq[EventuallyStatement] = sl.flatMap {
     case s: Statement => Some(ResolvableStatement(s))
     case o: EventuallyStatement => Some(o)
-    case o: EventuallyCall => Some(o)
-    case o: EventuallyIndirectCall => Some(o)
     case g: EventuallyJump => None
   }
   val jump = sl.collectFirst {
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index e9c9fddf7..4345dcaa1 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -1,7 +1,5 @@
 package ir.transforms
 
-
-
 import scala.collection.mutable.ListBuffer
 import scala.collection.mutable.ArrayBuffer
 import analysis.solvers.*
@@ -11,165 +9,27 @@ import ir.*
 import translating.*
 import util.Logger
 import util.intrusive_list.IntrusiveList
-import analysis.CfgCommandNode
 import scala.collection.mutable
 import cilvisitor._
 
-
-/** Resolve indirect calls to an address-conditional choice between direct calls using the Value Set Analysis results.
- *  Dead code, and currently broken by statement calls 
- *
-def resolveIndirectCalls(
-    cfg: ProgramCfg,
-    valueSets: Map[CfgNode, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]],
+def resolveIndirectCallsUsingPointsTo(
+    pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
+    regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
+    reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
     IRProgram: Program
 ): Boolean = {
   var modified: Boolean = false
-  val worklist = ListBuffer[CfgNode]()
-  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-  val visited = mutable.Set[CfgNode]()
-  while (worklist.nonEmpty) {
-    val node = worklist.remove(0)
-    if (!visited.contains(node)) {
-      process(node)
-      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
-      visited.add(node)
-    }
-  }
-
-  def process(n: CfgNode): Unit = n match {
-    /*
-    case c: CfgStatementNode =>
-      c.data match
+  val worklist = ListBuffer[CFGPosition]()
 
-      //We do not want to insert the VSA results into the IR like this
-        case localAssign: Assign =>
-          localAssign.rhs match
-            case _: MemoryLoad =>
-              if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size == 1) {
-                val extractedValue = extractExprFromValue(valueSets(n).get(localAssign.lhs).head.head)
-                localAssign.rhs = extractedValue
-                Logger.info(s"RESOLVED: Memory load ${localAssign.lhs} resolved to ${extractedValue}")
-              } else if (valueSets(n).contains(localAssign.lhs) && valueSets(n).get(localAssign.lhs).head.size > 1) {
-                Logger.info(s"RESOLVED: WARN Memory load ${localAssign.lhs} resolved to multiple values, cannot replace")
-
-                /*
-                // must merge into a single memory variable to represent the possible values
-                // Make a binary OR of all the possible values takes two at a time (incorrect to do BVOR)
-                val values = valueSets(n).get(localAssign.lhs).head
-                val exprValues = values.map(extractExprFromValue)
-                val result = exprValues.reduce((a, b) => BinaryExpr(BVOR, a, b)) // need to express nondeterministic
-                                                                                 // choice between these specific options
-                localAssign.rhs = result
-     */
-              }
-            case _ =>
-     */
-    case c: CfgJumpNode =>
-      val block = c.block
-      c.data match
-        case indirectCall: IndirectCall =>
-          if (block.jump != indirectCall) {
-            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-            // to replace.
-            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-            return
-          }
-          valueSets(n) match {
-            case Lift(valueSet) =>
-              val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted
-              val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head)
-
-              if (targets.size == 1) {
-                modified = true
-
-                // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-                val newCall = DirectCall(targets.head, indirectCall.label)
-                block.statements.replace(indirectCall, newCall) 
-              } else if (targets.size > 1) {
-                modified = true
-                val procedure = c.parent.data
-                val newBlocks = ArrayBuffer[Block]()
-                for (t <- targets) {
-                  val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64)))
-                  val newLabel: String = block.label + t.name
-                  val directCall = DirectCall(t)
-                  directCall.parent = indirectCall.parent
-
-                  // assume indircall is the last statement in block
-                  assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-                  val fallthrough = indirectCall.parent.jump
-
-                  newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-                }
-                procedure.addBlocks(newBlocks)
-                val newCall = GoTo(newBlocks, indirectCall.label)
-                block.replaceJump(newCall)
-              }
-            case LiftedBottom =>
-          }
-        case _ =>
-    case _ =>
-  }
-
-  def nameExists(name: String): Boolean = {
-    IRProgram.procedures.exists(_.name.equals(name))
-  }
-
-  def addFakeProcedure(name: String): Unit = {
-    IRProgram.procedures += Procedure(name)
-  }
+  worklist.addAll(IRProgram)
 
-  def resolveAddresses(valueSet: Set[Value]): Set[AddressValue] = {
-    var functionNames: Set[AddressValue] = Set()
-    valueSet.foreach {
-      case globalAddress: GlobalAddress =>
-        if (nameExists(globalAddress.name)) {
-          functionNames += globalAddress
-          Logger.info(s"RESOLVED: Call to Global address ${globalAddress.name} rt statuesolved.")
-        } else {
-          addFakeProcedure(globalAddress.name)
-          functionNames += globalAddress
-          Logger.info(s"Global address ${globalAddress.name} does not exist in the program.  Added a fake function.")
-        }
-      case localAddress: LocalAddress =>
-        if (nameExists(localAddress.name)) {
-          functionNames += localAddress
-          Logger.info(s"RESOLVED: Call to Local address ${localAddress.name}")
-        } else {
-          addFakeProcedure(localAddress.name)
-          functionNames += localAddress
-          Logger.info(s"Local address ${localAddress.name} does not exist in the program. Added a fake function.")
-        }
-      case _ =>
-    }
-    functionNames
-  }
-
-  modified
-}
-
-  */
-
-def resolveIndirectCallsUsingPointsTo(
-   cfg: ProgramCfg,
-   pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
-   regionContents: Map[MemoryRegion, Set[BitVecLiteral | MemoryRegion]],
-   reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])],
-   IRProgram: Program
- ): Boolean = {
-  var modified: Boolean = false
-  val worklist = ListBuffer[CfgNode]()
-  cfg.startNode.succIntra.union(cfg.startNode.succInter).foreach(node => worklist.addOne(node))
-
-  val visited = mutable.Set[CfgNode]()
+  val visited = mutable.Set[CFGPosition]()
   while (worklist.nonEmpty) {
     val node = worklist.remove(0)
     if (!visited.contains(node)) {
+      // add to worklist before we delete the node and can no longer find its successors
+      InterProcIRCursor.succ(node).foreach(node => worklist.addOne(node))
       process(node)
-      node.succIntra.union(node.succInter).foreach(node => worklist.addOne(node))
       visited.add(node)
     }
   }
@@ -181,7 +41,7 @@ def resolveIndirectCallsUsingPointsTo(
         if (regionContents.contains(stackRegion)) {
           for (c <- regionContents(stackRegion)) {
             c match {
-              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral) //???
               case memoryRegion: MemoryRegion =>
                 result.addAll(searchRegion(memoryRegion))
             }
@@ -195,7 +55,7 @@ def resolveIndirectCallsUsingPointsTo(
           result.add(dataRegion.regionIdentifier) // TODO: may need to investigate if we should add the parent region
           for (c <- regionContents(dataRegion)) {
             c match {
-              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral)//???
+              case bitVecLiteral: BitVecLiteral => Logger.debug("hi: " + bitVecLiteral) //???
               case memoryRegion: MemoryRegion =>
                 result.addAll(searchRegion(memoryRegion))
             }
@@ -218,76 +78,70 @@ def resolveIndirectCallsUsingPointsTo(
       case Some(value) =>
         value.map {
           case v: RegisterVariableWrapper => names.addAll(resolveAddresses(v.variable, i))
-          case m: MemoryRegion => names.addAll(searchRegion(m))
+          case m: MemoryRegion            => names.addAll(searchRegion(m))
         }
         names
       case None => names
     }
   }
 
-  def process(n: CfgNode): Unit = n match {
-    case c: CfgJumpNode =>
-      val block = c.block
-      c.data match
-        // don't try to resolve returns
-        case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
-          if (!indirectCall.hasParent) {
-            // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data
-            // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR
-            // to replace.
-            // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR
-            return
-          }
-          assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
-
-          val targetNames = resolveAddresses(indirectCall.target, indirectCall)
-          Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
-          Logger.debug(IRProgram.procedures)
-          val targets: mutable.Set[Procedure] = targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
-
-          if (targets.size > 1) {
-            Logger.info(s"Resolved indirect call $indirectCall")
+  def process(n: CFGPosition): Unit = n match {
+    case indirectCall: IndirectCall if indirectCall.target != Register("R30", 64) =>
+      if (!indirectCall.hasParent) {
+        // skip if we have already processesd this call
+        return
+      }
+      // we need the single-call-at-end-of-block invariant
+      assert(indirectCall.parent.statements.lastOption.contains(indirectCall))
+
+      val block = indirectCall.parent
+      val procedure = block.parent
+
+      val targetNames = resolveAddresses(indirectCall.target, indirectCall)
+      Logger.debug(s"Points-To approximated call ${indirectCall.target} with $targetNames")
+      Logger.debug(IRProgram.procedures)
+      val targets: mutable.Set[Procedure] =
+        targetNames.map(name => IRProgram.procedures.find(_.name == name).getOrElse(addFakeProcedure(name)))
+
+      if (targets.size > 1) {
+        Logger.info(s"Resolved indirect call $indirectCall")
+      }
+
+      if (targets.size == 1) {
+        modified = true
+
+        val newCall = DirectCall(targets.head, indirectCall.label)
+        block.statements.replace(indirectCall, newCall)
+      } else if (targets.size > 1) {
+
+        val oft = indirectCall.parent.jump
+
+        modified = true
+        val newBlocks = ArrayBuffer[Block]()
+        for (t <- targets) {
+          Logger.debug(targets)
+          val address = t.address.match {
+            case Some(a) => a
+            case None =>
+              throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
           }
-
-
-          if (targets.size == 1) {
-            modified = true
-
-            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-            val newCall = DirectCall(targets.head, indirectCall.label)
-            block.statements.replace(indirectCall, newCall)
-          } else if (targets.size > 1) {
-
-            val oft = indirectCall.parent.jump
-
-            modified = true
-            val procedure = c.parent.data
-            val newBlocks = ArrayBuffer[Block]()
-            // indirectCall.parent.parent.removeBlocks(indirectCall.returnTarget)
-            for (t <- targets) {
-              Logger.debug(targets)
-              val address = t.address.match {
-                case Some(a) => a
-                case None => throw Exception(s"resolved indirect call $indirectCall to procedure which does not have address: $t")
-              }
-              val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
-              val newLabel: String = block.label + t.name
-              val directCall = DirectCall(t)
-
-              /* copy the goto node resulting */
-              val fallthrough = oft match {
-                case g: GoTo => GoTo(g.targets, g.label)
-                case h: Halt => Halt()
-                case r: Return => Return()
-              }
-              newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
-            }
-            block.statements.remove(indirectCall)
-            procedure.addBlocks(newBlocks)
-            val newCall = GoTo(newBlocks, indirectCall.label)
-            block.replaceJump(newCall)
+          val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
+          val newLabel: String = block.label + t.name
+          val directCall = DirectCall(t)
+
+          /* copy the goto node resulting */
+          val fallthrough = oft match {
+            case g: GoTo        => GoTo(g.targets, g.label)
+            case h: Unreachable => Unreachable()
+            case r: Return      => Return()
           }
-        case _ =>
+          newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
+        }
+        block.statements.remove(indirectCall)
+        procedure.addBlocks(newBlocks)
+        val newCall = GoTo(newBlocks, indirectCall.label)
+        block.replaceJump(newCall)
+      }
     case _ =>
   }
 
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index 91681ab8e..f41c25e3d 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -13,7 +13,7 @@ class ReplaceReturns extends CILVisitor {
     j match {
       case IndirectCall(Register("R30", _), _) => {
         assert(j.parent.statements.lastOption.contains(j))
-        if (j.parent.jump.isInstanceOf[Halt | Return]) {
+        if (j.parent.jump.isInstanceOf[Unreachable | Return]) {
           j.parent.replaceJump(Return())
           ChangeTo(List())
         } else {
@@ -32,7 +32,6 @@ def addReturnBlocks(p: Program, toAll: Boolean = false) = {
   p.procedures.foreach(p => {
     val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
     if (toAll && p.blocks.isEmpty && p.entryBlock.isEmpty && p.returnBlock.isEmpty) {
-      Logger.info(s"proc ${p.name} ${p.entryBlock}, ${p.returnBlock}")
       p.returnBlock = (Block(label=p.name + "_basil_return",jump=Return()))
       p.entryBlock = (Block(label=p.name + "_basil_entry",jump=GoTo(p.returnBlock.get)))
     } else if (p.returnBlock.isEmpty && (toAll || containsReturn)) {
diff --git a/src/main/scala/ir/transforms/SplitThreads.scala b/src/main/scala/ir/transforms/SplitThreads.scala
index 7f36fdb3c..8678720e7 100644
--- a/src/main/scala/ir/transforms/SplitThreads.scala
+++ b/src/main/scala/ir/transforms/SplitThreads.scala
@@ -11,7 +11,6 @@ import util.Logger
 import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
 import util.intrusive_list.IntrusiveList
-import analysis.CfgCommandNode
 import scala.collection.mutable
 import cilvisitor._
 
diff --git a/src/main/scala/ir/transforms/StripUnreachableFunctions.scala b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
new file mode 100644
index 000000000..96784cc28
--- /dev/null
+++ b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
@@ -0,0 +1,38 @@
+package ir.transforms
+import ir._
+import collection.mutable
+
+// This shouldn't be run before indirect calls are resolved
+def stripUnreachableFunctions(p: Program, depth: Int = Int.MaxValue): Unit = {
+  val procedureCalleeNames = p.procedures.map(f => f.name -> f.calls.map(_.name)).toMap
+
+  val toVisit: mutable.LinkedHashSet[(Int, String)] = mutable.LinkedHashSet((0, p.mainProcedure.name))
+  var reachableFound = true
+  val reachableNames = mutable.HashMap[String, Int]()
+  while (toVisit.nonEmpty) {
+    val next = toVisit.head
+    toVisit.remove(next)
+
+    if (next._1 <= depth) {
+
+      def addName(depth: Int, name: String): Unit = {
+        val oldDepth = reachableNames.getOrElse(name, Integer.MAX_VALUE)
+        reachableNames.put(next._2, if depth < oldDepth then depth else oldDepth)
+      }
+      addName(next._1, next._2)
+
+      val callees = procedureCalleeNames(next._2)
+
+      toVisit.addAll(callees.diff(reachableNames.keySet).map(c => (next._1 + 1, c)))
+      callees.foreach(c => addName(next._1 + 1, c))
+    }
+  }
+  p.procedures = p.procedures.filter(f => reachableNames.keySet.contains(f.name))
+
+  for (elem <- p.procedures.filter(c => c.calls.exists(s => !p.procedures.contains(s)))) {
+    // last layer is analysed only as specifications so we remove the body for anything that calls
+    // a function we have removed
+
+    elem.clearBlocks()
+  }
+}
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index 90ba61335..93a5010cf 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -136,11 +136,11 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) {
       jumps.head match {
         case b: BAPDirectCall =>
           val call = Some(DirectCall(nameToProcedure(b.target),Some(b.line)))
-          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Unreachable())
           (call, ft, ArrayBuffer())
         case b: BAPIndirectCall =>
           val call = IndirectCall(b.target.toIR, Some(b.line))
-          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Halt())
+          val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Unreachable())
           (Some(call), ft, ArrayBuffer())
         case b: BAPGoTo =>
           val target = labelToBlock(b.target)
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index d47bd0b35..3c8b1a13c 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -364,7 +364,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // need to copy jump as it can't have multiple parents
       val jumpCopy = currentBlock.jump match {
         case GoTo(targets, label) => GoTo(targets, label)
-        case h: Halt => Halt()
+        case h: Unreachable => Unreachable()
         case r: Return => Return() 
         case _ => throw Exception("this shouldn't be reachable")
       }
@@ -392,7 +392,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               case _ => throw Exception(s"no assignment to program counter found before indirect call in block ${block.label}")
             }
             block.statements.remove(block.statements.last) // remove _PC assignment
-            (Some(IndirectCall(target)), Halt())
+            (Some(IndirectCall(target)), Unreachable())
           } else if (proxySymbols.size > 1) {
             // TODO requires further consideration once encountered
             throw Exception(s"multiple uuidToSymbol ${proxySymbols.map(_.name).mkString(", ")} associated with proxy block ${byteStringToString(edge.targetUuid)}, target of indirect call from block ${block.label}")
@@ -408,7 +408,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               proc
             }
             removePCAssign(block)
-            (Some(DirectCall(target)), Halt())
+            (Some(DirectCall(target)), Unreachable())
           }
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           // resolved indirect jump
@@ -428,7 +428,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           val jump = if (procedure == targetProc) {
             (None, GoTo(mutable.Set(uuidToBlock(edge.targetUuid))))
           } else {
-            (Some(DirectCall(targetProc)), Halt())
+            (Some(DirectCall(targetProc)), Unreachable())
           }
           removePCAssign(block)
           jump
@@ -450,7 +450,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           // probably doesn't actually happen in practice since it seems to be after brk instructions?
           val targetProc = entranceUUIDtoProcedure(edge.targetUuid)
           // assuming fallthrough won't fall through to start of own procedure
-          (Some(DirectCall(targetProc)), Halt())
+          (Some(DirectCall(targetProc)), Unreachable())
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           val target = uuidToBlock(edge.targetUuid)
           (None, GoTo(mutable.Set(target)))
@@ -463,7 +463,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
           val target = entranceUUIDtoProcedure(edge.targetUuid)
           removePCAssign(block)
-          (Some(DirectCall(target)), Halt())
+          (Some(DirectCall(target)), Unreachable())
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known procedure entrance")
         }
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index 99b64bc6e..856b18934 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -61,7 +61,12 @@ private class ILSerialiser extends ReadOnlyVisitor {
   }
 
   override def visitJump(node: Jump): Jump = {
-    node.acceptVisit(this)
+    node match {
+      case j: GoTo => program ++= s"goTo(${j.targets.map(_.label).mkString(", ")})" 
+      case h: Unreachable => program ++= "halt"
+      case h: Return => program ++= "return"
+    }
+
     node
   }
 
@@ -77,7 +82,6 @@ private class ILSerialiser extends ReadOnlyVisitor {
   override def visitDirectCall(node: DirectCall): Statement = {
     program ++= "DirectCall("
     program ++= procedureIdentifier(node.target)
-    program ++= ", "
     program ++= ")" // DirectCall
     node
   }
@@ -95,7 +99,10 @@ private class ILSerialiser extends ReadOnlyVisitor {
     program ++= "Block(" + blockIdentifier(node) + ",\n"
     indentLevel += 1
     program ++= getIndent()
-    program ++= "statements(\n"
+    program ++= "statements("
+    if (node.statements.size > 0) {
+      program ++= "\n"
+    }
     indentLevel += 1
 
     for (s <- node.statements) {
@@ -105,8 +112,7 @@ private class ILSerialiser extends ReadOnlyVisitor {
     }
     indentLevel -= 1
     program ++= getIndent() + "),\n"
-    program ++= getIndent() + "jumps(\n"
-    program ++= getIndent()
+    program ++= getIndent() + "jump("
     visitJump(node.jump)
     program ++= ")\n"
     indentLevel -= 1
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 3422c6daa..6b4cf740f 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -650,7 +650,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
     case r: Return => List(ReturnCmd)
-    case r: Halt => List(BAssume(FalseBLiteral))
+    case r: Unreachable => List(BAssume(FalseBLiteral))
   }
 
   def translate(j: Call): List[BCmd] = j match {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 8c8e85e66..f67087070 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -13,7 +13,6 @@ import java.io.{BufferedWriter, FileWriter, IOException}
 import scala.jdk.CollectionConverters.*
 import analysis.solvers.*
 import analysis.*
-import cfg_visualiser.Output
 import bap.*
 import ir.*
 import boogie.*
@@ -28,7 +27,6 @@ import util.Logger
 import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
 import util.intrusive_list.IntrusiveList
-import analysis.CfgCommandNode
 import cilvisitor._
 
 import scala.annotation.tailrec
@@ -51,7 +49,6 @@ case class IRContext(
 /** Stores the results of the static analyses.
   */
 case class StaticAnalysisContext(
-    cfg: ProgramCfg,
     constPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
     IRconstPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]],
     memoryRegionResult: Map[CFGPosition, LiftedElement[Set[MemoryRegion]]],
@@ -217,7 +214,7 @@ object IRTransform {
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
-    ctx.program.stripUnreachableFunctions(config.procedureTrimDepth)
+    transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
     Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
@@ -304,15 +301,12 @@ object StaticAnalysis {
     newLoops.foreach(l => Logger.info(s"Loop found: ${l.name}"))
 
     config.analysisDotPath.foreach { s =>
-      val newCFG = ProgramCfgFactory().fromIR(IRProgram)
-      writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG-reducible.dot")
+      writeToFile(dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap), s"${s}_graph-after-reduce-$iteration.dot")
       writeToFile(dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-reduce-$iteration.dot")
     }
 
     val mergedSubroutines = subroutines ++ externalAddresses
 
-    val cfg = ProgramCfgFactory().fromIR(IRProgram)
-
     val domain = computeDomain(IntraProcIRCursor, IRProgram.procedures)
 
     Logger.info("[!] Running ANR")
@@ -356,11 +350,17 @@ object StaticAnalysis {
 
 
     Logger.info("[!] Running RegToMemAnalysisSolver")
-    val regionAccessesAnalysisSolver = RegionAccessesAnalysisSolver(cfg, constPropResult, reachingDefinitionsAnalysisResults)
+    val regionAccessesAnalysisSolver = RegionAccessesAnalysisSolver(IRProgram, constPropResult, reachingDefinitionsAnalysisResults)
     val regionAccessesAnalysisResults = regionAccessesAnalysisSolver.analyze()
 
-    config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(regionAccessesAnalysisResults, true), Output.dotIder), s"${s}_RegTo$iteration.dot"))
-    config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(cfg, regionAccessesAnalysisResults, iteration), s"${s}_RegTo$iteration.txt"))
+//     config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(regionAccessesAnalysisResults, true), Output.dotIder), s"${s}_RegTo$iteration.dot"))
+    config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(IRProgram, regionAccessesAnalysisResults), s"${s}_RegTo$iteration.txt"))
+    config.analysisDotPath.foreach(s => {
+      writeToFile(
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> regionAccessesAnalysisResults(b).toString).toMap),
+        s"${s}_RegTo$iteration.dot"
+      )
+    })
 
     Logger.info("[!] Running Constant Propagation with SSA")
     val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
@@ -401,10 +401,8 @@ object StaticAnalysis {
     mmm.logRegions(memoryRegionContents)
 
     // turn fake procedures into diamonds
-    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     Logger.info("[!] Running VSA")
-    val vsaSolver =
-      ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
+    val vsaSolver = ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
     Logger.info("[!] Running Interprocedural Live Variables Analysis")
@@ -416,7 +414,6 @@ object StaticAnalysis {
     // val paramResults = Map[Procedure, Set[Variable]]()
 
     StaticAnalysisContext(
-      cfg = cfg,
       constPropResult = constPropResult,
       IRconstPropResult = newCPResult,
       memoryRegionResult = mraResult,
@@ -431,34 +428,6 @@ object StaticAnalysis {
     )
   }
 
-  /** Converts MapLattice of CfgNodes to a MapLattice from IRPosition.
-    * @param cfg
-    *   The CFG
-    * @param result
-    *   The analysis result MapLattice
-    * @tparam T
-    *   The analysis result type.
-    * @return
-    *   The new map analysis result.
-    */
-  def convertAnalysisResults[T](cfg: ProgramCfg, result: Map[CfgNode, T]): Map[CFGPosition, T] = {
-    val results = mutable.HashMap[CFGPosition, T]()
-    result.foreach((node, res) =>
-      node match {
-        case s: CfgStatementNode     => results.addOne(s.data -> res)
-        case s: CfgFunctionEntryNode => results.addOne(s.data -> res)
-        case s: CfgJumpNode          => results.addOne(s.data -> res)
-        case s: CfgCommandNode       => results.addOne(s.data -> res)
-        case _                       => ()
-      }
-    )
-
-    results.toMap
-  }
-
-  def printAnalysisResults[T](program: Program, cfg: ProgramCfg, result: Map[CfgNode, T]): String = {
-    printAnalysisResults(program, convertAnalysisResults(cfg, result))
-  }
 
   def printAnalysisResults(prog: Program, result: Map[CFGPosition, _]): String = {
     val results = mutable.ArrayBuffer[String]()
@@ -502,86 +471,6 @@ object StaticAnalysis {
     results.mkString(System.lineSeparator())
   }
 
-  def printAnalysisResults(cfg: ProgramCfg, result: Map[CfgNode, _], iteration: Int): String = {
-    val functionEntries = cfg.nodes.collect { case n: CfgFunctionEntryNode => n }.toSeq.sortBy(_.data.name)
-    val s = StringBuilder()
-    s.append(System.lineSeparator())
-    for (f <- functionEntries) {
-      val stack: mutable.Stack[CfgNode] = mutable.Stack()
-      val visited: mutable.Set[CfgNode] = mutable.Set()
-      stack.push(f)
-      var previousBlock: String = ""
-      var isEntryNode = false
-      while (stack.nonEmpty) {
-        val next = stack.pop()
-        if (!visited.contains(next)) {
-          visited.add(next)
-          next.match {
-            case c: CfgCommandNode =>
-              if (c.block.label != previousBlock) {
-                printBlock(c)
-              }
-              c match {
-                case _: CfgStatementNode => s.append("    ")
-                case _                   => ()
-              }
-              printNode(c)
-              previousBlock = c.block.label
-              isEntryNode = false
-            case c: CfgFunctionEntryNode =>
-              printNode(c)
-              isEntryNode = true
-            case c: CfgCallNoReturnNode =>
-              s.append(System.lineSeparator())
-              isEntryNode = false
-            case _ => isEntryNode = false
-          }
-          val successors = next.succIntra
-          if (successors.size > 1) {
-            val successorsCmd = successors.collect { case c: CfgCommandNode => c }.toSeq.sortBy(_.data.toString)
-            printGoTo(successorsCmd)
-            for (s <- successorsCmd) {
-              if (!visited.contains(s)) {
-                stack.push(s)
-              }
-            }
-          } else if (successors.size == 1) {
-            val successor = successors.head
-            if (!visited.contains(successor)) {
-              stack.push(successor)
-            }
-            successor.match {
-              case c: CfgCommandNode if (c.block.label != previousBlock) && (!isEntryNode) => printGoTo(Seq(c))
-              case _                                                                       =>
-            }
-          }
-        }
-      }
-      s.append(System.lineSeparator())
-    }
-
-    def printNode(node: CfgNode): Unit = {
-      s.append(node)
-      s.append(" :: ")
-      s.append(result(node))
-      s.append(System.lineSeparator())
-    }
-
-    def printGoTo(nodes: Seq[CfgCommandNode]): Unit = {
-      s.append("[GoTo] ")
-      s.append(nodes.map(_.block.label).mkString(", "))
-      s.append(System.lineSeparator())
-      s.append(System.lineSeparator())
-    }
-
-    def printBlock(node: CfgCommandNode): Unit = {
-      s.append("[Block] ")
-      s.append(node.block.label)
-      s.append(System.lineSeparator())
-    }
-
-    s.toString
-  }
 
 }
 
@@ -645,7 +534,7 @@ object RunUtils {
       val result = StaticAnalysis.analyse(ctx, config, iteration)
       analysisResult.append(result)
       Logger.info("[!] Replacing Indirect Calls")
-      modified = transforms.resolveIndirectCallsUsingPointsTo(result.cfg,
+      modified = transforms.resolveIndirectCallsUsingPointsTo(
         result.steensgaardResults,
         result.memoryRegionContents,
         result.reachingDefs,
@@ -667,11 +556,6 @@ object RunUtils {
       transforms.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.memoryRegionContents, analysisResult.last.reachingDefs)
     }
 
-    config.analysisDotPath.foreach { s =>
-      val newCFG = analysisResult.last.cfg
-      writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG.dot")
-    }
-
     assert(invariant.singleCallBlockEnd(ctx.program))
     Logger.info(s"[!] Finished indirect call resolution after $iteration iterations")
     analysisResult.last
diff --git a/src/test/scala/IndirectCallsTests.scala b/src/test/scala/IndirectCallsTests.scala
index 15c635fc9..fbc5a4362 100644
--- a/src/test/scala/IndirectCallsTests.scala
+++ b/src/test/scala/IndirectCallsTests.scala
@@ -84,7 +84,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
                   case _ => 
                 }
         }
-        println(result.ir.program)
         assert(expectedCallTransform.isEmpty)
   }
 
@@ -122,7 +121,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -160,7 +158,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -204,7 +201,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -248,7 +244,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -291,7 +286,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -335,7 +329,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -363,7 +356,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         "l000004f3set_seven" -> ("set_seven", "R0")
       )
 
-    println("prev " + result.ir.program)
       // Traverse the statements in the main function
     result.ir.program.mainProcedure.blocks.foreach {
         block =>
@@ -375,7 +367,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -414,7 +405,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
             case _ =>
           }
       }
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
@@ -453,7 +443,6 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
         }
 
       // Traverse the statements in the main function
-      println(result.ir.program)
       assert(expectedCallTransform.isEmpty)
   }
 
diff --git a/src/test/scala/LiveVarsAnalysisTests.scala b/src/test/scala/LiveVarsAnalysisTests.scala
index e1b142001..881ad61fc 100644
--- a/src/test/scala/LiveVarsAnalysisTests.scala
+++ b/src/test/scala/LiveVarsAnalysisTests.scala
@@ -115,10 +115,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
       proc("main",
         block("main_first_call",
-          directCall("wrapper1"), goto("main_second_call")
+          directCall("wrapper1"), 
+          goto("main_second_call")
         ),
         block("main_second_call",
-          directCall("wrapper2"), goto("main_return")
+          directCall("wrapper2"), 
+          goto("main_return")
         ),
         block("main_return", ret)
       ),
@@ -128,10 +130,12 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
       proc("wrapper1",
         block("wrapper1_first_call",
           Assign(R1, constant1),
-          directCall("callee"), goto("wrapper1_second_call")
+          directCall("callee"), 
+          goto("wrapper1_second_call")
         ),
         block("wrapper1_second_call",
-          directCall("callee2"), goto("wrapper1_return")),
+          directCall("callee2"), 
+          goto("wrapper1_return")),
         block("wrapper1_return", ret)
       ),
       proc("wrapper2",
@@ -349,12 +353,11 @@ class LiveVarsAnalysisTests extends AnyFunSuite, TestUtil {
     val blocks = result.ir.program.blocks
 
     // main has no parameters, get_two has three and a return
-    assert(analysisResults(blocks("lmain").jump) == Map(R29 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("l000003ec").jump) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
-    assert(analysisResults(blocks("l00000430").jump) == Map(R31 -> TwoElementTop)) // printf aftercall
-    assert(analysisResults(blocks("main_basil_return").jump) == Map(R30 -> TwoElementTop))
-    assert(analysisResults(blocks("lget_two").jump) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R30 -> TwoElementTop, R31 -> TwoElementTop))
-    assert(analysisResults(blocks("get_two_basil_return").jump) == Map(R0 -> TwoElementTop,  R30 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("lmain")) == Map(R29 -> TwoElementTop, R31 -> TwoElementTop, R30 -> TwoElementTop))
+    assert(analysisResults(blocks("l000003ec")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop)) // get_two aftercall
+    assert(analysisResults(blocks("l00000430")) == Map(R31 -> TwoElementTop)) // printf aftercall
+    assert(analysisResults(blocks("lget_two")) == Map(R0 -> TwoElementTop, R1 -> TwoElementTop, R2 -> TwoElementTop, R31 -> TwoElementTop))
+    assert(analysisResults(blocks("get_two_basil_return")) == Map(R0 -> TwoElementTop, R31 -> TwoElementTop))
   }
 
   test("ifbranches") {
diff --git a/src/test/scala/MemoryRegionAnalysisMiscTest.scala b/src/test/scala/MemoryRegionAnalysisMiscTest.scala
index 2844548d1..a7d7e4e73 100644
--- a/src/test/scala/MemoryRegionAnalysisMiscTest.scala
+++ b/src/test/scala/MemoryRegionAnalysisMiscTest.scala
@@ -1,4 +1,4 @@
-import analysis.{CfgNode, LiftedElement, MemoryRegion}
+import analysis.{LiftedElement, MemoryRegion}
 import org.scalatest.Inside.inside
 import org.scalatest.*
 import org.scalatest.funsuite.*
diff --git a/src/test/scala/ir/IRTest.scala b/src/test/scala/ir/IRTest.scala
index 7421c2a28..ac6df38cf 100644
--- a/src/test/scala/ir/IRTest.scala
+++ b/src/test/scala/ir/IRTest.scala
@@ -223,7 +223,7 @@ class IRTest extends AnyFunSuite {
       Assign(R0, bv64(22)),
       Assign(R0, bv64(22)),
       directCall("main"),
-      halt
+      unreachable 
     ).resolve(p)
     val b2 = block("newblock1",
       Assign(R0, bv64(22)),
@@ -249,7 +249,7 @@ class IRTest extends AnyFunSuite {
     val b3 = block("newblock3",
       Assign(R0, bv64(22)),
       directCall("called"),
-      halt
+      unreachable
     ).resolve(p)
 
     assert(b3.calls.toSet == Set(p.procs("called")))
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 47cf65e3c..57f9739fe 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -30,7 +30,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     var IRProgram = IRTranslator.translate
     IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)
     IRProgram = Renamer(Set("free")).visitProgram(IRProgram)
-    IRProgram.stripUnreachableFunctions()
+    transforms.stripUnreachableFunctions(IRProgram)
     val stackIdentification = StackSubstituter()
     stackIdentification.visitProgram(IRProgram)
     IRProgram.setModifies(Map())

From e2c0cd4f85a507c06934fb1acc2f80df5ef04502 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 19 Aug 2024 12:15:10 +1000
Subject: [PATCH 023/127] update docs

---
 docs/basil-ir.md | 45 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 39 insertions(+), 6 deletions(-)

diff --git a/docs/basil-ir.md b/docs/basil-ir.md
index fe30af78d..4c152db8d 100644
--- a/docs/basil-ir.md
+++ b/docs/basil-ir.md
@@ -3,6 +3,7 @@
 BASIL IR is the intermediate representation used during static analysis. 
 This is on contrast to Boogie IR which is used for specification annotation, and output to textual boogie syntax that can be run through the Boogie verifier. 
 
+
 The grammar is described below, note that the IR is a data-structure, without a concrete textual representation so the below grammar only represents the structure. 
 We omit the full description of the expression language because it is relatively standard.  
 
@@ -13,13 +14,16 @@ The IR has a completely standard simple type system that is enforced at construc
 Program ::=&~ Procedure* \\
 Procedure ::=&~ (name: ProcID) (entryBlock: Block) (returnBlock: Block) (blocks: Block*) \\
                &~ \text{Where }entryBlock, returnBlock \in blocks \\
-Block ::=&~ BlockID \; (Statement*)\; Jump \; (fallthrough: (GoTo | None))\\
-         &~ \text{Where $fallthough$ may be $GoTo$ IF $Jump$ is $Call$} \\
+Block_1 ::=&~ BlockID \; Statement*\; Call? \; Jump \; \\
+Block_2 ::=&~ BlockID \; (Statement | Call)*\; Jump \; \\
+\\
+&~ Block = Block_1 \text{ is a structural invariant that holds during all the early analysis/transform stages}
+\\
 Statement ::=&~ MemoryAssign ~|~ LocalAssign ~|~ Assume ~|~ Assert ~|~ NOP \\
 ProcID ::=&~ String \\
 BlockID ::=&~ String \\
 \\
-Jump ::=&~ Call ~|~ GoTo \\
+Jump ::=&~ GoTo ~|~ Unreachable ~|~ Return \\
 GoTo ::=&~ \text{goto } BlockID* \\
 Call ::=&~ DirectCall ~|~ IndirectCall  \\
 DirectCall ::=&~ \text{call } ProcID \\
@@ -46,6 +50,33 @@ Endian ::=&~ BigEndian ~|~ LittleEndian \\
 \end{align*}
 ```
 
+- The `GoTo` jump is a multi-target jump reprsenting non-deterministic choice between its targets. 
+  Conditional structures are represented by these with a guard (an assume statement) beginning each target. 
+- The `Unreachable` jump is used to signify the absence of successors, it has the semantics of `assume false`.
+- The `Return` jump passes control to the calling function, often this is over-approximated to all functions which call the statement's parent procedure.
+
+## Translation Phases
+
+#### IR With Returns
+
+- Immediately after loading the IR return statements may appear in any block, or may be represented by indirect calls. 
+  The transform pass below replaces all calls to the link register (R30) with return statements. 
+  In the future, more proof is required to implement this soundly.
+  
+```
+cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
+transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
+cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
+```
+
+This ensures that all returning, non-stub procedures have exactly one return statement residing in their `returnBlock`.
+
+#### Calls appear only as the last statement in a block 
+
+- The structure of the IR allows a call may appear anywhere in the block but for all the analysis passes we hold the invariant that it 
+  only appears as the last statement. This is checked with the function `singleCallBlockEnd(p: Program)`.
+  And it means for any call statement `c` we may `assert(c.parent.statements.lastOption.contains(c))`.
+
 ## Interaction with BASIL IR
 
 ### Constructing Programs in Code
@@ -62,10 +93,12 @@ var program: Program = prog(
     block("first_call",
       Assign(R0, bv64(1), None)
       Assign(R1, bv64(1), None)
-      directCall("callee1", Some("second_call"))
+      directCall("callee1"),
+      goto("second_call"))
     ),
     block("second_call",
-      directCall("callee2", Some("returnBlock"))
+      directCall("callee2"),
+      goto("returnBlock")
     ),
     block("returnBlock",
       ret
@@ -82,7 +115,7 @@ program     ::= prog ( procedure+ )
 procedure   ::= proc (procname, block+)
 block       ::= block(blocklabel, statement+, jump)
 statement   ::= <BASIL IR Statement>
-jump        ::= call_s | goto_s | ret
+jump        ::= goto_s | ret | unreachable
 call_s      ::= directCall (procedurename, None | Some(blocklabel))  // target, fallthrough 
 goto_s      ::= goto(blocklabel+)                              // targets
 procname    ::= String

From a3adee3341c3ec19b33fae88a2e30cb982676969 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 30 Aug 2024 10:04:52 +1000
Subject: [PATCH 024/127] fix

---
 .../scala/analysis/SummaryGenerator.scala     |  2 +-
 src/main/scala/analysis/TaintAnalysis.scala   |  4 +-
 .../analysis/VariableDependencyAnalysis.scala |  6 +-
 .../scala/analysis/solvers/IDESolver.scala    |  4 +-
 src/main/scala/util/RunUtils.scala            |  4 +-
 src/test/scala/TaintAnalysisTests.scala       | 64 +++++++++++--------
 6 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/src/main/scala/analysis/SummaryGenerator.scala b/src/main/scala/analysis/SummaryGenerator.scala
index 9d633f3a5..79833224a 100644
--- a/src/main/scala/analysis/SummaryGenerator.scala
+++ b/src/main/scala/analysis/SummaryGenerator.scala
@@ -142,7 +142,7 @@ class SummaryGenerator(
     // Use rnaResults to find stack function arguments
     val tainters = relevantVars.map {
       v => (v, Set())
-    }.toMap ++ getTainters(procedure, variables ++ rnaResults(procedure.begin) + UnknownMemory()).filter { (variable, taints) =>
+    }.toMap ++ getTainters(procedure, variables ++ rnaResults(IRWalk.firstInProc(procedure)) + UnknownMemory()).filter { (variable, taints) =>
       relevantVars.contains(variable)
     }
 
diff --git a/src/main/scala/analysis/TaintAnalysis.scala b/src/main/scala/analysis/TaintAnalysis.scala
index 055188d3b..d51eda374 100644
--- a/src/main/scala/analysis/TaintAnalysis.scala
+++ b/src/main/scala/analysis/TaintAnalysis.scala
@@ -106,11 +106,11 @@ trait TaintAnalysisFunctions(
     Map(d -> IdEdge())
   }
 
-  def edgesExitToAfterCall(exit: IndirectCall, aftercall: GoTo)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesExitToAfterCall(exit: Return, aftercall: Command)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     Map(d -> IdEdge())
   }
 
-  def edgesCallToAfterCall(call: DirectCall, aftercall: GoTo)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
+  def edgesCallToAfterCall(call: DirectCall, aftercall: Command)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
     Map(d -> IdEdge())
   }
 
diff --git a/src/main/scala/analysis/VariableDependencyAnalysis.scala b/src/main/scala/analysis/VariableDependencyAnalysis.scala
index 26852f856..31fe43eb3 100644
--- a/src/main/scala/analysis/VariableDependencyAnalysis.scala
+++ b/src/main/scala/analysis/VariableDependencyAnalysis.scala
@@ -31,11 +31,11 @@ trait ProcVariableDependencyAnalysisFunctions(
     if varDepsSummaries.contains(entry) then Map() else Map(d -> IdEdge())
   }
 
-  def edgesExitToAfterCall(exit: IndirectCall, aftercall: GoTo)(d: DL): Map[DL, EdgeFunction[Set[Taintable]]] = {
+  def edgesExitToAfterCall(exit: Return, aftercall: Command)(d: DL): Map[DL, EdgeFunction[Set[Taintable]]] = {
     if reachable.contains(aftercall.parent.parent) then Map(d -> IdEdge()) else Map()
   }
 
-  def edgesCallToAfterCall(call: DirectCall, aftercall: GoTo)(d: DL): Map[DL, EdgeFunction[Set[Taintable]]] = {
+  def edgesCallToAfterCall(call: DirectCall, aftercall: Command)(d: DL): Map[DL, EdgeFunction[Set[Taintable]]] = {
     d match {
       case Left(v) => varDepsSummaries.get(call.target).flatMap(_.get(v).map( _.foldLeft(Map[DL, EdgeFunction[Set[Taintable]]]()) {
         (m, d) => m + (Left(d) -> IdEdge())
@@ -120,7 +120,7 @@ class VariableDependencyAnalysis(
       procedure => {
         Logger.info("Generating variable dependencies for " + procedure)
         val varDepResults = ProcVariableDependencyAnalysis(program, varDepVariables, globals, constProp, varDepsSummariesTransposed, procedure).analyze()
-        val varDepMap = varDepResults.getOrElse(procedure.end, Map())
+        val varDepMap = varDepResults.getOrElse(IRWalk.lastInProc(procedure), Map())
         varDepsSummaries += procedure -> varDepMap
         varDepsSummariesTransposed += procedure -> varDepMap.foldLeft(Map[Taintable, Set[Taintable]]()) {
           (m, p) => {
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index eaa9a2369..fb6a0c042 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -229,7 +229,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Unreachable]) => true
+      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Unreachable] && directCall.target.returnBlock.isDefined) => true
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
@@ -238,7 +238,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
       case command: Return => true
       case _ => false
 
-  protected def getAfterCalls(exit: IndirectCall): Set[Command] =
+  protected def getAfterCalls(exit: Return): Set[Command] =
     InterProcIRCursor.succ(exit).filter(_.isInstanceOf[Command]).map(_.asInstanceOf[Command])
 }
 
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index f67087070..0fceafa1f 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -196,13 +196,13 @@ object IRTransform {
     }
     val externalRemover = ExternalRemover(externalNamesLibRemoved.toSet)
     val renamer = Renamer(boogieReserved)
+    externalRemover.visitProgram(ctx.program)
+    renamer.visitProgram(ctx.program)
 
     cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
     transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
     cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
 
-    externalRemover.visitProgram(ctx.program)
-    renamer.visitProgram(ctx.program)
     ctx
   }
 
diff --git a/src/test/scala/TaintAnalysisTests.scala b/src/test/scala/TaintAnalysisTests.scala
index 37a26f8aa..dfebf6db8 100644
--- a/src/test/scala/TaintAnalysisTests.scala
+++ b/src/test/scala/TaintAnalysisTests.scala
@@ -24,7 +24,8 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
     var program = prog(
         proc("main",
           block("main",
-            directCall("f", Some("mainRet"))
+            directCall("f"), 
+            goto("mainRet")
           ),
           block("mainRet", ret)
         ),
@@ -38,25 +39,27 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
           ),
         )
       )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program, true) // add return to all blocks because IDE solver expects it
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val f = program.procs("f")
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R0))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(f.end) == None)
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == None)
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(f.end) == Some(baseRegisterMap - R0))
+    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap - R0))
   }
 
   test("arguments") {
     var program = prog(
         proc("main",
           block("main",
-            directCall("f", Some("mainRet"))
+            directCall("f"), 
+            goto("mainRet")
           ),
           block("mainRet", ret)
         ),
@@ -70,25 +73,27 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
           ),
         ),
       )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program, true) // add return to all blocks because IDE solver expects it
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val f = program.procs("f")
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R0))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(f.end) == Some(Set(R0)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R0)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(f.end) == Some(baseRegisterMap + (R0 -> Set(R0, R1))))
+    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R0, R1))))
   }
 
   test("branching") {
     var program = prog(
         proc("main",
           block("main",
-            directCall("f", Some("mainRet"))
+            directCall("f"), 
+            goto("mainRet")
           ),
           block("mainRet", ret)
         ),
@@ -109,25 +114,27 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
           ),
         ),
       )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program, true) // add return to all blocks because IDE solver expects it
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val f = program.procs("f")
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R1))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(f.end) == Some(Set(R0, R1)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R0, R1)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(f.end) == Some(baseRegisterMap + (R0 -> Set(R1, R2))))
+    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R1, R2))))
   }
 
   test("interproc") {
     var program = prog(
         proc("main",
           block("main",
-            directCall("f", Some("mainRet"))
+            directCall("f"), 
+            goto("mainRet")
           ),
           block("mainRet", ret)
         ),
@@ -137,12 +144,12 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
           ),
           block("a",
             Assign(R1, R1, None),
-            directCall("g", None),
+            directCall("g"),
             goto("returnBlock"),
           ),
           block("b",
             Assign(R1, R2, None),
-            directCall("g", None),
+            directCall("g"),
             goto("returnBlock"),
           ),
           block("returnBlock",
@@ -159,25 +166,27 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
           ),
         ),
       )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program, true) // add return to all blocks because IDE solver expects it
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val f = program.procs("f")
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R1))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(f.end) == Some(Set(R0, R1)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R0, R1)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(f.end) == Some(baseRegisterMap + (R0 -> Set(R1, R2)) + (R1 -> Set(R1, R2))))
+    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R1, R2)) + (R1 -> Set(R1, R2))))
   }
 
   test("loop") {
     var program = prog(
         proc("main",
           block("main",
-            directCall("f", Some("mainRet"))
+            directCall("f"), 
+            goto("mainRet")
           ),
           block("mainRet", ret)
         ),
@@ -198,17 +207,18 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
           ),
         ),
       )
-    val returnUnifier = ConvertToSingleProcedureReturn()
-    program = returnUnifier.visitProgram(program)
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), program)
+    transforms.addReturnBlocks(program, true) // add return to all blocks because IDE solver expects it
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), program)
 
     val f = program.procs("f")
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R1))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(f.end) == Some(Set(R1)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R1)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(f.end) == Some(baseRegisterMap + (R0 -> Set(R2))))
+    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R2))))
   }
 }

From 4a92c990e9c72eab8a62471f2c3423eb00d77038 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 30 Aug 2024 10:31:40 +1000
Subject: [PATCH 025/127] fix externals

---
 .../scala/analysis/SummaryGenerator.scala     |  2 +-
 .../analysis/VariableDependencyAnalysis.scala |  4 ++--
 .../scala/analysis/solvers/IDESolver.scala    |  6 +++---
 src/main/scala/ir/IRCursor.scala              |  5 +++--
 src/main/scala/util/RunUtils.scala            |  8 +++++---
 src/test/scala/TaintAnalysisTests.scala       | 20 +++++++++----------
 6 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/src/main/scala/analysis/SummaryGenerator.scala b/src/main/scala/analysis/SummaryGenerator.scala
index 79833224a..552295f23 100644
--- a/src/main/scala/analysis/SummaryGenerator.scala
+++ b/src/main/scala/analysis/SummaryGenerator.scala
@@ -142,7 +142,7 @@ class SummaryGenerator(
     // Use rnaResults to find stack function arguments
     val tainters = relevantVars.map {
       v => (v, Set())
-    }.toMap ++ getTainters(procedure, variables ++ rnaResults(IRWalk.firstInProc(procedure)) + UnknownMemory()).filter { (variable, taints) =>
+    }.toMap ++ getTainters(procedure, variables ++ rnaResults(IRWalk.firstInProc(procedure).get) + UnknownMemory()).filter { (variable, taints) =>
       relevantVars.contains(variable)
     }
 
diff --git a/src/main/scala/analysis/VariableDependencyAnalysis.scala b/src/main/scala/analysis/VariableDependencyAnalysis.scala
index 31fe43eb3..1b8258ad5 100644
--- a/src/main/scala/analysis/VariableDependencyAnalysis.scala
+++ b/src/main/scala/analysis/VariableDependencyAnalysis.scala
@@ -116,11 +116,11 @@ class VariableDependencyAnalysis(
   def analyze(): Map[Procedure, Map[Taintable, Set[Taintable]]] = {
     var varDepsSummaries = Map[Procedure, Map[Taintable, Set[Taintable]]]()
     var varDepsSummariesTransposed = Map[Procedure, Map[Taintable, Set[Taintable]]]()
-    scc.flatten.foreach {
+    scc.flatten.filter(_.blocks.nonEmpty).foreach {
       procedure => {
         Logger.info("Generating variable dependencies for " + procedure)
         val varDepResults = ProcVariableDependencyAnalysis(program, varDepVariables, globals, constProp, varDepsSummariesTransposed, procedure).analyze()
-        val varDepMap = varDepResults.getOrElse(IRWalk.lastInProc(procedure), Map())
+        val varDepMap = varDepResults.getOrElse(IRWalk.lastInProc(procedure).getOrElse(procedure), Map())
         varDepsSummaries += procedure -> varDepMap
         varDepsSummariesTransposed += procedure -> varDepMap.foldLeft(Map[Taintable, Set[Taintable]]()) {
           (m, p) => {
diff --git a/src/main/scala/analysis/solvers/IDESolver.scala b/src/main/scala/analysis/solvers/IDESolver.scala
index fb6a0c042..5e94726d9 100644
--- a/src/main/scala/analysis/solvers/IDESolver.scala
+++ b/src/main/scala/analysis/solvers/IDESolver.scala
@@ -211,7 +211,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
   extends IDESolver[Procedure, Return, DirectCall, Command, D, T, L](program, program.mainProcedure),
     ForwardIDEAnalysis[D, T, L], IRInterproceduralForwardDependencies {
 
-  protected def entryToExit(entry: Procedure): Return = IRWalk.lastInProc(entry).asInstanceOf[Return]
+  protected def entryToExit(entry: Procedure): Return = IRWalk.lastInProc(entry).get.asInstanceOf[Return]
 
   protected def exitToEntry(exit: Return): Procedure = IRWalk.procedure(exit)
 
@@ -229,7 +229,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
   protected def isCall(call: CFGPosition): Boolean =
     call match
-      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Unreachable] && directCall.target.returnBlock.isDefined) => true
+      case directCall: DirectCall if (!directCall.successor.isInstanceOf[Unreachable] && directCall.target.returnBlock.isDefined && directCall.target.entryBlock.isDefined) => true
       case _ => false
 
   protected def isExit(exit: CFGPosition): Boolean =
@@ -244,7 +244,7 @@ abstract class ForwardIDESolver[D, T, L <: Lattice[T]](program: Program)
 
 
 abstract class BackwardIDESolver[D, T, L <: Lattice[T]](program: Program)
-  extends IDESolver[Return, Procedure, Command, DirectCall, D, T, L](program, IRWalk.lastInProc(program.mainProcedure)),
+  extends IDESolver[Return, Procedure, Command, DirectCall, D, T, L](program, IRWalk.lastInProc(program.mainProcedure).get),
     BackwardIDEAnalysis[D, T, L], IRInterproceduralBackwardDependencies {
 
   protected def entryToExit(entry: Return): Procedure = IRWalk.procedure(entry)
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 0e79fa422..21944d4f1 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -73,8 +73,9 @@ object IRWalk:
   def lastInBlock(p: Block): Command = p.jump
   def firstInBlock(p: Block): Command = p.statements.headOption.getOrElse(p.jump)
 
-  def firstInProc(p: Procedure): Command = firstInBlock(p.entryBlock.get)
-  def lastInProc(p: Procedure): Command = lastInBlock(p.returnBlock.get)
+  def firstInProc(p: Procedure): Option[Command] = p.entryBlock.map(firstInBlock)
+  def lastInProc(p: Procedure): Option[Command] = p.returnBlock.map(lastInBlock)
+
 
 // extension (p: Block)
 //   def isProcEntry: Boolean = p.parent.entryBlock.contains(p)
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 0fceafa1f..dd6ba9a5a 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -194,14 +194,16 @@ object IRTransform {
         externalNamesLibRemoved.add(e.split('@')(0))
       }
     }
+
+    cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
+    transforms.addReturnBlocks(ctx.program)
+    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
+
     val externalRemover = ExternalRemover(externalNamesLibRemoved.toSet)
     val renamer = Renamer(boogieReserved)
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
 
-    cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
-    transforms.addReturnBlocks(ctx.program, true) // add return to all blocks because IDE solver expects it
-    cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
 
     ctx
   }
diff --git a/src/test/scala/TaintAnalysisTests.scala b/src/test/scala/TaintAnalysisTests.scala
index dfebf6db8..f066acb01 100644
--- a/src/test/scala/TaintAnalysisTests.scala
+++ b/src/test/scala/TaintAnalysisTests.scala
@@ -47,11 +47,11 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R0))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == None)
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f).get) == None)
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap - R0))
+    assert(varDepResults.get(IRWalk.lastInProc(f).get) == Some(baseRegisterMap - R0))
   }
 
   test("arguments") {
@@ -81,11 +81,11 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R0))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R0)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f).get) == Some(Set(R0)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R0, R1))))
+    assert(varDepResults.get(IRWalk.lastInProc(f).get) == Some(baseRegisterMap + (R0 -> Set(R0, R1))))
   }
 
   test("branching") {
@@ -122,11 +122,11 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R1))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R0, R1)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f).get) == Some(Set(R0, R1)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R1, R2))))
+    assert(varDepResults.get(IRWalk.lastInProc(f).get) == Some(baseRegisterMap + (R0 -> Set(R1, R2))))
   }
 
   test("interproc") {
@@ -174,11 +174,11 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R1))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R0, R1)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f).get) == Some(Set(R0, R1)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R1, R2)) + (R1 -> Set(R1, R2))))
+    assert(varDepResults.get(IRWalk.lastInProc(f).get) == Some(baseRegisterMap + (R0 -> Set(R1, R2)) + (R1 -> Set(R1, R2))))
   }
 
   test("loop") {
@@ -215,10 +215,10 @@ class TaintAnalysisTests extends AnyFunSuite, TestUtil {
     val taint: Map[CFGPosition, Set[Taintable]] = Map(f -> Set(R1))
     val taintAnalysisResults = getTaintAnalysisResults(program, f, taint)
 
-    assert(taintAnalysisResults.get(IRWalk.lastInProc(f)) == Some(Set(R1)))
+    assert(taintAnalysisResults.get(IRWalk.lastInProc(f).get) == Some(Set(R1)))
 
     val varDepResults = getVarDepResults(program, f)
 
-    assert(varDepResults.get(IRWalk.lastInProc(f)) == Some(baseRegisterMap + (R0 -> Set(R2))))
+    assert(varDepResults.get(IRWalk.lastInProc(f).get) == Some(baseRegisterMap + (R0 -> Set(R2))))
   }
 }

From b994c9990aa5a4f1ebf79f0312d80049a9bf4c60 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 30 Aug 2024 10:38:23 +1000
Subject: [PATCH 026/127] disable IDE analyses if mainproc is external

---
 src/main/scala/util/RunUtils.scala | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index dd6ba9a5a..7a6e08c60 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -407,13 +407,20 @@ object StaticAnalysis {
     val vsaSolver = ValueSetAnalysisSolver(IRProgram, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
-    Logger.info("[!] Running Interprocedural Live Variables Analysis")
-    val interLiveVarsResults = InterLiveVarsAnalysis(IRProgram).analyze()
-    // val interLiveVarsResults = Map[CFGPosition, Map[Variable, TwoElement]]()
 
-    Logger.info("[!] Running Parameter Analysis")
-    val paramResults = ParamAnalysis(IRProgram).analyze()
-    // val paramResults = Map[Procedure, Set[Variable]]()
+    var paramResults: Map[Procedure, Set[Variable]] = Map.empty
+    var interLiveVarsResults: Map[CFGPosition, Map[Variable, TwoElement]] = Map.empty
+
+    if (IRProgram.mainProcedure.blocks.nonEmpty) {
+      Logger.info("[!] Running Interprocedural Live Variables Analysis")
+      interLiveVarsResults = InterLiveVarsAnalysis(IRProgram).analyze()
+
+      Logger.info("[!] Running Parameter Analysis")
+      paramResults = ParamAnalysis(IRProgram).analyze()
+
+    } else {
+      Logger.warn(s"Disabling IDE solver tests due to external main procedure: ${IRProgram.mainProcedure.name}")
+    }
 
     StaticAnalysisContext(
       constPropResult = constPropResult,

From d6c5767c2b84e69f8feeef8aac79b149cf784b13 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 30 Aug 2024 15:46:47 +1000
Subject: [PATCH 027/127] work on differential testing

---
 src/main/scala/ir/eval/ExprEval.scala         |   5 +-
 src/main/scala/ir/eval/InterpretBasilIR.scala |  32 +++--
 .../scala/ir/eval/InterpretBreakpoints.scala  |  22 +--
 src/main/scala/ir/eval/InterpretTrace.scala   |  34 ++---
 src/main/scala/ir/eval/Interpreter.scala      |   2 +-
 src/main/scala/util/RunUtils.scala            |   6 +-
 src/main/scala/util/functional.scala          |   9 +-
 src/test/scala/IndircallDifferential.scala    | 136 ++++++++++++++++++
 src/test/scala/ir/InterpreterTests.scala      |  49 +++++--
 9 files changed, 237 insertions(+), 58 deletions(-)
 create mode 100644 src/test/scala/IndircallDifferential.scala

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 999155ae1..413b4ad5e 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -262,6 +262,9 @@ class StatelessLoader[E](getVar: Variable => Option[Literal], loadMem: (Memory,
 
 def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
   val l = StatelessLoader(variableAssignment, memory)
-  State.evaluate((), statePartialEvalExpr(l)(exp))
+  State.evaluate((), statePartialEvalExpr(l)(exp)) match {
+    case Right(e) => e
+    case Left(e) => throw Exception("Unable to evaluate expr : " + e.toString)
+  }
 }
 
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 3dc394a61..18e887014 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -215,12 +215,14 @@ case object InterpFuns {
     val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
 
     for {
-      h <- s.storeVar("funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
+      h <- s.storeVar("ghost-funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
       h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       j <- s.storeVar("R31", Scope.Global, Scalar(SP))
       k <- s.storeVar("R29", Scope.Global, Scalar(FP))
       l <- s.storeVar("R30", Scope.Global, Scalar(LR))
+      l <- s.storeVar("R0", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(0, 64)))
     } yield (l)
   }
 
@@ -236,7 +238,7 @@ case object InterpFuns {
                 mem,
                 Scalar(BitVecLiteral(memory.address, 64)),
                 memory.bytes.toList.map(Scalar(_)),
-                Endian.LittleEndian
+                Endian.BigEndian
               )
             )
         )
@@ -251,7 +253,7 @@ case object InterpFuns {
           .filter(p => p.blocks.nonEmpty && p.address.isDefined)
           .map((proc: Procedure) =>
             Eval.storeSingle(f)(
-              "funtable",
+              "ghost-funtable",
               Scalar(BitVecLiteral(proc.address.get, 64)),
               FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
             )
@@ -261,7 +263,10 @@ case object InterpFuns {
       mem <- initMemory("stack", p.initialMemory)
       mem <- initMemory("mem", p.readOnlyMemory)
       mem <- initMemory("stack", p.readOnlyMemory)
-      r <- f.call(p.mainProcedure.name, Run(IRWalk.firstInBlock(p.mainProcedure.entryBlock.get)), Stopped())
+      mainfun = {
+        p.mainProcedure
+      }
+      r <- f.call(mainfun.name, Run(IRWalk.firstInBlock(mainfun.entryBlock.get)), Stopped())
     } yield (r)
   }
 
@@ -334,7 +339,8 @@ case object InterpFuns {
               val block = dc.target.entryBlock.get
               f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
             } else {
-              f.setNext(Run(dc.successor))
+              f.setNext(EscapedControlFlow(dc))
+              //f.setNext(Run(dc.successor))
             }
         } yield (n)
       case ic: IndirectCall => {
@@ -356,12 +362,16 @@ case object InterpFuns {
   }
 
   def interpret[S, E, T <: Effects[S, E]](f: T, m: S): S = {
-    val next = State.evaluate(m, f.getNext)
-    Logger.debug(s"eval $next")
-    next match {
-      case Run(c) =>  interpret(f, State.execute(m, f.interpretOne))
-      case Stopped() => m
-      case errorstop => m
+    State.evaluate(m, f.getNext) match {
+      case Right(next) => {
+        Logger.debug(s"eval $next")
+        next match {
+          case Run(c) =>  interpret(f, State.execute(m, f.interpretOne))
+          case Stopped() => m
+          case errorstop => m
+        }
+      }
+      case Left(err) => m
     }
   }
 
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 4668b7075..b00622440 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -18,11 +18,11 @@ enum BreakPointLoc:
   case CMD(c: Command)
   case CMDCond(c: Command, condition: Expr)
 
-case class BreakPointAction(saveState: Boolean = true, stop: Boolean = false, evalExprs: List[Expr] = List(), log: Boolean = false)
+case class BreakPointAction(saveState: Boolean = true, stop: Boolean = false, evalExprs: List[(String,Expr)] = List(), log: Boolean = false)
 
 case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
 
-case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), InterpreterError] {
+case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), InterpreterError] {
 
 
   def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint], InterpreterError]  = {
@@ -33,18 +33,18 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
     }, breaks)
   }
 
-  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, InterpreterError] = for {
+  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), Unit, InterpreterError] = for {
     v : ExecutionContinuation <- doLeft(f.getNext)
     n <- v match {
       case Run(s) => for {
         breaks : List[BreakPoint] <- findBreaks(s)
-        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])]), Unit, InterpreterError](State.pure(()), 
+        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), Unit, InterpreterError](State.pure(()), 
           breaks.map((breakpoint: BreakPoint) => (breakpoint match {
             case breakpoint @ BreakPoint(name, stopcond, action) => (for {
                 saved <- doLeft(if action.saveState then State.getS[T, InterpreterError].map(s => Some(s)) else State.pure(None))
-                evals <- (State.mapM((e:Expr) => for {
-                  ev <- doLeft(Eval.evalExpr(f)(e))
-                  } yield (e, ev)
+                evals <- (State.mapM((e:(String, Expr)) => for {
+                  ev <- doLeft(Eval.evalExpr(f)(e._2))
+                  } yield (e._1, e._2, ev)
                 , action.evalExprs))
                 _ <- if action.stop then doLeft(f.setNext(Errored(s"Stopped at breakpoint ${name}"))) else doLeft(State.pure(()))
                 _ <- State.pure({
@@ -56,11 +56,11 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
                     }
                     val saving = if action.saveState then " stashing state, " else ""
                     val stopping = if action.stop then " stopping. " else ""
-                    val evalstr = evals.map(e => s"\n  eval(${e._1}) = ${e._2}").mkString("")
+                    val evalstr = evals.map(e => s"\n  ${e._1} : eval(${e._2}) = ${e._3}").mkString("")
                     Logger.warn(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
                   }
                 })
-                _ <-  State.modify ((istate:(T, List[(BreakPoint, Option[T], List[(Expr, Expr)])])) => 
+                _ <-  State.modify ((istate:(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])])) => 
                     (istate._1, ((breakpoint, saved, evals)::istate._2)))
               } yield ()
               )
@@ -73,7 +73,9 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
 }
 
 
-def interpretWithBreakPoints[I](p: Program, breakpoints: List[BreakPoint], innerInterpreter: Effects[I, InterpreterError], innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(Expr, Expr)])]) = {
+def interpretWithBreakPoints[I](p: Program, breakpoints: List[BreakPoint], 
+  innerInterpreter: Effects[I, InterpreterError], 
+  innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(String, Expr, Expr)])]) = {
    val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
    val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
    res
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 4a3e78891..ad1ad1200 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -31,47 +31,47 @@ case object Trace {
   }
 }
 
-case class TraceGen[E]() extends Effects[Trace, E] {
+case class TraceGen[E]() extends NopEffects[Trace, E] {
   /** Values are discarded by ProductInterpreter so do not matter */
-  def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
+  //def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
 
-  def evalInt(e: Expr) = State.pure(BigInt(0))
+  //def evalInt(e: Expr) = State.pure(BigInt(0))
 
-  def evalBool(e: Expr) = State.pure(false)
+  //def evalBool(e: Expr) = State.pure(false)
 
-  def loadVar(v: String) = for {
+  override def loadVar(v: String) = for {
     s <- Trace.add(ExecEffect.LoadVar(v))
   } yield (Scalar(FalseLiteral))
 
-  def loadMem(v: String, addrs: List[BasilValue])  = for {
+  override def loadMem(v: String, addrs: List[BasilValue])  = for {
     s <- Trace.add(ExecEffect.LoadMem(v, addrs))
   } yield (List())
 
-  def evalAddrToProc(addr: Int) = for {
-    s <- Trace.add(ExecEffect.FindProc(addr))
-  } yield (None)
+  //def evalAddrToProc(addr: Int) = for {
+  //  s <- Trace.add(ExecEffect.FindProc(addr))
+  //} yield (None)
 
-  def getNext = State.pure(Stopped())
+  // def getNext = State.pure(Stopped())
 
-  def setNext(c: ExecutionContinuation)  = State.pure(())
+  // def setNext(c: ExecutionContinuation)  = State.pure(())
 
-  def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
+  override def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
     s <- Trace.add(ExecEffect.Call(target, beginFrom, returnTo))
   } yield (())
 
-  def doReturn() = for {
+  override def doReturn() = for {
     s <- Trace.add(ExecEffect.Return)
   } yield (())
 
-  def storeVar(v: String, scope: Scope, value: BasilValue) = for {
+  override def storeVar(v: String, scope: Scope, value: BasilValue) = for {
     s <- Trace.add(ExecEffect.StoreVar(v, scope, value))
   } yield (())
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
-    s <- Trace.add(ExecEffect.StoreMem(vname, update))
+  override def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
+    s <- if (!vname.startsWith("ghost")) Trace.add(ExecEffect.StoreMem(vname, update)) else State.pure(())
   } yield (())
 
-  def interpretOne = State.pure(())
+  // def interpretOne = State.pure(())
 }
 
 def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen())
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 82f0aff71..51b71de3c 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -334,7 +334,7 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
     Logger.debug(s"    eff : FIND PROC $addr")
     for {
       res: List[BasilValue] <- getE((s: InterpreterState) =>
-        s.memoryState.doLoad("funtable", List(Scalar(BitVecLiteral(addr, 64))))
+        s.memoryState.doLoad("ghost-funtable", List(Scalar(BitVecLiteral(addr, 64))))
       )
     } yield {
       res match {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 13d441035..11c7558eb 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -215,13 +215,13 @@ object IRTransform {
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
-    transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
+    // transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
     Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
 
-    val stackIdentification = StackSubstituter()
-    stackIdentification.visitProgram(ctx.program)
+    // val stackIdentification = StackSubstituter()
+    // stackIdentification.visitProgram(ctx.program)
 
     val specModifies = ctx.specification.subroutines.map(s => s.name -> s.modifies).toMap
     ctx.program.setModifies(specModifies)
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index 5f78e6d76..7be824194 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -50,10 +50,11 @@ object State {
     case Left(e) => (s, Left(e))
   })
   def execute[S, A, E](s: S, c: State[S,A, E]) : S = c.f(s)._1
-  def evaluate[S, A, E](s: S, c: State[S,A, E])  : A = c.f(s)._2 match {
-    case Right(r) => r
-    case Left(l) => throw Exception(s"Evaluation error $l")
-  }
+  // def evaluate[S, A, E](s: S, c: State[S,A, E])  : A = c.f(s)._2 match {
+  //   case Right(r) => r
+  //   case Left(l) => throw Exception(s"Evaluation error $l")
+  // }
+  def evaluate[S, A, E](s: S, c: State[S,A, E])  : Either[E,A] = c.f(s)._2
 
   def setError[S,A,E](e: E) : State[S,A,E] =  State(s => (s, Left(e)))
 
diff --git a/src/test/scala/IndircallDifferential.scala b/src/test/scala/IndircallDifferential.scala
new file mode 100644
index 000000000..e71e23389
--- /dev/null
+++ b/src/test/scala/IndircallDifferential.scala
@@ -0,0 +1,136 @@
+
+import ir.*
+import java.io.{BufferedWriter, File, FileWriter}
+import ir.Endian.LittleEndian
+import org.scalatest.*
+import org.scalatest.funsuite.*
+import specification.*
+import util.{BASILConfig, IRLoading, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult, Logger, LogLevel}
+import ir.eval.{interpretTrace, interpret, ExecEffect, Stopped}
+
+
+import java.io.IOException
+import java.nio.file.*
+import java.nio.file.attribute.BasicFileAttributes
+import ir.dsl.*
+import util.RunUtils.loadAndTranslate
+
+import scala.collection.mutable
+
+class DifferentialIndirectCall extends AnyFunSuite {
+
+  Logger.setLevel(LogLevel.WARN)
+
+  def diffTest(initial: Program, transformed: Program) = {
+    val (initialRes,traceInit) = interpretTrace(initial)
+    val (result,traceRes) = interpretTrace(transformed)
+
+
+    def filterEvents(trace: List[ExecEffect]) = {
+      trace.collect {
+        case e @ ExecEffect.StoreMem("mem", _) => e
+        case e @ ExecEffect.LoadMem("mem", _) => e
+      }
+    }
+
+    // println(traceInit.t.mkString("\n    "))
+    assert(initialRes.nextCmd == Stopped())
+    assert(result.nextCmd == Stopped())
+    assert(initialRes.memoryState.getGlobalVals == result.memoryState.getGlobalVals)
+    assert(initialRes.memoryState.getMem("mem") == result.memoryState.getMem("mem"))
+    assert(filterEvents(traceInit.t) == filterEvents(traceRes.t))
+  }
+
+  def testProgram(testName: String, examplePath: String) = {
+    val basilConfig = BASILConfig(
+      loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
+        relfFile = examplePath + testName + ".relf",
+        dumpIL = None,
+      ),
+      outputPrefix = "basil-test",
+      staticAnalysis = Some(StaticAnalysisConfig(None, None, None)),
+    )
+
+    val basilConfigNoAnalysis = BASILConfig(
+      loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
+        relfFile = examplePath + testName + ".relf",
+        dumpIL = None,
+      ),
+      outputPrefix = "basil-test",
+      staticAnalysis = None,
+    )
+
+
+    val program = loadAndTranslate(basilConfigNoAnalysis).ir.program
+    val compare = loadAndTranslate(basilConfig).ir.program
+    diffTest(program, compare)
+
+  }
+
+  test("indirect_call_example") {
+    val testName = "indirect_call"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testProgram(testName, examplePath)
+  }
+
+  test("indirect_call_gcc_example") {
+    val testName = "indirect_call"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testProgram(testName, examplePath)
+  }
+
+  test("indirect_call_clang_example") {
+    val testName = "indirect_call"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testProgram(testName, examplePath)
+  }
+
+  test("jumptable2_example") {
+    val testName = "jumptable2"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testProgram(testName, examplePath)
+  }
+
+  test("jumptable2_gcc_example") {
+    val testName = "jumptable2"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testProgram(testName, examplePath)
+  }
+
+  test("jumptable2_clang_example") {
+    val testName = "jumptable2"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testProgram(testName, examplePath)
+  }
+
+  test("jumptable_example") {
+    val testName = "jumptable"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testProgram(testName, examplePath)
+  }
+
+  test("functionpointer_example") {
+    val testName = "functionpointer"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testProgram(testName, examplePath)
+  }
+
+  test("functionpointer_gcc_example") {
+    val testName = "functionpointer"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testProgram(testName, examplePath)
+  }
+
+  test("functionpointer_clang_example") {
+    val testName = "functionpointer"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testProgram(testName, examplePath)
+  }
+
+
+  test("function_got_example") {
+    val testName = "function_got"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testProgram(testName, examplePath)
+  }
+}
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 0815f106d..966e37244 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -34,7 +34,13 @@ def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
   // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   
   try {
-    Some(State.evaluate(s, Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))))
+    State.evaluate(s, Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))) match {
+      case Right(e) => Some(e)
+      case Left(e) => {
+        None
+      }
+
+    }
   } catch {
     case e : InterpreterError => None
   }
@@ -48,7 +54,8 @@ def mems[E, T <: Effects[T, E]](m: MemoryState) : Map[BigInt, BitVecLiteral] = {
 class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   // var i: Interpreter = Interpreter()
-  Logger.setLevel(LogLevel.DEBUG)
+  // Logger.setLevel(LogLevel.DEBUG)
+  Logger.setLevel(LogLevel.ERROR)
 
 
   def getProgram(name: String): (Program, Set[SpecGlobal]) = {
@@ -64,11 +71,11 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     val (externalFunctions, globals, _, mainAddress) = loadReadELF(loading.relfFile, loading)
     val IRTranslator = BAPToIR(bapProgram, mainAddress)
     var IRProgram = IRTranslator.translate
-    IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)
-    IRProgram = Renamer(Set("free")).visitProgram(IRProgram)
+    // IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)
+    // IRProgram = Renamer(Set("free")).visitProgram(IRProgram)
     //IRProgram.stripUnreachableFunctions()
-    val stackIdentification = StackSubstituter()
-    stackIdentification.visitProgram(IRProgram)
+    // val stackIdentification = StackSubstituter()
+    // stackIdentification.visitProgram(IRProgram)
     IRProgram.setModifies(Map())
 
     (IRProgram, globals)
@@ -121,7 +128,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
    } yield (v)
   val l = State.evaluate(InterpreterState(), s)
 
-  assert(l == Scalar(BitVecLiteral(4096 - 16, 64)))
+  assert(l == Right(Scalar(BitVecLiteral(4096 - 16, 64))))
 
   }
 
@@ -140,8 +147,8 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
        r <- Eval.loadBV(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
      } yield(r)
      val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-     val actual: BitVecLiteral = State.evaluate(InterpreterState(), s)
-     assert(actual == expected)
+     val actual = State.evaluate(InterpreterState(), s)
+     assert(actual == Right(expected))
  
  
    }
@@ -310,6 +317,26 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("cjump", expected)
   }
 
+
+  test("initialisation") {
+
+    // Logger.setLevel(LogLevel.WARN)
+    val expected = Map(
+      "x" -> 6,
+      "y" -> ('b'.toInt), 
+    )
+
+    val (program, globals) = getProgram("initialisation")
+
+    // val watch = IRWalk.firstInProc((program.mainProcedure)).get
+    // val globloads = globals.map(global => (global.name, MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))).toList
+    // val bp = BreakPoint("beginproc",  BreakPointLoc.CMD(watch), BreakPointAction(false, false, globloads, true))
+    // val res = interpretWithBreakPoints(program, List(bp), NormalInterpreter, InterpreterState())
+
+
+    testInterpret("initialisation", expected)
+  }
+
   test("no_interference_update_x") {
     val expected = Map(
       "x" -> 1
@@ -397,7 +424,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     Logger.setLevel(LogLevel.ERROR)
     var res = List[(Int, Double, Double)]()
 
-    for (i <- 0 to 25) {
+    for (i <- 0 to 12) {
       val prog = fibonacciProg(i)
 
       val t = PerformanceTimer("native")
@@ -437,7 +464,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
      Logger.setLevel(LogLevel.WARN)
      val fib = fibonacciProg(8)
      val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get).get
-     val bp = BreakPoint("Fibentry",  BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))), BreakPointAction(true, true, List(Register("R0", 64)), true))
+     val bp = BreakPoint("Fibentry",  BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))), BreakPointAction(true, true, List(("R0", Register("R0", 64))), true))
      // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
      // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
      val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())

From 2a03a237bf68781cc554d0f574deaa7e63079901 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 08:50:18 +1000
Subject: [PATCH 028/127] hook for dynlinking

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 57 ++++++++++++++++++-
 src/main/scala/ir/eval/InterpretTrace.scala   |  6 ++
 src/main/scala/ir/eval/Interpreter.scala      |  3 -
 .../scala/translating/ReadELFLoader.scala     |  1 +
 src/test/scala/IndircallDifferential.scala    |  7 ++-
 5 files changed, 65 insertions(+), 9 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 18e887014..e255fc9d0 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -2,6 +2,7 @@ package ir.eval
 import ir._
 import ir.eval.BitVectorEval.*
 import ir.*
+import util.IRContext
 import util.Logger
 import util.functional.*
 import util.functional.State.*
@@ -204,6 +205,42 @@ case object Eval {
 
 case object InterpFuns {
 
+
+  def initRelocTable[S, E, T <: Effects[S, E]](s: T)(p: Program, reladyn: Set[(BigInt, String)]): State[S, Unit, E] = {
+
+    val data = reladyn.toList.flatMap(r => {
+      val (offset, extfname) = r
+      p.procedures.find(proc => proc.name == extfname).map(p => (offset, p)).toList
+    })
+
+    // TODO: will have to store 
+    //  mem[rodata addr] = naddr
+    //  ghost-funtable[naddr] = FunPointer - to intrinsic function
+    // We could also dynamic link against something like musl, for things like string.h
+
+    val fptrs = data.map((p) => {
+      val (offset, proc) = p
+      val addr = proc.address match {
+            case Some(x) => x
+            case None => println(s"No address for function ${proc.name} ${"%x".format(offset)}"); 0
+      }
+      // im guessing proc.address will be undefined and we will have to choose one for our intrinsic libc funcs
+      (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc)))) 
+    })
+
+    val stores = fptrs.map((p) =>{
+      val (offset, fptr) = p
+      Eval.storeSingle[S,E,T](s)(
+        "mem",
+        Scalar(BitVecLiteral(offset, 64)),
+        fptr
+    )})
+
+    for {
+      _ <- State.sequence[S,Unit,E](State.pure(()), stores)
+    } yield ()
+  }
+
   /** Functions which compile BASIL IR down to the minimal interpreter effects.
     *
     * Each function takes as parameter an implementation of Effects[S]
@@ -339,7 +376,7 @@ case object InterpFuns {
               val block = dc.target.entryBlock.get
               f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
             } else {
-              f.setNext(EscapedControlFlow(dc))
+              State.setError(InterpreterError(EscapedControlFlow(dc)))
               //f.setNext(Run(dc.successor))
             }
         } yield (n)
@@ -352,7 +389,7 @@ case object InterpFuns {
             fp <- f.evalAddrToProc(addr.value.toInt)
             _ <- fp match {
               case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
-              case none     => f.setNext(EscapedControlFlow(ic))
+              case none     => State.setError(InterpreterError(EscapedControlFlow(ic)))
             }
           } yield ()
         }
@@ -377,7 +414,16 @@ case object InterpFuns {
 
   def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: Program, is: S): S = {
     val begin = State.execute(is, initialiseProgram(f)(p))
-    // State.execute[S,Unit](is, )
+    interpret(f, begin)
+  }
+
+
+  def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
+    val st = for {
+      _ <- initialiseProgram(f)(p.program)
+      _ <- InterpFuns.initRelocTable(f)(p.program, p.externalFunctions.map(f => (f.offset, f.name)))
+    } yield ()
+    val begin = State.execute(is, st)
     interpret(f, begin)
   }
 }
@@ -386,3 +432,8 @@ def interpret(IRProgram: Program): InterpreterState = {
   InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
 }
 
+
+def interpret(IRProgram: IRContext): InterpreterState = {
+  InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
+}
+
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index ad1ad1200..39ce9ac94 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -2,6 +2,7 @@ package ir.eval
 import ir._
 import ir.eval.BitVectorEval.*
 import ir.*
+import util.IRContext
 import util.Logger
 import util.functional.*
 import util.functional.State.*
@@ -81,3 +82,8 @@ def interpretTrace(p: Program) : (InterpreterState, Trace) = {
 }
 
 
+def interpretTrace(p: IRContext) : (InterpreterState, Trace) = {
+  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+}
+
+
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 51b71de3c..041402969 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -31,9 +31,6 @@ case class MemoryError(val message: String = "") extends ExecutionContinuation /
 
 // type InterpreterError = EscapedControlFlow | Errored | TypeError | EvalError | MemoryError
 
-/** TODO: errors should be encapsualted in error monad, rather than mapping exceptions back into state transitions at
-  * State.execute()
-  */
 case class InterpreterError(continue: ExecutionContinuation) extends Exception()
 
 /* Concrete value type of the interpreter. */
diff --git a/src/main/scala/translating/ReadELFLoader.scala b/src/main/scala/translating/ReadELFLoader.scala
index d874f05fe..ed9135e1e 100644
--- a/src/main/scala/translating/ReadELFLoader.scala
+++ b/src/main/scala/translating/ReadELFLoader.scala
@@ -7,6 +7,7 @@ import util.ILLoadingConfig
 import scala.jdk.CollectionConverters.*
 
 object ReadELFLoader {
+  // TODO: load NOTYPE symbols, so we can get _bss_start ... _bss_end to zero-init in interpreter, as well as _end to find bottom of heap
   def visitSyms(ctx: SymsContext, config: ILLoadingConfig): (Set[ExternalFunction], Set[SpecGlobal], Map[BigInt, BigInt], Int) = {
     val externalFunctions = ctx.relocationTable.asScala.flatMap(r => visitRelocationTableExtFunc(r)).toSet
     val relocationOffsets = ctx.relocationTable.asScala.flatMap(r => visitRelocationTableOffsets(r)).toMap
diff --git a/src/test/scala/IndircallDifferential.scala b/src/test/scala/IndircallDifferential.scala
index e71e23389..1617d5479 100644
--- a/src/test/scala/IndircallDifferential.scala
+++ b/src/test/scala/IndircallDifferential.scala
@@ -1,5 +1,6 @@
 
 import ir.*
+import ir.eval._
 import java.io.{BufferedWriter, File, FileWriter}
 import ir.Endian.LittleEndian
 import org.scalatest.*
@@ -21,7 +22,7 @@ class DifferentialIndirectCall extends AnyFunSuite {
 
   Logger.setLevel(LogLevel.WARN)
 
-  def diffTest(initial: Program, transformed: Program) = {
+  def diffTest(initial: IRContext, transformed: IRContext) = {
     val (initialRes,traceInit) = interpretTrace(initial)
     val (result,traceRes) = interpretTrace(transformed)
 
@@ -61,8 +62,8 @@ class DifferentialIndirectCall extends AnyFunSuite {
     )
 
 
-    val program = loadAndTranslate(basilConfigNoAnalysis).ir.program
-    val compare = loadAndTranslate(basilConfig).ir.program
+    val program = loadAndTranslate(basilConfigNoAnalysis).ir
+    val compare = loadAndTranslate(basilConfig).ir
     diffTest(program, compare)
 
   }

From 8b694c0871a672e39ea1fc0dc06af12ef20db058 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 09:56:35 +1000
Subject: [PATCH 029/127] load full symtab

---
 src/main/scala/ir/eval/InterpretBasilIR.scala |  2 +-
 .../scala/translating/ReadELFLoader.scala     | 82 +++++++++++++++----
 src/main/scala/util/RunUtils.scala            | 10 ++-
 src/test/scala/IndirectCallsTests.scala       |  2 +-
 src/test/scala/IrreducibleLoop.scala          |  2 +-
 src/test/scala/PointsToTest.scala             |  2 +-
 src/test/scala/ir/InterpreterTests.scala      |  2 +-
 7 files changed, 76 insertions(+), 26 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index e255fc9d0..4c2babfc8 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -222,7 +222,7 @@ case object InterpFuns {
       val (offset, proc) = p
       val addr = proc.address match {
             case Some(x) => x
-            case None => println(s"No address for function ${proc.name} ${"%x".format(offset)}"); 0
+            case None => /* println(s"No address for function ${proc.name} ${"%x".format(offset)}"); */ 0
       }
       // im guessing proc.address will be undefined and we will have to choose one for our intrinsic libc funcs
       (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc)))) 
diff --git a/src/main/scala/translating/ReadELFLoader.scala b/src/main/scala/translating/ReadELFLoader.scala
index ed9135e1e..e6c6336f8 100644
--- a/src/main/scala/translating/ReadELFLoader.scala
+++ b/src/main/scala/translating/ReadELFLoader.scala
@@ -6,17 +6,57 @@ import util.ILLoadingConfig
 
 import scala.jdk.CollectionConverters.*
 
+/**
+ * https://refspecs.linuxfoundation.org/elf/elf.pdf
+ */
+
+enum ELFSymType:
+  case NOTYPE /* absolute symbol or similar */
+  case SECTION /* memory section */
+  case FILE
+  case OBJECT
+  case FUNC /* code function */
+
+
+enum ELFBind:
+  case LOCAL  /* local to the translation unit */
+  case GLOBAL /* global to the program */
+  case WEAK  /* multiple versions of symbol may be exposed to the linker, and the last definition is used. */
+
+enum ELFVis:
+  case HIDDEN
+  case DEFAULT
+
+enum ELFNDX:
+  case Section(num: Int) /* Section containing the symbol */
+  case UND /* Undefined */
+  case ABS /* Absolute, unaffected by relocation */
+
+case class ELFSymbol(num: Int,  /* symbol number */
+  value: BigInt, /* symbol address */
+  size: Int,  /* symbol size (bytes) */
+  etype: ELFSymType,  
+  bind: ELFBind,  
+  vis: ELFVis,
+  ndx: ELFNDX, /* The section containing the symbol */
+  name: String)
+
 object ReadELFLoader {
   // TODO: load NOTYPE symbols, so we can get _bss_start ... _bss_end to zero-init in interpreter, as well as _end to find bottom of heap
-  def visitSyms(ctx: SymsContext, config: ILLoadingConfig): (Set[ExternalFunction], Set[SpecGlobal], Map[BigInt, BigInt], Int) = {
+  def visitSyms(ctx: SymsContext, config: ILLoadingConfig): (List[ELFSymbol], Set[ExternalFunction], Set[SpecGlobal], Map[BigInt, BigInt], Int) = {
     val externalFunctions = ctx.relocationTable.asScala.flatMap(r => visitRelocationTableExtFunc(r)).toSet
     val relocationOffsets = ctx.relocationTable.asScala.flatMap(r => visitRelocationTableOffsets(r)).toMap
-    val globalVariables = ctx.symbolTable.asScala.flatMap(s => visitSymbolTable(s)).toSet
     val mainAddress = ctx.symbolTable.asScala.flatMap(s => getFunctionAddress(s, config.mainProcedureName))
+
+    val symbolTable = ctx.symbolTable.asScala.flatMap(s => visitSymbolTable(s)).toList
+    val globalVariables = (symbolTable.collect {
+      case ELFSymbol(num, value, size, ELFSymType.OBJECT, ELFBind.GLOBAL, ELFVis.DEFAULT, _, name) =>  SpecGlobal(name, size * 8, None, value)
+    }).toSet
+    
     if (mainAddress.isEmpty) {
       throw Exception(s"no ${config.mainProcedureName} function in symbol table")
     }
-    (externalFunctions, globalVariables, relocationOffsets, mainAddress.head)
+    (symbolTable, externalFunctions, globalVariables, relocationOffsets, mainAddress.head)
   }
 
   def visitRelocationTableExtFunc(ctx: RelocationTableContext): Set[ExternalFunction] = {
@@ -50,12 +90,12 @@ object ReadELFLoader {
     }
   }
 
-  def visitSymbolTable(ctx: SymbolTableContext): Set[SpecGlobal] = {
+
+  def visitSymbolTable(ctx: SymbolTableContext): List[ELFSymbol] = {
     if (ctx.symbolTableHeader.tableName.STRING.getText == ".symtab") {
-      val rows = ctx.symbolTableRow.asScala
-      rows.flatMap(r => visitSymbolTableRow(r)).toSet
+      ctx.symbolTableRow.asScala.map(getSymbolTableRow).toList
     } else {
-      Set()
+      List()
     }
   }
 
@@ -76,17 +116,25 @@ object ReadELFLoader {
     }
   }
 
-  def visitSymbolTableRow(ctx: SymbolTableRowContext): Option[SpecGlobal] = {
-    if (ctx.entrytype.getText == "OBJECT" && ctx.bind.getText == "GLOBAL" && ctx.vis.getText == "DEFAULT") {
-      val name = ctx.name.getText
-      if (name.forall(allowedChars.contains)) {
-        Some(SpecGlobal(name, ctx.size.getText.toInt * 8, None, hexToBigInt(ctx.value.getText)))
-      } else {
-        None
-      }
-    } else {
-      None
+  def getSymbolTableRow(ctx: SymbolTableRowContext): ELFSymbol = {
+    val bind = ELFBind.valueOf(ctx.bind.getText)
+    val etype = ELFSymType.valueOf(ctx.entrytype.getText)
+    val size = ctx.size.getText.toInt
+    val name = ctx.name match {
+      case null => ""
+      case x => x.getText
     }
+    val value = BigInt(ctx.value.getText, 16)
+    val num = ctx.num.getText.toInt
+    val vis = ELFVis.valueOf(ctx.vis.getText)
+
+    val ndx = (ctx.ndx.getText match {
+      case "ABS" => ELFNDX.ABS
+      case "UND" => ELFNDX.UND
+      case o => ELFNDX.Section(o.toInt)
+    })
+
+    ELFSymbol(num, value, size, etype, bind, vis, ndx, name)
   }
 
   def hexToBigInt(hex: String): BigInt = BigInt(hex, 16)
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 11c7558eb..45c482b03 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -39,6 +39,7 @@ import scala.collection.mutable
   * transformation.
   */
 case class IRContext(
+    symbols: List[ELFSymbol],
     externalFunctions: Set[ExternalFunction],
     globals: Set[SpecGlobal],
     globalOffsets: Map[BigInt, BigInt],
@@ -73,13 +74,14 @@ object IRLoading {
   /** Create a context from just an IR program.
     */
   def load(p: Program): IRContext = {
-    IRContext(Set.empty, Set.empty, Map.empty, IRLoading.loadSpecification(None, p, Set.empty), p)
+    IRContext(List.empty, Set.empty, Set.empty, Map.empty, IRLoading.loadSpecification(None, p, Set.empty), p)
   }
 
   /** Load a program from files using the provided configuration.
     */
   def load(q: ILLoadingConfig): IRContext = {
-    val (externalFunctions, globals, globalOffsets, mainAddress) = IRLoading.loadReadELF(q.relfFile, q)
+    // TODO: this tuple is large, should be a case class
+    val (symbols, externalFunctions, globals, globalOffsets, mainAddress) = IRLoading.loadReadELF(q.relfFile, q)
 
     val program: Program = if (q.inputFile.endsWith(".adt")) {
       val bapProgram = loadBAP(q.inputFile)
@@ -93,7 +95,7 @@ object IRLoading {
 
     val specification = IRLoading.loadSpecification(q.specFile, program, globals)
 
-    IRContext(externalFunctions, globals, globalOffsets, specification, program)
+    IRContext(symbols, externalFunctions, globals, globalOffsets, specification, program)
   }
 
   def loadBAP(fileName: String): BAPProgram = {
@@ -151,7 +153,7 @@ object IRLoading {
   def loadReadELF(
       fileName: String,
       config: ILLoadingConfig
-  ): (Set[ExternalFunction], Set[SpecGlobal], Map[BigInt, BigInt], Int) = {
+  ): (List[ELFSymbol], Set[ExternalFunction], Set[SpecGlobal], Map[BigInt, BigInt], Int) = {
     val lexer = ReadELFLexer(CharStreams.fromFileName(fileName))
     val tokens = CommonTokenStream(lexer)
     val parser = ReadELFParser(tokens)
diff --git a/src/test/scala/IndirectCallsTests.scala b/src/test/scala/IndirectCallsTests.scala
index fbc5a4362..c208e973b 100644
--- a/src/test/scala/IndirectCallsTests.scala
+++ b/src/test/scala/IndirectCallsTests.scala
@@ -44,7 +44,7 @@ class IndirectCallsTests extends AnyFunSuite with OneInstancePerTest with Before
                   globals: Set[SpecGlobal] = Set.empty,
                   globalOffsets: Map[BigInt, BigInt] = Map.empty): StaticAnalysisContext = {
 
-    val ctx = IRContext(externalFunctions, globals, globalOffsets, Specification(Set(), Map(), List(), List(), List(), Set()), program)
+    val ctx = IRContext(List.empty, externalFunctions, globals, globalOffsets, Specification(Set(), Map(), List(), List(), List(), Set()), program)
     StaticAnalysis.analyse(ctx, StaticAnalysisConfig(), 1)
   }
 
diff --git a/src/test/scala/IrreducibleLoop.scala b/src/test/scala/IrreducibleLoop.scala
index c7b0a4279..7742a0ee9 100644
--- a/src/test/scala/IrreducibleLoop.scala
+++ b/src/test/scala/IrreducibleLoop.scala
@@ -27,7 +27,7 @@ class IrreducibleLoop extends AnyFunSuite {
 
   def load(conf: ILLoadingConfig) : Program = {
     val bapProgram = IRLoading.loadBAP(conf.inputFile)
-    val (externalFunctions, globals, globalOffsets, mainAddress) = IRLoading.loadReadELF(conf.relfFile, conf)
+    val (_, externalFunctions, globals, globalOffsets, mainAddress) = IRLoading.loadReadELF(conf.relfFile, conf)
     val IRTranslator = BAPToIR(bapProgram, mainAddress)
     val IRProgram = IRTranslator.translate
     IRProgram
diff --git a/src/test/scala/PointsToTest.scala b/src/test/scala/PointsToTest.scala
index 9534053a3..def6d4a54 100644
--- a/src/test/scala/PointsToTest.scala
+++ b/src/test/scala/PointsToTest.scala
@@ -42,7 +42,7 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest with BeforeAndAft
                   globals: Set[SpecGlobal] = Set.empty,
                   globalOffsets: Map[BigInt, BigInt] = Map.empty): StaticAnalysisContext = {
 
-    val ctx = IRContext(externalFunctions, globals, globalOffsets, Specification(Set(), Map(), List(), List(), List(), Set()), program)
+    val ctx = IRContext(List.empty, externalFunctions, globals, globalOffsets, Specification(Set(), Map(), List(), List(), List(), Set()), program)
     StaticAnalysis.analyse(ctx, StaticAnalysisConfig(), 1)
   }
 
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 966e37244..7bf72266b 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -68,7 +68,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     )
 
     val bapProgram = loadBAP(loading.inputFile)
-    val (externalFunctions, globals, _, mainAddress) = loadReadELF(loading.relfFile, loading)
+    val (symbols, externalFunctions, globals, _, mainAddress) = loadReadELF(loading.relfFile, loading)
     val IRTranslator = BAPToIR(bapProgram, mainAddress)
     var IRProgram = IRTranslator.translate
     // IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)

From 57ca6b387aa4dd2fe637d3d43903768c75f0f984 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 11:14:57 +1000
Subject: [PATCH 030/127] update relf grammar

---
 src/main/antlr4/ReadELF.g4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/antlr4/ReadELF.g4 b/src/main/antlr4/ReadELF.g4
index 513b6340d..1903dce7a 100644
--- a/src/main/antlr4/ReadELF.g4
+++ b/src/main/antlr4/ReadELF.g4
@@ -31,7 +31,7 @@ symbolTableHeader :
   'Symbol table' tableName 'contains' HEX 'entries:' NEWLINE
   'Num:' 'Value' 'Size' 'Type' 'Bind' 'Vis' 'Ndx' 'Name'  // Mainly a sanity check for the column order
   ;
-symbolTableRow : HEX ':' value=HEX size=HEX entrytype=STRING bind=STRING vis=STRING (HEX | STRING) name=(HEX | STRING)? STRING? NEWLINE;
+symbolTableRow : (num=HEX) ':' value=HEX size=HEX entrytype=STRING bind=STRING vis=STRING ndx=(HEX | STRING) name=(HEX | STRING)? STRING? NEWLINE;
 // symbolTableRow : HEX ':' HEX HEX symbolType bind vis ndx name? ;
 
 tableName : '\'' STRING '\'' ;

From b27698107e5248e440c5637966754f694f41e577 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 13:36:54 +1000
Subject: [PATCH 031/127] init bss

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 104 ++++++++++++------
 src/main/scala/ir/eval/InterpretTrace.scala   |  15 ---
 src/main/scala/ir/eval/Interpreter.scala      |  80 +++++---------
 src/test/scala/IndircallDifferential.scala    |   5 +-
 src/test/scala/ir/InterpreterTests.scala      |  28 +++--
 5 files changed, 116 insertions(+), 116 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 4c2babfc8..655de30d4 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -13,7 +13,7 @@ import scala.annotation.tailrec
 import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
-
+import translating.ELFSymbol
 
 /** Abstraction for memload and variable lookup used by the expression evaluator.
   */
@@ -28,7 +28,12 @@ case class StVarLoader[S, F <: Effects[S, InterpreterError]](f: F) extends Loade
     }))
   }
 
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal], InterpreterError] = {
+  override def loadMemory(
+      m: Memory,
+      addr: Expr,
+      endian: Endian,
+      size: Int
+  ): State[S, Option[Literal], InterpreterError] = {
     for {
       r <- addr match {
         case l: Literal if size == 1 =>
@@ -69,9 +74,9 @@ case object Eval {
     for {
       res <- evalExpr(f)(e)
       r <- State.pureE(res match {
-      case l: BitVecLiteral => Right(l)
-      case _                => Left(InterpreterError(Errored(s"Eval BV residual $e")))
-    })
+        case l: BitVecLiteral => Right(l)
+        case _                => Left(InterpreterError(Errored(s"Eval BV residual $e")))
+      })
     } yield (r)
   }
 
@@ -79,9 +84,9 @@ case object Eval {
     for {
       res <- evalExpr(f)(e)
       r <- State.pureE(res match {
-      case l: IntLiteral => Right(l.value)
-      case _                => Left(InterpreterError(Errored(s"Eval Int residual $e")))
-    })
+        case l: IntLiteral => Right(l.value)
+        case _             => Left(InterpreterError(Errored(s"Eval Int residual $e")))
+      })
     } yield (r)
   }
 
@@ -89,9 +94,9 @@ case object Eval {
     for {
       res <- evalExpr(f)(e)
       r <- State.pureE(res match {
-      case l: BoolLit => Right(l == TrueLiteral)
-      case _                => Left(InterpreterError(Errored(s"Eval Bool residual $e")))
-    })
+        case l: BoolLit => Right(l == TrueLiteral)
+        case _          => Left(InterpreterError(Errored(s"Eval Bool residual $e")))
+      })
     } yield (r)
   }
 
@@ -103,8 +108,9 @@ case object Eval {
       f: T
   )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue], InterpreterError] = {
     for {
-      _ <- if (count == 0) then State.setError(InterpreterError(Errored(s"Attempted fractional load"))) else State.pure(())
-      keys <- State.mapM(((i:Int) => State.pureE(BasilValue.unsafeAdd(addr, i))), (0 until count))
+      _ <-
+        if (count == 0) then State.setError(InterpreterError(Errored(s"Attempted fractional load"))) else State.pure(())
+      keys <- State.mapM(((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i))), (0 until count))
       values <- f.loadMem(vname, keys.toList)
       vals = endian match {
         case Endian.LittleEndian => values.reverse
@@ -127,13 +133,24 @@ case object Eval {
     cells = size / valsize
 
     res <- load(f)(vname, addr, endian, cells) // actual load
-    bvs: List[BitVecLiteral] <- (State.mapM ((c : BasilValue) => c match {
-        case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => State.pure(bv)
-        case c => State.setError(InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize")))
-      },res))
+    bvs: List[BitVecLiteral] <- (
+      State.mapM(
+        (c: BasilValue) =>
+          c match {
+            case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => State.pure(bv)
+            case c =>
+              State.setError(
+                InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
+              )
+          },
+        res
+      )
+    )
   } yield (bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
 
-  def loadSingle[S, T <: Effects[S, InterpreterError]](f: T)(vname: String, addr: Scalar): State[S, BasilValue, InterpreterError] = {
+  def loadSingle[S, T <: Effects[S, InterpreterError]](
+      f: T
+  )(vname: String, addr: Scalar): State[S, BasilValue, InterpreterError] = {
     for {
       m <- load(f)(vname, addr, Endian.LittleEndian, 1)
     } yield (m.head)
@@ -152,7 +169,8 @@ case object Eval {
   ): State[S, Unit, InterpreterError] = for {
     mem <- f.loadVar(vname)
     x <- mem match {
-      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) => State.pure((m, kt, vt))
+      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) =>
+        State.pure((m, kt, vt))
       case v => State.setError(InterpreterError(TypeError(s"Invalid map store operation to $vname : $v")))
     }
     (mapval, keytype, valtype) = x
@@ -198,14 +216,15 @@ case object Eval {
     s <- f.storeMem(vname, keys.zip(vs).toMap)
   } yield (s)
 
-  def storeSingle[S, E, T <: Effects[S, E]](f: T)(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit, E] = {
+  def storeSingle[S, E, T <: Effects[S, E]](
+      f: T
+  )(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit, E] = {
     f.storeMem(vname, Map((addr -> value)))
   }
 }
 
 case object InterpFuns {
 
-
   def initRelocTable[S, E, T <: Effects[S, E]](s: T)(p: Program, reladyn: Set[(BigInt, String)]): State[S, Unit, E] = {
 
     val data = reladyn.toList.flatMap(r => {
@@ -213,7 +232,7 @@ case object InterpFuns {
       p.procedures.find(proc => proc.name == extfname).map(p => (offset, p)).toList
     })
 
-    // TODO: will have to store 
+    // TODO: will have to store
     //  mem[rodata addr] = naddr
     //  ghost-funtable[naddr] = FunPointer - to intrinsic function
     // We could also dynamic link against something like musl, for things like string.h
@@ -221,23 +240,24 @@ case object InterpFuns {
     val fptrs = data.map((p) => {
       val (offset, proc) = p
       val addr = proc.address match {
-            case Some(x) => x
-            case None => /* println(s"No address for function ${proc.name} ${"%x".format(offset)}"); */ 0
+        case Some(x) => x
+        case None    => /* println(s"No address for function ${proc.name} ${"%x".format(offset)}"); */ 0
       }
       // im guessing proc.address will be undefined and we will have to choose one for our intrinsic libc funcs
-      (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc)))) 
+      (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc))))
     })
 
-    val stores = fptrs.map((p) =>{
+    val stores = fptrs.map((p) => {
       val (offset, fptr) = p
-      Eval.storeSingle[S,E,T](s)(
+      Eval.storeSingle[S, E, T](s)(
         "mem",
         Scalar(BitVecLiteral(offset, 64)),
         fptr
-    )})
+      )
+    })
 
     for {
-      _ <- State.sequence[S,Unit,E](State.pure(()), stores)
+      _ <- State.sequence[S, Unit, E](State.pure(()), stores)
     } yield ()
   }
 
@@ -403,7 +423,7 @@ case object InterpFuns {
       case Right(next) => {
         Logger.debug(s"eval $next")
         next match {
-          case Run(c) =>  interpret(f, State.execute(m, f.interpretOne))
+          case Run(c)    => interpret(f, State.execute(m, f.interpretOne))
           case Stopped() => m
           case errorstop => m
         }
@@ -417,10 +437,32 @@ case object InterpFuns {
     interpret(f, begin)
   }
 
+  def initBSS[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext): State[S, Unit, InterpreterError] = {
+    val bss = for {
+      first <- p.symbols.find(s => s.name == "__bss_start__").map(_.value)
+      last <- p.symbols.find(s => s.name == "__bss_end__").map(_.value)
+      r <- (if (first == last) then None else Some((first, (last - first) * 8)))
+      (addr, sz) = r
+      st = {
+        (rgn => Eval.storeBV(f)(rgn, Scalar(BitVecLiteral(addr, 64)), BitVecLiteral(0, sz.toInt), Endian.LittleEndian))
+      }
+
+    } yield (st)
+
+    bss match {
+      case None => Logger.error("No BSS initialised"); State.pure(())
+      case Some(init) =>
+        for {
+          _ <- init("mem")
+          _ <- init("stack")
+        } yield ()
+    }
+  }
 
   def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
     val st = for {
       _ <- initialiseProgram(f)(p.program)
+      _ <- initBSS(f)(p)
       _ <- InterpFuns.initRelocTable(f)(p.program, p.externalFunctions.map(f => (f.offset, f.name)))
     } yield ()
     val begin = State.execute(is, st)
@@ -432,8 +474,6 @@ def interpret(IRProgram: Program): InterpreterState = {
   InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
 }
 
-
 def interpret(IRProgram: IRContext): InterpreterState = {
   InterpFuns.interpretProg(NormalInterpreter)(IRProgram, InterpreterState())
 }
-
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 39ce9ac94..c9565d51e 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -34,11 +34,6 @@ case object Trace {
 
 case class TraceGen[E]() extends NopEffects[Trace, E] {
   /** Values are discarded by ProductInterpreter so do not matter */
-  //def evalBV(e: Expr) = State.pure(BitVecLiteral(0,0))
-
-  //def evalInt(e: Expr) = State.pure(BigInt(0))
-
-  //def evalBool(e: Expr) = State.pure(false)
 
   override def loadVar(v: String) = for {
     s <- Trace.add(ExecEffect.LoadVar(v))
@@ -48,14 +43,6 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
     s <- Trace.add(ExecEffect.LoadMem(v, addrs))
   } yield (List())
 
-  //def evalAddrToProc(addr: Int) = for {
-  //  s <- Trace.add(ExecEffect.FindProc(addr))
-  //} yield (None)
-
-  // def getNext = State.pure(Stopped())
-
-  // def setNext(c: ExecutionContinuation)  = State.pure(())
-
   override def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = for {
     s <- Trace.add(ExecEffect.Call(target, beginFrom, returnTo))
   } yield (())
@@ -72,7 +59,6 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
     s <- if (!vname.startsWith("ghost")) Trace.add(ExecEffect.StoreMem(vname, update)) else State.pure(())
   } yield (())
 
-  // def interpretOne = State.pure(())
 }
 
 def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen())
@@ -86,4 +72,3 @@ def interpretTrace(p: IRContext) : (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
 
-
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 041402969..dc7139d29 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -29,8 +29,6 @@ case class EvalError(val message: String = "")
     extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
 case class MemoryError(val message: String = "") extends ExecutionContinuation /* An error to do with memory */
 
-// type InterpreterError = EscapedControlFlow | Errored | TypeError | EvalError | MemoryError
-
 case class InterpreterError(continue: ExecutionContinuation) extends Exception()
 
 /* Concrete value type of the interpreter. */
@@ -42,13 +40,14 @@ case class Scalar(val value: Literal) extends BasilValue(value.getType) {
   }
 }
 
-/** Slightly hacky way of mapping addresses to function calls within the interpreter dynamic state */
+/* Slightly hacky way of mapping addresses to function calls within the interpreter dynamic state */
 case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation)
     extends BasilValue(addr.getType)
 
-// Erase the type of basil values and enforce the invariant that
-// \exists i . \forall v \in value.keys , v.irType = i  and
-// \exists j . \forall v \in value.values, v.irType = j
+/* Erase the type of basil values and enforce the invariant that
+   \exists i . \forall v \in value.keys , v.irType = i  and
+   \exists j . \forall v \in value.values, v.irType = j
+ */
 case class MapValue(val value: Map[BasilValue, BasilValue], override val irType: MapType) extends BasilValue(irType) {
   override def toString = s"MapValue : $irType"
 }
@@ -69,19 +68,9 @@ case object BasilValue {
       case _ if vr == 0              => Right(l)
       case Scalar(IntLiteral(vl))    => Right(Scalar(IntLiteral(vl + vr)))
       case Scalar(b1: BitVecLiteral) => Right(Scalar(eval.evalBVBinExpr(BVADD, b1, BitVecLiteral(vr, b1.size))))
-      case _ => Left(InterpreterError(TypeError(s"Operation add $vr undefined on $l")))
+      case _                         => Left(InterpreterError(TypeError(s"Operation add $vr undefined on $l")))
     }
   }
-
-  // def add(l: BasilValue, r: BasilValue): BasilValue = {
-  //   (l, r) match {
-  //     case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))       => Scalar(IntLiteral(vl + vr))
-  //     case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Scalar(eval.evalBVBinExpr(BVADD, b1, b2))
-  //     case (Scalar(b1: BoolLit), Scalar(b2: BoolLit)) =>
-  //       Scalar(if (b2.value || b2.value) then TrueLiteral else FalseLiteral)
-  //     case _ => throw InterpreterError(TypeError(s"Operation add undefined on $l $r"))
-  //   }
-  // }
 }
 
 /** Minimal language defining all state transitions in the interpreter, defined for the interpreter's concrete state T.
@@ -133,9 +122,9 @@ trait NopEffects[T, E] extends Effects[T, E] {
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = State.pure(())
 }
 
-/** -------------------------------------------------------------------------------- Definition of concrete state
-  * --------------------------------------------------------------------------------
-  */
+/*--------------------------------------------------------------------------------
+ * Definition of concrete state
+ *--------------------------------------------------------------------------------*/
 
 type StackFrameID = String
 val globalFrame: StackFrameID = "GLOBAL"
@@ -255,7 +244,6 @@ case class MemoryState(
     }
   }
 
-
   /* Map variable accessing ; load and store operations */
   def doLoad(vname: String, addr: List[BasilValue]): Either[InterpreterError, List[BasilValue]] = for {
     v <- findVar(vname)
@@ -272,16 +260,6 @@ case class MemoryState(
        })
   } yield (xs)
 
-  // def doLoad[S](vname: String, addr: List[BasilValue]): State[S, List[BasilValue], InterpreterError] = for {
-  //   v <- doLoadOpt(vname, addr)
-  //   r <- v match {
-  //     case Some(vs) => vs
-  //     case None => {
-  //       throw InterpreterError(MemoryError(s"Read from uninitialised "))
-  //     }
-  //   }
-  // }
-
   /** typecheck and some fields of a map variable */
   def doStore(vname: String, values: Map[BasilValue, BasilValue]): Either[InterpreterError, MemoryState] = for {
     // val (frame, mem) = findVar(vname)
@@ -407,10 +385,11 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
     Logger.debug(s"    eff : RETURN")
     modifyE((s: InterpreterState) => {
       s.callStack match {
-        case Nil     => Right(s.copy(nextCmd = Stopped()))
-        case h :: tl => for {
-          ms <- s.memoryState.popStackFrame()
-        } yield (s.copy(nextCmd = h, callStack = tl, memoryState = ms))
+        case Nil => Right(s.copy(nextCmd = Stopped()))
+        case h :: tl =>
+          for {
+            ms <- s.memoryState.popStackFrame()
+          } yield (s.copy(nextCmd = h, callStack = tl, memoryState = ms))
       }
     })
   }
@@ -420,31 +399,22 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
     State.modify((s: InterpreterState) => s.copy(memoryState = s.memoryState.defVar(v, scope, value)))
   }
 
-  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = 
+  def storeMem(vname: String, update: Map[BasilValue, BasilValue]) =
     State.modifyE((s: InterpreterState) => {
-    Logger.debug(s"    eff : STORE ${formatStore(vname, update)}")
-    for {
-      ms <- s.memoryState.doStore(vname, update)
-    } yield(s.copy(memoryState = ms))
-  })
+      Logger.debug(s"    eff : STORE ${formatStore(vname, update)}")
+      for {
+        ms <- s.memoryState.doStore(vname, update)
+      } yield (s.copy(memoryState = ms))
+    })
 
   def interpretOne: State[InterpreterState, Unit, InterpreterError] = for {
     next <- getNext
     _ <- (next match {
-          case Run(c: Statement) => InterpFuns.interpretStatement(this)(c)
-          case Run(c: Jump)      => InterpFuns.interpretJump(this)(c)
-          case Stopped()         => State.pure(())
-          case errorstop         => State.pure(())
-      }).flatMapE((e: InterpreterError) => setNext(e.continue))
-      // } catch {
-      //   case InterpreterError(e)                   => setNext(e)
-      //   case e: java.lang.IllegalArgumentException => setNext(Errored(e.getStackTrace.take(5).mkString("\n")))
-      // }
+      case Run(c: Statement) => InterpFuns.interpretStatement(this)(c)
+      case Run(c: Jump)      => InterpFuns.interpretJump(this)(c)
+      case Stopped()         => State.pure(())
+      case errorstop         => State.pure(())
+    }).flatMapE((e: InterpreterError) => setNext(e.continue))
   } yield ()
 
 }
-
-// def interpretTrace(IRProgram: Program): TracingInterpreter = {
-//   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
-//   s
-//e
diff --git a/src/test/scala/IndircallDifferential.scala b/src/test/scala/IndircallDifferential.scala
index 1617d5479..03ea9dbd7 100644
--- a/src/test/scala/IndircallDifferential.scala
+++ b/src/test/scala/IndircallDifferential.scala
@@ -33,12 +33,13 @@ class DifferentialIndirectCall extends AnyFunSuite {
         case e @ ExecEffect.LoadMem("mem", _) => e
       }
     }
+    println(traceInit.t.mkString("\n"))
 
     // println(traceInit.t.mkString("\n    "))
     assert(initialRes.nextCmd == Stopped())
     assert(result.nextCmd == Stopped())
-    assert(initialRes.memoryState.getGlobalVals == result.memoryState.getGlobalVals)
-    assert(initialRes.memoryState.getMem("mem") == result.memoryState.getMem("mem"))
+    // assert(initialRes.memoryState.diff(result.memoryState) == Map.empty)
+    assert(Set.empty == initialRes.memoryState.getMem("mem").toSet.diff(result.memoryState.getMem("mem").toSet))
     assert(filterEvents(traceInit.t) == filterEvents(traceRes.t))
   }
 
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 7bf72266b..2b47f6e21 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -10,7 +10,7 @@ import specification.SpecGlobal
 import translating.BAPToIR
 import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
-import util.ILLoadingConfig
+import util.{ILLoadingConfig, IRContext, IRLoading, IRTransform} 
 
 // def initialMem(): MemoryState = {
 //   val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
@@ -58,8 +58,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   Logger.setLevel(LogLevel.ERROR)
 
 
-  def getProgram(name: String): (Program, Set[SpecGlobal]) = {
-
+  def getProgram(name: String): IRContext = {
     val loading = ILLoadingConfig(
       inputFile = s"examples/$name/$name.adt",
       relfFile = s"examples/$name/$name.relf",
@@ -67,24 +66,29 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       dumpIL = None
     )
 
-    val bapProgram = loadBAP(loading.inputFile)
-    val (symbols, externalFunctions, globals, _, mainAddress) = loadReadELF(loading.relfFile, loading)
-    val IRTranslator = BAPToIR(bapProgram, mainAddress)
-    var IRProgram = IRTranslator.translate
+    val p = IRLoading.load(loading)
+    val ctx = IRTransform.doCleanup(p)
+    // val bapProgram = loadBAP(loading.inputFile)
+    // val (symbols, externalFunctions, globals, _, mainAddress) = loadReadELF(loading.relfFile, loading)
+    // val IRTranslator = BAPToIR(bapProgram, mainAddress)
+    // var IRProgram = IRTranslator.translate
     // IRProgram = ExternalRemover(externalFunctions.map(e => e.name)).visitProgram(IRProgram)
     // IRProgram = Renamer(Set("free")).visitProgram(IRProgram)
     //IRProgram.stripUnreachableFunctions()
     // val stackIdentification = StackSubstituter()
     // stackIdentification.visitProgram(IRProgram)
-    IRProgram.setModifies(Map())
+    ctx.program.setModifies(Map())
+
 
-    (IRProgram, globals)
+    // (IRProgram, globals)
+    ctx
   }
 
   def testInterpret(name: String, expected: Map[String, Int]): Unit = {
-    val (program, globals) = getProgram(name)
-    val fstate = interpret(program)
+    val ctx = getProgram(name)
+    val fstate = interpret(ctx)
     val regs = fstate.memoryState.getGlobalVals
+    val globals = ctx.globals
 
     // Show interpreted result
     Logger.info("Registers:")
@@ -326,7 +330,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       "y" -> ('b'.toInt), 
     )
 
-    val (program, globals) = getProgram("initialisation")
+    // val (program, globals) = getProgram("initialisation")
 
     // val watch = IRWalk.firstInProc((program.mainProcedure)).get
     // val globloads = globals.map(global => (global.name, MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))).toList

From 888d360e870b41f3a803ce1321061784c4146879 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 14:50:10 +1000
Subject: [PATCH 032/127] cleanup

---
 src/main/scala/ir/eval/ExprEval.scala         | 337 +++++++++---------
 src/main/scala/ir/eval/InterpretBasilIR.scala |  38 +-
 src/main/scala/ir/eval/Interpreter.scala      |   5 +
 src/main/scala/util/functional.scala          |  10 +-
 ...ntial.scala => DifferentialAnalysis.scala} |   7 +-
 5 files changed, 199 insertions(+), 198 deletions(-)
 rename src/test/scala/{IndircallDifferential.scala => DifferentialAnalysis.scala} (94%)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 413b4ad5e..e24355254 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -3,268 +3,259 @@ import ir.eval.BitVectorEval
 import util.functional.State
 import ir._
 
-/**
- * We generalise the expression evaluator to a partial evaluator to simplify evaluating casts.
- *
- * - Program state is taken via a function from var -> value and for loads a function from (mem,addr,endian,size) -> value. 
- * - For conrete evaluators we prefer low-level representations (bool vs BoolLit) and wrap them at the expression eval level 
- * - Avoid using any default cases so we have some idea of complete coverage
- *
- */
+/** We generalise the expression evaluator to a partial evaluator to simplify evaluating casts.
+  *
+  *   - Program state is taken via a function from var -> value and for loads a function from (mem,addr,endian,size) ->
+  *     value.
+  *   - For conrete evaluators we prefer low-level representations (bool vs BoolLit) and wrap them at the expression
+  *     eval level
+  *   - Avoid using any default cases so we have some idea of complete coverage
+  */
 
-
-def evalBVBinExpr(b: BVBinOp, l:BitVecLiteral, r:BitVecLiteral): BitVecLiteral = {
+def evalBVBinExpr(b: BVBinOp, l: BitVecLiteral, r: BitVecLiteral): BitVecLiteral = {
   b match {
-    case BVADD => BitVectorEval.smt_bvadd(l, r)
-    case BVSUB => BitVectorEval.smt_bvsub(l, r)
-    case BVMUL => BitVectorEval.smt_bvmul(l, r)
-    case BVUDIV => BitVectorEval.smt_bvudiv(l, r)
-    case BVSDIV => BitVectorEval.smt_bvsdiv(l, r)
-    case BVSREM => BitVectorEval.smt_bvsrem(l, r)
-    case BVUREM => BitVectorEval.smt_bvurem(l, r)
-    case BVSMOD => BitVectorEval.smt_bvsmod(l, r)
-    case BVAND => BitVectorEval.smt_bvand(l, r)
-    case BVOR => BitVectorEval.smt_bvxor(l, r)
-    case BVXOR => BitVectorEval.smt_bvxor(l, r)
-    case BVNAND => BitVectorEval.smt_bvnand(l, r)
-    case BVNOR => BitVectorEval.smt_bvnor(l, r)
-    case BVXNOR => BitVectorEval.smt_bvxnor(l, r)
-    case BVSHL => BitVectorEval.smt_bvshl(l, r)
-    case BVLSHR => BitVectorEval.smt_bvlshr(l, r)
-    case BVASHR => BitVectorEval.smt_bvashr(l, r)
-    case BVCOMP => BitVectorEval.smt_bvcomp(l, r)
+    case BVADD    => BitVectorEval.smt_bvadd(l, r)
+    case BVSUB    => BitVectorEval.smt_bvsub(l, r)
+    case BVMUL    => BitVectorEval.smt_bvmul(l, r)
+    case BVUDIV   => BitVectorEval.smt_bvudiv(l, r)
+    case BVSDIV   => BitVectorEval.smt_bvsdiv(l, r)
+    case BVSREM   => BitVectorEval.smt_bvsrem(l, r)
+    case BVUREM   => BitVectorEval.smt_bvurem(l, r)
+    case BVSMOD   => BitVectorEval.smt_bvsmod(l, r)
+    case BVAND    => BitVectorEval.smt_bvand(l, r)
+    case BVOR     => BitVectorEval.smt_bvxor(l, r)
+    case BVXOR    => BitVectorEval.smt_bvxor(l, r)
+    case BVNAND   => BitVectorEval.smt_bvnand(l, r)
+    case BVNOR    => BitVectorEval.smt_bvnor(l, r)
+    case BVXNOR   => BitVectorEval.smt_bvxnor(l, r)
+    case BVSHL    => BitVectorEval.smt_bvshl(l, r)
+    case BVLSHR   => BitVectorEval.smt_bvlshr(l, r)
+    case BVASHR   => BitVectorEval.smt_bvashr(l, r)
+    case BVCOMP   => BitVectorEval.smt_bvcomp(l, r)
     case BVCONCAT => BitVectorEval.smt_concat(l, r)
-    case BVULE => throw Exception("Did not expect logical op")
-    case BVULT => throw Exception("Did not expect logical op")
-    case BVUGT => throw Exception("Did not expect logical op")
-    case BVUGE => throw Exception("Did not expect logical op")
-    case BVSLT => throw Exception("Did not expect logical op")
-    case BVSLE => throw Exception("Did not expect logical op")
-    case BVSGT => throw Exception("Did not expect logical op")
-    case BVSGE => throw Exception("Did not expect logical op")
-    case BVEQ => throw Exception("Did not expect logical op")
-    case BVNEQ => throw Exception("Did not expect logical op")
+    case BVULE | BVULT | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE | BVEQ | BVNEQ =>
+      throw Exception("Did not expect logical op")
   }
 }
 
-def evalBVLogBinExpr(b: BVBinOp, l: BitVecLiteral, r:BitVecLiteral) : Boolean = b match {
+def evalBVLogBinExpr(b: BVBinOp, l: BitVecLiteral, r: BitVecLiteral): Boolean = b match {
   case BVULE => BitVectorEval.smt_bvule(l, r)
   case BVUGT => BitVectorEval.smt_bvult(l, r)
   case BVUGE => BitVectorEval.smt_bvuge(l, r)
-  case BVULT  => BitVectorEval.smt_bvult(l, r)
-  case BVSLT  => BitVectorEval.smt_bvslt(l, r)
-  case BVSLE  => BitVectorEval.smt_bvsle(l, r)
-  case BVSGT  => BitVectorEval.smt_bvsgt(l, r)
-  case BVSGE  => BitVectorEval.smt_bvsge(l, r)
+  case BVULT => BitVectorEval.smt_bvult(l, r)
+  case BVSLT => BitVectorEval.smt_bvslt(l, r)
+  case BVSLE => BitVectorEval.smt_bvsle(l, r)
+  case BVSGT => BitVectorEval.smt_bvsgt(l, r)
+  case BVSGE => BitVectorEval.smt_bvsge(l, r)
   case BVEQ  => BitVectorEval.smt_bveq(l, r)
-  case BVNEQ  => BitVectorEval.smt_bvneq(l, r)
-  case BVADD => throw Exception("Did not expect non-logical op")
-  case BVSUB => throw Exception("Did not expect non-logical op")
-  case BVMUL => throw Exception("Did not expect non-logical op")
-  case BVUDIV => throw Exception("Did not expect non-logical op")
-  case BVSDIV => throw Exception("Did not expect non-logical op")
-  case BVSREM => throw Exception("Did not expect non-logical op")
-  case BVUREM => throw Exception("Did not expect non-logical op")
-  case BVSMOD => throw Exception("Did not expect non-logical op")
-  case BVAND => throw Exception("Did not expect non-logical op")
-  case BVOR => throw Exception("Did not expect non-logical op")
-  case BVXOR => throw Exception("Did not expect non-logical op")
-  case BVNAND => throw Exception("Did not expect non-logical op")
-  case BVNOR => throw Exception("Did not expect non-logical op")
-  case BVXNOR => throw Exception("Did not expect non-logical op")
-  case BVSHL => throw Exception("Did not expect non-logical op")
-  case BVLSHR => throw Exception("Did not expect non-logical op")
-  case BVASHR => throw Exception("Did not expect non-logical op")
-  case BVCOMP => throw Exception("Did not expect non-logical op")
-  case BVCONCAT => throw Exception("Did not expect non-logical op")
+  case BVNEQ => BitVectorEval.smt_bvneq(l, r)
+  case BVADD | BVSUB | BVMUL | BVUDIV | BVSDIV | BVSREM | BVUREM | BVSMOD | BVAND | BVOR | BVXOR | BVNAND | BVNOR |
+      BVXNOR | BVSHL | BVLSHR | BVASHR | BVCOMP | BVCONCAT =>
+    throw Exception("Did not expect non-logical op")
 }
 
-def evalIntLogBinExpr(b: IntBinOp, l:BigInt, r:BigInt) : Boolean = b match {
-  case IntEQ => l == r
-  case IntNEQ =>  l != r
-  case IntLT => l < r
-  case IntLE =>  l <= r
-  case IntGT =>  l > r
-  case IntGE =>  l >= r
-  case IntADD => throw Exception("Did not expect non-logical op")
-  case IntSUB => throw Exception("Did not expect non-logical op")
-  case IntMUL => throw Exception("Did not expect non-logical op")
-  case IntDIV => throw Exception("Did not expect non-logical op")
-  case IntMOD  => throw Exception("Did not expect non-logical op")
+def evalIntLogBinExpr(b: IntBinOp, l: BigInt, r: BigInt): Boolean = b match {
+  case IntEQ                                      => l == r
+  case IntNEQ                                     => l != r
+  case IntLT                                      => l < r
+  case IntLE                                      => l <= r
+  case IntGT                                      => l > r
+  case IntGE                                      => l >= r
+  case IntADD | IntSUB | IntMUL | IntDIV | IntMOD => throw Exception("Did not expect non-logical op")
 }
 
-def evalIntBinExpr(b: IntBinOp, l:BigInt, r: BigInt): BigInt = b match {
+def evalIntBinExpr(b: IntBinOp, l: BigInt, r: BigInt): BigInt = b match {
   case IntADD => l + r
-  case IntSUB =>  l - r
+  case IntSUB => l - r
   case IntMUL => l * r
-  case IntDIV =>  l / r
-  case IntMOD  => l % r
-  case IntEQ => throw Exception("Did not expect logical op")
+  case IntDIV => l / r
+  case IntMOD => l % r
+  case IntEQ  => throw Exception("Did not expect logical op")
   case IntNEQ => throw Exception("Did not expect logical op")
-  case IntLT => throw Exception("Did not expect logical op")
-  case IntLE => throw Exception("Did not expect logical op")
-  case IntGT => throw Exception("Did not expect logical op")
-  case IntGE => throw Exception("Did not expect logical op")
+  case IntLT  => throw Exception("Did not expect logical op")
+  case IntLE  => throw Exception("Did not expect logical op")
+  case IntGT  => throw Exception("Did not expect logical op")
+  case IntGE  => throw Exception("Did not expect logical op")
 }
 
-
-def evalBoolLogBinExpr(b: BoolBinOp, l:Boolean, r:Boolean) : Boolean = b match {
-  case BoolEQ => l == r
-  case BoolEQUIV => l == r
-  case BoolNEQ => l != r
-  case BoolAND => l && r
-  case BoolOR => l || r
+def evalBoolLogBinExpr(b: BoolBinOp, l: Boolean, r: Boolean): Boolean = b match {
+  case BoolEQ      => l == r
+  case BoolEQUIV   => l == r
+  case BoolNEQ     => l != r
+  case BoolAND     => l && r
+  case BoolOR      => l || r
   case BoolIMPLIES => l || (!r)
 }
 
-
-def evalUnOp(op: UnOp, body: Literal) : Expr = {
+def evalUnOp(op: UnOp, body: Literal): Expr = {
   (body, op) match {
-    case (b: BitVecLiteral, BVNOT) => BitVectorEval.smt_bvnot(b) 
-    case (b: BitVecLiteral, BVNEG) => BitVectorEval.smt_bvneg(b) 
-    case (i: IntLiteral, IntNEG) => IntLiteral(-i.value)
-    case (FalseLiteral, BoolNOT) => TrueLiteral
-    case (TrueLiteral, BoolNOT) => FalseLiteral
+    case (b: BitVecLiteral, BVNOT) => BitVectorEval.smt_bvnot(b)
+    case (b: BitVecLiteral, BVNEG) => BitVectorEval.smt_bvneg(b)
+    case (i: IntLiteral, IntNEG)   => IntLiteral(-i.value)
+    case (FalseLiteral, BoolNOT)   => TrueLiteral
+    case (TrueLiteral, BoolNOT)    => FalseLiteral
   }
 }
 
-
-
-def evalIntExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BigInt] = {
+def evalIntExpr(
+    exp: Expr,
+    variableAssignment: Variable => Option[Literal],
+    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+): Either[Expr, BigInt] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case i: IntLiteral => Right(i.value)
-    case o => Left(o) 
+    case o             => Left(o)
   }
 }
 
-def evalBVExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Either[Expr, BitVecLiteral] = {
+def evalBVExpr(
+    exp: Expr,
+    variableAssignment: Variable => Option[Literal],
+    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+): Either[Expr, BitVecLiteral] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case b: BitVecLiteral => Right(b)
-    case o => Left(o) 
+    case o                => Left(o)
   }
 }
 
-def evalLogExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c, d) => None)): Either[Expr, Boolean] = {
+def evalLogExpr(
+    exp: Expr,
+    variableAssignment: Variable => Option[Literal],
+    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+): Either[Expr, Boolean] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
-    case TrueLiteral => Right(true)
+    case TrueLiteral  => Right(true)
     case FalseLiteral => Right(false)
-    case o => Left(o)
+    case o            => Left(o)
   }
 }
 
-def evalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a,b,c) => None)): Option[Literal] = {
+def evalExpr(
+    exp: Expr,
+    variableAssignment: Variable => Option[Literal],
+    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a, b, c) => None)
+): Option[Literal] = {
   partialEvalExpr match {
     case l: Literal => Some(l)
-    case _ => None
+    case _          => None
   }
 }
 
-
-/**
- * typeclass defining variable and memory laoding from state S
- */
+/** typeclass defining variable and memory laoding from state S
+  */
 trait Loader[S, E] {
-  def getVariable(v: Variable) : State[S, Option[Literal], E]
-  def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[S, Option[Literal], E] = {
+  def getVariable(v: Variable): State[S, Option[Literal], E]
+  def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[S, Option[Literal], E] = {
     State.pure(None)
   }
 }
 
-
 def statePartialEvalExpr[S, E](l: Loader[S, E])(exp: Expr): State[S, Expr, E] = {
   val eval = statePartialEvalExpr(l)
   exp match {
     case f: UninterpretedFunction => State.pure(f)
-    case unOp: UnaryExpr => for {
-      body <- eval(unOp.arg)
-    } yield (
-      body match {
+    case unOp: UnaryExpr =>
+      for {
+        body <- eval(unOp.arg)
+      } yield (body match {
         case l: Literal => evalUnOp(unOp.op, l)
-        case o => UnaryExpr(unOp.op, body)
+        case o          => UnaryExpr(unOp.op, body)
       })
-    case binOp: BinaryExpr => for {
-      lhs <- eval(binOp.arg1)
-      rhs <- eval(binOp.arg2)
-    } yield (
-      binOp.getType match {
+    case binOp: BinaryExpr =>
+      for {
+        lhs <- eval(binOp.arg1)
+        rhs <- eval(binOp.arg2)
+      } yield (binOp.getType match {
         case m: MapType => binOp
         case b: BitVecType => {
           (binOp.op, lhs, rhs) match {
             case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => evalBVBinExpr(o, l, r)
-            case _ => BinaryExpr(binOp.op, lhs, rhs)
+            case _                                                => BinaryExpr(binOp.op, lhs, rhs)
           }
         }
         case BoolType => {
           def bool2lit(b: Boolean) = if b then TrueLiteral else FalseLiteral
           (binOp.op, lhs, rhs) match {
             case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => bool2lit(evalBVLogBinExpr(o, l, r))
-            case (o: IntBinOp, l: IntLiteral , r: IntLiteral) => bool2lit(evalIntLogBinExpr(o, l.value, r.value))
-            case (o: BoolBinOp, l: BoolLit, r: BoolLit) => bool2lit(evalBoolLogBinExpr(o, l.value, r.value))
-            case _ => BinaryExpr(binOp.op, lhs, rhs)
+            case (o: IntBinOp, l: IntLiteral, r: IntLiteral)      => bool2lit(evalIntLogBinExpr(o, l.value, r.value))
+            case (o: BoolBinOp, l: BoolLit, r: BoolLit)           => bool2lit(evalBoolLogBinExpr(o, l.value, r.value))
+            case _                                                => BinaryExpr(binOp.op, lhs, rhs)
           }
         }
         case IntType => {
           (binOp.op, lhs, rhs) match {
-            case (o: IntBinOp, l: IntLiteral , r: IntLiteral) => IntLiteral(evalIntBinExpr(o, l.value, r.value))
-            case _ => BinaryExpr(binOp.op, lhs, rhs)
+            case (o: IntBinOp, l: IntLiteral, r: IntLiteral) => IntLiteral(evalIntBinExpr(o, l.value, r.value))
+            case _                                           => BinaryExpr(binOp.op, lhs, rhs)
           }
         }
       })
-    case extend: ZeroExtend => for {
-      body <- eval(extend.body)
-    } yield (body match {
-      case b : BitVecLiteral => BitVectorEval.smt_zero_extend(extend.extension, b)
-      case o => extend.copy(body=o)
-    })
-    case extend: SignExtend => for {
-      body <- eval(extend.body) 
-    } yield (body match {
-      case b: BitVecLiteral => BitVectorEval.smt_sign_extend(extend.extension, b)
-      case o => extend.copy(body=o)
-    })
-    case e: Extract =>  for {
-      body <- eval(e.body) 
-    } yield (body match {
-      case b: BitVecLiteral => BitVectorEval.boogie_extract(e.end, e.start, b)
-      case o => e.copy(body=o)
-    })
-    case r: Repeat => for {
-      body <- eval(r.body)
+    case extend: ZeroExtend =>
+      for {
+        body <- eval(extend.body)
+      } yield (body match {
+        case b: BitVecLiteral => BitVectorEval.smt_zero_extend(extend.extension, b)
+        case o                => extend.copy(body = o)
+      })
+    case extend: SignExtend =>
+      for {
+        body <- eval(extend.body)
+      } yield (body match {
+        case b: BitVecLiteral => BitVectorEval.smt_sign_extend(extend.extension, b)
+        case o                => extend.copy(body = o)
+      })
+    case e: Extract =>
+      for {
+        body <- eval(e.body)
+      } yield (body match {
+        case b: BitVecLiteral => BitVectorEval.boogie_extract(e.end, e.start, b)
+        case o                => e.copy(body = o)
+      })
+    case r: Repeat =>
+      for {
+        body <- eval(r.body)
       } yield (body match {
         case b: BitVecLiteral => {
           assert(r.repeats > 0)
-          if (r.repeats == 1) b 
+          if (r.repeats == 1) b
           else {
             (2 to r.repeats).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b))
           }
         }
-        case o => r.copy(body=o)
-    })
-    case variable: Variable => for {
-      v : Option[Literal] <- l.getVariable(variable)
-    } yield (v.getOrElse(variable))
-    case ml: MemoryLoad => for {
-      addr <- eval(ml.index)
-      mem <- l.loadMemory(ml.mem, addr, ml.endian, ml.size)
-    }  yield (mem.getOrElse(ml))
+        case o => r.copy(body = o)
+      })
+    case variable: Variable =>
+      for {
+        v: Option[Literal] <- l.getVariable(variable)
+      } yield (v.getOrElse(variable))
+    case ml: MemoryLoad =>
+      for {
+        addr <- eval(ml.index)
+        mem <- l.loadMemory(ml.mem, addr, ml.endian, ml.size)
+      } yield (mem.getOrElse(ml))
     case b: BitVecLiteral => State.pure(b)
-    case b: IntLiteral => State.pure(b)
-    case b: BoolLit => State.pure(b)
+    case b: IntLiteral    => State.pure(b)
+    case b: BoolLit       => State.pure(b)
   }
 }
 
-
-class StatelessLoader[E](getVar: Variable => Option[Literal], loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)) extends Loader[Unit, E] {
-  def getVariable(v: Variable) : State[Unit, Option[Literal], E] = State.pure(getVar(v))
-  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int) : State[Unit, Option[Literal], E] = State.pure(loadMem(m, addr, endian, size))
+class StatelessLoader[E](
+    getVar: Variable => Option[Literal],
+    loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+) extends Loader[Unit, E] {
+  def getVariable(v: Variable): State[Unit, Option[Literal], E] = State.pure(getVar(v))
+  override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[Unit, Option[Literal], E] =
+    State.pure(loadMem(m, addr, endian, size))
 }
 
-
-def partialEvalExpr(exp: Expr, variableAssignment: Variable => Option[Literal], memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a,b,c,d) => None)): Expr = {
+def partialEvalExpr(
+    exp: Expr,
+    variableAssignment: Variable => Option[Literal],
+    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+): Expr = {
   val l = StatelessLoader(variableAssignment, memory)
   State.evaluate((), statePartialEvalExpr(l)(exp)) match {
     case Right(e) => e
-    case Left(e) => throw Exception("Unable to evaluate expr : " + e.toString)
+    case Left(e)  => throw Exception("Unable to evaluate expr : " + e.toString)
   }
 }
-
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 655de30d4..b764b4746 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -223,7 +223,22 @@ case object Eval {
   }
 }
 
-case object InterpFuns {
+object LibcIntrinsic {
+
+  def putc[S, E, T <: Effects[S, E]](s: T)(f: BitVecLiteral, c: BitVecLiteral): State[S, Unit, E] = {
+    State.pure(())
+  }
+
+  def puts[S, E, T <: Effects[S, E]](s: T)(f: BitVecLiteral, str: BitVecLiteral): State[S, Unit, E] = {
+    State.pure(())
+  }
+
+  def printf[S, E, T <: Effects[S, E]](s: T)(f: BitVecLiteral, str: BitVecLiteral): State[S, Unit, E] = {
+    State.pure(())
+  }
+}
+
+object InterpFuns {
 
   def initRelocTable[S, E, T <: Effects[S, E]](s: T)(p: Program, reladyn: Set[(BigInt, String)]): State[S, Unit, E] = {
 
@@ -243,7 +258,7 @@ case object InterpFuns {
         case Some(x) => x
         case None    => /* println(s"No address for function ${proc.name} ${"%x".format(offset)}"); */ 0
       }
-      // im guessing proc.address will be undefined and we will have to choose one for our intrinsic libc funcs
+      // proc.address will be undefined and we will have to choose one for our intrinsic libc funcs
       (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc))))
     })
 
@@ -256,9 +271,7 @@ case object InterpFuns {
       )
     })
 
-    for {
-      _ <- State.sequence[S, Unit, E](State.pure(()), stores)
-    } yield ()
+    State.sequence[S, Unit, E](State.pure(()), stores)
   }
 
   /** Functions which compile BASIL IR down to the minimal interpreter effects.
@@ -450,21 +463,14 @@ case object InterpFuns {
     } yield (st)
 
     bss match {
-      case None => Logger.error("No BSS initialised"); State.pure(())
-      case Some(init) =>
-        for {
-          _ <- init("mem")
-          _ <- init("stack")
-        } yield ()
+      case None       => Logger.error("No BSS initialised"); State.pure(())
+      case Some(init) => init("mem") >> init("stack")
     }
   }
 
   def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
-    val st = for {
-      _ <- initialiseProgram(f)(p.program)
-      _ <- initBSS(f)(p)
-      _ <- InterpFuns.initRelocTable(f)(p.program, p.externalFunctions.map(f => (f.offset, f.name)))
-    } yield ()
+    val st = (initialiseProgram(f)(p.program) >> initBSS(f)(p))
+      >> InterpFuns.initRelocTable(f)(p.program, p.externalFunctions.map(f => (f.offset, f.name)))
     val begin = State.execute(is, st)
     interpret(f, begin)
   }
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index dc7139d29..ab716d101 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -418,3 +418,8 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
   } yield ()
 
 }
+
+// def interpretTrace(IRProgram: Program): TracingInterpreter = {
+//   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
+//   s
+//e
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index 7be824194..a9c9c73d1 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -7,6 +7,12 @@ case class State[S, A, E](f: S => (S, Either[E, A])) {
 
   def unit[A](a: A): State[S, A, E] = State(s => (s, Right(a)))
 
+  def >>(o: State[S,A,E]) = for {
+    _ <- this
+    _ <- o
+  } yield (())
+
+
   def flatMap[B](f: A => State[S, B, E]): State[S, B, E] = State(s => {
     val (s2, a) = this.f(s)
     val r  = a match {
@@ -50,10 +56,6 @@ object State {
     case Left(e) => (s, Left(e))
   })
   def execute[S, A, E](s: S, c: State[S,A, E]) : S = c.f(s)._1
-  // def evaluate[S, A, E](s: S, c: State[S,A, E])  : A = c.f(s)._2 match {
-  //   case Right(r) => r
-  //   case Left(l) => throw Exception(s"Evaluation error $l")
-  // }
   def evaluate[S, A, E](s: S, c: State[S,A, E])  : Either[E,A] = c.f(s)._2
 
   def setError[S,A,E](e: E) : State[S,A,E] =  State(s => (s, Left(e)))
diff --git a/src/test/scala/IndircallDifferential.scala b/src/test/scala/DifferentialAnalysis.scala
similarity index 94%
rename from src/test/scala/IndircallDifferential.scala
rename to src/test/scala/DifferentialAnalysis.scala
index 03ea9dbd7..3de9450b5 100644
--- a/src/test/scala/IndircallDifferential.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -18,7 +18,7 @@ import util.RunUtils.loadAndTranslate
 
 import scala.collection.mutable
 
-class DifferentialIndirectCall extends AnyFunSuite {
+class DifferentialAnalysis extends AnyFunSuite {
 
   Logger.setLevel(LogLevel.WARN)
 
@@ -33,14 +33,11 @@ class DifferentialIndirectCall extends AnyFunSuite {
         case e @ ExecEffect.LoadMem("mem", _) => e
       }
     }
-    println(traceInit.t.mkString("\n"))
-
     // println(traceInit.t.mkString("\n    "))
     assert(initialRes.nextCmd == Stopped())
     assert(result.nextCmd == Stopped())
-    // assert(initialRes.memoryState.diff(result.memoryState) == Map.empty)
     assert(Set.empty == initialRes.memoryState.getMem("mem").toSet.diff(result.memoryState.getMem("mem").toSet))
-    assert(filterEvents(traceInit.t) == filterEvents(traceRes.t))
+    assert(filterEvents(traceInit.t).mkString("\n") == filterEvents(traceRes.t).mkString("\n"))
   }
 
   def testProgram(testName: String, examplePath: String) = {

From 0abf6542bb6ecfd611a97f3558a68e855ba8780e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 15:06:36 +1000
Subject: [PATCH 033/127] cleanup init trace

---
 src/main/scala/ir/eval/ExprEval.scala         | 23 ++++++++-----------
 src/main/scala/ir/eval/InterpretBasilIR.scala | 15 ++++++++----
 src/main/scala/ir/eval/InterpretTrace.scala   |  4 +++-
 src/main/scala/ir/eval/Interpreter.scala      |  5 ----
 4 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index e24355254..65218caf2 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -34,7 +34,7 @@ def evalBVBinExpr(b: BVBinOp, l: BitVecLiteral, r: BitVecLiteral): BitVecLiteral
     case BVCOMP   => BitVectorEval.smt_bvcomp(l, r)
     case BVCONCAT => BitVectorEval.smt_concat(l, r)
     case BVULE | BVULT | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE | BVEQ | BVNEQ =>
-      throw Exception("Did not expect logical op")
+      throw IllegalArgumentException("Did not expect logical op")
   }
 }
 
@@ -51,7 +51,7 @@ def evalBVLogBinExpr(b: BVBinOp, l: BitVecLiteral, r: BitVecLiteral): Boolean =
   case BVNEQ => BitVectorEval.smt_bvneq(l, r)
   case BVADD | BVSUB | BVMUL | BVUDIV | BVSDIV | BVSREM | BVUREM | BVSMOD | BVAND | BVOR | BVXOR | BVNAND | BVNOR |
       BVXNOR | BVSHL | BVLSHR | BVASHR | BVCOMP | BVCONCAT =>
-    throw Exception("Did not expect non-logical op")
+    throw IllegalArgumentException("Did not expect non-logical op")
 }
 
 def evalIntLogBinExpr(b: IntBinOp, l: BigInt, r: BigInt): Boolean = b match {
@@ -61,21 +61,16 @@ def evalIntLogBinExpr(b: IntBinOp, l: BigInt, r: BigInt): Boolean = b match {
   case IntLE                                      => l <= r
   case IntGT                                      => l > r
   case IntGE                                      => l >= r
-  case IntADD | IntSUB | IntMUL | IntDIV | IntMOD => throw Exception("Did not expect non-logical op")
+  case IntADD | IntSUB | IntMUL | IntDIV | IntMOD => throw IllegalArgumentException("Did not expect non-logical op")
 }
 
 def evalIntBinExpr(b: IntBinOp, l: BigInt, r: BigInt): BigInt = b match {
-  case IntADD => l + r
-  case IntSUB => l - r
-  case IntMUL => l * r
-  case IntDIV => l / r
-  case IntMOD => l % r
-  case IntEQ  => throw Exception("Did not expect logical op")
-  case IntNEQ => throw Exception("Did not expect logical op")
-  case IntLT  => throw Exception("Did not expect logical op")
-  case IntLE  => throw Exception("Did not expect logical op")
-  case IntGT  => throw Exception("Did not expect logical op")
-  case IntGE  => throw Exception("Did not expect logical op")
+  case IntADD                                         => l + r
+  case IntSUB                                         => l - r
+  case IntMUL                                         => l * r
+  case IntDIV                                         => l / r
+  case IntMOD                                         => l % r
+  case IntEQ | IntNEQ | IntLT | IntLE | IntGT | IntGE => throw IllegalArgumentException("Did not expect logical op")
 }
 
 def evalBoolLogBinExpr(b: BoolBinOp, l: Boolean, r: Boolean): Boolean = b match {
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index b764b4746..7750036ba 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -7,7 +7,7 @@ import util.Logger
 import util.functional.*
 import util.functional.State.*
 import boogie.Scope
-import scala.collection.WithFilter
+import collection.mutable.ArrayBuffer
 
 import scala.annotation.tailrec
 import scala.collection.mutable
@@ -262,7 +262,8 @@ object InterpFuns {
       (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc))))
     })
 
-    val stores = fptrs.map((p) => {
+    // sort for deterministic trace
+    val stores = fptrs.sortBy(f => f._1).map((p) => {
       val (offset, fptr) = p
       Eval.storeSingle[S, E, T](s)(
         "mem",
@@ -297,7 +298,7 @@ object InterpFuns {
   }
 
   def initialiseProgram[S, T <: Effects[S, InterpreterError]](f: T)(p: Program): State[S, Unit, InterpreterError] = {
-    def initMemory(mem: String, mems: Iterable[MemorySection]) = {
+    def initMemory(mem: String, mems: ArrayBuffer[MemorySection]) = {
       for {
         m <- State.sequence(
           State.pure(()),
@@ -468,10 +469,14 @@ object InterpFuns {
     }
   }
 
-  def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
+  def initProgState[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
     val st = (initialiseProgram(f)(p.program) >> initBSS(f)(p))
       >> InterpFuns.initRelocTable(f)(p.program, p.externalFunctions.map(f => (f.offset, f.name)))
-    val begin = State.execute(is, st)
+    State.execute(is, st)
+  }
+
+  def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
+    val begin = initProgState(f)(p, is)
     interpret(f, begin)
   }
 }
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index c9565d51e..413222753 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -69,6 +69,8 @@ def interpretTrace(p: Program) : (InterpreterState, Trace) = {
 
 
 def interpretTrace(p: IRContext) : (InterpreterState, Trace) = {
-  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+  val b = InterpFuns.initProgState(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+  // Throw away the trace of program initialisation
+  InterpFuns.interpret(tracingInterpreter, (b._1, Trace(List())))
 }
 
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index ab716d101..dc7139d29 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -418,8 +418,3 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
   } yield ()
 
 }
-
-// def interpretTrace(IRProgram: Program): TracingInterpreter = {
-//   val s: TracingInterpreter = InterpFuns.interpretProg(IRProgram, TracingInterpreter(InterpreterState(), List()))
-//   s
-//e

From 9192ce37ee71e600c310baf294be7c897be04836 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 15:58:08 +1000
Subject: [PATCH 034/127] intrinsic stub and cleanup errors

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 99 +++++++++----------
 .../scala/ir/eval/InterpretBreakpoints.scala  |  2 +-
 src/main/scala/ir/eval/Interpreter.scala      | 75 ++++++++------
 3 files changed, 90 insertions(+), 86 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 7750036ba..c31ac1c53 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -75,7 +75,7 @@ case object Eval {
       res <- evalExpr(f)(e)
       r <- State.pureE(res match {
         case l: BitVecLiteral => Right(l)
-        case _                => Left(InterpreterError(Errored(s"Eval BV residual $e")))
+        case _                => Left((Errored(s"Eval BV residual $e")))
       })
     } yield (r)
   }
@@ -85,7 +85,7 @@ case object Eval {
       res <- evalExpr(f)(e)
       r <- State.pureE(res match {
         case l: IntLiteral => Right(l.value)
-        case _             => Left(InterpreterError(Errored(s"Eval Int residual $e")))
+        case _             => Left((Errored(s"Eval Int residual $e")))
       })
     } yield (r)
   }
@@ -95,7 +95,7 @@ case object Eval {
       res <- evalExpr(f)(e)
       r <- State.pureE(res match {
         case l: BoolLit => Right(l == TrueLiteral)
-        case _          => Left(InterpreterError(Errored(s"Eval Bool residual $e")))
+        case _          => Left((Errored(s"Eval Bool residual $e")))
       })
     } yield (r)
   }
@@ -109,7 +109,7 @@ case object Eval {
   )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue], InterpreterError] = {
     for {
       _ <-
-        if (count == 0) then State.setError(InterpreterError(Errored(s"Attempted fractional load"))) else State.pure(())
+        if (count == 0) then State.setError((Errored(s"Attempted fractional load"))) else State.pure(())
       keys <- State.mapM(((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i))), (0 until count))
       values <- f.loadMem(vname, keys.toList)
       vals = endian match {
@@ -126,7 +126,7 @@ case object Eval {
     mem <- f.loadVar(vname)
     x <- mem match {
       case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => State.pure((sz, mapv))
-      case _ => State.setError(InterpreterError(Errored("Trued to load-concat non bv")))
+      case _                                              => State.setError((Errored("Trued to load-concat non bv")))
     }
     (valsize, mapv) = x
 
@@ -140,7 +140,7 @@ case object Eval {
             case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => State.pure(bv)
             case c =>
               State.setError(
-                InterpreterError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
+                TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize")
               )
           },
         res
@@ -171,7 +171,7 @@ case object Eval {
     x <- mem match {
       case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) =>
         State.pure((m, kt, vt))
-      case v => State.setError(InterpreterError(TypeError(s"Invalid map store operation to $vname : $v")))
+      case v => State.setError((TypeError(s"Invalid map store operation to $vname : $v")))
     }
     (mapval, keytype, valtype) = x
     keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until values.size))
@@ -190,19 +190,22 @@ case object Eval {
       endian: Endian
   ): State[S, Unit, InterpreterError] = for {
     mem <- f.loadVar(vname)
-    (mapval, vsize) = mem match {
-      case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => (m, size)
+    mr <- mem match {
+      case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => State.pure((m, size))
       case v =>
-        throw InterpreterError(
+        State.setError(
           TypeError(
             s"Invalid map store operation to $vname : ${v.irType} (expect [${addr.irType}] <- ${value.getType})"
           )
         )
     }
+    (mapval, vsize) = mr
     cells = value.size / vsize
     _ = {
       if (cells < 1) {
-        throw InterpreterError(MemoryError("Tried to execute fractional store"))
+        State.setError((MemoryError("Tried to execute fractional store")))
+      } else {
+        State.pure(())
       }
     }
 
@@ -223,21 +226,6 @@ case object Eval {
   }
 }
 
-object LibcIntrinsic {
-
-  def putc[S, E, T <: Effects[S, E]](s: T)(f: BitVecLiteral, c: BitVecLiteral): State[S, Unit, E] = {
-    State.pure(())
-  }
-
-  def puts[S, E, T <: Effects[S, E]](s: T)(f: BitVecLiteral, str: BitVecLiteral): State[S, Unit, E] = {
-    State.pure(())
-  }
-
-  def printf[S, E, T <: Effects[S, E]](s: T)(f: BitVecLiteral, str: BitVecLiteral): State[S, Unit, E] = {
-    State.pure(())
-  }
-}
-
 object InterpFuns {
 
   def initRelocTable[S, E, T <: Effects[S, E]](s: T)(p: Program, reladyn: Set[(BigInt, String)]): State[S, Unit, E] = {
@@ -263,14 +251,16 @@ object InterpFuns {
     })
 
     // sort for deterministic trace
-    val stores = fptrs.sortBy(f => f._1).map((p) => {
-      val (offset, fptr) = p
-      Eval.storeSingle[S, E, T](s)(
-        "mem",
-        Scalar(BitVecLiteral(offset, 64)),
-        fptr
-      )
-    })
+    val stores = fptrs
+      .sortBy(f => f._1)
+      .map((p) => {
+        val (offset, fptr) = p
+        Eval.storeSingle[S, E, T](s)(
+          "mem",
+          Scalar(BitVecLiteral(offset, 64)),
+          fptr
+        )
+      })
 
     State.sequence[S, Unit, E](State.pure(()), stores)
   }
@@ -350,20 +340,23 @@ object InterpFuns {
         val assumes = gt.targets.flatMap(_.statements.headOption).collect { case a: Assume =>
           a
         }
-        if (assumes.size != gt.targets.size) {
-          throw InterpreterError(Errored(s"Some goto target missing guard $gt"))
-        }
         for {
+          _ <-
+            if (assumes.size != gt.targets.size) {
+              State.setError((Errored(s"Some goto target missing guard $gt")))
+            } else {
+              State.pure(())
+            }
           chosen: List[Assume] <- filterM((a: Assume) => Eval.evalBool(f)(a.body), assumes)
 
           res <- chosen match {
-            case Nil      => f.setNext(Errored(s"No jump target satisfied $gt"))
+            case Nil      => State.setError(Errored(s"No jump target satisfied $gt"))
             case h :: Nil => f.setNext(Run(h))
-            case h :: tl  => f.setNext(Errored(s"More than one jump guard satisfied $gt"))
+            case h :: tl  => State.setError(Errored(s"More than one jump guard satisfied $gt"))
           }
         } yield (res)
       case r: Return      => f.doReturn()
-      case h: Unreachable => f.setNext(EscapedControlFlow(h))
+      case h: Unreachable => State.setError(EscapedControlFlow(h))
     }
   }
 
@@ -398,7 +391,7 @@ object InterpFuns {
           b <- Eval.evalBool(f)(assume.body)
           n <-
             (if (!b) {
-               f.setNext(Errored(s"Assumption not satisfied: $assume"))
+               State.setError(Errored(s"Assumption not satisfied: $assume"))
              } else {
                f.setNext(Run(s.successor))
              })
@@ -409,9 +402,10 @@ object InterpFuns {
             if (dc.target.entryBlock.isDefined) {
               val block = dc.target.entryBlock.get
               f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
+            } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
+              f.call(dc.target.name, CallIntrinsic(dc.target.name), Run(dc.successor))
             } else {
-              State.setError(InterpreterError(EscapedControlFlow(dc)))
-              //f.setNext(Run(dc.successor))
+              State.setError(EscapedControlFlow(dc))
             }
         } yield (n)
       case ic: IndirectCall => {
@@ -423,7 +417,7 @@ object InterpFuns {
             fp <- f.evalAddrToProc(addr.value.toInt)
             _ <- fp match {
               case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
-              case none     => State.setError(InterpreterError(EscapedControlFlow(ic)))
+              case none     => State.setError(EscapedControlFlow(ic))
             }
           } yield ()
         }
@@ -433,17 +427,14 @@ object InterpFuns {
   }
 
   def interpret[S, E, T <: Effects[S, E]](f: T, m: S): S = {
-    State.evaluate(m, f.getNext) match {
-      case Right(next) => {
-        Logger.debug(s"eval $next")
-        next match {
-          case Run(c)    => interpret(f, State.execute(m, f.interpretOne))
-          case Stopped() => m
-          case errorstop => m
-        }
-      }
-      case Left(err) => m
+    // run to fixed point
+    var o = m
+    var n = State.execute(o, f.interpretOne)
+    while (o != n) {
+      o = n
+      n = State.execute(o, f.interpretOne)
     }
+    n
   }
 
   def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: Program, is: S): S = {
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index b00622440..8121d139d 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -46,7 +46,7 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
                   ev <- doLeft(Eval.evalExpr(f)(e._2))
                   } yield (e._1, e._2, ev)
                 , action.evalExprs))
-                _ <- if action.stop then doLeft(f.setNext(Errored(s"Stopped at breakpoint ${name}"))) else doLeft(State.pure(()))
+                _ <- if action.stop then doLeft(State.setError(Errored(s"Stopped at breakpoint ${name}"))) else doLeft(State.pure(()))
                 _ <- State.pure({
                   if (action.log) {
                     val bpn = breakpoint.name
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index dc7139d29..04ced6d96 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -18,18 +18,18 @@ sealed trait ExecutionContinuation
 case class FailedAssertion(a: Assert) extends ExecutionContinuation
 
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
+case class ErrorStop(error: InterpreterError) extends ExecutionContinuation /* normal program stop  */
 case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
+case class CallIntrinsic(val name: String) extends ExecutionContinuation /* continue by executing next command */
 
+sealed trait InterpreterError
 case class EscapedControlFlow(val call: Jump | Call)
-    extends ExecutionContinuation /* controlflow has reached somewhere eunrecoverable */
-
-case class Errored(val message: String = "") extends ExecutionContinuation
-case class TypeError(val message: String = "") extends ExecutionContinuation /* type mismatch appeared */
+    extends InterpreterError /* controlflow has reached somewhere eunrecoverable */
+case class Errored(val message: String = "") extends InterpreterError
+case class TypeError(val message: String = "") extends InterpreterError /* type mismatch appeared */
 case class EvalError(val message: String = "")
-    extends ExecutionContinuation /* failed to evaluate an expression to a concrete value */
-case class MemoryError(val message: String = "") extends ExecutionContinuation /* An error to do with memory */
-
-case class InterpreterError(continue: ExecutionContinuation) extends Exception()
+    extends InterpreterError /* failed to evaluate an expression to a concrete value */
+case class MemoryError(val message: String = "") extends InterpreterError /* An error to do with memory */
 
 /* Concrete value type of the interpreter. */
 sealed trait BasilValue(val irType: IRType)
@@ -68,7 +68,7 @@ case object BasilValue {
       case _ if vr == 0              => Right(l)
       case Scalar(IntLiteral(vl))    => Right(Scalar(IntLiteral(vl + vr)))
       case Scalar(b1: BitVecLiteral) => Right(Scalar(eval.evalBVBinExpr(BVADD, b1, BitVecLiteral(vr, b1.size))))
-      case _                         => Left(InterpreterError(TypeError(s"Operation add $vr undefined on $l")))
+      case _                         => Left((TypeError(s"Operation add $vr undefined on $l")))
     }
   }
 }
@@ -171,8 +171,8 @@ case class MemoryState(
 
   def popStackFrame(): Either[InterpreterError, MemoryState] = {
     val hv = activations match {
-      case Nil                          => Left(InterpreterError(Errored("No stack frame to pop")))
-      case h :: Nil if h == globalFrame => Left(InterpreterError(Errored("tried to pop global scope")))
+      case Nil                          => Left((Errored("No stack frame to pop")))
+      case h :: Nil if h == globalFrame => Left((Errored("tried to pop global scope")))
       case h :: tl                      => Right((h, tl))
     }
     hv.map((hv) => {
@@ -221,24 +221,20 @@ case class MemoryState(
   def findVar(name: String): Either[InterpreterError, (StackFrameID, BasilValue)] = {
     findVarOpt(name: String)
       .map(Right(_))
-      .getOrElse(Left(InterpreterError(Errored(s"Access to undefined variable $name"))))
+      .getOrElse(Left((Errored(s"Access to undefined variable $name"))))
   }
 
   def getVarOpt(name: String): Option[BasilValue] = findVarOpt(name).map(_._2)
 
   def getVar(name: String): Either[InterpreterError, BasilValue] = {
-    getVarOpt(name).map(Right(_)).getOrElse(Left(InterpreterError(Errored(s"Access undefined variable $name"))))
+    getVarOpt(name).map(Right(_)).getOrElse(Left((Errored(s"Access undefined variable $name"))))
   }
 
   def getVar(v: Variable): Either[InterpreterError, BasilValue] = {
     val value = getVar(v.name)
     value match {
       case Right(dv: BasilValue) if v.getType != dv.irType =>
-        Left(
-          InterpreterError(
-            Errored(s"Type mismatch on variable definition and load: defined ${dv.irType}, variable ${v.getType}")
-          )
-        )
+        Left(Errored(s"Type mismatch on variable definition and load: defined ${dv.irType}, variable ${v.getType}"))
       case Right(o) => Right(o)
       case o        => o
     }
@@ -249,14 +245,14 @@ case class MemoryState(
     v <- findVar(vname)
     mapv: MapValue <- v._2 match {
       case m @ MapValue(innerMap, ty) => Right(m)
-      case m                          => Left(InterpreterError(TypeError(s"Load from nonmap ${m.irType}")))
+      case m                          => Left((TypeError(s"Load from nonmap ${m.irType}")))
     }
     rs: List[Option[BasilValue]] = addr.map(k => mapv.value.get(k))
     xs <-
       (if (rs.forall(_.isDefined)) {
          Right(rs.map(_.get))
        } else {
-         Left(InterpreterError(MemoryError(s"Read from uninitialised $vname[${addr.head} .. ${addr.last}]")))
+         Left((MemoryError(s"Read from uninitialised $vname[${addr.head} .. ${addr.last}]")))
        })
   } yield (xs)
 
@@ -268,17 +264,15 @@ case class MemoryState(
     // val (mapval, keytype, valtype) =
     mapi <- mem match {
       case m @ MapValue(_, MapType(kt, vt)) => Right((m, kt, vt))
-      case v => Left(InterpreterError(TypeError(s"Invalid map store operation to $vname : ${v.irType}")))
+      case v                                => Left((TypeError(s"Invalid map store operation to $vname : ${v.irType}")))
     }
     (mapval, keytype, valtype) = mapi
 
     checkTypes <- (values.find((k, v) => k.irType != keytype || v.irType != valtype)) match {
       case Some(v) =>
         Left(
-          InterpreterError(
-            TypeError(
-              s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($keytype, $valtype)"
-            )
+          TypeError(
+            s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($keytype, $valtype)"
           )
         )
       case None => Right(())
@@ -289,6 +283,25 @@ case class MemoryState(
   } yield (ms)
 }
 
+object LibcIntrinsic {
+
+  def putc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
+    s.doReturn()
+  }
+
+  def puts[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
+    s.doReturn()
+  }
+
+  def printf[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
+    s.doReturn()
+  }
+
+  def intrinsics[S, E, T <: Effects[S, E]] =
+    Map[String, T => State[S, Unit, E]]("putc" -> putc, "puts" -> puts, "printf" -> printf)
+
+}
+
 case class InterpreterState(
     val nextCmd: ExecutionContinuation = Stopped(),
     val callStack: List[ExecutionContinuation] = List.empty,
@@ -367,7 +380,6 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
   /** effects * */
   def setNext(c: ExecutionContinuation) = State.modify((s: InterpreterState) => {
-    // Logger.debug(s"    eff : setNext $c")
     s.copy(nextCmd = c)
   })
 
@@ -410,11 +422,12 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
   def interpretOne: State[InterpreterState, Unit, InterpreterError] = for {
     next <- getNext
     _ <- (next match {
-      case Run(c: Statement) => InterpFuns.interpretStatement(this)(c)
-      case Run(c: Jump)      => InterpFuns.interpretJump(this)(c)
-      case Stopped()         => State.pure(())
-      case errorstop         => State.pure(())
-    }).flatMapE((e: InterpreterError) => setNext(e.continue))
+      case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(this)
+      case Run(c: Statement)  => InterpFuns.interpretStatement(this)(c)
+      case Run(c: Jump)       => InterpFuns.interpretJump(this)(c)
+      case Stopped()          => State.pure(())
+      case ErrorStop(e)       => State.pure(())
+    }).flatMapE((e: InterpreterError) => setNext(ErrorStop(e)))
   } yield ()
 
 }

From 534235893e13e9e2921106b9ed77372032cf6aaf Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Sep 2024 17:24:28 +1000
Subject: [PATCH 035/127] init relocation table

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 53 +++++++++++--------
 src/main/scala/ir/eval/InterpretTrace.scala   | 13 ++---
 src/test/scala/DifferentialAnalysis.scala     |  5 +-
 3 files changed, 39 insertions(+), 32 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index c31ac1c53..19485c816 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -228,26 +228,33 @@ case object Eval {
 
 object InterpFuns {
 
-  def initRelocTable[S, E, T <: Effects[S, E]](s: T)(p: Program, reladyn: Set[(BigInt, String)]): State[S, Unit, E] = {
+  def initRelocTable[S, T <: Effects[S, InterpreterError]](s: T)(ctx: IRContext): State[S, Unit, InterpreterError] = {
 
-    val data = reladyn.toList.flatMap(r => {
-      val (offset, extfname) = r
-      p.procedures.find(proc => proc.name == extfname).map(p => (offset, p)).toList
-    })
+    val p = ctx.program
 
-    // TODO: will have to store
-    //  mem[rodata addr] = naddr
-    //  ghost-funtable[naddr] = FunPointer - to intrinsic function
-    // We could also dynamic link against something like musl, for things like string.h
+    val base = ctx.symbols.find(_.name == "__end__").get
+    var addr = base.value
+    var done = false
+    var x = List[(String, FunPointer)]()
 
-    val fptrs = data.map((p) => {
-      val (offset, proc) = p
-      val addr = proc.address match {
-        case Some(x) => x
-        case None    => /* println(s"No address for function ${proc.name} ${"%x".format(offset)}"); */ 0
-      }
-      // proc.address will be undefined and we will have to choose one for our intrinsic libc funcs
-      (offset, FunPointer(BitVecLiteral(addr, 64), proc.name, Run(DirectCall(proc))))
+    def newAddr() : BigInt = {
+      addr += 8
+      addr
+    }
+
+    for ((fname, fun) <- LibcIntrinsic.intrinsics) {
+      val name = fname.takeWhile(c => c != '@')
+      println(name)
+      x = (name, FunPointer(BitVecLiteral(newAddr(), 64), name, CallIntrinsic(name))) :: x
+    }
+
+    val intrinsics = x.toMap
+
+    val procs = p.procedures.filter(proc => proc.address.isDefined)
+
+    val fptrs = ctx.externalFunctions.toList.sortBy(_.name).flatMap(f => {
+      intrinsics.get(f.name).map(fp => (f.offset, fp))
+        .orElse(procs.find(p => p.name == f.name).map(proc => (f.offset, FunPointer(BitVecLiteral(proc.address.getOrElse(newAddr().toInt), 64), proc.name, Run(DirectCall(proc))))))
     })
 
     // sort for deterministic trace
@@ -255,14 +262,16 @@ object InterpFuns {
       .sortBy(f => f._1)
       .map((p) => {
         val (offset, fptr) = p
-        Eval.storeSingle[S, E, T](s)(
+        Eval.storeSingle(s)("ghost-funtable", Scalar(fptr.addr), fptr)
+        >> (Eval.storeBV(s)(
           "mem",
           Scalar(BitVecLiteral(offset, 64)),
-          fptr
-        )
+          fptr.addr,
+          Endian.LittleEndian
+        ))
       })
 
-    State.sequence[S, Unit, E](State.pure(()), stores)
+    State.sequence(State.pure(()), stores)
   }
 
   /** Functions which compile BASIL IR down to the minimal interpreter effects.
@@ -462,7 +471,7 @@ object InterpFuns {
 
   def initProgState[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
     val st = (initialiseProgram(f)(p.program) >> initBSS(f)(p))
-      >> InterpFuns.initRelocTable(f)(p.program, p.externalFunctions.map(f => (f.offset, f.name)))
+      >> InterpFuns.initRelocTable(f)(p)
     State.execute(is, st)
   }
 
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 413222753..5c568561a 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -35,9 +35,9 @@ case object Trace {
 case class TraceGen[E]() extends NopEffects[Trace, E] {
   /** Values are discarded by ProductInterpreter so do not matter */
 
-  override def loadVar(v: String) = for {
-    s <- Trace.add(ExecEffect.LoadVar(v))
-  } yield (Scalar(FalseLiteral))
+  // override def loadVar(v: String) = for {
+  //   s <- Trace.add(ExecEffect.LoadVar(v))
+  // } yield (Scalar(FalseLiteral))
 
   override def loadMem(v: String, addrs: List[BasilValue])  = for {
     s <- Trace.add(ExecEffect.LoadMem(v, addrs))
@@ -52,7 +52,7 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
   } yield (())
 
   override def storeVar(v: String, scope: Scope, value: BasilValue) = for {
-    s <- Trace.add(ExecEffect.StoreVar(v, scope, value))
+    s <- if (!v.startsWith("ghost")) Trace.add(ExecEffect.StoreVar(v, scope, value)) else State.pure(())
   } yield (())
 
   override def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
@@ -67,10 +67,7 @@ def interpretTrace(p: Program) : (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
 
-
 def interpretTrace(p: IRContext) : (InterpreterState, Trace) = {
-  val b = InterpFuns.initProgState(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
-  // Throw away the trace of program initialisation
-  InterpFuns.interpret(tracingInterpreter, (b._1, Trace(List())))
+  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
 
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 3de9450b5..85e0bfe74 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -20,7 +20,7 @@ import scala.collection.mutable
 
 class DifferentialAnalysis extends AnyFunSuite {
 
-  Logger.setLevel(LogLevel.WARN)
+  Logger.setLevel(LogLevel.DEBUG)
 
   def diffTest(initial: IRContext, transformed: IRContext) = {
     val (initialRes,traceInit) = interpretTrace(initial)
@@ -29,11 +29,12 @@ class DifferentialAnalysis extends AnyFunSuite {
 
     def filterEvents(trace: List[ExecEffect]) = {
       trace.collect {
+        case e @ ExecEffect.Call(_, _, _) => e
         case e @ ExecEffect.StoreMem("mem", _) => e
         case e @ ExecEffect.LoadMem("mem", _) => e
       }
     }
-    // println(traceInit.t.mkString("\n    "))
+    println((traceInit.t).mkString("\n"))
     assert(initialRes.nextCmd == Stopped())
     assert(result.nextCmd == Stopped())
     assert(Set.empty == initialRes.memoryState.getMem("mem").toSet.diff(result.memoryState.getMem("mem").toSet))

From 87b0f86d3632290c00a5a66a8df61a6b085ca18b Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 11:32:00 +1000
Subject: [PATCH 036/127] pull stepper outside effects to fix interpreter
 composition again

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 233 +++++++++---------
 .../scala/ir/eval/InterpretBreakpoints.scala  |   4 +-
 src/main/scala/ir/eval/Interpreter.scala      |  38 +--
 .../scala/ir/eval/InterpreterProduct.scala    |  17 +-
 src/main/scala/util/RunUtils.scala            |  15 +-
 src/test/scala/DifferentialAnalysis.scala     |  15 +-
 6 files changed, 166 insertions(+), 156 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 19485c816..1c8c5a0c9 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -226,6 +226,116 @@ case object Eval {
   }
 }
 
+
+class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S, InterpreterError](f) {
+
+  def interpretOne: State[S, Unit, InterpreterError] = for {
+    next <- f.getNext
+    _ <- (next match {
+      case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(f)
+      case Run(c: Statement)  => interpretStatement(f)(c)
+      case Run(c: Jump)       => interpretJump(f)(c)
+      case Stopped()          => State.pure(())
+      case ErrorStop(e)       => State.pure(())
+    }).flatMapE((e: InterpreterError) => f.setNext(ErrorStop(e)))
+  } yield ()
+
+  def interpretJump[S, T <: Effects[S, InterpreterError]](f: T)(j: Jump): State[S, Unit, InterpreterError] = {
+    j match {
+      case gt: GoTo if gt.targets.size == 1 => {
+        f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
+      }
+      case gt: GoTo =>
+        val assumes = gt.targets.flatMap(_.statements.headOption).collect { case a: Assume =>
+          a
+        }
+        for {
+          _ <-
+            if (assumes.size != gt.targets.size) {
+              State.setError((Errored(s"Some goto target missing guard $gt")))
+            } else {
+              State.pure(())
+            }
+          chosen: List[Assume] <- filterM((a: Assume) => Eval.evalBool(f)(a.body), assumes)
+
+          res <- chosen match {
+            case Nil      => State.setError(Errored(s"No jump target satisfied $gt"))
+            case h :: Nil => f.setNext(Run(h))
+            case h :: tl  => State.setError(Errored(s"More than one jump guard satisfied $gt"))
+          }
+        } yield (res)
+      case r: Return      => f.doReturn()
+      case h: Unreachable => State.setError(EscapedControlFlow(h))
+    }
+  }
+
+  def interpretStatement[S, T <: Effects[S, InterpreterError]](f: T)(s: Statement): State[S, Unit, InterpreterError] = {
+    s match {
+      case assign: Assign => {
+        for {
+          rhs <- Eval.evalBV(f)(assign.rhs)
+          st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
+          n <- f.setNext(Run(s.successor))
+        } yield (st)
+      }
+      case assign: MemoryAssign =>
+        for {
+          index: BitVecLiteral <- Eval.evalBV(f)(assign.index)
+          value: BitVecLiteral <- Eval.evalBV(f)(assign.value)
+          _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
+          n <- f.setNext(Run(s.successor))
+        } yield (n)
+      case assert: Assert =>
+        for {
+          b <- Eval.evalBool(f)(assert.body)
+          n <-
+            (if (!b) then {
+               f.setNext(FailedAssertion(assert))
+             } else {
+               f.setNext(Run(s.successor))
+             })
+        } yield (n)
+      case assume: Assume =>
+        for {
+          b <- Eval.evalBool(f)(assume.body)
+          n <-
+            (if (!b) {
+               State.setError(Errored(s"Assumption not satisfied: $assume"))
+             } else {
+               f.setNext(Run(s.successor))
+             })
+        } yield (n)
+      case dc: DirectCall =>
+        for {
+          n <-
+            if (dc.target.entryBlock.isDefined) {
+              val block = dc.target.entryBlock.get
+              f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
+            } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
+              f.call(dc.target.name, CallIntrinsic(dc.target.name), Run(dc.successor))
+            } else {
+              State.setError(EscapedControlFlow(dc))
+            }
+        } yield (n)
+      case ic: IndirectCall => {
+        if (ic.target == Register("R30", 64)) {
+          f.doReturn()
+        } else {
+          for {
+            addr <- Eval.evalBV(f)(ic.target)
+            fp <- f.evalAddrToProc(addr.value.toInt)
+            _ <- fp match {
+              case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
+              case none     => State.setError(EscapedControlFlow(ic))
+            }
+          } yield ()
+        }
+      }
+      case _: NOP => f.setNext(Run(s.successor))
+    }
+  }
+}
+
 object InterpFuns {
 
   def initRelocTable[S, T <: Effects[S, InterpreterError]](s: T)(ctx: IRContext): State[S, Unit, InterpreterError] = {
@@ -244,7 +354,6 @@ object InterpFuns {
 
     for ((fname, fun) <- LibcIntrinsic.intrinsics) {
       val name = fname.takeWhile(c => c != '@')
-      println(name)
       x = (name, FunPointer(BitVecLiteral(newAddr(), 64), name, CallIntrinsic(name))) :: x
     }
 
@@ -340,117 +449,6 @@ object InterpFuns {
     } yield (r)
   }
 
-  def interpretJump[S, T <: Effects[S, InterpreterError]](f: T)(j: Jump): State[S, Unit, InterpreterError] = {
-    j match {
-      case gt: GoTo if gt.targets.size == 1 => {
-        f.setNext(Run(IRWalk.firstInBlock(gt.targets.head)))
-      }
-      case gt: GoTo =>
-        val assumes = gt.targets.flatMap(_.statements.headOption).collect { case a: Assume =>
-          a
-        }
-        for {
-          _ <-
-            if (assumes.size != gt.targets.size) {
-              State.setError((Errored(s"Some goto target missing guard $gt")))
-            } else {
-              State.pure(())
-            }
-          chosen: List[Assume] <- filterM((a: Assume) => Eval.evalBool(f)(a.body), assumes)
-
-          res <- chosen match {
-            case Nil      => State.setError(Errored(s"No jump target satisfied $gt"))
-            case h :: Nil => f.setNext(Run(h))
-            case h :: tl  => State.setError(Errored(s"More than one jump guard satisfied $gt"))
-          }
-        } yield (res)
-      case r: Return      => f.doReturn()
-      case h: Unreachable => State.setError(EscapedControlFlow(h))
-    }
-  }
-
-  def interpretStatement[S, T <: Effects[S, InterpreterError]](f: T)(s: Statement): State[S, Unit, InterpreterError] = {
-    s match {
-      case assign: Assign => {
-        for {
-          rhs <- Eval.evalBV(f)(assign.rhs)
-          st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
-          n <- f.setNext(Run(s.successor))
-        } yield (st)
-      }
-      case assign: MemoryAssign =>
-        for {
-          index: BitVecLiteral <- Eval.evalBV(f)(assign.index)
-          value: BitVecLiteral <- Eval.evalBV(f)(assign.value)
-          _ <- Eval.storeBV(f)(assign.mem.name, Scalar(index), value, assign.endian)
-          n <- f.setNext(Run(s.successor))
-        } yield (n)
-      case assert: Assert =>
-        for {
-          b <- Eval.evalBool(f)(assert.body)
-          n <-
-            (if (!b) then {
-               f.setNext(FailedAssertion(assert))
-             } else {
-               f.setNext(Run(s.successor))
-             })
-        } yield (n)
-      case assume: Assume =>
-        for {
-          b <- Eval.evalBool(f)(assume.body)
-          n <-
-            (if (!b) {
-               State.setError(Errored(s"Assumption not satisfied: $assume"))
-             } else {
-               f.setNext(Run(s.successor))
-             })
-        } yield (n)
-      case dc: DirectCall =>
-        for {
-          n <-
-            if (dc.target.entryBlock.isDefined) {
-              val block = dc.target.entryBlock.get
-              f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
-            } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
-              f.call(dc.target.name, CallIntrinsic(dc.target.name), Run(dc.successor))
-            } else {
-              State.setError(EscapedControlFlow(dc))
-            }
-        } yield (n)
-      case ic: IndirectCall => {
-        if (ic.target == Register("R30", 64)) {
-          f.doReturn()
-        } else {
-          for {
-            addr <- Eval.evalBV(f)(ic.target)
-            fp <- f.evalAddrToProc(addr.value.toInt)
-            _ <- fp match {
-              case Some(fp) => f.call(fp.name, fp.call, Run(ic.successor))
-              case none     => State.setError(EscapedControlFlow(ic))
-            }
-          } yield ()
-        }
-      }
-      case _: NOP => f.setNext(Run(s.successor))
-    }
-  }
-
-  def interpret[S, E, T <: Effects[S, E]](f: T, m: S): S = {
-    // run to fixed point
-    var o = m
-    var n = State.execute(o, f.interpretOne)
-    while (o != n) {
-      o = n
-      n = State.execute(o, f.interpretOne)
-    }
-    n
-  }
-
-  def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: Program, is: S): S = {
-    val begin = State.execute(is, initialiseProgram(f)(p))
-    interpret(f, begin)
-  }
-
   def initBSS[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext): State[S, Unit, InterpreterError] = {
     val bss = for {
       first <- p.symbols.find(s => s.name == "__bss_start__").map(_.value)
@@ -475,9 +473,18 @@ object InterpFuns {
     State.execute(is, st)
   }
 
+  /* Intialise from ELF and Interpret program */
   def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
     val begin = initProgState(f)(p, is)
-    interpret(f, begin)
+    val interp = BASILInterpreter(f)
+    interp.run(begin)
+  }
+
+  /* Interpret IR program */
+  def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: Program, is: S): S = {
+    val begin = State.execute(is, initialiseProgram(f)(p))
+    val interp = BASILInterpreter(f)
+    interp.run(begin)
   }
 }
 
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 8121d139d..38584add2 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -33,7 +33,7 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
     }, breaks)
   }
 
-  override def interpretOne : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), Unit, InterpreterError] = for {
+  override def getNext: State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] = for {
     v : ExecutionContinuation <- doLeft(f.getNext)
     n <- v match {
       case Run(s) => for {
@@ -68,7 +68,7 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
       } yield ()
       case _ => State.pure(())
       }
-    } yield ()
+    } yield (v)
 
 }
 
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 04ced6d96..21ebb047a 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -76,9 +76,7 @@ case object BasilValue {
 /** Minimal language defining all state transitions in the interpreter, defined for the interpreter's concrete state T.
   */
 trait Effects[T, E] {
-
-  // perform an execution step
-  def interpretOne: State[T, Unit, E]
+  /* expression eval */
 
   def loadVar(v: String): State[T, BasilValue, E]
 
@@ -108,7 +106,6 @@ trait Effects[T, E] {
 }
 
 trait NopEffects[T, E] extends Effects[T, E] {
-  def interpretOne = State.pure(())
   def loadVar(v: String) = State.pure(Scalar(FalseLiteral))
   def loadMem(v: String, addrs: List[BasilValue]) = State.pure(List())
   def evalAddrToProc(addr: Int) = State.pure(None)
@@ -418,16 +415,29 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
         ms <- s.memoryState.doStore(vname, update)
       } yield (s.copy(memoryState = ms))
     })
+}
+
+trait Interpreter[S, E](val f: Effects[S, E]) {
+
+  def interpretOne: State[S, Unit, E]
 
-  def interpretOne: State[InterpreterState, Unit, InterpreterError] = for {
-    next <- getNext
-    _ <- (next match {
-      case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(this)
-      case Run(c: Statement)  => InterpFuns.interpretStatement(this)(c)
-      case Run(c: Jump)       => InterpFuns.interpretJump(this)(c)
-      case Stopped()          => State.pure(())
-      case ErrorStop(e)       => State.pure(())
-    }).flatMapE((e: InterpreterError) => setNext(ErrorStop(e)))
-  } yield ()
+  @tailrec
+  final def run(begin: S): S = {
+    val c = for {
+      _ <- interpretOne
+      x <- f.getNext
+      continue = x match {
+        case Stopped() | ErrorStop(_) => false 
+        case _ => true
+      }
+    } yield (continue) 
+
+    val (fs,cont) = c.f(begin)
 
+    if (cont.contains(true)) then {
+      run(fs)
+    } else {
+      fs
+    }
+  }
 }
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index 7383e46d5..929c69425 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -16,27 +16,23 @@ import scala.util.control.Breaks.{break, breakable}
 
 
 def doLeft[L, T, V, E](f: State[L, V, E]) : State[(L, T), V, E] = for {
-  f <- State[(L, T), V, E]((s: (L, T)) => {
+  n <- State[(L, T), V, E]((s: (L, T)) => {
     val r = f.f(s._1)
     ((r._1, s._2), r._2)
   })
-} yield (f)
+} yield (n)
 
 def doRight[L, T, V, E](f: State[T, V, E]) : State[(L, T), V, E] = for {
-  f <- State[(L, T), V, E]((s: (L, T)) => {
+  n <- State[(L, T), V, E]((s: (L, T)) => {
     val r = f.f(s._2)
     ((s._1, r._1), r._2)
   })
-} yield (f)
+} yield (n)
 
 /**
  * Runs two interpreters "inner" and "before" simultaneously, returning the value from inner, and ignoring before
  */
 case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[T, E]) extends Effects[(L, T), E] {
-  def interpretOne = for {
-    n <- doRight(before.interpretOne)
-    f <- doLeft(inner.interpretOne)
-  } yield ()
 
   def loadVar(v: String) = for {
     n <- doRight(before.loadVar(v))
@@ -88,11 +84,6 @@ case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Eff
 
 case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[(L, T), E]) extends Effects[(L, T), E] {
 
-  def interpretOne = for {
-    n <- (before.interpretOne)
-    f <- doLeft(inner.interpretOne)
-  } yield ()
-
   def loadVar(v: String) = for {
     n <- (before.loadVar(v))
     f <- doLeft(inner.loadVar(v))
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 45c482b03..03f208d98 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -213,20 +213,20 @@ object IRTransform {
     * add in modifies from the spec.
     */
   def prepareForTranslation(config: ILLoadingConfig, ctx: IRContext): Unit = {
-    ctx.program.determineRelevantMemory(ctx.globalOffsets)
+    // ctx.program.determineRelevantMemory(ctx.globalOffsets)
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
-    // transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
+    //transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
     Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
 
-    // val stackIdentification = StackSubstituter()
-    // stackIdentification.visitProgram(ctx.program)
+    //val stackIdentification = StackSubstituter()
+    //stackIdentification.visitProgram(ctx.program)
 
     val specModifies = ctx.specification.subroutines.map(s => s.name -> s.modifies).toMap
-    ctx.program.setModifies(specModifies)
+    // ctx.program.setModifies(specModifies)
     assert(invariant.singleCallBlockEnd(ctx.program))
   }
 
@@ -497,9 +497,8 @@ object RunUtils {
 
   def loadAndTranslate(q: BASILConfig): BASILResult = {
     Logger.info("[!] Loading Program")
-    val ctx = IRLoading.load(q.loading)
-
-    IRTransform.doCleanup(ctx)
+    var ctx = IRLoading.load(q.loading)
+    ctx = IRTransform.doCleanup(ctx)
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
     val analysis = q.staticAnalysis.map(conf => staticAnalysis(conf, ctx))
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 85e0bfe74..b350e3f64 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -6,7 +6,7 @@ import ir.Endian.LittleEndian
 import org.scalatest.*
 import org.scalatest.funsuite.*
 import specification.*
-import util.{BASILConfig, IRLoading, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult, Logger, LogLevel}
+import util.{BASILConfig, IRLoading, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult, Logger, LogLevel, IRTransform}
 import ir.eval.{interpretTrace, interpret, ExecEffect, Stopped}
 
 
@@ -20,7 +20,7 @@ import scala.collection.mutable
 
 class DifferentialAnalysis extends AnyFunSuite {
 
-  Logger.setLevel(LogLevel.DEBUG)
+  Logger.setLevel(LogLevel.ERROR)
 
   def diffTest(initial: IRContext, transformed: IRContext) = {
     val (initialRes,traceInit) = interpretTrace(initial)
@@ -34,10 +34,11 @@ class DifferentialAnalysis extends AnyFunSuite {
         case e @ ExecEffect.LoadMem("mem", _) => e
       }
     }
-    println((traceInit.t).mkString("\n"))
-    assert(initialRes.nextCmd == Stopped())
     assert(result.nextCmd == Stopped())
+    assert(initialRes.nextCmd == Stopped())
     assert(Set.empty == initialRes.memoryState.getMem("mem").toSet.diff(result.memoryState.getMem("mem").toSet))
+    assert(traceInit.t.nonEmpty)
+    assert(traceRes.t.nonEmpty)
     assert(filterEvents(traceInit.t).mkString("\n") == filterEvents(traceRes.t).mkString("\n"))
   }
 
@@ -61,9 +62,11 @@ class DifferentialAnalysis extends AnyFunSuite {
     )
 
 
-    val program = loadAndTranslate(basilConfigNoAnalysis).ir
+    var ictx = IRLoading.load(basilConfigNoAnalysis.loading)
+    ictx = IRTransform.doCleanup(ictx)
+
     val compare = loadAndTranslate(basilConfig).ir
-    diffTest(program, compare)
+    diffTest(ictx, compare)
 
   }
 

From f5a05907d776477572daf4c34c8f5fda60828fe5 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 11:41:01 +1000
Subject: [PATCH 037/127] cleanup

---
 src/main/scala/ir/eval/InterpretBasilIR.scala |   7 +-
 .../scala/ir/eval/InterpretBreakpoints.scala  | 128 +++++++++++-------
 src/main/scala/ir/eval/InterpretTrace.scala   |  13 +-
 src/main/scala/ir/eval/Interpreter.scala      |   3 +-
 .../scala/ir/eval/InterpreterProduct.scala    |  36 +++--
 5 files changed, 104 insertions(+), 83 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 1c8c5a0c9..38b78c689 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -288,13 +288,12 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
       case assert: Assert =>
         for {
           b <- Eval.evalBool(f)(assert.body)
-          n <-
-            (if (!b) then {
-               f.setNext(FailedAssertion(assert))
+          _ <- (if (!b) then {
+               State.setError(FailedAssertion(assert))
              } else {
                f.setNext(Run(s.successor))
              })
-        } yield (n)
+        } yield ()
       case assume: Assume =>
         for {
           b <- Eval.evalBool(f)(assume.body)
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 38584add2..9eb0e7b79 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -13,70 +13,98 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-
 enum BreakPointLoc:
   case CMD(c: Command)
   case CMDCond(c: Command, condition: Expr)
 
-case class BreakPointAction(saveState: Boolean = true, stop: Boolean = false, evalExprs: List[(String,Expr)] = List(), log: Boolean = false)
+case class BreakPointAction(
+    saveState: Boolean = true,
+    stop: Boolean = false,
+    evalExprs: List[(String, Expr)] = List(),
+    log: Boolean = false
+)
 
 case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
 
-case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, val breaks: List[BreakPoint]) extends NopEffects[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), InterpreterError] {
-
+case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, val breaks: List[BreakPoint])
+    extends NopEffects[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), InterpreterError] {
 
-  def findBreaks[R](c: Command) : State[(T,R), List[BreakPoint], InterpreterError]  = {
-    State.filterM(b => b.location match {
-      case BreakPointLoc.CMD(bc) if (bc == c) => State.pure(true)
-      case BreakPointLoc.CMDCond(bc, e) if bc == c => doLeft(Eval.evalBool(f)(e))
-      case _ => State.pure(false)
-    }, breaks)
+  def findBreaks[R](c: Command): State[(T, R), List[BreakPoint], InterpreterError] = {
+    State.filterM(
+      b =>
+        b.location match {
+          case BreakPointLoc.CMD(bc) if (bc == c)      => State.pure(true)
+          case BreakPointLoc.CMDCond(bc, e) if bc == c => doLeft(Eval.evalBool(f)(e))
+          case _                                       => State.pure(false)
+        },
+      breaks
+    )
   }
 
-  override def getNext: State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] = for {
-    v : ExecutionContinuation <- doLeft(f.getNext)
-    n <- v match {
-      case Run(s) => for {
-        breaks : List[BreakPoint] <- findBreaks(s)
-        res <- State.sequence[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), Unit, InterpreterError](State.pure(()), 
-          breaks.map((breakpoint: BreakPoint) => (breakpoint match {
-            case breakpoint @ BreakPoint(name, stopcond, action) => (for {
-                saved <- doLeft(if action.saveState then State.getS[T, InterpreterError].map(s => Some(s)) else State.pure(None))
-                evals <- (State.mapM((e:(String, Expr)) => for {
-                  ev <- doLeft(Eval.evalExpr(f)(e._2))
-                  } yield (e._1, e._2, ev)
-                , action.evalExprs))
-                _ <- if action.stop then doLeft(State.setError(Errored(s"Stopped at breakpoint ${name}"))) else doLeft(State.pure(()))
-                _ <- State.pure({
-                  if (action.log) {
-                    val bpn = breakpoint.name
-                    val bpcond = breakpoint.location match {
-                      case BreakPointLoc.CMD(c) => c.toString
-                      case BreakPointLoc.CMDCond(c, e) => s"$c when $e"
-                    }
-                    val saving = if action.saveState then " stashing state, " else ""
-                    val stopping = if action.stop then " stopping. " else ""
-                    val evalstr = evals.map(e => s"\n  ${e._1} : eval(${e._2}) = ${e._3}").mkString("")
-                    Logger.warn(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
-                  }
-                })
-                _ <-  State.modify ((istate:(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])])) => 
-                    (istate._1, ((breakpoint, saved, evals)::istate._2)))
-              } yield ()
+  override def getNext
+      : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] =
+    for {
+      v: ExecutionContinuation <- doLeft(f.getNext)
+      n <- v match {
+        case Run(s) =>
+          for {
+            breaks: List[BreakPoint] <- findBreaks(s)
+            res <- State
+              .sequence[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), Unit, InterpreterError](
+                State.pure(()),
+                breaks.map((breakpoint: BreakPoint) =>
+                  (breakpoint match {
+                    case breakpoint @ BreakPoint(name, stopcond, action) => (
+                      for {
+                        saved <- doLeft(
+                          if action.saveState then State.getS[T, InterpreterError].map(s => Some(s))
+                          else State.pure(None)
+                        )
+                        evals <- (State.mapM(
+                          (e: (String, Expr)) =>
+                            for {
+                              ev <- doLeft(Eval.evalExpr(f)(e._2))
+                            } yield (e._1, e._2, ev),
+                          action.evalExprs
+                        ))
+                        _ <-
+                          if action.stop then doLeft(State.setError(Errored(s"Stopped at breakpoint ${name}")))
+                          else doLeft(State.pure(()))
+                        _ <- State.pure({
+                          if (action.log) {
+                            val bpn = breakpoint.name
+                            val bpcond = breakpoint.location match {
+                              case BreakPointLoc.CMD(c)        => c.toString
+                              case BreakPointLoc.CMDCond(c, e) => s"$c when $e"
+                            }
+                            val saving = if action.saveState then " stashing state, " else ""
+                            val stopping = if action.stop then " stopping. " else ""
+                            val evalstr = evals.map(e => s"\n  ${e._1} : eval(${e._2}) = ${e._3}").mkString("")
+                            Logger.warn(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
+                          }
+                        })
+                        _ <- State.modify((istate: (T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])])) =>
+                          (istate._1, ((breakpoint, saved, evals) :: istate._2))
+                        )
+                      } yield ()
+                    )
+                  })
+                )
               )
-            })))
-      } yield ()
-      case _ => State.pure(())
+          } yield ()
+        case _ => State.pure(())
       }
     } yield (v)
 
 }
 
-
-def interpretWithBreakPoints[I](p: Program, breakpoints: List[BreakPoint], 
-  innerInterpreter: Effects[I, InterpreterError], 
-  innerInitialState: I) : (I, List[(BreakPoint, Option[I], List[(String, Expr, Expr)])]) = {
-   val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
-   val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
-   res
+def interpretWithBreakPoints[I](
+    p: Program,
+    breakpoints: List[BreakPoint],
+    innerInterpreter: Effects[I, InterpreterError],
+    innerInitialState: I
+): (I, List[(BreakPoint, Option[I], List[(String, Expr, Expr)])]) = {
+  val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
+  val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
+  res
 }
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 5c568561a..92af057b6 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -14,7 +14,6 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-
 enum ExecEffect:
   case Call(target: String, begin: ExecutionContinuation, returnTo: ExecutionContinuation)
   case Return
@@ -27,19 +26,20 @@ enum ExecEffect:
 case class Trace(val t: List[ExecEffect])
 
 case object Trace {
-  def add[E](e: ExecEffect) : State[Trace, Unit, E] = {
-    State.modify ((t: Trace) => Trace(t.t.appended(e)))
+  def add[E](e: ExecEffect): State[Trace, Unit, E] = {
+    State.modify((t: Trace) => Trace(t.t.appended(e)))
   }
 }
 
 case class TraceGen[E]() extends NopEffects[Trace, E] {
+
   /** Values are discarded by ProductInterpreter so do not matter */
 
   // override def loadVar(v: String) = for {
   //   s <- Trace.add(ExecEffect.LoadVar(v))
   // } yield (Scalar(FalseLiteral))
 
-  override def loadMem(v: String, addrs: List[BasilValue])  = for {
+  override def loadMem(v: String, addrs: List[BasilValue]) = for {
     s <- Trace.add(ExecEffect.LoadMem(v, addrs))
   } yield (List())
 
@@ -63,11 +63,10 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
 
 def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen())
 
-def interpretTrace(p: Program) : (InterpreterState, Trace) = {
+def interpretTrace(p: Program): (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
 
-def interpretTrace(p: IRContext) : (InterpreterState, Trace) = {
+def interpretTrace(p: IRContext): (InterpreterState, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
 }
-
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 21ebb047a..9d3246fcc 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -15,14 +15,13 @@ import scala.util.control.Breaks.{break, breakable}
 /** Interpreter status type, either stopped, run next command or error
   */
 sealed trait ExecutionContinuation
-case class FailedAssertion(a: Assert) extends ExecutionContinuation
-
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
 case class ErrorStop(error: InterpreterError) extends ExecutionContinuation /* normal program stop  */
 case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
 case class CallIntrinsic(val name: String) extends ExecutionContinuation /* continue by executing next command */
 
 sealed trait InterpreterError
+case class FailedAssertion(a: Assert) extends InterpreterError
 case class EscapedControlFlow(val call: Jump | Call)
     extends InterpreterError /* controlflow has reached somewhere eunrecoverable */
 case class Errored(val message: String = "") extends InterpreterError
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index 929c69425..ae8e51252 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -1,4 +1,3 @@
-
 package ir.eval
 import ir._
 import ir.eval.BitVectorEval.*
@@ -14,24 +13,22 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
-
-def doLeft[L, T, V, E](f: State[L, V, E]) : State[(L, T), V, E] = for {
+def doLeft[L, T, V, E](f: State[L, V, E]): State[(L, T), V, E] = for {
   n <- State[(L, T), V, E]((s: (L, T)) => {
     val r = f.f(s._1)
     ((r._1, s._2), r._2)
   })
 } yield (n)
 
-def doRight[L, T, V, E](f: State[T, V, E]) : State[(L, T), V, E] = for {
+def doRight[L, T, V, E](f: State[T, V, E]): State[(L, T), V, E] = for {
   n <- State[(L, T), V, E]((s: (L, T)) => {
     val r = f.f(s._2)
     ((s._1, r._1), r._2)
   })
 } yield (n)
 
-/**
- * Runs two interpreters "inner" and "before" simultaneously, returning the value from inner, and ignoring before
- */
+/** Runs two interpreters "inner" and "before" simultaneously, returning the value from inner, and ignoring before
+  */
 case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[T, E]) extends Effects[(L, T), E] {
 
   def loadVar(v: String) = for {
@@ -47,12 +44,12 @@ case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Eff
   def evalAddrToProc(addr: Int) = for {
     n <- doRight(before.evalAddrToProc(addr: Int))
     f <- doLeft(inner.evalAddrToProc(addr))
-  } yield(f)
+  } yield (f)
 
   def getNext = for {
     n <- doRight(before.getNext)
     f <- doLeft(inner.getNext)
-  } yield(f)
+  } yield (f)
 
   /** state effects */
   def setNext(c: ExecutionContinuation) = for {
@@ -73,16 +70,16 @@ case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Eff
   def storeVar(v: String, scope: Scope, value: BasilValue) = for {
     n <- doRight(before.storeVar(v, scope, value))
     f <- doLeft(inner.storeVar(v, scope, value))
-  } yield(f)
+  } yield (f)
 
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
-    n <- doRight(before.storeMem(vname,update))
+    n <- doRight(before.storeMem(vname, update))
     f <- doLeft(inner.storeMem(vname, update))
-  } yield(f)
+  } yield (f)
 }
 
-
-case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[(L, T), E]) extends Effects[(L, T), E] {
+case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[(L, T), E])
+    extends Effects[(L, T), E] {
 
   def loadVar(v: String) = for {
     n <- (before.loadVar(v))
@@ -97,12 +94,12 @@ case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effec
   def evalAddrToProc(addr: Int) = for {
     n <- (before.evalAddrToProc(addr: Int))
     f <- doLeft(inner.evalAddrToProc(addr))
-  } yield(f)
+  } yield (f)
 
   def getNext = for {
     n <- (before.getNext)
     f <- doLeft(inner.getNext)
-  } yield(f)
+  } yield (f)
 
   /** state effects */
   def setNext(c: ExecutionContinuation) = for {
@@ -123,11 +120,10 @@ case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effec
   def storeVar(v: String, scope: Scope, value: BasilValue) = for {
     n <- (before.storeVar(v, scope, value))
     f <- doLeft(inner.storeVar(v, scope, value))
-  } yield(f)
+  } yield (f)
 
   def storeMem(vname: String, update: Map[BasilValue, BasilValue]) = for {
-    n <- (before.storeMem(vname,update))
+    n <- (before.storeMem(vname, update))
     f <- doLeft(inner.storeMem(vname, update))
-  } yield(f)
+  } yield (f)
 }
-

From a6b58e8f1a05d87224b8ee46b79fd11e055bc3d5 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 12:16:30 +1000
Subject: [PATCH 038/127] cleanup

---
 .../scala/ir/eval/InterpretBreakpoints.scala    | 17 +++++++++--------
 src/main/scala/ir/eval/InterpretTrace.scala     |  9 +++------
 src/main/scala/util/RunUtils.scala              |  2 +-
 3 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 9eb0e7b79..5fb49c3e2 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -42,8 +42,8 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
   }
 
   override def getNext
-      : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] =
-    for {
+      : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] = {
+      for {
       v: ExecutionContinuation <- doLeft(f.getNext)
       n <- v match {
         case Run(s) =>
@@ -67,22 +67,23 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
                             } yield (e._1, e._2, ev),
                           action.evalExprs
                         ))
-                        _ <-
-                          if action.stop then doLeft(State.setError(Errored(s"Stopped at breakpoint ${name}")))
-                          else doLeft(State.pure(()))
                         _ <- State.pure({
                           if (action.log) {
                             val bpn = breakpoint.name
                             val bpcond = breakpoint.location match {
-                              case BreakPointLoc.CMD(c)        => c.toString
-                              case BreakPointLoc.CMDCond(c, e) => s"$c when $e"
+                              case BreakPointLoc.CMD(c)        => s"${c.parent.label}:$c"
+                              case BreakPointLoc.CMDCond(c, e) => s"${c.parent.label}:$c when $e"
                             }
                             val saving = if action.saveState then " stashing state, " else ""
                             val stopping = if action.stop then " stopping. " else ""
                             val evalstr = evals.map(e => s"\n  ${e._1} : eval(${e._2}) = ${e._3}").mkString("")
                             Logger.warn(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
+                            //println(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
                           }
                         })
+                        _ <-
+                          if action.stop then doLeft(State.setError(Errored(s"Stopped at breakpoint ${name}")))
+                          else doLeft(State.pure(()))
                         _ <- State.modify((istate: (T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])])) =>
                           (istate._1, ((breakpoint, saved, evals) :: istate._2))
                         )
@@ -95,7 +96,7 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
         case _ => State.pure(())
       }
     } yield (v)
-
+  }
 }
 
 def interpretWithBreakPoints[I](
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 92af057b6..5c1c963fd 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -34,11 +34,6 @@ case object Trace {
 case class TraceGen[E]() extends NopEffects[Trace, E] {
 
   /** Values are discarded by ProductInterpreter so do not matter */
-
-  // override def loadVar(v: String) = for {
-  //   s <- Trace.add(ExecEffect.LoadVar(v))
-  // } yield (Scalar(FalseLiteral))
-
   override def loadMem(v: String, addrs: List[BasilValue]) = for {
     s <- Trace.add(ExecEffect.LoadMem(v, addrs))
   } yield (List())
@@ -68,5 +63,7 @@ def interpretTrace(p: Program): (InterpreterState, Trace) = {
 }
 
 def interpretTrace(p: IRContext): (InterpreterState, Trace) = {
-  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+  val begin = InterpFuns.initProgState(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+  // throw away initialisation trace
+  BASILInterpreter(tracingInterpreter).run((begin._1, Trace(List())))
 }
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 03f208d98..d58d5b7cf 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -217,7 +217,7 @@ object IRTransform {
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
-    //transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
+    transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
     Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )

From dd64c149ecb7e77e80d0ea98d153493718622a45 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 14:23:09 +1000
Subject: [PATCH 039/127] constprop test with interpreter

---
 .../{UtilMethods.scala => ExprSSAEval.scala}  |   0
 src/main/scala/ir/dsl/DSL.scala               |   9 ++
 .../scala/ir/eval/InterpretBreakpoints.scala  |  21 ++-
 src/test/scala/DifferentialAnalysis.scala     |  31 ++--
 src/test/scala/InterpretTestConstProp.scala   | 137 ++++++++++++++++++
 src/test/scala/ir/InterpreterTests.scala      |  35 +----
 6 files changed, 177 insertions(+), 56 deletions(-)
 rename src/main/scala/analysis/{UtilMethods.scala => ExprSSAEval.scala} (100%)
 create mode 100644 src/test/scala/InterpretTestConstProp.scala

diff --git a/src/main/scala/analysis/UtilMethods.scala b/src/main/scala/analysis/ExprSSAEval.scala
similarity index 100%
rename from src/main/scala/analysis/UtilMethods.scala
rename to src/main/scala/analysis/ExprSSAEval.scala
diff --git a/src/main/scala/ir/dsl/DSL.scala b/src/main/scala/ir/dsl/DSL.scala
index 2d892a444..c55e48f88 100644
--- a/src/main/scala/ir/dsl/DSL.scala
+++ b/src/main/scala/ir/dsl/DSL.scala
@@ -17,6 +17,13 @@ val R30: Register = Register("R30", 64)
 val R31: Register = Register("R31", 64)
 
 
+def exprEq(l: Expr, r: Expr) : Expr = (l, r) match {
+  case (l, r) if l.getType != r.getType => FalseLiteral
+  case (l, r) if l.getType == BoolType => BinaryExpr(BoolEQ, l, r) 
+  case (l, r) if l.getType.isInstanceOf[BitVecType] => BinaryExpr(BVEQ, l, r) 
+  case (l, r) if l.getType == IntType => BinaryExpr(IntEQ, l, r) 
+  case _ => FalseLiteral
+}
 
 def bv32(i: Int): BitVecLiteral = BitVecLiteral(i, 32)
 
@@ -26,6 +33,8 @@ def bv8(i: Int): BitVecLiteral = BitVecLiteral(i, 8)
 
 def bv16(i: Int): BitVecLiteral = BitVecLiteral(i, 16)
 
+def R(i: Int): Register = Register(s"R$i", 64)
+
 case class DelayNameResolve(ident: String) {
   def resolveProc(prog: Program): Option[Procedure] = prog.collectFirst {
     case b: Procedure if b.name == ident => b
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 5fb49c3e2..831c85c3d 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -3,6 +3,7 @@ import ir._
 import ir.eval.BitVectorEval.*
 import ir.*
 import util.Logger
+import util.IRContext
 import util.functional.*
 import util.functional.State.*
 import boogie.Scope
@@ -41,9 +42,12 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
     )
   }
 
-  override def getNext
-      : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] = {
-      for {
+  override def getNext: State[
+    (T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]),
+    ExecutionContinuation,
+    InterpreterError
+  ] = {
+    for {
       v: ExecutionContinuation <- doLeft(f.getNext)
       n <- v match {
         case Run(s) =>
@@ -99,6 +103,17 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
   }
 }
 
+def interpretWithBreakPoints[I](
+    p: IRContext,
+    breakpoints: List[BreakPoint],
+    innerInterpreter: Effects[I, InterpreterError],
+    innerInitialState: I
+): (I, List[(BreakPoint, Option[I], List[(String, Expr, Expr)])]) = {
+  val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
+  val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
+  res
+}
+
 def interpretWithBreakPoints[I](
     p: Program,
     breakpoints: List[BreakPoint],
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index b350e3f64..8c40fac56 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -34,8 +34,10 @@ class DifferentialAnalysis extends AnyFunSuite {
         case e @ ExecEffect.LoadMem("mem", _) => e
       }
     }
-    assert(result.nextCmd == Stopped())
+
+    Logger.info(traceInit.t.map(_.toString.take(80)).mkString("\n"))
     assert(initialRes.nextCmd == Stopped())
+    assert(result.nextCmd == Stopped())
     assert(Set.empty == initialRes.memoryState.getMem("mem").toSet.diff(result.memoryState.getMem("mem").toSet))
     assert(traceInit.t.nonEmpty)
     assert(traceRes.t.nonEmpty)
@@ -43,31 +45,20 @@ class DifferentialAnalysis extends AnyFunSuite {
   }
 
   def testProgram(testName: String, examplePath: String) = {
-    val basilConfig = BASILConfig(
-      loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
-        relfFile = examplePath + testName + ".relf",
-        dumpIL = None,
-      ),
-      outputPrefix = "basil-test",
-      staticAnalysis = Some(StaticAnalysisConfig(None, None, None)),
-    )
 
-    val basilConfigNoAnalysis = BASILConfig(
-      loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
-        relfFile = examplePath + testName + ".relf",
-        dumpIL = None,
-      ),
-      outputPrefix = "basil-test",
-      staticAnalysis = None,
+    val loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
+      relfFile = examplePath + testName + ".relf",
+      dumpIL = None,
     )
 
-
-    var ictx = IRLoading.load(basilConfigNoAnalysis.loading)
+    var ictx = IRLoading.load(loading)
     ictx = IRTransform.doCleanup(ictx)
 
-    val compare = loadAndTranslate(basilConfig).ir
-    diffTest(ictx, compare)
+    var comparectx = IRLoading.load(loading)
+    comparectx = IRTransform.doCleanup(ictx)
+    val analysisres = RunUtils.staticAnalysis(StaticAnalysisConfig(None, None, None), comparectx)
 
+    diffTest(ictx, comparectx)
   }
 
   test("indirect_call_example") {
diff --git a/src/test/scala/InterpretTestConstProp.scala b/src/test/scala/InterpretTestConstProp.scala
new file mode 100644
index 000000000..c1fc83e5c
--- /dev/null
+++ b/src/test/scala/InterpretTestConstProp.scala
@@ -0,0 +1,137 @@
+import ir.*
+import ir.eval.*
+import analysis.*
+import java.io.{BufferedWriter, File, FileWriter}
+import ir.Endian.LittleEndian
+import org.scalatest.*
+import org.scalatest.funsuite.*
+import specification.*
+import util.{BASILConfig, IRLoading, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult, Logger, LogLevel, IRTransform}
+import ir.eval.{interpretTrace, interpret, ExecEffect, Stopped}
+import ir.dsl
+
+
+import java.io.IOException
+import java.nio.file.*
+import java.nio.file.attribute.BasicFileAttributes
+import ir.dsl.*
+import util.RunUtils.loadAndTranslate
+
+import scala.collection.mutable
+
+class ConstPropInterpreterValidate extends AnyFunSuite {
+
+  Logger.setLevel(LogLevel.ERROR)
+
+  def testInterpretConstProp(testName: String, examplePath: String) = {
+    val loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
+      relfFile = examplePath + testName + ".relf",
+      dumpIL = None,
+    )
+
+    var ictx = IRLoading.load(loading)
+    ictx = IRTransform.doCleanup(ictx)
+    val analysisres = RunUtils.staticAnalysis(StaticAnalysisConfig(None, None, None), ictx)
+
+    val breaks : List[BreakPoint] = analysisres.constPropResult.collect {
+      // convert analysis result to a list of breakpoints, each which evaluates an expression describing 
+      // the invariant inferred by the analysis (the assignment of registers) at a corresponding program point
+
+      case (command: Command, v) => {
+        val expectedPredicates : List[(String, Expr)] = v.toList.map(r => {
+          val (variable, value) = r
+          val assertion = value match {
+            case Top => TrueLiteral
+            case Bottom => FalseLiteral /* unreachable */
+            case FlatEl(value) => BinaryExpr(BVEQ, variable, value)
+          }
+          (variable.name, assertion)
+        })
+        BreakPoint(location=BreakPointLoc.CMD(command), BreakPointAction(saveState=false,evalExprs=expectedPredicates))
+      }
+    }.toList
+
+    assert(breaks.nonEmpty)
+
+   // run the interpreter evaluating the analysis result at each command with a breakpoint
+   val interpretResult = interpretWithBreakPoints(ictx, breaks.toList, NormalInterpreter, InterpreterState())
+   val breakres  : List[(BreakPoint, _, List[(String, Expr, Expr)])] = interpretResult._2
+   assert(interpretResult._1.nextCmd == Stopped())
+   assert(breakres.nonEmpty)
+
+   // assert all the collected breakpoint watches have evaluated to true
+   for (b <- breakres) {
+     val (_, _, evaluatedexprs) = b
+     evaluatedexprs.forall(c => {
+       val (n, before, evaled) = c
+       evaled == TrueLiteral
+     })
+   }
+  }
+
+  test("indirect_call_example") {
+    val testName = "indirect_call"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("indirect_call_gcc_example") {
+    val testName = "indirect_call"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("indirect_call_clang_example") {
+    val testName = "indirect_call"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("jumptable2_example") {
+    val testName = "jumptable2"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("jumptable2_gcc_example") {
+    val testName = "jumptable2"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("jumptable2_clang_example") {
+    val testName = "jumptable2"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("functionpointer_example") {
+    val testName = "functionpointer"
+    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("functionpointer_gcc_example") {
+    val testName = "functionpointer"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("functionpointer_clang_example") {
+    val testName = "functionpointer"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("secret_write_clang") {
+    val testName = "secret_write"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
+    testInterpretConstProp(testName, examplePath)
+  }
+
+  test("secret_write_gcc") {
+    val testName = "secret_write"
+    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
+    testInterpretConstProp(testName, examplePath)
+  }
+}
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 2b47f6e21..934f17e04 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -12,26 +12,9 @@ import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
 import util.{ILLoadingConfig, IRContext, IRLoading, IRTransform} 
 
-// def initialMem(): MemoryState = {
-//   val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-//   val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-//   val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
-// 
-//   MemoryState()
-//     .setVar(globalFrame, "mem", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-//     .setVar(globalFrame, "stack", MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-//     .setVar(globalFrame, "R31", Scalar(SP))
-//     .setVar(globalFrame, "R29", Scalar(FP))
-//     .setVar(globalFrame, "R30", Scalar(LR))
-// }
-
-
-// def initialMem() = InterpFuns.initialState(InterpreterState(), List())
 
 def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
   val f = NormalInterpreter
- //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
-  // m.evalBV("mem", BitVecLiteral(64, global.address), Endian.LittleEndian, global.size) //  i.getMemory(global.address.toInt, global.size, Endian.LittleEndian, i.mems)
   
   try {
     State.evaluate(s, Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))) match {
@@ -53,9 +36,7 @@ def mems[E, T <: Effects[T, E]](m: MemoryState) : Map[BigInt, BitVecLiteral] = {
 
 class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
-  // var i: Interpreter = Interpreter()
-  // Logger.setLevel(LogLevel.DEBUG)
-  Logger.setLevel(LogLevel.ERROR)
+  Logger.setLevel(LogLevel.INFO)
 
 
   def getProgram(name: String): IRContext = {
@@ -78,9 +59,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     // val stackIdentification = StackSubstituter()
     // stackIdentification.visitProgram(IRProgram)
     ctx.program.setModifies(Map())
-
-
-    // (IRProgram, globals)
     ctx
   }
 
@@ -330,13 +308,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       "y" -> ('b'.toInt), 
     )
 
-    // val (program, globals) = getProgram("initialisation")
-
-    // val watch = IRWalk.firstInProc((program.mainProcedure)).get
-    // val globloads = globals.map(global => (global.name, MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))).toList
-    // val bp = BreakPoint("beginproc",  BreakPointLoc.CMD(watch), BreakPointAction(false, false, globloads, true))
-    // val res = interpretWithBreakPoints(program, List(bp), NormalInterpreter, InterpreterState())
-
 
     testInterpret("initialisation", expected)
   }
@@ -457,7 +428,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       val r = interpretTrace(fib)
  
      assert(r._1.nextCmd == Stopped())
-     info(r._2.t.mkString("\n"))
      // Show interpreted result
      //
  
@@ -465,14 +435,13 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
    test("fib breakpoints") {
 
-     Logger.setLevel(LogLevel.WARN)
      val fib = fibonacciProg(8)
      val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get).get
      val bp = BreakPoint("Fibentry",  BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))), BreakPointAction(true, true, List(("R0", Register("R0", 64))), true))
+     // val bp2 = BreakPoint("Fibentry",  BreakPointLoc.CMD(watch), BreakPointAction(true, false, List(("R0", Register("R0", 64))), true))
      // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
      // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
      val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())
-     println(res)
 
 
    }

From 8be5cb6492165ec51fffde6a33a12ee625e507bc Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 15:23:16 +1000
Subject: [PATCH 040/127] interpreter docs

---
 docs/development/interpreter.md    | 132 +++++++++++++++++++++++++++++
 src/main/scala/util/RunUtils.scala |  10 ++-
 2 files changed, 141 insertions(+), 1 deletion(-)
 create mode 100644 docs/development/interpreter.md

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
new file mode 100644
index 000000000..dcb561a00
--- /dev/null
+++ b/docs/development/interpreter.md
@@ -0,0 +1,132 @@
+# BASIL IR Interpreter
+
+The interpreter is designed for testing, debugging, and validation of static analyses and code transforms. 
+This page describes first how it can be used for this purpose, and secondly its design.
+
+## Basic Usage
+
+The interpreter can be invoked from the command line, via the interpret flag, by default this prints a trace and checks that the interpreter
+exited on a non-error stop state.
+
+```shell
+./mill run -i src/test/correct/indirect_call/gcc/indirect_call.adt -r src/test/correct/indirect_call/gcc/indirect_call.relf --interpret
+[INFO]   Interpreter Trace:
+         StoreVar(#5,Local,0xfd0:bv64)
+         StoreMem(mem,HashMap(0xfd0:bv64 -> 0xf0:bv8, 0xfd6:bv64 -> 0x0:bv8, 0xfd2:bv64 -> 0x0:bv8, 0xfd3:bv64 -> 0x0:bv8, 0xfd4:bv64 -> 0x0:bv8, 0xfd7:bv64 -> 0x0:bv8, 0xfd5:bv64 -> 0x0:bv8, 0xfd1
+...
+```
+
+The `--verbose` flag can also be used, which may print interpreter trace events as they are executed, but not this may not correspond to the actual 
+execution trace, and contain additional events not corresponding to the program.
+E.g. this shows the memory intialisation events that precede the program execution. This is mainly useful for debugging the interpreter.
+
+### Testing with Interpreter
+
+The interpreter is invoked with `interpret(p: IRContext)` to interpret normally and return an `InterpreterState` object
+containing the final state. 
+
+#### Traces
+
+There is also, `interpretTrace(p: IRContext)` which returns a tuple of `(InterpreterState, Trace(t: List[ExecEffect]))`,
+where the second argument contains a list of all the events generated by the interpreter in order.
+This is useful for asserting a stronger equivalence between program executions, but in most cases events describing "unobservable"
+behaviour, such as register accesses should be filtered out from this list before comparison.
+
+To see an example of this used to validate the constant prop analysis see [/src/test/scala/DifferentialAnalysis.scala](../../src/test/scala/DifferentialAnalysis.scala).
+
+#### BreakPoints
+
+Finally `interpretWithBreakPoints(p: IRContext, List[BreakPoint], interpreter, initialState)` is used to 
+run an interpreter, and perform additional work at specific code points. For example, this may be invoked such as:
+
+```scala
+val watch = IRWalk.firstInProc((program.procedures.find(_.name == "main")).get).get
+val bp = BreakPoint("entrypoint",  BreakPointLoc.CMD(watch), BreakPointAction(saveState=true, stop=true, evalExprs=List(("R0", Register("R0", 64))), log=true))
+val res = interpretWithBreakPoints(program, List(bp), NormalInterpreter, InterpreterState())
+```
+
+The structure of a breakpoint is as follows:
+
+```scala
+case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
+
+// the place to perform the breakpoint action
+enum BreakPointLoc:
+  case CMD(c: Command)                      // at a command c
+  case CMDCond(c: Command, condition: Expr) // at a command c, when condition evaluates to TrueLiteral
+
+// describes what to do when the breakpoint is triggered
+case class BreakPointAction(
+    saveState: Boolean = true,                // stash the state of the interpreter
+    stop: Boolean = false,                    // stop the interpreter with an error state
+    evalExprs: List[(String, Expr)] = List(), // Evaluate the rhs of the list of expressions, and stash them (lhs is an arbitrary human-readable name)
+    log: Boolean = false                      // Print a log message about passing the breakpoint describing the results of this action
+)
+```
+
+To see an example of this used to validate the constant prop analysis see [/src/test/scala/InterpretTestConstProp.scala](../../src/test/scala/InterpretTestConstProp.scala).
+
+## Implementation / Code Structure
+
+### Summary
+
+-  [Bitvector.scala](../../src/main/scala/ir/eval/Bitvector.scala)
+  - Evaluation of bitvector operations, throws `IllegalArgumentException` on violation of contract
+    (e.g negative divisor, type mismatch)
+-  [ExprEval.scala] (../../src/main/scala/ir/eval/ExprEval.scala)
+  - Evaluation of expressions, defined in terms of partial evaluation down to a Literal
+-  [Interpreter.scala](../../src/main/scala/ir/eval/Interpreter.scala)
+  - Definition of core `Effects[S, E]` and `Interpreter[S, E]` types describing state transitions in 
+    the interpreter
+  - Instantiation/definition of `Effects` for concrete state `InterpreterState`
+-  [InterpreterProduct.scala](../../src/main/scala/ir/eval/InterpreterProduct.scala)
+  - Definition of product and layering composition of generic `Effects[S, E]`s interpreters
+-  [InterpretBasilIR.scala](../../src/main/scala/ir/eval/InterpretBasilIR.scala)
+  - Definition of ELF initialisation, and the interpreter for BASIL IR, using a generic 
+    `Effects` instance and concrete state.
+-  [InterpretBreakpoints.scala](../../src/main/scala/ir/eval/InterpretBreakpoints.scala)
+  - Definition of a generic interpreter with a breakpoint checker layered on top
+-  [InterpretTrace.scala](../../src/main/scala/ir/eval/InterpretTrace.scala)
+  - Definition of a generic interpreter which records a trace of calls to the `Effects[]` instance. 
+
+### Explanation
+
+The interpreter is structured for compositionality, at its core is the `Effects[S, E]` type, defined in [Interpreter.scala](../../src/main/scala/ir/eval/Interpreter.scala). 
+This type defines a small set of functions which describe all the possible state transformations, over a concrete state `S`, and error type E (always `InterpreterError` in practice). 
+
+This is implemented using the state Monad, `State[S,V,E]` where `S` is the state, `V` the value, and `E` the error type. 
+This is a flattened `State[S, Either[E]]`, defined in [util/functional.scala](../../src/main/scala/util/functional.scala).
+`Effects` methods return delayed computations, functions from an input state (`S`) to a resulting state and a value (`(S, Either[E, V])`). 
+These are sequenced using `flatMap` (monad bind), or the `for{} yield()` syntax sugar for flatMap. 
+
+This `Effects[S, E]` is instantiated for a given concrete state, the main example of which is `NormalInterpreter <: Effects[InterpreterState, InterpreterError]`,
+also defined in `Interpreter.scala`. The memory component of the state is abstracted further into the `MemoryState` object.
+
+The actual execution of code is defined on top of this, in the `Interpreter[S, E]` type, which takes an instance of the `Effects` by parameter, 
+and defines both the small step (`interpretOne`) over on instruction, and the fixed point to termination from some in initial state in `run()`.
+The fact that the stepping is defined outside the effects is important, as it allows concrete states, and state transitions over them to be 
+composed somewhat arbitrarily, and the interpretatation of the language compiled down to calls to resulting instance of `Effects`.
+
+This is defined in [InterpretBasilIR.scala](../../src/main/scala/ir/eval/InterpretBasilIR.scala). `BASILInterpreter` defines an 
+`Interpreter` over an arbitrary instance of `Effects[S, InterpreterError]`, encoding BASIL IR commands as effects. 
+This file also contains definitions of the initial memory state setup of the interpreter, based on the ELF sections and symbol table.
+
+### Composition of interpreters
+
+There are two ways to compose `Effects`, product and layer. Both produce an instance of `Effects[(L, R), E]`, 
+where `L` and `R` are the concrete state types of the two Effects being composed. 
+
+Product runs the two effects, over two different concrete state types, simultaneously without interaction. 
+
+Layer runs the `before` effect first, and passes its state to the `inner` effect whose value is returned. 
+
+```scala
+case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[T, E]) extends Effects[(L, T), E] {
+case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[(L, T), E])
+```
+
+Examples of using these are in the `interpretTrace` and `interpretWithBreakPoints` interpreters respectively.
+
+
+
+
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index d58d5b7cf..11bc4f016 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -5,6 +5,7 @@ import com.grammatech.gtirb.proto.IR.IR
 import com.grammatech.gtirb.proto.Module.Module
 import com.grammatech.gtirb.proto.Section.Section
 import spray.json.*
+import ir.eval
 import gtirb.*
 import scala.collection.mutable.ListBuffer
 import scala.collection.mutable.ArrayBuffer
@@ -506,7 +507,14 @@ object RunUtils {
 
     if (q.runInterpret) {
       // val interpreter = eval.Interpreter()
-      eval.interpret(ctx.program)
+      val fs = eval.interpretTrace(ctx)
+      Logger.info("Interpreter Trace:\n" + fs._2.t.mkString("\n"))
+      val stopState = fs._1.nextCmd
+      if (stopState != eval.Stopped()) {
+        Logger.error(s"Interpreter exited with $stopState")
+      } else {
+        Logger.info("Interpreter stopped normally.")
+      }
     }
 
     IRTransform.prepareForTranslation(q.loading, ctx)

From d2a248638c5471bb5b565824f7c3d2263860f573 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 15:38:22 +1000
Subject: [PATCH 041/127] fix list

---
 docs/development/interpreter.md | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index dcb561a00..7c0897bf1 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -71,28 +71,28 @@ To see an example of this used to validate the constant prop analysis see [/src/
 ### Summary
 
 -  [Bitvector.scala](../../src/main/scala/ir/eval/Bitvector.scala)
-  - Evaluation of bitvector operations, throws `IllegalArgumentException` on violation of contract
-    (e.g negative divisor, type mismatch)
+    - Evaluation of bitvector operations, throws `IllegalArgumentException` on violation of contract
+      (e.g negative divisor, type mismatch)
 -  [ExprEval.scala] (../../src/main/scala/ir/eval/ExprEval.scala)
-  - Evaluation of expressions, defined in terms of partial evaluation down to a Literal
+    - Evaluation of expressions, defined in terms of partial evaluation down to a Literal
 -  [Interpreter.scala](../../src/main/scala/ir/eval/Interpreter.scala)
-  - Definition of core `Effects[S, E]` and `Interpreter[S, E]` types describing state transitions in 
-    the interpreter
-  - Instantiation/definition of `Effects` for concrete state `InterpreterState`
+    - Definition of core `Effects[S, E]` and `Interpreter[S, E]` types describing state transitions in 
+      the interpreter
+    - Instantiation/definition of `Effects` for concrete state `InterpreterState`
 -  [InterpreterProduct.scala](../../src/main/scala/ir/eval/InterpreterProduct.scala)
-  - Definition of product and layering composition of generic `Effects[S, E]`s interpreters
+    - Definition of product and layering composition of generic `Effects[S, E]`s interpreters
 -  [InterpretBasilIR.scala](../../src/main/scala/ir/eval/InterpretBasilIR.scala)
-  - Definition of ELF initialisation, and the interpreter for BASIL IR, using a generic 
+    - Definition of ELF initialisation, and the interpreter for BASIL IR, using a generic 
     `Effects` instance and concrete state.
 -  [InterpretBreakpoints.scala](../../src/main/scala/ir/eval/InterpretBreakpoints.scala)
-  - Definition of a generic interpreter with a breakpoint checker layered on top
+    - Definition of a generic interpreter with a breakpoint checker layered on top
 -  [InterpretTrace.scala](../../src/main/scala/ir/eval/InterpretTrace.scala)
-  - Definition of a generic interpreter which records a trace of calls to the `Effects[]` instance. 
+    - Definition of a generic interpreter which records a trace of calls to the `Effects[]` instance. 
 
 ### Explanation
 
 The interpreter is structured for compositionality, at its core is the `Effects[S, E]` type, defined in [Interpreter.scala](../../src/main/scala/ir/eval/Interpreter.scala). 
-This type defines a small set of functions which describe all the possible state transformations, over a concrete state `S`, and error type E (always `InterpreterError` in practice). 
+This type defines a small set of functions which describe all the possible state transformations, over a concrete state `S`, and error type `E` (always `InterpreterError` in practice). 
 
 This is implemented using the state Monad, `State[S,V,E]` where `S` is the state, `V` the value, and `E` the error type. 
 This is a flattened `State[S, Either[E]]`, defined in [util/functional.scala](../../src/main/scala/util/functional.scala).
@@ -127,6 +127,12 @@ case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effec
 
 Examples of using these are in the `interpretTrace` and `interpretWithBreakPoints` interpreters respectively.
 
+Note, this only works by the aforementioned requirement that all effect calls come from outside the `Effects[]`
+instance itself. In the simple case, the `Interpreter` instance is the only object calling `Effects`. 
+This means, `Effects` triggered by an inner `Effects[]` instance do not flow back to the `ProductInterpreter`, 
+but only appear from when `Interpreter` above the `ProductInterpreter` interprets the program via effect calls. 
+For this reason if, for example, `NormalInterpreter` makes effect calls they will not appear in a trace emitted by `interptretTrace`. 
+
 
 
 

From d06e268fa57ca14d5618abdec71007e6f3eed189 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 15:51:02 +1000
Subject: [PATCH 042/127] paragraph

---
 docs/development/interpreter.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index 7c0897bf1..a24738d41 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -73,7 +73,7 @@ To see an example of this used to validate the constant prop analysis see [/src/
 -  [Bitvector.scala](../../src/main/scala/ir/eval/Bitvector.scala)
     - Evaluation of bitvector operations, throws `IllegalArgumentException` on violation of contract
       (e.g negative divisor, type mismatch)
--  [ExprEval.scala] (../../src/main/scala/ir/eval/ExprEval.scala)
+-  [ExprEval.scala](../../src/main/scala/ir/eval/ExprEval.scala)
     - Evaluation of expressions, defined in terms of partial evaluation down to a Literal
 -  [Interpreter.scala](../../src/main/scala/ir/eval/Interpreter.scala)
     - Definition of core `Effects[S, E]` and `Interpreter[S, E]` types describing state transitions in 
@@ -82,8 +82,9 @@ To see an example of this used to validate the constant prop analysis see [/src/
 -  [InterpreterProduct.scala](../../src/main/scala/ir/eval/InterpreterProduct.scala)
     - Definition of product and layering composition of generic `Effects[S, E]`s interpreters
 -  [InterpretBasilIR.scala](../../src/main/scala/ir/eval/InterpretBasilIR.scala)
-    - Definition of ELF initialisation, and the interpreter for BASIL IR, using a generic 
-    `Effects` instance and concrete state.
+    - Definition of `Eval` object defining expression evaluation in terms of `Effects[S, InterpreterError]`
+    - Definition of `Interpreter` instance for BASIL IR, using a generic `Effects` instance and concrete state.
+    - Definition of ELF initialisation in terms of generic `Effects[S, InterpreterError]`
 -  [InterpretBreakpoints.scala](../../src/main/scala/ir/eval/InterpretBreakpoints.scala)
     - Definition of a generic interpreter with a breakpoint checker layered on top
 -  [InterpretTrace.scala](../../src/main/scala/ir/eval/InterpretTrace.scala)

From 4ae39976ebdec854851dca6264e190c9b546cca7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 16:33:02 +1000
Subject: [PATCH 043/127] trap eval exceptions to monadic errors

---
 src/main/scala/ir/eval/ExprEval.scala         |  13 +-
 src/main/scala/ir/eval/InterpretBasilIR.scala |   2 +-
 src/main/scala/util/functional.scala          |  16 ++
 src/test/scala/ir/InterpreterTests.scala      | 218 +++++++++---------
 4 files changed, 133 insertions(+), 116 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 65218caf2..53e79d11b 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -146,9 +146,9 @@ trait Loader[S, E] {
   }
 }
 
-def statePartialEvalExpr[S, E](l: Loader[S, E])(exp: Expr): State[S, Expr, E] = {
+def statePartialEvalExpr[S](l: Loader[S, InterpreterError])(exp: Expr): State[S, Expr, InterpreterError] = {
   val eval = statePartialEvalExpr(l)
-  exp match {
+  val ns = exp match {
     case f: UninterpretedFunction => State.pure(f)
     case unOp: UnaryExpr =>
       for {
@@ -232,6 +232,13 @@ def statePartialEvalExpr[S, E](l: Loader[S, E])(exp: Expr): State[S, Expr, E] =
     case b: IntLiteral    => State.pure(b)
     case b: BoolLit       => State.pure(b)
   }
+  State.protect(
+    () => ns,
+    { case e =>
+      Errored(e.toString)
+    }: PartialFunction[Exception, InterpreterError]
+  )
+
 }
 
 class StatelessLoader[E](
@@ -248,7 +255,7 @@ def partialEvalExpr(
     variableAssignment: Variable => Option[Literal],
     memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
 ): Expr = {
-  val l = StatelessLoader(variableAssignment, memory)
+  val l = StatelessLoader[InterpreterError](variableAssignment, memory)
   State.evaluate((), statePartialEvalExpr(l)(exp)) match {
     case Right(e) => e
     case Left(e)  => throw Exception("Unable to evaluate expr : " + e.toString)
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 38b78c689..7ffd4875a 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -66,7 +66,7 @@ case object Eval {
   def evalExpr[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, Expr, InterpreterError] = {
     val ldr = StVarLoader[S, T](f)
     for {
-      res <- ir.eval.statePartialEvalExpr[S, InterpreterError](ldr)(e)
+      res <- ir.eval.statePartialEvalExpr[S](ldr)(e)
     } yield (res)
   }
 
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index a9c9c73d1..4db438646 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -78,6 +78,22 @@ object State {
     xs.foldRight(pure(List[B]()))((b,acc) => acc.flatMap(c => m(b).map(v => v::c)))
   }
 
+  def protect[S, V, E](f : () => State[S, V, E], fnly: PartialFunction[Exception, E]) : State[S, V, E] = {
+    State((s: S) => try {
+      f().f(s)
+    } catch {
+      case e: Exception if fnly.isDefinedAt(e) => (s, Left(fnly(e)))
+    })
+  }
+
+  def protectPure[S,V,E](f : () => V, fnly : PartialFunction[Exception, E]) : State[S, V, E] = {
+    State((s: S) => try {
+      (s, Right(f()))
+    } catch {
+      case e: Exception if fnly.isDefinedAt(e) => (s, Left(fnly(e)))
+    })
+  }
+
 }
 
 def protect[T](x: () => T, fnly: PartialFunction[Exception, T]): T = {
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 934f17e04..89ac86984 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -10,35 +10,32 @@ import specification.SpecGlobal
 import translating.BAPToIR
 import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
-import util.{ILLoadingConfig, IRContext, IRLoading, IRTransform} 
+import util.{ILLoadingConfig, IRContext, IRLoading, IRTransform}
 
-
-def load(s: InterpreterState, global: SpecGlobal) : Option[BitVecLiteral] = {
+def load(s: InterpreterState, global: SpecGlobal): Option[BitVecLiteral] = {
   val f = NormalInterpreter
-  
-  try {
-    State.evaluate(s, Eval.evalBV(f)(MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size))) match {
-      case Right(e) => Some(e)
-      case Left(e) => {
-        None
-      }
 
+  State.evaluate(
+    s,
+    Eval.evalBV(f)(
+      MemoryLoad(SharedMemory("mem", 64, 8), BitVecLiteral(global.address, 64), Endian.LittleEndian, global.size)
+    )
+  ) match {
+    case Right(e) => Some(e)
+    case Left(e) => {
+      None
     }
-  } catch {
-    case e : InterpreterError => None
   }
 }
 
-
-def mems[E, T <: Effects[T, E]](m: MemoryState) : Map[BigInt, BitVecLiteral] = {
-  m.getMem("mem").map((k,v) => k.value -> v)
+def mems[E, T <: Effects[T, E]](m: MemoryState): Map[BigInt, BitVecLiteral] = {
+  m.getMem("mem").map((k, v) => k.value -> v)
 }
 
 class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   Logger.setLevel(LogLevel.INFO)
 
-
   def getProgram(name: String): IRContext = {
     val loading = ILLoadingConfig(
       inputFile = s"examples/$name/$name.adt",
@@ -82,10 +79,8 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     }
 
     // Test expected value
-    val actual : Map[String, Int] = expected.flatMap ( (name, expected) =>
-      globals.find(_.name == name).flatMap(global =>
-          load(fstate, global).map(gv => name -> gv.value.toInt)
-      )
+    val actual: Map[String, Int] = expected.flatMap((name, expected) =>
+      globals.find(_.name == name).flatMap(global => load(fstate, global).map(gv => name -> gv.value.toInt))
     )
     assert(fstate.nextCmd == Stopped())
     assert(expected == actual)
@@ -101,63 +96,62 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     assert(s.memoryState.getVarOpt("R31").isDefined)
     assert(s.memoryState.getVarOpt("R29").isDefined)
 
-
   }
   test("var load store") {
-  val s = for {
-       s <- InterpFuns.initialState(NormalInterpreter)
-       v <- NormalInterpreter.loadVar("R31")
-   } yield (v)
-  val l = State.evaluate(InterpreterState(), s)
+    val s = for {
+      s <- InterpFuns.initialState(NormalInterpreter)
+      v <- NormalInterpreter.loadVar("R31")
+    } yield (v)
+    val l = State.evaluate(InterpreterState(), s)
 
-  assert(l == Right(Scalar(BitVecLiteral(4096 - 16, 64))))
+    assert(l == Right(Scalar(BitVecLiteral(4096 - 16, 64))))
+
+  }
+
+  test("Store = Load LittleEndian") {
+    val ts = List(
+      BitVecLiteral(BigInt("0D", 16), 8),
+      BitVecLiteral(BigInt("0C", 16), 8),
+      BitVecLiteral(BigInt("0B", 16), 8),
+      BitVecLiteral(BigInt("0A", 16), 8)
+    )
+
+    val loader = StVarLoader(NormalInterpreter)
+
+    val s = for {
+      _ <- InterpFuns.initialState(NormalInterpreter)
+      _ <- Eval.store(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
+      r <- Eval.loadBV(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
+    } yield (r)
+    val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
+    val actual = State.evaluate(InterpreterState(), s)
+    assert(actual == Right(expected))
 
   }
 
-   test("Store = Load LittleEndian") {
-     val ts = List(
-       BitVecLiteral(BigInt("0D", 16), 8),
-       BitVecLiteral(BigInt("0C", 16), 8),
-       BitVecLiteral(BigInt("0B", 16), 8),
-       BitVecLiteral(BigInt("0A", 16), 8))
- 
-     val loader = StVarLoader(NormalInterpreter)
-
-     val s = for {
-       _ <- InterpFuns.initialState(NormalInterpreter)
-       _ <- Eval.store(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
-       r <- Eval.loadBV(NormalInterpreter)("mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-     } yield(r)
-     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-     val actual = State.evaluate(InterpreterState(), s)
-     assert(actual == Right(expected))
- 
- 
-   }
- 
 //   test("store bv = loadbv le") {
 //     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
 //     val s2 = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
 //     val actual2: BitVecLiteral = Eval.loadBV(s2, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
 //     assert(actual2 == expected)
 //   }
-// 
-// 
+//
+//
 //   test("Store = Load BigEndian") {
 //     val ts = List(
 //       BitVecLiteral(BigInt("0D", 16), 8),
 //       BitVecLiteral(BigInt("0C", 16), 8),
 //       BitVecLiteral(BigInt("0B", 16), 8),
 //       BitVecLiteral(BigInt("0A", 16), 8))
-// 
+//
 //     val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
 //     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
 //     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
 //     assert(actual == expected)
-// 
-// 
+//
+//
 //   }
-// 
+//
 //   test("getMemory in LittleEndian") {
 //     val ts = List((BitVecLiteral(0, 64), BitVecLiteral(BigInt("0D", 16), 8)),
 //     (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
@@ -166,24 +160,24 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 //     val s = ts.foldLeft(initialMem())((m, v) => Eval.storeSingle(m, "mem", Scalar(v._1), Scalar(v._2)))
 //     // val s = initialMem().store("mem")
 //     // val r = s.loadBV("mem", BitVecLiteral(0, 64))
-// 
+//
 //     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-// 
+//
 //   // def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
 //      val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
 //     assert(actual == expected)
 //   }
-// 
-// 
+//
+//
 //   test("StoreBV = LoadBV LE ") {
 //     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-// 
+//
 //     val s = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
 //     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
 //     println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
 //     assert(actual == expected)
 //   }
-// 
+//
 //   // test("getMemory in BigEndian") {
 //   //   i.mems(0) = BitVecLiteral(BigInt("0A", 16), 8)
 //   //   i.mems(1) = BitVecLiteral(BigInt("0B", 16), 8)
@@ -193,7 +187,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 //   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
 //   //   assert(actual == expected)
 //   // }
-// 
+//
 //   // test("setMemory in LittleEndian") {
 //   //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
 //   //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
@@ -204,7 +198,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 //   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
 //   //   assert(actual == expected)
 //   // }
-// 
+//
 //   // test("setMemory in BigEndian") {
 //   //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
 //   //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
@@ -215,7 +209,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 //   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
 //   //   assert(actual == expected)
 //   // }
-// 
+//
   test("basic_arrays_read") {
     val expected = Map(
       "arr" -> 0
@@ -283,7 +277,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("indirect_call_outparam", expected)
   }
 
-
   test("ifglobal") {
     val expected = Map(
       "x" -> 1
@@ -299,16 +292,14 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("cjump", expected)
   }
 
-
   test("initialisation") {
 
     // Logger.setLevel(LogLevel.WARN)
     val expected = Map(
       "x" -> 6,
-      "y" -> ('b'.toInt), 
+      "y" -> ('b'.toInt)
     )
 
-
     testInterpret("initialisation", expected)
   }
 
@@ -326,8 +317,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("no_interference_update_y", expected)
   }
 
-
-  def fib(n: Int) : Int = {
+  def fib(n: Int): Int = {
     n match {
       case 0 => 0
       case 1 => 1
@@ -337,37 +327,29 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   def fibonacciProg(n: Int) = {
     prog(
-      proc("begin", 
-        block("entry",
-          Assign(R8, Register("R31", 64)),
-          Assign(R0, bv64(n)),
-          directCall("fib"),
-          goto("done")
-        ),
-        block("done",
-          Assert(BinaryExpr(BVEQ, R0, bv64(fib(n)))),
-          ret
-        )),
-      proc("fib",
+      proc(
+        "begin",
+        block("entry", Assign(R8, Register("R31", 64)), Assign(R0, bv64(n)), directCall("fib"), goto("done")),
+        block("done", Assert(BinaryExpr(BVEQ, R0, bv64(fib(n)))), ret)
+      ),
+      proc(
+        "fib",
         block("base", goto("base1", "base2", "dofib")),
-        block("base1", 
-          Assume(BinaryExpr(BVEQ, R0, bv64(0))),
-          ret),
-        block("base2", 
-          Assume(BinaryExpr(BVEQ, R0, bv64(1))),
-          ret),
-        block("dofib",
+        block("base1", Assume(BinaryExpr(BVEQ, R0, bv64(0))), ret),
+        block("base2", Assume(BinaryExpr(BVEQ, R0, bv64(1))), ret),
+        block(
+          "dofib",
           Assume(BinaryExpr(BoolAND, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVNEQ, R0, bv64(1)))),
           // R8 stack pointer preserved across calls
-          Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),  
+          Assign(R7, BinaryExpr(BVADD, R8, bv64(8))),
           MemoryAssign(stack, R7, R8, Endian.LittleEndian, 64), // sp
           Assign(R8, R7),
-          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 8
+          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))), // sp + 8
           MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 8] = arg0
           Assign(R0, BinaryExpr(BVSUB, R0, bv64(1))),
           directCall("fib"),
           Assign(R2, R8), // sp + 8
-          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))),  // sp + 16
+          Assign(R8, BinaryExpr(BVADD, R8, bv64(8))), // sp + 16
           MemoryAssign(stack, R8, R0, Endian.LittleEndian, 64), // [sp + 16] = r1
           Assign(R0, MemoryLoad(stack, R2, Endian.LittleEndian, 64)), // [sp + 8]
           Assign(R0, BinaryExpr(BVSUB, R0, bv64(2))),
@@ -376,9 +358,9 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
           Assign(R0, BinaryExpr(BVADD, R0, R2)),
           Assign(R8, MemoryLoad(stack, BinaryExpr(BVSUB, R8, bv64(16)), Endian.LittleEndian, 64)),
           ret
-          )
         )
       )
+    )
   }
 
   test("fibonacci") {
@@ -410,40 +392,52 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       val ir = interpret(prog)
       val it = intt.elapsed()
 
-      res = (i,native,it)::res
+      res = (i, native, it) :: res
 
       println(s"${res.head}")
     }
 
-    println(("fib number,native time,interp time"::(res.map(x => s"${x._1},${x._2},${x._3}"))).mkString("\n"))
+    println(("fib number,native time,interp time" :: (res.map(x => s"${x._1},${x._2},${x._3}"))).mkString("\n"))
 
   }
 
+  test("fibonacci Trace") {
+
+    val fib = fibonacciProg(8)
+
+    val r = interpretTrace(fib)
 
+    assert(r._1.nextCmd == Stopped())
+    // Show interpreted result
+    //
 
-   test("fibonacci Trace") {
+  }
 
-     val fib = fibonacciProg(8)
+  test("fib breakpoints") {
 
-      val r = interpretTrace(fib)
- 
-     assert(r._1.nextCmd == Stopped())
-     // Show interpreted result
-     //
- 
-   }
+    val fib = fibonacciProg(8)
+    val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get).get
+    val bp = BreakPoint(
+      "Fibentry",
+      BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))),
+      BreakPointAction(true, true, List(("R0", Register("R0", 64))), true)
+    )
+    // val bp2 = BreakPoint("Fibentry",  BreakPointLoc.CMD(watch), BreakPointAction(true, false, List(("R0", Register("R0", 64))), true))
+    // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
+    // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
+    val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())
+  }
 
-   test("fib breakpoints") {
+  test("Capture IllegalArg") {
 
-     val fib = fibonacciProg(8)
-     val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get).get
-     val bp = BreakPoint("Fibentry",  BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))), BreakPointAction(true, true, List(("R0", Register("R0", 64))), true))
-     // val bp2 = BreakPoint("Fibentry",  BreakPointLoc.CMD(watch), BreakPointAction(true, false, List(("R0", Register("R0", 64))), true))
-     // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
-     // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
-     val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())
+    val tp = prog(
+      proc("begin", block("shouldfail", Assign(R0, ZeroExtend(-1, BitVecLiteral(0, 64))), ret))
+    )
 
+    val ir = interpret(tp)
+    println(ir)
+    assert(ir.nextCmd.isInstanceOf[ErrorStop])
 
-   }
+  }
 
 }

From 4fc8ed2720b9d6aae9d2e06c957af201d63951d1 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 17:44:50 +1000
Subject: [PATCH 044/127] improve interpretOne

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 77 ++++++++++++-------
 .../scala/ir/eval/InterpretBreakpoints.scala  |  3 +-
 src/main/scala/ir/eval/Interpreter.scala      | 20 ++---
 src/test/scala/ir/InterpreterTests.scala      |  7 +-
 4 files changed, 64 insertions(+), 43 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 7ffd4875a..b483431a0 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -226,19 +226,22 @@ case object Eval {
   }
 }
 
-
 class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S, InterpreterError](f) {
 
-  def interpretOne: State[S, Unit, InterpreterError] = for {
+  def interpretOne: State[S, Boolean, InterpreterError] = for {
     next <- f.getNext
-    _ <- (next match {
-      case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(f)
-      case Run(c: Statement)  => interpretStatement(f)(c)
-      case Run(c: Jump)       => interpretJump(f)(c)
-      case Stopped()          => State.pure(())
-      case ErrorStop(e)       => State.pure(())
-    }).flatMapE((e: InterpreterError) => f.setNext(ErrorStop(e)))
-  } yield ()
+    _ <- State.pure(Logger.debug(s"$next"))
+    r: Boolean <- (next match {
+      case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(f).map(_ => true)
+      case Run(c: Statement)  => interpretStatement(f)(c).map(_ => true)
+      case Run(c: Jump)       => interpretJump(f)(c).map(_ => true)
+      case Stopped()          => State.pure(false)
+      case ErrorStop(e)       => State.pure(false)
+    })
+      .flatMapE((e: InterpreterError) => {
+        f.setNext(ErrorStop(e)).map(_ => false)
+      })
+  } yield (r)
 
   def interpretJump[S, T <: Effects[S, InterpreterError]](f: T)(j: Jump): State[S, Unit, InterpreterError] = {
     j match {
@@ -288,7 +291,8 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
       case assert: Assert =>
         for {
           b <- Eval.evalBool(f)(assert.body)
-          _ <- (if (!b) then {
+          _ <-
+            (if (!b) then {
                State.setError(FailedAssertion(assert))
              } else {
                f.setNext(Run(s.successor))
@@ -346,7 +350,7 @@ object InterpFuns {
     var done = false
     var x = List[(String, FunPointer)]()
 
-    def newAddr() : BigInt = {
+    def newAddr(): BigInt = {
       addr += 8
       addr
     }
@@ -360,10 +364,27 @@ object InterpFuns {
 
     val procs = p.procedures.filter(proc => proc.address.isDefined)
 
-    val fptrs = ctx.externalFunctions.toList.sortBy(_.name).flatMap(f => {
-      intrinsics.get(f.name).map(fp => (f.offset, fp))
-        .orElse(procs.find(p => p.name == f.name).map(proc => (f.offset, FunPointer(BitVecLiteral(proc.address.getOrElse(newAddr().toInt), 64), proc.name, Run(DirectCall(proc))))))
-    })
+    val fptrs = ctx.externalFunctions.toList
+      .sortBy(_.name)
+      .flatMap(f => {
+        intrinsics
+          .get(f.name)
+          .map(fp => (f.offset, fp))
+          .orElse(
+            procs
+              .find(p => p.name == f.name)
+              .map(proc =>
+                (
+                  f.offset,
+                  FunPointer(
+                    BitVecLiteral(proc.address.getOrElse(newAddr().toInt), 64),
+                    proc.name,
+                    Run(DirectCall(proc))
+                  )
+                )
+              )
+          )
+      })
 
     // sort for deterministic trace
     val stores = fptrs
@@ -371,12 +392,12 @@ object InterpFuns {
       .map((p) => {
         val (offset, fptr) = p
         Eval.storeSingle(s)("ghost-funtable", Scalar(fptr.addr), fptr)
-        >> (Eval.storeBV(s)(
-          "mem",
-          Scalar(BitVecLiteral(offset, 64)),
-          fptr.addr,
-          Endian.LittleEndian
-        ))
+          >> (Eval.storeBV(s)(
+            "mem",
+            Scalar(BitVecLiteral(offset, 64)),
+            fptr.addr,
+            Endian.LittleEndian
+          ))
       })
 
     State.sequence(State.pure(()), stores)
@@ -388,11 +409,12 @@ object InterpFuns {
     */
 
   def initialState[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
-    val SP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-    val FP: BitVecLiteral = BitVecLiteral(4096 - 16, 64)
-    val LR: BitVecLiteral = BitVecLiteral(BigInt("FF", 16), 64)
+    val SP: BitVecLiteral = BitVecLiteral(0x78000000, 64)
+    val FP: BitVecLiteral = SP
+    val LR: BitVecLiteral = BitVecLiteral(BigInt("78000000", 16), 64)
 
     for {
+      h <- State.pure(Logger.debug("DEFINE MEMORY REGIONS"))
       h <- s.storeVar("ghost-funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
       h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
@@ -410,7 +432,7 @@ object InterpFuns {
         m <- State.sequence(
           State.pure(()),
           mems
-            .filter(m => m.address != 0)
+            .filter(m => m.address != 0 && m.bytes.size != 0)
             .map(memory =>
               Eval.store(f)(
                 mem,
@@ -426,7 +448,7 @@ object InterpFuns {
     for {
       d <- initialState(f)
       funs <- State.sequence(
-        State.pure(()),
+        State.pure(Logger.debug("INITIALISE FUNCTION ADDRESSES")),
         p.procedures
           .filter(p => p.blocks.nonEmpty && p.address.isDefined)
           .map((proc: Procedure) =>
@@ -437,6 +459,7 @@ object InterpFuns {
             )
           )
       )
+      _ <- State.pure(Logger.debug("INITIALISE MEMORY SECTIONS"))
       mem <- initMemory("mem", p.initialMemory)
       mem <- initMemory("stack", p.initialMemory)
       mem <- initMemory("mem", p.readOnlyMemory)
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index 831c85c3d..e64d65506 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -82,11 +82,10 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, v
                             val stopping = if action.stop then " stopping. " else ""
                             val evalstr = evals.map(e => s"\n  ${e._1} : eval(${e._2}) = ${e._3}").mkString("")
                             Logger.warn(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
-                            //println(s"Breakpoint $bpn@$bpcond.$saving$stopping$evalstr")
                           }
                         })
                         _ <-
-                          if action.stop then doLeft(State.setError(Errored(s"Stopped at breakpoint ${name}")))
+                          if action.stop then doLeft(f.setNext(ErrorStop(Errored(s"Stopped at breakpoint ${name}"))))
                           else doLeft(State.pure(()))
                         _ <- State.modify((istate: (T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])])) =>
                           (istate._1, ((breakpoint, saved, evals) :: istate._2))
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 9d3246fcc..70ba4d8ee 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -255,6 +255,8 @@ case class MemoryState(
   /** typecheck and some fields of a map variable */
   def doStore(vname: String, values: Map[BasilValue, BasilValue]): Either[InterpreterError, MemoryState] = for {
     // val (frame, mem) = findVar(vname)
+    
+    _ <- if (values.size == 0) then Left(MemoryError("Tried to store size 0")) else Right(())
     v <- findVar(vname)
     (frame, mem) = v
     // val (mapval, keytype, valtype) =
@@ -356,7 +358,7 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
     rs match {
       case Some(_, l) => {
         val vs = Scalar(l.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r))).toString
-        s"$varname[${ks.head._1}] := $vs"
+        s"$varname[${ks.headOption.map(_._1).getOrElse("null")}] := $vs"
       }
       case None if ks.length < 8 => s"$varname[${ks.map(_._1).mkString(",")}] := ${ks.map(_._2).mkString(",")}"
       case None => s"$varname[${ks.map(_._1).take(8).mkString(",")}...] := ${ks.map(_._2).take(8).mkString(", ")}... "
@@ -418,20 +420,14 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
 trait Interpreter[S, E](val f: Effects[S, E]) {
 
-  def interpretOne: State[S, Unit, E]
+  /*
+   * Returns value deciding whether to continue.
+   */
+  def interpretOne: State[S, Boolean, E]
 
   @tailrec
   final def run(begin: S): S = {
-    val c = for {
-      _ <- interpretOne
-      x <- f.getNext
-      continue = x match {
-        case Stopped() | ErrorStop(_) => false 
-        case _ => true
-      }
-    } yield (continue) 
-
-    val (fs,cont) = c.f(begin)
+    val (fs,cont) = interpretOne.f(begin)
 
     if (cont.contains(true)) then {
       run(fs)
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 89ac86984..bd12b5818 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -34,7 +34,7 @@ def mems[E, T <: Effects[T, E]](m: MemoryState): Map[BigInt, BitVecLiteral] = {
 
 class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
-  Logger.setLevel(LogLevel.INFO)
+  Logger.setLevel(LogLevel.WARN)
 
   def getProgram(name: String): IRContext = {
     val loading = ILLoadingConfig(
@@ -415,6 +415,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   test("fib breakpoints") {
 
+    Logger.setLevel(LogLevel.INFO)
     val fib = fibonacciProg(8)
     val watch = IRWalk.firstInProc((fib.procedures.find(_.name == "fib")).get).get
     val bp = BreakPoint(
@@ -422,10 +423,12 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       BreakPointLoc.CMDCond(watch, BinaryExpr(BVEQ, BitVecLiteral(5, 64), Register("R0", 64))),
       BreakPointAction(true, true, List(("R0", Register("R0", 64))), true)
     )
-    // val bp2 = BreakPoint("Fibentry",  BreakPointLoc.CMD(watch), BreakPointAction(true, false, List(("R0", Register("R0", 64))), true))
+    val bp2 = BreakPoint("Fibentry",  BreakPointLoc.CMD(watch), BreakPointAction(true, true , List(("R0", Register("R0", 64))), true))
     // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
     // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
     val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())
+    assert(res._1.nextCmd.isInstanceOf[ErrorStop])
+    assert(res._2.nonEmpty)
   }
 
   test("Capture IllegalArg") {

From 8f966cedb52704094973bed02c7f6a6165886f07 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 17:45:01 +1000
Subject: [PATCH 045/127] notes on initialisation

---
 docs/development/interpreter.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index a24738d41..0fb9713f5 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -14,6 +14,7 @@ exited on a non-error stop state.
          StoreVar(#5,Local,0xfd0:bv64)
          StoreMem(mem,HashMap(0xfd0:bv64 -> 0xf0:bv8, 0xfd6:bv64 -> 0x0:bv8, 0xfd2:bv64 -> 0x0:bv8, 0xfd3:bv64 -> 0x0:bv8, 0xfd4:bv64 -> 0x0:bv8, 0xfd7:bv64 -> 0x0:bv8, 0xfd5:bv64 -> 0x0:bv8, 0xfd1
 ...
+[INFO]   Interpreter stopped normally.
 ```
 
 The `--verbose` flag can also be used, which may print interpreter trace events as they are executed, but not this may not correspond to the actual 
@@ -134,6 +135,27 @@ This means, `Effects` triggered by an inner `Effects[]` instance do not flow bac
 but only appear from when `Interpreter` above the `ProductInterpreter` interprets the program via effect calls. 
 For this reason if, for example, `NormalInterpreter` makes effect calls they will not appear in a trace emitted by `interptretTrace`. 
 
+### Note on memory space initialisation 
 
+Most of the interpret functions are overloaded such that there is a version taking a program `interpret(p: Program)`, 
+and a version taking `IRContext`. The variant taking IRContext uses the ELF symbol information to initialise the 
+memory before interpretation. If you are interpreting a real program (i.e. not a synthetic example created through 
+the DSL), this is most likely required.
+
+We initialise:
+
+- The general interpreter state, stack and memory regions, stack pointer, a symbolic mapping from addresses functions
+- The initial and readonly memory sections stored in Program
+- The `.bss` section to zero
+- The relocation table. Each listed offset is stored an address to either a real procedure in the program, or a 
+  location storing a symbolic function pointer to an intrinsic function.
+
+- `.bss` is generally the top of the initialised data, the ELF symbol `__bss_end__` being equal to the symbol `__end__`.
+  Above this we can somewhat choose arbitrarily where to put things, usually the heap is above, followed by 
+  dynamically linked symbols, then the stack. There is currently no stack overflow checking, or heap implemented in the 
+  interpreter.
+- Unfortunately these details are defined by the load-time linker and the system's linker script, and it is hard to find a good description
+  of their behaviour. Some details are described here https://refspecs.linuxfoundation.org/elf/elf.pdf, and here 
+  https://dl.acm.org/doi/abs/10.1145/2983990.2983996.
 
 

From f00b44b806ce385468d714653ac78f3ea77cc1c6 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 4 Sep 2024 18:00:53 +1000
Subject: [PATCH 046/127] simplify invoc funcs

---
 docs/development/interpreter.md               |  6 +++---
 .../scala/ir/eval/InterpretBreakpoints.scala  |  9 +++++++++
 src/main/scala/ir/eval/InterpretTrace.scala   | 20 +++++++++++++------
 src/main/scala/ir/eval/Interpreter.scala      |  4 ++--
 src/test/scala/ir/InterpreterTests.scala      |  2 --
 5 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index 0fb9713f5..6e0764457 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -37,13 +37,13 @@ To see an example of this used to validate the constant prop analysis see [/src/
 
 #### BreakPoints
 
-Finally `interpretWithBreakPoints(p: IRContext, List[BreakPoint], interpreter, initialState)` is used to 
-run an interpreter, and perform additional work at specific code points. For example, this may be invoked such as:
+Finally `interpretBreakPoints(p: IRContext, breakpoints: List[BreakPoint])` is used to 
+run an interpreter and perform additional actions at specified code points. For example, this may be invoked such as:
 
 ```scala
 val watch = IRWalk.firstInProc((program.procedures.find(_.name == "main")).get).get
 val bp = BreakPoint("entrypoint",  BreakPointLoc.CMD(watch), BreakPointAction(saveState=true, stop=true, evalExprs=List(("R0", Register("R0", 64))), log=true))
-val res = interpretWithBreakPoints(program, List(bp), NormalInterpreter, InterpreterState())
+val res = interpretBreakPoints(program, List(bp))
 ```
 
 The structure of a breakpoint is as follows:
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index e64d65506..c8613dada 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -123,3 +123,12 @@ def interpretWithBreakPoints[I](
   val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
   res
 }
+
+def interpretBreakPoints(p: IRContext, breakpoints: List[BreakPoint]) = {
+  interpretWithBreakPoints(p, breakpoints, NormalInterpreter, InterpreterState())
+}
+
+
+def interpretBreakPoints(p: Program, breakpoints: List[BreakPoint]) = {
+  interpretWithBreakPoints(p, breakpoints, NormalInterpreter, InterpreterState())
+}
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 5c1c963fd..dbdd6e0b8 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -56,14 +56,22 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
 
 }
 
-def tracingInterpreter = ProductInterpreter(NormalInterpreter, TraceGen())
-
-def interpretTrace(p: Program): (InterpreterState, Trace) = {
-  InterpFuns.interpretProg(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+def interpretWithTrace[I](p: Program, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Trace) = {
+  val tracingInterpreter = ProductInterpreter(innerInterpreter, TraceGen())
+  InterpFuns.interpretProg(tracingInterpreter)(p, (innerInitialState, Trace(List())))
 }
 
-def interpretTrace(p: IRContext): (InterpreterState, Trace) = {
-  val begin = InterpFuns.initProgState(tracingInterpreter)(p, (InterpreterState(), Trace(List())))
+def interpretWithTrace[I](p: IRContext, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Trace) = {
+  val tracingInterpreter = ProductInterpreter(innerInterpreter, TraceGen())
+  val begin = InterpFuns.initProgState(tracingInterpreter)(p, (innerInitialState, Trace(List())))
   // throw away initialisation trace
   BASILInterpreter(tracingInterpreter).run((begin._1, Trace(List())))
 }
+
+def interpretTrace(p: Program) = {
+  interpretWithTrace(p, NormalInterpreter, InterpreterState())
+}
+
+def interpretTrace(p: IRContext) = {
+  interpretWithTrace(p, NormalInterpreter, InterpreterState())
+}
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 70ba4d8ee..108eb34e2 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -39,11 +39,11 @@ case class Scalar(val value: Literal) extends BasilValue(value.getType) {
   }
 }
 
-/* Slightly hacky way of mapping addresses to function calls within the interpreter dynamic state */
+/* Abstract callable function address */
 case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation)
     extends BasilValue(addr.getType)
 
-/* Erase the type of basil values and enforce the invariant that
+/* We erase the type of basil values and enforce the invariant that
    \exists i . \forall v \in value.keys , v.irType = i  and
    \exists j . \forall v \in value.values, v.irType = j
  */
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index bd12b5818..f128702f6 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -424,8 +424,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       BreakPointAction(true, true, List(("R0", Register("R0", 64))), true)
     )
     val bp2 = BreakPoint("Fibentry",  BreakPointLoc.CMD(watch), BreakPointAction(true, true , List(("R0", Register("R0", 64))), true))
-    // val interp = LayerInterpreter(NormalInterpreter, RememberBreakpoints(NormalInterpreter, List(bp)))
-    // val res = InterpFuns.interpretProg(interp)(fib, (InterpreterState(), List()))
     val res = interpretWithBreakPoints(fib, List(bp), NormalInterpreter, InterpreterState())
     assert(res._1.nextCmd.isInstanceOf[ErrorStop])
     assert(res._2.nonEmpty)

From ceef23351e1b751c736a7ddd1425350331494bb4 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 10:18:15 +1000
Subject: [PATCH 047/127] note missing features

---
 docs/development/interpreter.md | 39 +++++++++++++++++++++++++++------
 docs/development/readme.md      |  1 +
 docs/readme.md                  |  1 +
 3 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index 6e0764457..2564d7f89 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -76,6 +76,7 @@ To see an example of this used to validate the constant prop analysis see [/src/
       (e.g negative divisor, type mismatch)
 -  [ExprEval.scala](../../src/main/scala/ir/eval/ExprEval.scala)
     - Evaluation of expressions, defined in terms of partial evaluation down to a Literal
+    - This can also be used to evaluate expressions in static analyses, by passing a function to query variable assignments and memory state from the value domain. 
 -  [Interpreter.scala](../../src/main/scala/ir/eval/Interpreter.scala)
     - Definition of core `Effects[S, E]` and `Interpreter[S, E]` types describing state transitions in 
       the interpreter
@@ -150,12 +151,36 @@ We initialise:
 - The relocation table. Each listed offset is stored an address to either a real procedure in the program, or a 
   location storing a symbolic function pointer to an intrinsic function.
 
-- `.bss` is generally the top of the initialised data, the ELF symbol `__bss_end__` being equal to the symbol `__end__`.
-  Above this we can somewhat choose arbitrarily where to put things, usually the heap is above, followed by 
-  dynamically linked symbols, then the stack. There is currently no stack overflow checking, or heap implemented in the 
-  interpreter.
-- Unfortunately these details are defined by the load-time linker and the system's linker script, and it is hard to find a good description
-  of their behaviour. Some details are described here https://refspecs.linuxfoundation.org/elf/elf.pdf, and here 
-  https://dl.acm.org/doi/abs/10.1145/2983990.2983996.
+`.bss` is generally the top of the initialised data, the ELF symbol `__bss_end__` being equal to the symbol `__end__`.
+Above this we can somewhat choose arbitrarily where to put things, usually the heap is above, followed by 
+dynamically linked symbols, then the stack. There is currently no stack overflow checking, or heap implemented in the 
+interpreter.
+
+Unfortunately these details are defined by the load-time linker and the system's linker script, and it is hard to find a good description
+of their behaviour. Some details are described here https://refspecs.linuxfoundation.org/elf/elf.pdf, and here 
+https://dl.acm.org/doi/abs/10.1145/2983990.2983996.
+
+### Missing features
+
+There is functionality to implement external function calls via intrinsics written in Scala code, but currently only 
+basic printf style functions are implemented as no-ops. These can be extended to use a file IO abstraction, where
+a memory region is created for each file (e.g. stdout), with a variable to keep track of the current write-point
+such that a file write operation stores to the write-point address, and increments it by the size of the store.
+
+Importantly, an implementation of malloc() and free() is needed, which can implement a simple greedy allocation 
+algorithm.
+
+Despite the presence of procedure parameters in the current IR, they are not used for by the boogie translation and 
+are hence similarly ignored in the interpreter.
+
+The interpreter's immutable state representation is motivated by the ability to easily implement a sound approach
+to non-determinism, e.g. to implement GoTos with guessing and rollback rather than look-ahead. This is more
+useful for checking specification constructs than executing real programs. 
+
+Finally, the trace does not clearly distinguish internal vs external calls, or observable 
+and non-observable behaviour.
+
+While the interpreter semantics supports memory regions, we do not initialise the memory regions (or the initial memory state) 
+based on those present in the program, we assume a flat `mem` memory model, possibly with `stack` as well.
 
 
diff --git a/docs/development/readme.md b/docs/development/readme.md
index 9b7de0be3..d0b7fbb75 100644
--- a/docs/development/readme.md
+++ b/docs/development/readme.md
@@ -5,6 +5,7 @@
 - [tool-installation](tool-installation.md) Guide to lifter, etc. tool installation
 - [scala](scala.md) Advice on Scala programming.
 - [cfg](cfg.md) Explanation of the old CFG datastructure 
+- [interpreter](interpreter.md) Explanation of IR interpreter
 
 
 ## Scala
diff --git a/docs/readme.md b/docs/readme.md
index f7b331b23..3bb6905aa 100644
--- a/docs/readme.md
+++ b/docs/readme.md
@@ -12,6 +12,7 @@ To get started on development, see [development](development).
     - [editor-setup](development/editor-setup.md) Guide to basil development in IDEs 
     - [tool-installation](development/tool-installation.md) Guide to lifter, etc. tool installation
     - [cfg](development/cfg.md) Explanation of the old CFG datastructure 
+    - [interpreter](development/interpreter.md) Explanation of IR interpreter
 - [basil-ir](basil-ir.md) explanation of BASIL's intermediate representation
 - [compiler-explorer](compiler-explorer.md) guide to the compiler explorer basil interface
 - [il-cfg](il-cfg.md) explanation of the IL cfg iterator design

From cff6c970584815b036bd132cb148ac959aea2cc9 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 10:37:04 +1000
Subject: [PATCH 048/127] run through all system tests

---
 src/main/scala/util/functional.scala      |  4 +-
 src/test/scala/DifferentialAnalysis.scala | 64 ++++++++++-------------
 src/test/scala/SystemTests.scala          | 22 +-------
 src/test/scala/test_util/TestUtil.scala   | 22 ++++++++
 4 files changed, 55 insertions(+), 57 deletions(-)

diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional.scala
index 4db438646..975220686 100644
--- a/src/main/scala/util/functional.scala
+++ b/src/main/scala/util/functional.scala
@@ -9,8 +9,8 @@ case class State[S, A, E](f: S => (S, Either[E, A])) {
 
   def >>(o: State[S,A,E]) = for {
     _ <- this
-    _ <- o
-  } yield (())
+    x <- o
+  } yield (x)
 
 
   def flatMap[B](f: A => State[S, B, E]): State[S, B, E] = State(s => {
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 8c40fac56..758dc2221 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -8,6 +8,7 @@ import org.scalatest.funsuite.*
 import specification.*
 import util.{BASILConfig, IRLoading, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult, Logger, LogLevel, IRTransform}
 import ir.eval.{interpretTrace, interpret, ExecEffect, Stopped}
+import test_util.*
 
 
 import java.io.IOException
@@ -44,9 +45,9 @@ class DifferentialAnalysis extends AnyFunSuite {
     assert(filterEvents(traceInit.t).mkString("\n") == filterEvents(traceRes.t).mkString("\n"))
   }
 
-  def testProgram(testName: String, examplePath: String) = {
+  def testProgram(testName: String, examplePath: String, suffix: String =".adt") = {
 
-    val loading = ILLoadingConfig(inputFile = examplePath + testName + ".adt",
+    val loading = ILLoadingConfig(inputFile = examplePath + testName + suffix,
       relfFile = examplePath + testName + ".relf",
       dumpIL = None,
     )
@@ -67,17 +68,6 @@ class DifferentialAnalysis extends AnyFunSuite {
     testProgram(testName, examplePath)
   }
 
-  test("indirect_call_gcc_example") {
-    val testName = "indirect_call"
-    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
-    testProgram(testName, examplePath)
-  }
-
-  test("indirect_call_clang_example") {
-    val testName = "indirect_call"
-    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
-    testProgram(testName, examplePath)
-  }
 
   test("jumptable2_example") {
     val testName = "jumptable2"
@@ -85,17 +75,6 @@ class DifferentialAnalysis extends AnyFunSuite {
     testProgram(testName, examplePath)
   }
 
-  test("jumptable2_gcc_example") {
-    val testName = "jumptable2"
-    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
-    testProgram(testName, examplePath)
-  }
-
-  test("jumptable2_clang_example") {
-    val testName = "jumptable2"
-    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
-    testProgram(testName, examplePath)
-  }
 
   test("jumptable_example") {
     val testName = "jumptable"
@@ -109,17 +88,6 @@ class DifferentialAnalysis extends AnyFunSuite {
     testProgram(testName, examplePath)
   }
 
-  test("functionpointer_gcc_example") {
-    val testName = "functionpointer"
-    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/gcc/"
-    testProgram(testName, examplePath)
-  }
-
-  test("functionpointer_clang_example") {
-    val testName = "functionpointer"
-    val examplePath = System.getProperty("user.dir") + s"/src/test/correct/$testName/clang/"
-    testProgram(testName, examplePath)
-  }
 
 
   test("function_got_example") {
@@ -127,4 +95,30 @@ class DifferentialAnalysis extends AnyFunSuite {
     val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
     testProgram(testName, examplePath)
   }
+
+
+  def runSystemTests(): Unit = {
+
+    val path = System.getProperty("user.dir") + s"/src/test/correct/"
+    val programs: Array[String] = getSubdirectories(path)
+
+    // get all variations of each program
+    for (p <- programs) {
+      val programPath = path + "/" + p
+      val variations = getSubdirectories(programPath)
+      println(variations.mkString("\n"))
+      variations.foreach(variation => {
+        test("analysis_differential:" + p + "/" + variation + ":BAP") {
+          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt")
+        }
+        test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
+          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
+        }
+      }
+      )
+    }
+  }
+
+
+  runSystemTests()
 }
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index 80a0ce4fc..c18d5e40a 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -1,5 +1,6 @@
 import org.scalatest.funsuite.AnyFunSuite
 import util.{Logger, PerformanceTimer}
+import test_util.*
 
 import Numeric.Implicits.*
 import java.io.{BufferedWriter, File, FileWriter}
@@ -215,25 +216,6 @@ trait SystemTests extends AnyFunSuite {
     true
   }
 
-  /** @param directoryName
-    * of the parent directory
-    * @return
-    * the names all subdirectories of the given parent directory
-    */
-  def getSubdirectories(directoryName: String): Array[String] = {
-    Option(File(directoryName).listFiles(_.isDirectory)) match {
-      case None => throw java.io.IOException(s"failed to read directory '$directoryName'")
-      case Some(subdirs) => subdirs.map(_.getName)
-    }
-  }
-
-  def log(text: String, path: String): Unit = {
-    val writer = BufferedWriter(FileWriter(path, false))
-    writer.write(text)
-    writer.flush()
-    writer.close()
-  }
-
 }
 
 class SystemTestsBAP extends SystemTests  {
@@ -343,4 +325,4 @@ def loadHisto() = {
   val timeValues = res("verifyTime").map(_.toDouble)
   val histo = histogram(50, Some(800.0, 1000.0))(timeValues.toSeq)
   println(histoToSvg("test histogram", 500, 300, histo, 800.0, 1000.0))
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/test_util/TestUtil.scala b/src/test/scala/test_util/TestUtil.scala
index da2eb7c56..abb243ab0 100644
--- a/src/test/scala/test_util/TestUtil.scala
+++ b/src/test/scala/test_util/TestUtil.scala
@@ -1,4 +1,5 @@
 package test_util
+import java.io.{BufferedWriter, File, FileWriter}
 
 import ir.{Block, Procedure, Program}
 import util.{BASILConfig, BASILResult, BoogieGeneratorConfig, ILLoadingConfig, RunUtils, StaticAnalysisConfig}
@@ -40,3 +41,24 @@ trait TestUtil {
     )
   }
 }
+
+
+/** @param directoryName
+  * of the parent directory
+  * @return
+  * the names all subdirectories of the given parent directory
+  */
+def getSubdirectories(directoryName: String): Array[String] = {
+  Option(File(directoryName).listFiles(_.isDirectory)) match {
+    case None => throw java.io.IOException(s"failed to read directory '$directoryName'")
+    case Some(subdirs) => subdirs.map(_.getName)
+  }
+}
+
+def log(text: String, path: String): Unit = {
+  val writer = BufferedWriter(FileWriter(path, false))
+  writer.write(text)
+  writer.flush()
+  writer.close()
+}
+

From 822c12778e511b62eebae961b20d4972376cffd6 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 11:24:00 +1000
Subject: [PATCH 049/127] add resource limit

---
 src/main/scala/ir/eval/InterpretBasilIR.scala | 29 ++++++-----
 src/main/scala/ir/eval/InterpretRLimit.scala  | 52 +++++++++++++++++++
 src/main/scala/ir/eval/InterpretTrace.scala   |  5 +-
 src/test/scala/DifferentialAnalysis.scala     | 14 +++--
 4 files changed, 82 insertions(+), 18 deletions(-)
 create mode 100644 src/main/scala/ir/eval/InterpretRLimit.scala

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index b483431a0..2878a3608 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -228,20 +228,23 @@ case object Eval {
 
 class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S, InterpreterError](f) {
 
-  def interpretOne: State[S, Boolean, InterpreterError] = for {
-    next <- f.getNext
-    _ <- State.pure(Logger.debug(s"$next"))
-    r: Boolean <- (next match {
-      case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(f).map(_ => true)
-      case Run(c: Statement)  => interpretStatement(f)(c).map(_ => true)
-      case Run(c: Jump)       => interpretJump(f)(c).map(_ => true)
-      case Stopped()          => State.pure(false)
-      case ErrorStop(e)       => State.pure(false)
-    })
-      .flatMapE((e: InterpreterError) => {
-        f.setNext(ErrorStop(e)).map(_ => false)
+  def interpretOne: State[S, Boolean, InterpreterError] = {
+    val next = for {
+      next <- f.getNext
+      _ <- State.pure(Logger.debug(s"$next"))
+      r: Boolean <- (next match {
+        case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(f).map(_ => true)
+        case Run(c: Statement)  => interpretStatement(f)(c).map(_ => true)
+        case Run(c: Jump)       => interpretJump(f)(c).map(_ => true)
+        case Stopped()          => State.pure(false)
+        case ErrorStop(e)       => State.pure(false)
       })
-  } yield (r)
+    } yield (r)
+
+    next.flatMapE((e: InterpreterError) => {
+      f.setNext(ErrorStop(e)).map(_ => false)
+    })
+  }
 
   def interpretJump[S, T <: Effects[S, InterpreterError]](f: T)(j: Jump): State[S, Unit, InterpreterError] = {
     j match {
diff --git a/src/main/scala/ir/eval/InterpretRLimit.scala b/src/main/scala/ir/eval/InterpretRLimit.scala
new file mode 100644
index 000000000..cdaecccc1
--- /dev/null
+++ b/src/main/scala/ir/eval/InterpretRLimit.scala
@@ -0,0 +1,52 @@
+
+package ir.eval
+import ir._
+import ir.eval.BitVectorEval.*
+import ir.*
+import util.IRContext
+import util.Logger
+import util.functional.*
+import util.functional.State.*
+import boogie.Scope
+import scala.collection.WithFilter
+
+import scala.annotation.tailrec
+import scala.collection.mutable
+import scala.collection.immutable
+import scala.util.control.Breaks.{break, breakable}
+
+
+case class EffectsRLimit[T, E, I <: Effects[T, InterpreterError]](val limit: Int) extends NopEffects[(T, Int), InterpreterError] {
+
+  override def getNext :State[(T, Int), ExecutionContinuation, InterpreterError] = {
+    for {
+      c : (T, Int) <- State.getS
+      (is, resources) = c
+      _ <- if (resources >= limit && limit >= 0) {
+        State.setError(Errored(s"Resource limit $limit reached"))
+      } else { 
+        State.modify ((s : (T, Int)) => (s._1, s._2 + 1))
+      }
+    } yield (Stopped()) // thrown away by LayerInterpreter
+  }
+}
+
+def interpretWithRLimit[I](p: Program, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): I = {
+  val rlimitInterpreter = LayerInterpreter(innerInterpreter, EffectsRLimit(instructionLimit))
+  InterpFuns.interpretProg(rlimitInterpreter)(p, (innerInitialState, 0))._1
+}
+
+def interpretWithRLimit[I](p: IRContext, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): I = {
+  val rlimitInterpreter = LayerInterpreter(innerInterpreter, EffectsRLimit(instructionLimit))
+  val begin = InterpFuns.initProgState(rlimitInterpreter)(p, (innerInitialState, 0))
+  // throw away initialisation trace
+  BASILInterpreter(rlimitInterpreter).run((begin._1, 0))._1
+}
+
+def interpretRLimit(p: Program, instructionLimit: Int) : InterpreterState = {
+  interpretWithRLimit(p, instructionLimit, NormalInterpreter, InterpreterState())
+}
+
+def interpretRLimit(p: IRContext, instructionLimit: Int) : InterpreterState = {
+  interpretWithRLimit(p, instructionLimit, NormalInterpreter, InterpreterState())
+}
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index dbdd6e0b8..89b0fc976 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -56,9 +56,10 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
 
 }
 
+def tracingInterpreter[I, E](innerInterpreter: Effects[I, E]) = ProductInterpreter(innerInterpreter, TraceGen())
+
 def interpretWithTrace[I](p: Program, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Trace) = {
-  val tracingInterpreter = ProductInterpreter(innerInterpreter, TraceGen())
-  InterpFuns.interpretProg(tracingInterpreter)(p, (innerInitialState, Trace(List())))
+  InterpFuns.interpretProg(tracingInterpreter(innerInterpreter))(p, (innerInitialState, Trace(List())))
 }
 
 def interpretWithTrace[I](p: IRContext, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Trace) = {
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 758dc2221..966073ab4 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -24,8 +24,17 @@ class DifferentialAnalysis extends AnyFunSuite {
   Logger.setLevel(LogLevel.ERROR)
 
   def diffTest(initial: IRContext, transformed: IRContext) = {
-    val (initialRes,traceInit) = interpretTrace(initial)
-    val (result,traceRes) = interpretTrace(transformed)
+
+    val instructionLimit = 100000 
+
+    def interp(p: IRContext) : (InterpreterState, Trace) = {
+      val interpreter = LayerInterpreter(tracingInterpreter(NormalInterpreter), EffectsRLimit(instructionLimit))
+      val initialState = InterpFuns.initProgState(NormalInterpreter)(p, InterpreterState())
+      BASILInterpreter(interpreter).run((initialState, Trace(List())), 0)._1
+    }
+
+    val (initialRes,traceInit) = interp(initial)
+    val (result,traceRes) = interp(transformed)
 
 
     def filterEvents(trace: List[ExecEffect]) = {
@@ -106,7 +115,6 @@ class DifferentialAnalysis extends AnyFunSuite {
     for (p <- programs) {
       val programPath = path + "/" + p
       val variations = getSubdirectories(programPath)
-      println(variations.mkString("\n"))
       variations.foreach(variation => {
         test("analysis_differential:" + p + "/" + variation + ":BAP") {
           testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt")

From 9b8f71563ca0d4c41acbd7f922108b24a9138254 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 11:27:30 +1000
Subject: [PATCH 050/127] doc resource limit

---
 docs/development/interpreter.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index 2564d7f89..8d6b19169 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -67,6 +67,26 @@ case class BreakPointAction(
 
 To see an example of this used to validate the constant prop analysis see [/src/test/scala/InterpretTestConstProp.scala](../../src/test/scala/InterpretTestConstProp.scala).
 
+### Resource Limit
+
+This kills the interpreter in an error state once a specified instruction count is reached. 
+
+It can be used simply with the function `interptretRLimit`, this automatically ignores the initialisation instructions.
+
+```scala
+def interpretRLimit(p: IRContext, instructionLimit: Int) : InterpreterState
+```
+
+It can also be combined with other interpreters as shown:
+
+```scala
+def interp(p: IRContext, instructionLimit: Int) : (InterpreterState, Trace) = {
+  val interpreter = LayerInterpreter(tracingInterpreter(NormalInterpreter), EffectsRLimit(instructionLimit))
+  val initialState = InterpFuns.initProgState(NormalInterpreter)(p, InterpreterState())
+  BASILInterpreter(interpreter).run((initialState, Trace(List())), 0)._1
+}
+```
+
 ## Implementation / Code Structure
 
 ### Summary

From 648a41d8c12fae6d8b9c7825006d0233bea81eee Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 11:29:46 +1000
Subject: [PATCH 051/127] tweak doc

---
 docs/development/interpreter.md | 39 +++++++++++++++------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/docs/development/interpreter.md b/docs/development/interpreter.md
index 8d6b19169..a2854bb73 100644
--- a/docs/development/interpreter.md
+++ b/docs/development/interpreter.md
@@ -69,7 +69,7 @@ To see an example of this used to validate the constant prop analysis see [/src/
 
 ### Resource Limit
 
-This kills the interpreter in an error state once a specified instruction count is reached. 
+This kills the interpreter in an error state once a specified instruction count is reached, to avoid the interpreter running forever on infinite loops. 
 
 It can be used simply with the function `interptretRLimit`, this automatically ignores the initialisation instructions.
 
@@ -109,6 +109,8 @@ def interp(p: IRContext, instructionLimit: Int) : (InterpreterState, Trace) = {
     - Definition of ELF initialisation in terms of generic `Effects[S, InterpreterError]`
 -  [InterpretBreakpoints.scala](../../src/main/scala/ir/eval/InterpretBreakpoints.scala)
     - Definition of a generic interpreter with a breakpoint checker layered on top
+-  [interpretRLimit.scala](../../src/main/scala/ir/eval/InterpretRLimit.scala)
+    - Definition of layered interpreter which terminates after a specified cycle count
 -  [InterpretTrace.scala](../../src/main/scala/ir/eval/InterpretTrace.scala)
     - Definition of a generic interpreter which records a trace of calls to the `Effects[]` instance. 
 
@@ -182,25 +184,20 @@ https://dl.acm.org/doi/abs/10.1145/2983990.2983996.
 
 ### Missing features
 
-There is functionality to implement external function calls via intrinsics written in Scala code, but currently only 
-basic printf style functions are implemented as no-ops. These can be extended to use a file IO abstraction, where
-a memory region is created for each file (e.g. stdout), with a variable to keep track of the current write-point
-such that a file write operation stores to the write-point address, and increments it by the size of the store.
-
-Importantly, an implementation of malloc() and free() is needed, which can implement a simple greedy allocation 
-algorithm.
-
-Despite the presence of procedure parameters in the current IR, they are not used for by the boogie translation and 
-are hence similarly ignored in the interpreter.
-
-The interpreter's immutable state representation is motivated by the ability to easily implement a sound approach
-to non-determinism, e.g. to implement GoTos with guessing and rollback rather than look-ahead. This is more
-useful for checking specification constructs than executing real programs. 
-
-Finally, the trace does not clearly distinguish internal vs external calls, or observable 
-and non-observable behaviour.
-
-While the interpreter semantics supports memory regions, we do not initialise the memory regions (or the initial memory state) 
-based on those present in the program, we assume a flat `mem` memory model, possibly with `stack` as well.
+- There is functionality to implement external function calls via intrinsics written in Scala code, but currently only 
+  basic printf style functions are implemented as no-ops. These can be extended to use a file IO abstraction, where
+  a memory region is created for each file (e.g. stdout), with a variable to keep track of the current write-point
+  such that a file write operation stores to the write-point address, and increments it by the size of the store.
+  Importantly, an implementation of malloc() and free() is needed, which can implement a simple greedy allocation 
+  algorithm.
+- Despite the presence of procedure parameters in the current IR, they are not used for by the boogie translation and 
+  are hence similarly ignored in the interpreter.
+- The interpreter's immutable state representation is motivated by the ability to easily implement a sound approach
+  to non-determinism, e.g. to implement GoTos with guessing and rollback rather than look-ahead. This is more
+  useful for checking specification constructs than executing real programs, so is not yet implemented.
+- The trace does not clearly distinguish internal vs external calls, or observable 
+  and non-observable behaviour.
+- While the interpreter semantics supports memory regions, we do not initialise the memory regions (or the initial memory state) 
+  based on those present in the program, we simply assume a flat `mem` and `stack` memory partitioning.
 
 

From dfa7209d4408e9cf90cfc7bec977f9091faefb60 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 13:34:15 +1000
Subject: [PATCH 052/127] fix

---
 src/main/scala/util/RunUtils.scala | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 11bc4f016..a4f7f06ea 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -214,7 +214,7 @@ object IRTransform {
     * add in modifies from the spec.
     */
   def prepareForTranslation(config: ILLoadingConfig, ctx: IRContext): Unit = {
-    // ctx.program.determineRelevantMemory(ctx.globalOffsets)
+    ctx.program.determineRelevantMemory(ctx.globalOffsets)
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
@@ -223,11 +223,11 @@ object IRTransform {
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
 
-    //val stackIdentification = StackSubstituter()
-    //stackIdentification.visitProgram(ctx.program)
+    val stackIdentification = StackSubstituter()
+    stackIdentification.visitProgram(ctx.program)
 
     val specModifies = ctx.specification.subroutines.map(s => s.name -> s.modifies).toMap
-    // ctx.program.setModifies(specModifies)
+    ctx.program.setModifies(specModifies)
     assert(invariant.singleCallBlockEnd(ctx.program))
   }
 
@@ -506,7 +506,6 @@ object RunUtils {
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-analysis.il"))
 
     if (q.runInterpret) {
-      // val interpreter = eval.Interpreter()
       val fs = eval.interpretTrace(ctx)
       Logger.info("Interpreter Trace:\n" + fs._2.t.mkString("\n"))
       val stopState = fs._1.nextCmd

From 38f871c9ef6e56890c2bb0afdb85789115723056 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Sep 2024 15:38:59 +1000
Subject: [PATCH 053/127] tweak interpretrlimit

---
 src/main/scala/ir/eval/InterpretRLimit.scala | 12 ++++++------
 src/test/scala/ir/InterpreterTests.scala     | 10 +++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretRLimit.scala b/src/main/scala/ir/eval/InterpretRLimit.scala
index cdaecccc1..a381e5d8f 100644
--- a/src/main/scala/ir/eval/InterpretRLimit.scala
+++ b/src/main/scala/ir/eval/InterpretRLimit.scala
@@ -31,22 +31,22 @@ case class EffectsRLimit[T, E, I <: Effects[T, InterpreterError]](val limit: Int
   }
 }
 
-def interpretWithRLimit[I](p: Program, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): I = {
+def interpretWithRLimit[I](p: Program, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Int) = {
   val rlimitInterpreter = LayerInterpreter(innerInterpreter, EffectsRLimit(instructionLimit))
-  InterpFuns.interpretProg(rlimitInterpreter)(p, (innerInitialState, 0))._1
+  InterpFuns.interpretProg(rlimitInterpreter)(p, (innerInitialState, 0))
 }
 
-def interpretWithRLimit[I](p: IRContext, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): I = {
+def interpretWithRLimit[I](p: IRContext, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Int) = {
   val rlimitInterpreter = LayerInterpreter(innerInterpreter, EffectsRLimit(instructionLimit))
   val begin = InterpFuns.initProgState(rlimitInterpreter)(p, (innerInitialState, 0))
   // throw away initialisation trace
-  BASILInterpreter(rlimitInterpreter).run((begin._1, 0))._1
+  BASILInterpreter(rlimitInterpreter).run((begin._1, 0))
 }
 
-def interpretRLimit(p: Program, instructionLimit: Int) : InterpreterState = {
+def interpretRLimit(p: Program, instructionLimit: Int) : (InterpreterState, Int) = {
   interpretWithRLimit(p, instructionLimit, NormalInterpreter, InterpreterState())
 }
 
-def interpretRLimit(p: IRContext, instructionLimit: Int) : InterpreterState = {
+def interpretRLimit(p: IRContext, instructionLimit: Int) : (InterpreterState, Int) = {
   interpretWithRLimit(p, instructionLimit, NormalInterpreter, InterpreterState())
 }
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index f128702f6..e4cc8dbf7 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -379,9 +379,9 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   test("fibonaccistress") {
 
     Logger.setLevel(LogLevel.ERROR)
-    var res = List[(Int, Double, Double)]()
+    var res = List[(Int, Double, Double, Int)]()
 
-    for (i <- 0 to 12) {
+    for (i <- 0 to 30) {
       val prog = fibonacciProg(i)
 
       val t = PerformanceTimer("native")
@@ -389,15 +389,15 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       val native = t.elapsed()
 
       val intt = PerformanceTimer("interp")
-      val ir = interpret(prog)
+      val ir = interpretRLimit(prog, 100000000)
       val it = intt.elapsed()
 
-      res = (i, native, it) :: res
+      res = (i, native, it, ir._2) :: res
 
       println(s"${res.head}")
     }
 
-    println(("fib number,native time,interp time" :: (res.map(x => s"${x._1},${x._2},${x._3}"))).mkString("\n"))
+    println(("fib number,native time,interp time,interp cycles" :: (res.map(x => s"${x._1},${x._2},${x._3},${x._4}"))).mkString("\n"))
 
   }
 

From 6559180436452efdc560f99d70d58a8cb2d2bd86 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 10 Sep 2024 09:37:44 +1000
Subject: [PATCH 054/127] basic malloc implementation

---
 src/main/scala/ir/eval/InterpretBasilIR.scala |  7 +-
 src/main/scala/ir/eval/Interpreter.scala      | 64 ++++++++++++++++++-
 .../scala/ir/eval/InterpreterProduct.scala    | 10 +++
 src/test/scala/DifferentialAnalysis.scala     |  2 +-
 4 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 2878a3608..9e84335e9 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -403,7 +403,12 @@ object InterpFuns {
           ))
       })
 
-    State.sequence(State.pure(()), stores)
+
+      for {
+        _ <- State.sequence(State.pure(()), stores)
+        malloc_top = BitVecLiteral(newAddr() + 1024, 64)
+        _ <- s.storeVar("ghost_malloc_top", Scope.Global, Scalar(malloc_top))
+      } yield (())
   }
 
   /** Functions which compile BASIL IR down to the minimal interpreter effects.
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 108eb34e2..4389dac84 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -70,6 +70,15 @@ case object BasilValue {
       case _                         => Left((TypeError(s"Operation add $vr undefined on $l")))
     }
   }
+
+  def add[S, E](l: BasilValue, r: BasilValue): Either[InterpreterError, BasilValue] = {
+    (l,r) match {
+      case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))    => Right(Scalar(IntLiteral(vl + vr)))
+      case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Right(Scalar(eval.evalBVBinExpr(BVADD, b1, b2)))
+      case _                         => Left((TypeError(s"Operation add undefined  $l + $r")))
+    }
+  }
+
 }
 
 /** Minimal language defining all state transitions in the interpreter, defined for the interpreter's concrete state T.
@@ -97,6 +106,8 @@ trait Effects[T, E] {
    */
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): State[T, Unit, E]
 
+  def callIntrinsic(name: String, args: List[BasilValue]) : State[T, Unit, E]
+
   def doReturn(): State[T, Unit, E]
 
   def storeVar(v: String, scope: Scope, value: BasilValue): State[T, Unit, E]
@@ -112,6 +123,7 @@ trait NopEffects[T, E] extends Effects[T, E] {
   def setNext(c: ExecutionContinuation) = State.pure(())
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = State.pure(())
+  def callIntrinsic(name: String, args: List[BasilValue]) = State.pure(()) 
   def doReturn() = State.pure(())
 
   def storeVar(v: String, scope: Scope, value: BasilValue) = State.pure(())
@@ -295,8 +307,33 @@ object LibcIntrinsic {
     s.doReturn()
   }
 
-  def intrinsics[S, E, T <: Effects[S, E]] =
-    Map[String, T => State[S, Unit, E]]("putc" -> putc, "puts" -> puts, "printf" -> printf)
+  def malloc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
+    size <- s.loadVar("R0")
+    res <- s.callIntrinsic("malloc", List(size))
+    _ <- s.doReturn()
+  } yield (())
+
+  def free[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
+    ptr <- s.loadVar("R0")
+    res <- s.callIntrinsic("free", List(ptr))
+    _ <- s.doReturn()
+  } yield (())
+
+
+  def calloc[S, T <: Effects[S, InterpreterError]](s: T): State[S, Unit, InterpreterError] = for {
+    size <- s.loadVar("R0")
+    res <- s.callIntrinsic("malloc", List(size))
+    ptr <- s.loadVar("R0")
+    isize <- size match {
+      case Scalar(b: BitVecLiteral) => State.pure(b.value * 8)
+      case _ => State.setError(Errored("programmer error"))
+    }
+    cl <- Eval.storeBV(s)("mem", ptr, BitVecLiteral(0, isize.toInt), Endian.LittleEndian)
+    _ <- s.doReturn()
+  } yield (())
+
+  def intrinsics[S, T <: Effects[S, InterpreterError]] =
+    Map[String, T => State[S, Unit, InterpreterError]]("putc" -> putc, "puts" -> puts, "printf" -> printf, "malloc" -> malloc, "free" -> free, "#free" -> free, "calloc" -> calloc)
 
 }
 
@@ -310,6 +347,29 @@ case class InterpreterState(
   */
 object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
+  def callIntrinsic(name: String, args: List[BasilValue]) = {
+    name match {
+      case "malloc" => {
+        for {
+          size <- (args.headOption match {
+            case Some(x @ Scalar(_: BitVecLiteral)) => State.pure(x)
+            case Some(Scalar(x: IntLiteral)) => State.pure(Scalar(BitVecLiteral(x.value, 64)))
+            case _ => State.setError(Errored("illegal prim arg"))
+          })
+          x <- loadVar("ghost_malloc_top")
+          x_gap <- State.pureE(BasilValue.unsafeAdd(x, 128)) // put a gap around allocations to catch buffer overflows
+          x_end <- State.pureE(BasilValue.add(x_gap, size))
+          _ <- storeVar("ghost_malloc_top", Scope.Global, x_end)
+          _ <- storeVar("R0", Scope.Global, x_gap)
+        } yield (())
+      }
+      case "free" => {
+        State.pure(())
+      }
+      case _ => State.setError(Errored(s"Call undefined intrinsic $name"))
+    }
+  }
+
   def loadVar(v: String) = {
     State.getE((s: InterpreterState) => {
       s.memoryState.getVar(v)
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index ae8e51252..37e1820a4 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -62,6 +62,11 @@ case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Eff
     f <- doLeft(inner.call(target, beginFrom, returnTo))
   } yield (f)
 
+  def callIntrinsic(name: String, args: List[BasilValue]) = for {
+    n <- doRight(before.callIntrinsic(name, args))
+    f <- doLeft(inner.callIntrinsic(name, args))
+  } yield (f)
+
   def doReturn() = for {
     n <- doRight(before.doReturn())
     f <- doLeft(inner.doReturn())
@@ -112,6 +117,11 @@ case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effec
     f <- doLeft(inner.call(target, beginFrom, returnTo))
   } yield (f)
 
+  def callIntrinsic(name: String, args: List[BasilValue]) = for {
+    n <- before.callIntrinsic(name, args)
+    f <- doLeft(inner.callIntrinsic(name, args))
+  } yield (f)
+
   def doReturn() = for {
     n <- (before.doReturn())
     f <- doLeft(inner.doReturn())
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 966073ab4..7fd865957 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -25,7 +25,7 @@ class DifferentialAnalysis extends AnyFunSuite {
 
   def diffTest(initial: IRContext, transformed: IRContext) = {
 
-    val instructionLimit = 100000 
+    val instructionLimit = 1000000 
 
     def interp(p: IRContext) : (InterpreterState, Trace) = {
       val interpreter = LayerInterpreter(tracingInterpreter(NormalInterpreter), EffectsRLimit(instructionLimit))

From c6e938d34396a32ab341014865cce171903058b7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 10 Sep 2024 17:35:01 +1000
Subject: [PATCH 055/127] implement printf

---
 src/main/scala/ir/eval/InterpretBasilIR.scala |  93 +++++---
 src/main/scala/ir/eval/Interpreter.scala      | 201 +++++++++++++-----
 src/test/scala/DifferentialAnalysis.scala     |  19 +-
 3 files changed, 220 insertions(+), 93 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 9e84335e9..62b626f5d 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -125,8 +125,8 @@ case object Eval {
   )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral, InterpreterError] = for {
     mem <- f.loadVar(vname)
     x <- mem match {
-      case mapv @ MapValue(_, MapType(_, BitVecType(sz))) => State.pure((sz, mapv))
-      case _                                              => State.setError((Errored("Trued to load-concat non bv")))
+      case mapv @ BasilMapValue(_, MapType(_, BitVecType(sz))) => State.pure((sz, mapv))
+      case _ => State.setError((Errored("Trued to load-concat non bv")))
     }
     (valsize, mapv) = x
 
@@ -169,7 +169,8 @@ case object Eval {
   ): State[S, Unit, InterpreterError] = for {
     mem <- f.loadVar(vname)
     x <- mem match {
-      case m @ MapValue(_, MapType(kt, vt)) if kt == addr.irType && values.forall(v => v.irType == vt) =>
+      case m @ BasilMapValue(_, MapType(kt, vt))
+          if Some(kt) == addr.irType && values.forall(v => v.irType == Some(vt)) =>
         State.pure((m, kt, vt))
       case v => State.setError((TypeError(s"Invalid map store operation to $vname : $v")))
     }
@@ -191,7 +192,7 @@ case object Eval {
   ): State[S, Unit, InterpreterError] = for {
     mem <- f.loadVar(vname)
     mr <- mem match {
-      case m @ MapValue(_, MapType(kt, BitVecType(size))) if kt == addr.irType => State.pure((m, size))
+      case m @ BasilMapValue(_, MapType(kt, BitVecType(size))) if Some(kt) == addr.irType => State.pure((m, size))
       case v =>
         State.setError(
           TypeError(
@@ -224,6 +225,28 @@ case object Eval {
   )(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit, E] = {
     f.storeMem(vname, Map((addr -> value)))
   }
+
+  /** Helper functions * */
+
+  def getNullTerminatedString[S, T <: Effects[S, InterpreterError]](f: T)
+    (rgn: String, src: BasilValue, acc: List[BitVecLiteral] = List()): State[S, List[BitVecLiteral], InterpreterError] =
+    for {
+      srv: BitVecLiteral <- src match {
+        case Scalar(b: BitVecLiteral) => State.pure(b)
+        case _                        => State.setError(Errored(s"Not pointer : $src"))
+      }
+      c <- f.loadMem(rgn, List(src))
+      res <- c.head match {
+        case Scalar(BitVecLiteral(0, 8)) => State.pure(acc)
+        case Scalar(b: BitVecLiteral) => {
+          for {
+            nsrc <- State.pureE(BasilValue.unsafeAdd(src, 1))
+            r <- getNullTerminatedString(f)(rgn, nsrc, acc.appended(b))
+          } yield (r)
+        }
+        case _ => State.setError(Errored(s"not byte $c"))
+      }
+    } yield (res)
 }
 
 class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S, InterpreterError](f) {
@@ -233,11 +256,11 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
       next <- f.getNext
       _ <- State.pure(Logger.debug(s"$next"))
       r: Boolean <- (next match {
-        case CallIntrinsic(tgt) => LibcIntrinsic.intrinsics(tgt)(f).map(_ => true)
-        case Run(c: Statement)  => interpretStatement(f)(c).map(_ => true)
-        case Run(c: Jump)       => interpretJump(f)(c).map(_ => true)
-        case Stopped()          => State.pure(false)
-        case ErrorStop(e)       => State.pure(false)
+        case Intrinsic(tgt)    => LibcIntrinsic.intrinsics(tgt)(f).map(_ => true)
+        case Run(c: Statement) => interpretStatement(f)(c).map(_ => true)
+        case Run(c: Jump)      => interpretJump(f)(c).map(_ => true)
+        case Stopped()         => State.pure(false)
+        case ErrorStop(e)      => State.pure(false)
       })
     } yield (r)
 
@@ -311,18 +334,16 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
                f.setNext(Run(s.successor))
              })
         } yield (n)
-      case dc: DirectCall =>
-        for {
-          n <-
-            if (dc.target.entryBlock.isDefined) {
-              val block = dc.target.entryBlock.get
-              f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
-            } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
-              f.call(dc.target.name, CallIntrinsic(dc.target.name), Run(dc.successor))
-            } else {
-              State.setError(EscapedControlFlow(dc))
-            }
-        } yield (n)
+      case dc: DirectCall => {
+        if (dc.target.entryBlock.isDefined) {
+          val block = dc.target.entryBlock.get
+          f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
+        } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
+          f.call(dc.target.name, Intrinsic(dc.target.name), Run(dc.successor))
+        } else {
+          State.setError(EscapedControlFlow(dc))
+        }
+      }
       case ic: IndirectCall => {
         if (ic.target == Register("R30", 64)) {
           f.doReturn()
@@ -360,7 +381,7 @@ object InterpFuns {
 
     for ((fname, fun) <- LibcIntrinsic.intrinsics) {
       val name = fname.takeWhile(c => c != '@')
-      x = (name, FunPointer(BitVecLiteral(newAddr(), 64), name, CallIntrinsic(name))) :: x
+      x = (name, FunPointer(BitVecLiteral(newAddr(), 64), name, Intrinsic(name))) :: x
     }
 
     val intrinsics = x.toMap
@@ -403,12 +424,11 @@ object InterpFuns {
           ))
       })
 
-
-      for {
-        _ <- State.sequence(State.pure(()), stores)
-        malloc_top = BitVecLiteral(newAddr() + 1024, 64)
-        _ <- s.storeVar("ghost_malloc_top", Scope.Global, Scalar(malloc_top))
-      } yield (())
+    for {
+      _ <- State.sequence(State.pure(()), stores)
+      malloc_top = BitVecLiteral(newAddr() + 1024, 64)
+      _ <- s.storeVar("ghost_malloc_top", Scope.Global, Scalar(malloc_top))
+    } yield (())
   }
 
   /** Functions which compile BASIL IR down to the minimal interpreter effects.
@@ -423,14 +443,19 @@ object InterpFuns {
 
     for {
       h <- State.pure(Logger.debug("DEFINE MEMORY REGIONS"))
-      h <- s.storeVar("ghost-funtable", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
-      h <- s.storeVar("mem", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-      i <- s.storeVar("stack", Scope.Global, MapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      h <- s.storeVar("mem", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      i <- s.storeVar("stack", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
       j <- s.storeVar("R31", Scope.Global, Scalar(SP))
       k <- s.storeVar("R29", Scope.Global, Scalar(FP))
       l <- s.storeVar("R30", Scope.Global, Scalar(LR))
       l <- s.storeVar("R0", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      _ <- s.storeVar("ghost-funtable", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
+      _ <- s.storeVar("ghost-file-bookkeeping", Scope.Global, GenMapValue(Map.empty))
+      _ <- s.storeVar("ghost-fd-mapping", Scope.Global, GenMapValue(Map.empty))
+      _ <- s.storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> Scalar(BitVecLiteral(0, 64))))
+      _ <- s.callIntrinsic("fopen", List(Symbol("stderr")))
+      _ <- s.callIntrinsic("fopen", List(Symbol("stdout")))
     } yield (l)
   }
 
@@ -500,7 +525,11 @@ object InterpFuns {
   def initProgState[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
     val st = (initialiseProgram(f)(p.program) >> initBSS(f)(p))
       >> InterpFuns.initRelocTable(f)(p)
-    State.execute(is, st)
+    val (fs, v) = st.f(is)
+    v match {
+      case Right(r) => fs
+      case Left(e)  => throw Exception(s"Init failed $e")
+    }
   }
 
   /* Intialise from ELF and Interpret program */
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 4389dac84..964b6d3f8 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -16,9 +16,9 @@ import scala.util.control.Breaks.{break, breakable}
   */
 sealed trait ExecutionContinuation
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
-case class ErrorStop(error: InterpreterError) extends ExecutionContinuation /* normal program stop  */
+case class ErrorStop(error: InterpreterError) extends ExecutionContinuation /* program stop in error state */
 case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
-case class CallIntrinsic(val name: String) extends ExecutionContinuation /* continue by executing next command */
+case class Intrinsic(val name: String) extends ExecutionContinuation /* a named intrinsic instruction */
 
 sealed trait InterpreterError
 case class FailedAssertion(a: Assert) extends InterpreterError
@@ -31,8 +31,8 @@ case class EvalError(val message: String = "")
 case class MemoryError(val message: String = "") extends InterpreterError /* An error to do with memory */
 
 /* Concrete value type of the interpreter. */
-sealed trait BasilValue(val irType: IRType)
-case class Scalar(val value: Literal) extends BasilValue(value.getType) {
+sealed trait BasilValue(val irType: Option[IRType])
+case class Scalar(val value: Literal) extends BasilValue(Some(value.getType)) {
   override def toString = value match {
     case b: BitVecLiteral => "0x%x:bv%d".format(b.value, b.size)
     case c                => c.toString
@@ -41,16 +41,28 @@ case class Scalar(val value: Literal) extends BasilValue(value.getType) {
 
 /* Abstract callable function address */
 case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation)
-    extends BasilValue(addr.getType)
+    extends BasilValue(Some(addr.getType))
+
+sealed trait MapValue {
+  def value: Map[BasilValue, BasilValue]
+}
 
 /* We erase the type of basil values and enforce the invariant that
    \exists i . \forall v \in value.keys , v.irType = i  and
    \exists j . \forall v \in value.values, v.irType = j
  */
-case class MapValue(val value: Map[BasilValue, BasilValue], override val irType: MapType) extends BasilValue(irType) {
+case class BasilMapValue(val value: Map[BasilValue, BasilValue], val mapType: MapType)
+    extends MapValue
+    with BasilValue(Some(mapType)) {
   override def toString = s"MapValue : $irType"
 }
 
+case class GenMapValue(val value: Map[BasilValue, BasilValue]) extends BasilValue(None) with MapValue {
+  override def toString = s"GenMapValue : $irType"
+}
+
+case class Symbol(val value: String) extends BasilValue(None)
+
 case object BasilValue {
 
   def size(v: IRType): Int = {
@@ -60,7 +72,12 @@ case object BasilValue {
     }
   }
 
-  def size(v: BasilValue): Int = size(v.irType)
+  def toBV[S, E](l: BasilValue): Either[InterpreterError, BitVecLiteral] = {
+    l match {
+      case Scalar(b1: BitVecLiteral) => Right(b1)
+      case _                         => Left((TypeError(s"Not a bitvector add $l")))
+    }
+  }
 
   def unsafeAdd[S, E](l: BasilValue, vr: Int): Either[InterpreterError, BasilValue] = {
     l match {
@@ -72,10 +89,10 @@ case object BasilValue {
   }
 
   def add[S, E](l: BasilValue, r: BasilValue): Either[InterpreterError, BasilValue] = {
-    (l,r) match {
-      case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))    => Right(Scalar(IntLiteral(vl + vr)))
+    (l, r) match {
+      case (Scalar(IntLiteral(vl)), Scalar(IntLiteral(vr)))       => Right(Scalar(IntLiteral(vl + vr)))
       case (Scalar(b1: BitVecLiteral), Scalar(b2: BitVecLiteral)) => Right(Scalar(eval.evalBVBinExpr(BVADD, b1, b2)))
-      case _                         => Left((TypeError(s"Operation add undefined  $l + $r")))
+      case _ => Left((TypeError(s"Operation add undefined  $l + $r")))
     }
   }
 
@@ -106,7 +123,7 @@ trait Effects[T, E] {
    */
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation): State[T, Unit, E]
 
-  def callIntrinsic(name: String, args: List[BasilValue]) : State[T, Unit, E]
+  def callIntrinsic(name: String, args: List[BasilValue]): State[T, Option[BasilValue], E]
 
   def doReturn(): State[T, Unit, E]
 
@@ -123,7 +140,7 @@ trait NopEffects[T, E] extends Effects[T, E] {
   def setNext(c: ExecutionContinuation) = State.pure(())
 
   def call(target: String, beginFrom: ExecutionContinuation, returnTo: ExecutionContinuation) = State.pure(())
-  def callIntrinsic(name: String, args: List[BasilValue]) = State.pure(()) 
+  def callIntrinsic(name: String, args: List[BasilValue]) = State.pure(None)
   def doReturn() = State.pure(())
 
   def storeVar(v: String, scope: Scope, value: BasilValue) = State.pure(())
@@ -157,7 +174,7 @@ case class MemoryState(
 
   def getMem(name: String): Map[BitVecLiteral, BitVecLiteral] = {
     stackFrames(globalFrame)(name) match {
-      case MapValue(innerMap, MapType(BitVecType(ks), BitVecType(vs))) => {
+      case BasilMapValue(innerMap, MapType(BitVecType(ks), BitVecType(vs))) => {
         def unwrap(v: BasilValue): BitVecLiteral = v match {
           case Scalar(b: BitVecLiteral) => b
           case v => throw Exception(s"Failed to convert map value to bitvector: $v (interpreter type error somewhere)")
@@ -241,7 +258,7 @@ case class MemoryState(
   def getVar(v: Variable): Either[InterpreterError, BasilValue] = {
     val value = getVar(v.name)
     value match {
-      case Right(dv: BasilValue) if v.getType != dv.irType =>
+      case Right(dv: BasilValue) if Some(v.getType) != dv.irType =>
         Left(Errored(s"Type mismatch on variable definition and load: defined ${dv.irType}, variable ${v.getType}"))
       case Right(o) => Right(o)
       case o        => o
@@ -252,8 +269,8 @@ case class MemoryState(
   def doLoad(vname: String, addr: List[BasilValue]): Either[InterpreterError, List[BasilValue]] = for {
     v <- findVar(vname)
     mapv: MapValue <- v._2 match {
-      case m @ MapValue(innerMap, ty) => Right(m)
-      case m                          => Left((TypeError(s"Load from nonmap ${m.irType}")))
+      case m: MapValue => Right(m)
+      case m           => Left((TypeError(s"Load from nonmap ${m.irType}")))
     }
     rs: List[Option[BasilValue]] = addr.map(k => mapv.value.get(k))
     xs <-
@@ -266,46 +283,59 @@ case class MemoryState(
 
   /** typecheck and some fields of a map variable */
   def doStore(vname: String, values: Map[BasilValue, BasilValue]): Either[InterpreterError, MemoryState] = for {
-    // val (frame, mem) = findVar(vname)
-    
+
     _ <- if (values.size == 0) then Left(MemoryError("Tried to store size 0")) else Right(())
     v <- findVar(vname)
     (frame, mem) = v
-    // val (mapval, keytype, valtype) =
-    mapi <- mem match {
-      case m @ MapValue(_, MapType(kt, vt)) => Right((m, kt, vt))
-      case v                                => Left((TypeError(s"Invalid map store operation to $vname : ${v.irType}")))
-    }
-    (mapval, keytype, valtype) = mapi
-
-    checkTypes <- (values.find((k, v) => k.irType != keytype || v.irType != valtype)) match {
-      case Some(v) =>
-        Left(
-          TypeError(
-            s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($keytype, $valtype)"
-          )
-        )
-      case None => Right(())
+    mapval <- mem match {
+      case m @ BasilMapValue(_, MapType(kt, vt)) =>
+        for {
+          m <- (values.find((k, v) => k.irType != Some(kt) || v.irType != Some(vt))) match {
+            case Some(v) =>
+              Left(
+                TypeError(
+                  s"Invalid addr or value type (${v._1.irType}, ${v._2.irType}) does not match map type $vname : ($kt, $vt)"
+                )
+              )
+            case None => Right(m)
+          }
+          nm = BasilMapValue(m.value ++ values, m.mapType)
+        } yield (nm)
+      case m @ GenMapValue(_) => {
+        Right(GenMapValue(m.value ++ values))
+      }
+      case v => Left((TypeError(s"Invalid map store operation to $vname : ${v.irType}")))
     }
 
-    nmap = MapValue(mapval.value ++ values, mapval.irType)
-    ms <- Right(setVar(frame, vname, nmap))
+    ms <- Right(setVar(frame, vname, mapval))
   } yield (ms)
 }
 
 object LibcIntrinsic {
 
-  def putc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
-    s.doReturn()
-  }
+  def putc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
+    c <- s.loadVar("R0")
+    _ <- s.callIntrinsic("putc", List(c))
+    _ <- s.doReturn()
+  } yield (())
 
-  def puts[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
-    s.doReturn()
-  }
+  def puts[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
+    dstr <- s.loadVar("R0")
+    _ <- s.callIntrinsic("puts", List(dstr))
+    _ <- s.doReturn()
+  } yield (())
 
-  def printf[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = {
-    s.doReturn()
-  }
+  def strlen[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
+    dstr <- s.loadVar("R0")
+    _ <- s.callIntrinsic("strlen", List(dstr))
+    _ <- s.doReturn()
+  } yield (())
+
+  def printf[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
+    dstr <- s.loadVar("R0")
+    _ <- s.callIntrinsic("print", List(dstr))
+    _ <- s.doReturn()
+  } yield (())
 
   def malloc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
     size <- s.loadVar("R0")
@@ -319,21 +349,28 @@ object LibcIntrinsic {
     _ <- s.doReturn()
   } yield (())
 
-
   def calloc[S, T <: Effects[S, InterpreterError]](s: T): State[S, Unit, InterpreterError] = for {
     size <- s.loadVar("R0")
     res <- s.callIntrinsic("malloc", List(size))
     ptr <- s.loadVar("R0")
     isize <- size match {
       case Scalar(b: BitVecLiteral) => State.pure(b.value * 8)
-      case _ => State.setError(Errored("programmer error"))
+      case _                        => State.setError(Errored("programmer error"))
     }
     cl <- Eval.storeBV(s)("mem", ptr, BitVecLiteral(0, isize.toInt), Endian.LittleEndian)
     _ <- s.doReturn()
   } yield (())
 
   def intrinsics[S, T <: Effects[S, InterpreterError]] =
-    Map[String, T => State[S, Unit, InterpreterError]]("putc" -> putc, "puts" -> puts, "printf" -> printf, "malloc" -> malloc, "free" -> free, "#free" -> free, "calloc" -> calloc)
+    Map[String, T => State[S, Unit, InterpreterError]](
+      "putc" -> putc,
+      "puts" -> puts,
+      "printf" -> printf,
+      "malloc" -> malloc,
+      "free" -> free,
+      "#free" -> free,
+      "calloc" -> calloc
+    )
 
 }
 
@@ -347,25 +384,79 @@ case class InterpreterState(
   */
 object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
-  def callIntrinsic(name: String, args: List[BasilValue]) = {
+  def putc(arg: BasilValue): State[InterpreterState, Option[BasilValue], InterpreterError] = {
+    for {
+      addr <- loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
+      byte <- State.pureE(BasilValue.toBV(arg))
+      c <- Eval.evalBV(this)(Extract(8, 0, byte))
+      _ <- storeMem("stdout", Map(addr.head -> Scalar(c)))
+      naddr <- State.pureE(BasilValue.unsafeAdd(addr.head, 1))
+      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol("stdout-ptr") -> naddr))
+    } yield (None)
+  }
+
+  def fopen(file: BasilValue): State[InterpreterState, Option[BasilValue], InterpreterError] = {
+    for {
+      fname <- file match {
+        case Symbol(name) => State.pure(name)
+        case _            => State.setError(Errored("Intrinsic fopen open not given filename"))
+      }
+      _ <- storeVar(fname, Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      filecount <- loadMem("ghost-file-bookkeeping", List(Symbol("$$filecount")))
+      nfilecount <- State.pureE(BasilValue.unsafeAdd(filecount.head, 1))
+      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> nfilecount))
+      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol(fname + "-ptr") -> Scalar(BitVecLiteral(0, 64))))
+      _ <- storeMem("ghost-fd-mapping", Map(nfilecount -> Symbol(fname + "-ptr")))
+      _ <- storeVar("R0", Scope.Global, nfilecount)
+    } yield (Some(nfilecount))
+  }
+
+  def print(strptr: BasilValue): State[InterpreterState, Option[BasilValue], InterpreterError] = {
+    for {
+      str <- Eval.getNullTerminatedString(this)("mem", strptr)
+      baseptr: List[BasilValue] <- loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
+      offs: List[BasilValue] <- State.mapM(
+        ((i: Int) => State.pureE(BasilValue.unsafeAdd(baseptr.head, i))),
+        (0 until (str.size + 1))
+      )
+      _ <- storeMem("stdout", offs.zip(str.map(Scalar(_))).toMap)
+      naddr <- State.pureE(BasilValue.unsafeAdd(baseptr.head, str.size))
+      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol("stdout-ptr") -> naddr))
+    } yield (None)
+  }
+
+  def callIntrinsic(
+      name: String,
+      args: List[BasilValue]
+  ): State[InterpreterState, Option[BasilValue], InterpreterError] = {
     name match {
+      case "free" => {
+        State.pure(None)
+      }
       case "malloc" => {
         for {
           size <- (args.headOption match {
             case Some(x @ Scalar(_: BitVecLiteral)) => State.pure(x)
-            case Some(Scalar(x: IntLiteral)) => State.pure(Scalar(BitVecLiteral(x.value, 64)))
-            case _ => State.setError(Errored("illegal prim arg"))
+            case Some(Scalar(x: IntLiteral))        => State.pure(Scalar(BitVecLiteral(x.value, 64)))
+            case _                                  => State.setError(Errored("illegal prim arg"))
           })
           x <- loadVar("ghost_malloc_top")
           x_gap <- State.pureE(BasilValue.unsafeAdd(x, 128)) // put a gap around allocations to catch buffer overflows
           x_end <- State.pureE(BasilValue.add(x_gap, size))
           _ <- storeVar("ghost_malloc_top", Scope.Global, x_end)
           _ <- storeVar("R0", Scope.Global, x_gap)
-        } yield (())
-      }
-      case "free" => {
-        State.pure(())
+        } yield (Some(x_gap))
       }
+      case "fopen" => fopen(args.head)
+      case "putc"  => putc(args.head)
+      case "strlen" =>
+        for {
+          str <- Eval.getNullTerminatedString(this)("mem", args.head)
+          r = Scalar(BitVecLiteral(str.length, 64))
+          _ <- storeVar("R0", Scope.Global, r)
+        } yield (Some(r))
+      case "print" => print(args.head)
+      case "puts" =>  print(args.head) >> putc(Scalar(BitVecLiteral('\n'.toInt, 64)))
       case _ => State.setError(Errored(s"Call undefined intrinsic $name"))
     }
   }
@@ -487,7 +578,7 @@ trait Interpreter[S, E](val f: Effects[S, E]) {
 
   @tailrec
   final def run(begin: S): S = {
-    val (fs,cont) = interpretOne.f(begin)
+    val (fs, cont) = interpretOne.f(begin)
 
     if (cont.contains(true)) then {
       run(fs)
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 7fd865957..3ef3c7db1 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -21,7 +21,7 @@ import scala.collection.mutable
 
 class DifferentialAnalysis extends AnyFunSuite {
 
-  Logger.setLevel(LogLevel.ERROR)
+  Logger.setLevel(LogLevel.WARN)
 
   def diffTest(initial: IRContext, transformed: IRContext) = {
 
@@ -30,13 +30,15 @@ class DifferentialAnalysis extends AnyFunSuite {
     def interp(p: IRContext) : (InterpreterState, Trace) = {
       val interpreter = LayerInterpreter(tracingInterpreter(NormalInterpreter), EffectsRLimit(instructionLimit))
       val initialState = InterpFuns.initProgState(NormalInterpreter)(p, InterpreterState())
-      BASILInterpreter(interpreter).run((initialState, Trace(List())), 0)._1
+      //Logger.setLevel(LogLevel.DEBUG)
+      val r = BASILInterpreter(interpreter).run((initialState, Trace(List())), 0)._1
+      //Logger.setLevel(LogLevel.WARN)
+      r
     }
 
     val (initialRes,traceInit) = interp(initial)
     val (result,traceRes) = interp(transformed)
 
-
     def filterEvents(trace: List[ExecEffect]) = {
       trace.collect {
         case e @ ExecEffect.Call(_, _, _) => e
@@ -46,6 +48,11 @@ class DifferentialAnalysis extends AnyFunSuite {
     }
 
     Logger.info(traceInit.t.map(_.toString.take(80)).mkString("\n"))
+    val initstdout = initialRes.memoryState.getMem("stdout").toList.sortBy(_._1.value).map(_._2.value.toChar).mkString("")
+    val comparstdout  = result.memoryState.getMem("stdout").toList.sortBy(_._1.value).map(_._2.value.toChar).mkString("")
+    info("STDOUT: \"" + initstdout + "\"")
+    // Logger.info(initialRes.memoryState.getMem("stderr").toList.sortBy(_._1.value).map(_._2).mkString(""))
+    assert(initstdout == comparstdout)
     assert(initialRes.nextCmd == Stopped())
     assert(result.nextCmd == Stopped())
     assert(Set.empty == initialRes.memoryState.getMem("mem").toSet.diff(result.memoryState.getMem("mem").toSet))
@@ -119,9 +126,9 @@ class DifferentialAnalysis extends AnyFunSuite {
         test("analysis_differential:" + p + "/" + variation + ":BAP") {
           testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt")
         }
-        test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
-          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
-        }
+        //test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
+        //  testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
+        //}
       }
       )
     }

From 285099b31fea5592194dfcf45f38a7b0faf742c6 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 10 Sep 2024 18:05:51 +1000
Subject: [PATCH 056/127] cleanup intrins

---
 src/main/scala/ir/eval/InterpretBasilIR.scala |  10 +-
 src/main/scala/ir/eval/Interpreter.scala      | 167 +++++++++---------
 2 files changed, 85 insertions(+), 92 deletions(-)

diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 62b626f5d..98f1a9f25 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -228,6 +228,10 @@ case object Eval {
 
   /** Helper functions * */
 
+  /**
+   * Load all memory cells from pointer until reaching cell containing 0.
+   * Ptr -> List[Bitvector]
+   */
   def getNullTerminatedString[S, T <: Effects[S, InterpreterError]](f: T)
     (rgn: String, src: BasilValue, acc: List[BitVecLiteral] = List()): State[S, List[BitVecLiteral], InterpreterError] =
     for {
@@ -451,11 +455,7 @@ object InterpFuns {
       l <- s.storeVar("R0", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       _ <- s.storeVar("ghost-funtable", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
-      _ <- s.storeVar("ghost-file-bookkeeping", Scope.Global, GenMapValue(Map.empty))
-      _ <- s.storeVar("ghost-fd-mapping", Scope.Global, GenMapValue(Map.empty))
-      _ <- s.storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> Scalar(BitVecLiteral(0, 64))))
-      _ <- s.callIntrinsic("fopen", List(Symbol("stderr")))
-      _ <- s.callIntrinsic("fopen", List(Symbol("stdout")))
+      _ <- IntrinsicImpl.initFileGhostRegions(s)
     } yield (l)
   }
 
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 964b6d3f8..b57bb5fc1 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -313,46 +313,22 @@ case class MemoryState(
 
 object LibcIntrinsic {
 
-  def putc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
-    c <- s.loadVar("R0")
-    _ <- s.callIntrinsic("putc", List(c))
-    _ <- s.doReturn()
-  } yield (())
-
-  def puts[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
-    dstr <- s.loadVar("R0")
-    _ <- s.callIntrinsic("puts", List(dstr))
-    _ <- s.doReturn()
-  } yield (())
-
-  def strlen[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
-    dstr <- s.loadVar("R0")
-    _ <- s.callIntrinsic("strlen", List(dstr))
-    _ <- s.doReturn()
-  } yield (())
-
-  def printf[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
-    dstr <- s.loadVar("R0")
-    _ <- s.callIntrinsic("print", List(dstr))
-    _ <- s.doReturn()
-  } yield (())
-
-  def malloc[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
-    size <- s.loadVar("R0")
-    res <- s.callIntrinsic("malloc", List(size))
-    _ <- s.doReturn()
-  } yield (())
+  /**
+   * Part of the intrinsics implementation that lives above the Effects interface 
+   * (i.e. we are defining the observable part of the intrinsics behaviour)
+   */
 
-  def free[S, E, T <: Effects[S, E]](s: T): State[S, Unit, E] = for {
-    ptr <- s.loadVar("R0")
-    res <- s.callIntrinsic("free", List(ptr))
+  def singleArg[S, E, T <: Effects[S, E]](name: String)(s: T): State[S, Unit, E] = for {
+    c <- s.loadVar("R0")
+    res <- s.callIntrinsic(name, List(c))
+    _ <- if res.isDefined then s.storeVar("R0", Scope.Global, res.get) else State.pure(())
     _ <- s.doReturn()
   } yield (())
 
   def calloc[S, T <: Effects[S, InterpreterError]](s: T): State[S, Unit, InterpreterError] = for {
     size <- s.loadVar("R0")
     res <- s.callIntrinsic("malloc", List(size))
-    ptr <- s.loadVar("R0")
+    ptr = res.get
     isize <- size match {
       case Scalar(b: BitVecLiteral) => State.pure(b.value * 8)
       case _                        => State.setError(Errored("programmer error"))
@@ -363,101 +339,118 @@ object LibcIntrinsic {
 
   def intrinsics[S, T <: Effects[S, InterpreterError]] =
     Map[String, T => State[S, Unit, InterpreterError]](
-      "putc" -> putc,
-      "puts" -> puts,
-      "printf" -> printf,
-      "malloc" -> malloc,
-      "free" -> free,
-      "#free" -> free,
+      "putc" -> singleArg("putc"),
+      "puts" -> singleArg("puts"),
+      "printf" -> singleArg("print"),
+      "malloc" -> singleArg("malloc"),
+      "free" -> singleArg("free"),
+      "#free" -> singleArg("free"),
       "calloc" -> calloc
     )
 
 }
 
-case class InterpreterState(
-    val nextCmd: ExecutionContinuation = Stopped(),
-    val callStack: List[ExecutionContinuation] = List.empty,
-    val memoryState: MemoryState = MemoryState()
-)
+object IntrinsicImpl {
 
-/** Implementation of Effects for InterpreterState concrete state representation.
-  */
-object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
+  /** state initialisation for file modelling */
+  def initFileGhostRegions[S, E, T <: Effects[S, E]](f: T): State[S, Unit, E]  = for {
+      _ <- f.storeVar("ghost-file-bookkeeping", Scope.Global, GenMapValue(Map.empty))
+      _ <- f.storeVar("ghost-fd-mapping", Scope.Global, GenMapValue(Map.empty))
+      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> Scalar(BitVecLiteral(0, 64))))
+      _ <- f.callIntrinsic("fopen", List(Symbol("stderr")))
+      _ <- f.callIntrinsic("fopen", List(Symbol("stdout")))
+  } yield (())
 
-  def putc(arg: BasilValue): State[InterpreterState, Option[BasilValue], InterpreterError] = {
+  /** Intrinsics defined over arbitrary effects 
+   *
+   * We call these from Effects[T, E] rather than the Interpreter so their implementation does not appear in the trace.
+   */
+  def putc[S, T <: Effects[S, InterpreterError]](f: T)(arg: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
-      addr <- loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
+      addr <- f.loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
       byte <- State.pureE(BasilValue.toBV(arg))
-      c <- Eval.evalBV(this)(Extract(8, 0, byte))
-      _ <- storeMem("stdout", Map(addr.head -> Scalar(c)))
+      c <- Eval.evalBV(f)(Extract(8, 0, byte))
+      _ <- f.storeMem("stdout", Map(addr.head -> Scalar(c)))
       naddr <- State.pureE(BasilValue.unsafeAdd(addr.head, 1))
-      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol("stdout-ptr") -> naddr))
+      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol("stdout-ptr") -> naddr))
     } yield (None)
   }
 
-  def fopen(file: BasilValue): State[InterpreterState, Option[BasilValue], InterpreterError] = {
+  def fopen[S, T <: Effects[S, InterpreterError]](f: T)(file: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       fname <- file match {
         case Symbol(name) => State.pure(name)
         case _            => State.setError(Errored("Intrinsic fopen open not given filename"))
       }
-      _ <- storeVar(fname, Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
-      filecount <- loadMem("ghost-file-bookkeeping", List(Symbol("$$filecount")))
+      _ <- f.storeVar(fname, Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(8))))
+      filecount <- f.loadMem("ghost-file-bookkeeping", List(Symbol("$$filecount")))
+      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol(fname + "-ptr") -> Scalar(BitVecLiteral(0, 64))))
+      _ <- f.storeMem("ghost-fd-mapping", Map(filecount.head -> Symbol(fname + "-ptr")))
+      _ <- f.storeVar("R0", Scope.Global, filecount.head)
       nfilecount <- State.pureE(BasilValue.unsafeAdd(filecount.head, 1))
-      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> nfilecount))
-      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol(fname + "-ptr") -> Scalar(BitVecLiteral(0, 64))))
-      _ <- storeMem("ghost-fd-mapping", Map(nfilecount -> Symbol(fname + "-ptr")))
-      _ <- storeVar("R0", Scope.Global, nfilecount)
-    } yield (Some(nfilecount))
+      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> nfilecount))
+    } yield (Some(filecount.head))
   }
 
-  def print(strptr: BasilValue): State[InterpreterState, Option[BasilValue], InterpreterError] = {
+  def print[S, T <: Effects[S, InterpreterError]](f: T)(strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
-      str <- Eval.getNullTerminatedString(this)("mem", strptr)
-      baseptr: List[BasilValue] <- loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
+      str <- Eval.getNullTerminatedString(f)("mem", strptr)
+      baseptr: List[BasilValue] <- f.loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
       offs: List[BasilValue] <- State.mapM(
         ((i: Int) => State.pureE(BasilValue.unsafeAdd(baseptr.head, i))),
         (0 until (str.size + 1))
       )
-      _ <- storeMem("stdout", offs.zip(str.map(Scalar(_))).toMap)
+      _ <- f.storeMem("stdout", offs.zip(str.map(Scalar(_))).toMap)
       naddr <- State.pureE(BasilValue.unsafeAdd(baseptr.head, str.size))
-      _ <- storeMem("ghost-file-bookkeeping", Map(Symbol("stdout-ptr") -> naddr))
+      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol("stdout-ptr") -> naddr))
     } yield (None)
   }
 
+  def malloc[S, T <: Effects[S, InterpreterError]](f: T)(size: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+    for {
+      size <- (size match {
+        case (x @ Scalar(_: BitVecLiteral)) => State.pure(x)
+        case (Scalar(x: IntLiteral))        => State.pure(Scalar(BitVecLiteral(x.value, 64)))
+        case _                              => State.setError(Errored("illegal prim arg"))
+      })
+      x <- f.loadVar("ghost_malloc_top")
+      x_gap <- State.pureE(BasilValue.unsafeAdd(x, 128)) // put a gap around allocations to catch buffer overflows
+      x_end <- State.pureE(BasilValue.add(x_gap, size))
+      _ <- f.storeVar("ghost_malloc_top", Scope.Global, x_end)
+      _ <- f.storeVar("R0", Scope.Global, x_gap)
+    } yield (Some(x_gap))
+  }
+}
+
+case class InterpreterState(
+    val nextCmd: ExecutionContinuation = Stopped(),
+    val callStack: List[ExecutionContinuation] = List.empty,
+    val memoryState: MemoryState = MemoryState()
+)
+
+/** Implementation of Effects for InterpreterState concrete state representation.
+  */
+object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
+
+
   def callIntrinsic(
       name: String,
       args: List[BasilValue]
   ): State[InterpreterState, Option[BasilValue], InterpreterError] = {
     name match {
-      case "free" => {
-        State.pure(None)
-      }
-      case "malloc" => {
-        for {
-          size <- (args.headOption match {
-            case Some(x @ Scalar(_: BitVecLiteral)) => State.pure(x)
-            case Some(Scalar(x: IntLiteral))        => State.pure(Scalar(BitVecLiteral(x.value, 64)))
-            case _                                  => State.setError(Errored("illegal prim arg"))
-          })
-          x <- loadVar("ghost_malloc_top")
-          x_gap <- State.pureE(BasilValue.unsafeAdd(x, 128)) // put a gap around allocations to catch buffer overflows
-          x_end <- State.pureE(BasilValue.add(x_gap, size))
-          _ <- storeVar("ghost_malloc_top", Scope.Global, x_end)
-          _ <- storeVar("R0", Scope.Global, x_gap)
-        } yield (Some(x_gap))
-      }
-      case "fopen" => fopen(args.head)
-      case "putc"  => putc(args.head)
+      case "free"   => State.pure(None)
+      case "malloc" => IntrinsicImpl.malloc(this)(args.head)
+      case "fopen"  => IntrinsicImpl.fopen(this)(args.head)
+      case "putc"   => IntrinsicImpl.putc(this)(args.head)
       case "strlen" =>
         for {
           str <- Eval.getNullTerminatedString(this)("mem", args.head)
           r = Scalar(BitVecLiteral(str.length, 64))
           _ <- storeVar("R0", Scope.Global, r)
         } yield (Some(r))
-      case "print" => print(args.head)
-      case "puts" =>  print(args.head) >> putc(Scalar(BitVecLiteral('\n'.toInt, 64)))
-      case _ => State.setError(Errored(s"Call undefined intrinsic $name"))
+      case "print" => IntrinsicImpl.print(this)(args.head)
+      case "puts"  => IntrinsicImpl.print(this)(args.head) >> IntrinsicImpl.putc(this)(Scalar(BitVecLiteral('\n'.toInt, 64)))
+      case _       => State.setError(Errored(s"Call undefined intrinsic $name"))
     }
   }
 

From aac7f5ce7f0d88634f8e16e3c6d63390352c9c12 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 23 Sep 2024 16:04:32 +1000
Subject: [PATCH 057/127] cleanup

---
 build.sc                                      |   1 +
 src/main/scala/ir/eval/ExprEval.scala         |   1 +
 .../scala/ir/eval/InterpretBreakpoints.scala  |   2 +-
 src/main/scala/ir/eval/Interpreter.scala      |  20 +--
 .../scala/ir/eval/InterpreterProduct.scala    |   4 +-
 src/test/scala/ir/InterpreterTests.scala      | 116 ++----------------
 6 files changed, 26 insertions(+), 118 deletions(-)

diff --git a/build.sc b/build.sc
index 59223e66d..1298673a8 100644
--- a/build.sc
+++ b/build.sc
@@ -22,6 +22,7 @@ object basil extends RootModule with ScalaModule with antlr.AntlrModule with Sca
 
   def scalaPBVersion = "0.11.15"
 
+  def scalacOptions = Seq("-deprecation", "-unchecked", "-feature")
 
   def mainClass = Some("Main")
 
diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 53e79d11b..34b9e3b40 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -89,6 +89,7 @@ def evalUnOp(op: UnOp, body: Literal): Expr = {
     case (i: IntLiteral, IntNEG)   => IntLiteral(-i.value)
     case (FalseLiteral, BoolNOT)   => TrueLiteral
     case (TrueLiteral, BoolNOT)    => FalseLiteral
+    case (_, _)                    => throw Exception(s"Unreachable ${(body, op)}")
   }
 }
 
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index c8613dada..ced1eecb8 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -27,7 +27,7 @@ case class BreakPointAction(
 
 case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
 
-case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](val f: I, val breaks: List[BreakPoint])
+case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](f: I, breaks: List[BreakPoint])
     extends NopEffects[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), InterpreterError] {
 
   def findBreaks[R](c: Command): State[(T, R), List[BreakPoint], InterpreterError] = {
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index b57bb5fc1..6f948269f 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -17,22 +17,22 @@ import scala.util.control.Breaks.{break, breakable}
 sealed trait ExecutionContinuation
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
 case class ErrorStop(error: InterpreterError) extends ExecutionContinuation /* program stop in error state */
-case class Run(val next: Command) extends ExecutionContinuation /* continue by executing next command */
-case class Intrinsic(val name: String) extends ExecutionContinuation /* a named intrinsic instruction */
+case class Run(next: Command) extends ExecutionContinuation /* continue by executing next command */
+case class Intrinsic(name: String) extends ExecutionContinuation /* a named intrinsic instruction */
 
 sealed trait InterpreterError
 case class FailedAssertion(a: Assert) extends InterpreterError
-case class EscapedControlFlow(val call: Jump | Call)
+case class EscapedControlFlow(call: Jump | Call)
     extends InterpreterError /* controlflow has reached somewhere eunrecoverable */
-case class Errored(val message: String = "") extends InterpreterError
-case class TypeError(val message: String = "") extends InterpreterError /* type mismatch appeared */
-case class EvalError(val message: String = "")
+case class Errored(message: String = "") extends InterpreterError
+case class TypeError(message: String = "") extends InterpreterError /* type mismatch appeared */
+case class EvalError(message: String = "")
     extends InterpreterError /* failed to evaluate an expression to a concrete value */
-case class MemoryError(val message: String = "") extends InterpreterError /* An error to do with memory */
+case class MemoryError(message: String = "") extends InterpreterError /* An error to do with memory */
 
 /* Concrete value type of the interpreter. */
 sealed trait BasilValue(val irType: Option[IRType])
-case class Scalar(val value: Literal) extends BasilValue(Some(value.getType)) {
+case class Scalar(value: Literal) extends BasilValue(Some(value.getType)) {
   override def toString = value match {
     case b: BitVecLiteral => "0x%x:bv%d".format(b.value, b.size)
     case c                => c.toString
@@ -40,7 +40,7 @@ case class Scalar(val value: Literal) extends BasilValue(Some(value.getType)) {
 }
 
 /* Abstract callable function address */
-case class FunPointer(val addr: BitVecLiteral, val name: String, val call: ExecutionContinuation)
+case class FunPointer(addr: BitVecLiteral, name: String, call: ExecutionContinuation)
     extends BasilValue(Some(addr.getType))
 
 sealed trait MapValue {
@@ -51,7 +51,7 @@ sealed trait MapValue {
    \exists i . \forall v \in value.keys , v.irType = i  and
    \exists j . \forall v \in value.values, v.irType = j
  */
-case class BasilMapValue(val value: Map[BasilValue, BasilValue], val mapType: MapType)
+case class BasilMapValue(value: Map[BasilValue, BasilValue], mapType: MapType)
     extends MapValue
     with BasilValue(Some(mapType)) {
   override def toString = s"MapValue : $irType"
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index 37e1820a4..ccf4fb682 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -29,7 +29,7 @@ def doRight[L, T, V, E](f: State[T, V, E]): State[(L, T), V, E] = for {
 
 /** Runs two interpreters "inner" and "before" simultaneously, returning the value from inner, and ignoring before
   */
-case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[T, E]) extends Effects[(L, T), E] {
+case class ProductInterpreter[L, T, E](inner: Effects[L, E], before: Effects[T, E]) extends Effects[(L, T), E] {
 
   def loadVar(v: String) = for {
     n <- doRight(before.loadVar(v))
@@ -83,7 +83,7 @@ case class ProductInterpreter[L, T, E](val inner: Effects[L, E], val before: Eff
   } yield (f)
 }
 
-case class LayerInterpreter[L, T, E](val inner: Effects[L, E], val before: Effects[(L, T), E])
+case class LayerInterpreter[L, T, E](inner: Effects[L, E], before: Effects[(L, T), E])
     extends Effects[(L, T), E] {
 
   def loadVar(v: String) = for {
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index e4cc8dbf7..9fa6fbafe 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -3,6 +3,7 @@ package ir
 import util.PerformanceTimer
 import util.functional._
 import ir.eval._
+import boogie.Scope
 import ir.dsl._
 import org.scalatest.funsuite.AnyFunSuite
 import org.scalatest.BeforeAndAfter
@@ -37,9 +38,10 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
   Logger.setLevel(LogLevel.WARN)
 
   def getProgram(name: String): IRContext = {
+    val compiler = "gcc"
     val loading = ILLoadingConfig(
-      inputFile = s"examples/$name/$name.adt",
-      relfFile = s"examples/$name/$name.relf",
+      inputFile = s"src/test/correct/$name/$compiler/$name.adt",
+      relfFile = s"src/test/correct/$name/$compiler/$name.relf",
       specFile = None,
       dumpIL = None
     )
@@ -97,15 +99,16 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     assert(s.memoryState.getVarOpt("R29").isDefined)
 
   }
+
   test("var load store") {
     val s = for {
       s <- InterpFuns.initialState(NormalInterpreter)
-      v <- NormalInterpreter.loadVar("R31")
+      v <- NormalInterpreter.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(1024, 64)))
+      v <- NormalInterpreter.loadVar("R1")
     } yield (v)
     val l = State.evaluate(InterpreterState(), s)
 
-    assert(l == Right(Scalar(BitVecLiteral(4096 - 16, 64))))
-
+    assert(l == Right(Scalar(BitVecLiteral(1024, 64))))
   }
 
   test("Store = Load LittleEndian") {
@@ -129,87 +132,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   }
 
-//   test("store bv = loadbv le") {
-//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0D0C0B0A", 16), 32)
-//     val s2 = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
-//     val actual2: BitVecLiteral = Eval.loadBV(s2, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-//     assert(actual2 == expected)
-//   }
-//
-//
-//   test("Store = Load BigEndian") {
-//     val ts = List(
-//       BitVecLiteral(BigInt("0D", 16), 8),
-//       BitVecLiteral(BigInt("0C", 16), 8),
-//       BitVecLiteral(BigInt("0B", 16), 8),
-//       BitVecLiteral(BigInt("0A", 16), 8))
-//
-//     val s = Eval.store(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), ts.map(Scalar(_)), Endian.LittleEndian)
-//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-//     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.BigEndian , 32)
-//     assert(actual == expected)
-//
-//
-//   }
-//
-//   test("getMemory in LittleEndian") {
-//     val ts = List((BitVecLiteral(0, 64), BitVecLiteral(BigInt("0D", 16), 8)),
-//     (BitVecLiteral(1, 64) , BitVecLiteral(BigInt("0C", 16), 8)),
-//     (BitVecLiteral(2, 64) , BitVecLiteral(BigInt("0B", 16), 8)),
-//     (BitVecLiteral(3, 64) , BitVecLiteral(BigInt("0A", 16), 8)))
-//     val s = ts.foldLeft(initialMem())((m, v) => Eval.storeSingle(m, "mem", Scalar(v._1), Scalar(v._2)))
-//     // val s = initialMem().store("mem")
-//     // val r = s.loadBV("mem", BitVecLiteral(0, 64))
-//
-//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-//
-//   // def loadBV(vname: String, addr: Scalar, endian: Endian, size: Int): BitVecLiteral = {
-//      val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-//     assert(actual == expected)
-//   }
-//
-//
-//   test("StoreBV = LoadBV LE ") {
-//     val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-//
-//     val s = Eval.storeBV(initialMem(), "mem", Scalar(BitVecLiteral(0, 64)), expected, Endian.LittleEndian)
-//     val actual: BitVecLiteral = Eval.loadBV(s, "mem", Scalar(BitVecLiteral(0, 64)), Endian.LittleEndian, 32)
-//     println(s"${actual.value.toInt.toHexString} == ${expected.value.toInt.toHexString}")
-//     assert(actual == expected)
-//   }
-//
-//   // test("getMemory in BigEndian") {
-//   //   i.mems(0) = BitVecLiteral(BigInt("0A", 16), 8)
-//   //   i.mems(1) = BitVecLiteral(BigInt("0B", 16), 8)
-//   //   i.mems(2) = BitVecLiteral(BigInt("0C", 16), 8)
-//   //   i.mems(3) = BitVecLiteral(BigInt("0D", 16), 8)
-//   //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-//   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
-//   //   assert(actual == expected)
-//   // }
-//
-//   // test("setMemory in LittleEndian") {
-//   //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-//   //   i.setMemory(0, 32, Endian.LittleEndian, expected, i.mems)
-//   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.LittleEndian, i.mems)
-//   //   assert(actual == expected)
-//   // }
-//
-//   // test("setMemory in BigEndian") {
-//   //   i.mems(0) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   i.mems(1) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   i.mems(2) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   i.mems(3) = BitVecLiteral(BigInt("FF", 16), 8)
-//   //   val expected: BitVecLiteral = BitVecLiteral(BigInt("0A0B0C0D", 16), 32)
-//   //   i.setMemory(0, 32, Endian.BigEndian, expected, i.mems)
-//   //   val actual: BitVecLiteral = i.getMemory(0, 32, Endian.BigEndian, i.mems)
-//   //   assert(actual == expected)
-//   // }
-//
   test("basic_arrays_read") {
     val expected = Map(
       "arr" -> 0
@@ -231,21 +153,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     testInterpret("basic_assign_increment", expected)
   }
 
-  test("basic_loop_loop") {
-    val expected = Map(
-      "x" -> 10
-    )
-    testInterpret("basic_loop_loop", expected)
-  }
 
-  test("basicassign") {
-    val expected = Map(
-      "x" -> 0,
-      "z" -> 0,
-      "secret" -> 0
-    )
-    testInterpret("basicassign", expected)
-  }
 
   test("function") {
     val expected = Map(
@@ -274,7 +182,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
   test("indirect_call") {
     val expected = Map[String, Int]()
-    testInterpret("indirect_call_outparam", expected)
+    testInterpret("indirect_call", expected)
   }
 
   test("ifglobal") {
@@ -381,7 +289,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     Logger.setLevel(LogLevel.ERROR)
     var res = List[(Int, Double, Double, Int)]()
 
-    for (i <- 0 to 30) {
+    for (i <- 0 to 20) {
       val prog = fibonacciProg(i)
 
       val t = PerformanceTimer("native")
@@ -394,10 +302,9 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
 
       res = (i, native, it, ir._2) :: res
 
-      println(s"${res.head}")
     }
 
-    println(("fib number,native time,interp time,interp cycles" :: (res.map(x => s"${x._1},${x._2},${x._3},${x._4}"))).mkString("\n"))
+    info(("fibonacci runtime table:\nFibNumber,ScalaRunTime,interpreterRunTime,instructionCycleCount" :: (res.map(x => s"${x._1},${x._2},${x._3},${x._4}"))).mkString("\n"))
 
   }
 
@@ -436,7 +343,6 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
     )
 
     val ir = interpret(tp)
-    println(ir)
     assert(ir.nextCmd.isInstanceOf[ErrorStop])
 
   }

From 46ff66a12686ded86aa208b38cffa84af97d2660 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 23 Sep 2024 17:24:34 +1000
Subject: [PATCH 058/127] cleanup

---
 src/main/scala/ir/eval/{Bitvector.scala => BitVectorEval.scala} | 0
 src/test/scala/ir/IRTest.scala                                  | 2 +-
 src/test/scala/ir/InterpreterTests.scala                        | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename src/main/scala/ir/eval/{Bitvector.scala => BitVectorEval.scala} (100%)

diff --git a/src/main/scala/ir/eval/Bitvector.scala b/src/main/scala/ir/eval/BitVectorEval.scala
similarity index 100%
rename from src/main/scala/ir/eval/Bitvector.scala
rename to src/main/scala/ir/eval/BitVectorEval.scala
diff --git a/src/test/scala/ir/IRTest.scala b/src/test/scala/ir/IRTest.scala
index 855c86d98..854389d90 100644
--- a/src/test/scala/ir/IRTest.scala
+++ b/src/test/scala/ir/IRTest.scala
@@ -135,8 +135,8 @@ class IRTest extends AnyFunSuite {
     assert(1 == aftercallGotos.count(b => IntraProcIRCursor.pred(b).contains(blocks("l_main_1").jump)))
     assert(1 == aftercallGotos.count(b => IntraProcIRCursor.succ(b).contains(blocks("l_main_1").jump match {
       case GoTo(targets, _) => targets.head
+      case _ => throw Exception("unreachable")
     })))
-
   }
 
   test("addblocks") {
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index ee1328b51..912fc6c37 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -299,7 +299,7 @@ class InterpreterTests extends AnyFunSuite with BeforeAndAfter {
       val ir = interpretRLimit(prog, 100000000)
       val it = intt.elapsed()
 
-      res = (i, native, it, ir._2) :: res
+      res = (i, native.toDouble, it.toDouble, ir._2) :: res
 
     }
 

From f45015b27e6ddae9dff8c35c496e7997d1722f4f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 25 Sep 2024 14:47:44 +1000
Subject: [PATCH 059/127] initial attempt at IR simplification

---
 src/main/scala/ir/Program.scala               |   2 +
 .../transforms/IndirectCallResolution.scala   |   2 +-
 .../scala/ir/transforms/ReplaceReturn.scala   |   4 +-
 src/main/scala/ir/transforms/Simp.scala       | 347 ++++++++++++++++++
 src/main/scala/translating/ILtoIL.scala       |   8 +
 src/main/scala/util/RunUtils.scala            |   9 +-
 6 files changed, 368 insertions(+), 4 deletions(-)
 create mode 100644 src/main/scala/ir/transforms/Simp.scala

diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 40b9e3605..0cd12ad6e 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -350,6 +350,8 @@ class Block private (
 
   def jump: Jump = _jump
 
+  var rpoOrder : Long = 0
+
   private def jump_=(j: Jump): Unit = {
     require(!j.hasParent)
     if (j ne _jump) {
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index 8f1ae8e3b..8bcfb1766 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -10,7 +10,7 @@ import translating.*
 import util.Logger
 import util.intrusive_list.IntrusiveList
 import scala.collection.mutable
-import cilvisitor._
+import cilvisitor.*
 
 def resolveIndirectCallsUsingPointsTo(
     pointsTos: Map[RegisterVariableWrapper, Set[RegisterVariableWrapper | MemoryRegion]],
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index f41c25e3d..392b8c27e 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -1,8 +1,8 @@
 package ir.transforms
 
 import util.Logger
-import ir.cilvisitor._
-import ir._
+import ir.cilvisitor.*
+import ir.*
 
 
 class ReplaceReturns extends CILVisitor {
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
new file mode 100644
index 000000000..25b2477ea
--- /dev/null
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -0,0 +1,347 @@
+package ir.transforms
+
+import util.Logger
+import ir.cilvisitor.*
+import ir.*
+import scala.collection.mutable
+import analysis._
+
+trait AbstractDomain[L] {
+  def join(a: L, b: L): L
+  def widen(a: L, b: L): L = join(a, b)
+  def narrow(a: L, b: L): L = a
+  def transfer(a: L, b: Statement): L
+
+  def top: L
+  def bot: L
+}
+
+class Product[L, R, AL <: AbstractDomain[L], AR <: AbstractDomain[R]](val l: AL, val r: AR)
+    extends AbstractDomain[(L, R)] {
+  override def join(a: (L, R), b: (L, R)): (L, R) = (l.join(a._1, b._1), r.join(a._2, b._2))
+  override def widen(a: (L, R), b: (L, R)): (L, R) = (l.widen(a._1, b._1), r.widen(a._2, b._2))
+  override def narrow(a: (L, R), b: (L, R)): (L, R) = (l.narrow(a._1, b._1), r.narrow(a._2, b._2))
+  override def transfer(a: (L, R), b: Statement): (L, R) = (l.transfer(a._1, b), r.transfer(a._2, b))
+
+  override def top = (l.top, r.top)
+  override def bot = (l.bot, r.bot)
+}
+
+enum MapWithDefault[+L] {
+  case Top
+  case Bot
+  // current lattice value, memory of lattice values at each code point
+  case V(value: L, memory: Map[Statement, L])
+}
+
+class MapDomain[L, D <: AbstractDomain[L]](val d: D) extends AbstractDomain[MapWithDefault[L]] {
+
+  def top = MapWithDefault.Top
+  def bot = MapWithDefault.Bot
+
+  def toMap(v: MapWithDefault[L]): Map[Statement, L] = {
+    v match {
+      case MapWithDefault.Top     => Map().withDefaultValue(d.top)
+      case MapWithDefault.Bot     => Map().withDefaultValue(d.bot)
+      case MapWithDefault.V(_, m) => m.withDefaultValue(d.bot)
+    }
+  }
+
+  def join(a: MapWithDefault[L], b: MapWithDefault[L]): MapWithDefault[L] = {
+    (a, b) match {
+      case (MapWithDefault.Top, MapWithDefault.Bot) => MapWithDefault.Top
+      case (MapWithDefault.Bot, MapWithDefault.Top) => MapWithDefault.Top
+      case (MapWithDefault.Top, _)                  => MapWithDefault.Top
+      case (MapWithDefault.Bot, v)                  => v
+      case (v, MapWithDefault.Bot)                  => v
+      case (MapWithDefault.V(vl1, v1), MapWithDefault.V(vl2, v2)) => {
+        MapWithDefault.V(
+          d.join(vl1, vl2),
+          v1.keys.foldLeft(v2)((m, a) => m + (a -> d.join(v1.get(a).getOrElse(d.bot), v2.get(a).getOrElse(d.bot))))
+        )
+      }
+    }
+  }
+
+  def transfer(a: MapWithDefault[L], b: Statement): MapWithDefault[L] = {
+    a match {
+      case MapWithDefault.Top => MapWithDefault.Top
+      case MapWithDefault.Bot => {
+        val c = d.transfer(d.bot, b)
+        MapWithDefault.V(c, Map(b -> c))
+      }
+      case MapWithDefault.V(vl, m) => {
+        val c = d.transfer(vl, b)
+        MapWithDefault.V(c, m.updated(b, c))
+      }
+    }
+  }
+}
+
+def doCopyPropTransform(
+    p: Program,
+    reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+) = {
+  val d = ConstCopyProp(reachingDefs)
+  Logger.info("RPO")
+  applyRPO(p)
+  var rerun = true
+
+  var runs = 0
+  while (rerun && runs < 5) {
+    Logger.info(s"Simp run $runs")
+    runs += 1
+    rerun = false
+    val solver = workListSolver(d)
+    val result = solver.solveProg(p, Set(), Set())
+
+    for ((p, xf) <- result) {
+      val vis = Simplify(xf, reachingDefs)
+      visit_proc(vis, p)
+      if (vis.madeAnyChange) {
+        rerun = true
+      }
+    }
+  }
+}
+
+def reversePostOrder(startBlock: Block): Unit = {
+  var count = 0
+  val seen = mutable.HashSet[Block]()
+  val vcs = mutable.HashMap[Block, Int]()
+
+  def walk(b: Block): Unit = {
+    seen += b
+    for (s <- b.nextBlocks) {
+      if (!seen.contains(s)) {
+        walk(s)
+      }
+    }
+    b.rpoOrder = count
+    count += 1
+  }
+
+  walk(startBlock)
+}
+
+def applyRPO(p: Program) = {
+  for (proc <- p.procedures) {
+    proc.entryBlock.map(eb => reversePostOrder(eb))
+  }
+}
+
+class workListSolver[L, A <: AbstractDomain[L]](domain: A) {
+
+  def solveProg(
+      p: Program,
+      widenpoints: Set[Block], // set of loop heads
+      narrowpoints: Set[Block] // set of conditions
+  ): Map[Procedure, L] = {
+    val initDom = p.procedures.map(p => (p, p.blocks.filter(x => x.nextBlocks.size > 1 || x.prevBlocks.size > 1)))
+
+    initDom.map(d => (d._1, solve(d._2, Set(), Set()))).toMap
+  }
+
+  def solve(
+      initial: IterableOnce[Block],
+      widenpoints: Set[Block], // set of loop heads
+      narrowpoints: Set[Block] // set of conditions
+  ): L = {
+    val saved: mutable.HashMap[Block, L] = mutable.HashMap()
+    val workList = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+    workList.addAll(initial)
+
+    var x = domain.bot
+    while (workList.nonEmpty) {
+      val b = workList.dequeue
+      def bs(b: Block): List[Block] = {
+        if (b.nextBlocks.size == 1) {
+          val n = b.nextBlocks.head
+          b :: bs(n)
+        } else {
+          List(b)
+        }
+      }
+
+      x = b.prevBlocks.map(ib => saved.get(ib).getOrElse(domain.bot)).foldLeft(x)(domain.join)
+      val todo = bs(b)
+      val lastBlock = todo.last
+
+      def xf_block(x: L, b: Block) = b.statements.foldLeft(x)(domain.transfer)
+      var nx = todo.foldLeft(x)(xf_block)
+      saved(lastBlock) = nx
+      if (nx != x) then {
+        workList.addAll(lastBlock.nextBlocks)
+      }
+      x = nx
+    }
+    x
+  }
+}
+
+case class CopyProp(expr: Expr, deps: Set[RegisterWrapperEqualSets])
+
+case class CCP(
+    constants: Map[RegisterWrapperEqualSets, Literal],
+    // variable -> expr * dependencies
+    val exprs: Map[RegisterWrapperEqualSets, CopyProp]
+)
+
+class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])])
+    extends AbstractDomain[CCP] {
+
+  def top: CCP = CCP(Map(), Map())
+  def bot: CCP = CCP(Map(), Map())
+
+  override def join(l: CCP, r: CCP): CCP = {
+    CCP(
+      (l.constants ++ r.constants).removedAll(l.constants.keySet.intersect(r.constants.keySet)),
+      (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet))
+    )
+  }
+
+  override def transfer(c: CCP, s: Statement): CCP = {
+    s match {
+      case m: MemoryAssign => {
+        c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
+      }
+      case Assign(lv, r, lb) => {
+        val l = RegisterWrapperEqualSets(lv, getDefinition(lv, s, reachingDefs))
+
+        var p = c
+        val evaled = exprSimp(
+          eval.partialEvalExpr(r, v => p.constants.get(RegisterWrapperEqualSets(v, getUse(v, s, reachingDefs))))
+        )
+        val rhsDeps = evaled.variables.map(v => RegisterWrapperEqualSets(v, getDefinition(v, s, reachingDefs)))
+
+        p = evaled match {
+          case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
+          case _: Expr => p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(evaled, rhsDeps)))
+        }
+
+        if (r.loads.nonEmpty) {
+          // don't re-order loads
+          p = p.copy(exprs = p.exprs.filter((k, v) => v.expr.loads.isEmpty))
+        }
+        // remove candidates whose value changes due to this update
+        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.contains(l)))
+        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.contains(k)))
+
+        p
+      }
+      case _ => c
+    }
+  }
+}
+
+def exprSimp(e: Expr): Expr = {
+
+  def simpOne(e: Expr): Expr = {
+    e match {
+      // normalise
+      case BinaryExpr(op, x: Literal, y: Variable) => BinaryExpr(op, y, x)
+
+      // identities
+      case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => exprSimp(body)
+      case ZeroExtend(0, body)                                                             => exprSimp(body)
+      case SignExtend(0, body)                                                             => exprSimp(body)
+      case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => exprSimp(body)
+      case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => exprSimp(body)
+      case Repeat(1, body)                                                                 => exprSimp(body)
+      case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => exprSimp(body)
+      case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => exprSimp(body)
+      // case Extract(ed, 0, BinaryExpr(op, ZeroExtend(ex, hasVar), BitVecLiteral(v, sz)))    =>
+      case BinaryExpr(BVXOR, l, r) if l == r =>
+        e.getType match {
+          case BitVecType(sz) => BitVecLiteral(0, sz)
+        }
+      // double negation
+      case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => exprSimp(body)
+      case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => exprSimp(body)
+      case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => exprSimp(body)
+
+      // this simplifies the slice register and then extend pattern on operations with bitvectors
+      // to instead extend the bitvector to match the size of the variable
+      case ZeroExtend(ed, BinaryExpr(op, Extract(sz1, 0, hasVar), BitVecLiteral(v, sz2)))
+          if Set(BVADD, BVMUL, BVAND, BVOR).contains(op) =>
+        BinaryExpr(op, hasVar, BitVecLiteral(v, ed + sz1))
+
+      // constant folding
+      // const + (x + const) -> (const + const) + x
+      case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
+        BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), exprSimp(body))
+      case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
+        BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), exprSimp(body))
+      case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
+        BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), exprSimp(body))
+      case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
+        BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), exprSimp(body))
+      case r => r
+    }
+  }
+
+  var pe = e
+  var ne = simpOne(pe)
+  while (ne != pe) {
+    pe = ne
+    ne = simpOne(pe)
+  }
+  ne
+}
+
+class Simplify(
+    val res: CCP,
+    val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+) extends CILVisitor {
+
+  println(res)
+  var madeAnyChange = false
+  var statement: Statement = null
+
+  override def vexpr(e: Expr) = {
+    e match {
+      case v: Variable if res.constants.contains(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))) => {
+        madeAnyChange = true
+        ChangeDoChildrenPost(
+          res.constants(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))),
+          exprSimp
+        )
+      }
+      case v: Variable if res.exprs.contains(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))) => {
+        val repl = res.exprs(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs)))
+        val u = RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))
+        println(s"COPYPROP $u repl=$repl")
+        madeAnyChange = true
+        ChangeDoChildrenPost(
+          repl.expr,
+          exprSimp
+        )
+      }
+      case e => ChangeDoChildrenPost(e, exprSimp)
+    }
+  }
+
+  override def vjump(j: Jump) = {
+    SkipChildren()
+  }
+
+  override def vstmt(s: Statement) = {
+    statement = s
+
+    s match {
+      case a @ Assign(l, r, lb) => {
+        val state = res
+        val nr = eval.partialEvalExpr(
+          r,
+          v => state.constants.get(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs)))
+        )
+        if (nr != r) {
+          madeAnyChange = true
+        }
+        a.rhs = nr
+        DoChildren()
+      }
+      case _ => DoChildren()
+    }
+  }
+}
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index 856b18934..5ec957a18 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -53,6 +53,14 @@ private class ILSerialiser extends ReadOnlyVisitor {
     node
   }
 
+
+  override def visitAssume(node: Assume): Statement = {
+    program ++= "Assume("
+    visitExpr(node.body)
+    program ++= ")"
+    node
+  }
+
   override def visitAssert(node: Assert): Statement = {
     program ++= "Assert("
     visitExpr(node.body)
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 187ae9cbc..c9147b903 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -369,6 +369,9 @@ object StaticAnalysis {
     val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
     val constPropResultWithSSA = constPropSolverWithSSA.analyze()
 
+    transforms.doCopyPropTransform(ctx.program, reachingDefinitionsAnalysisResults)
+    writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
+
     Logger.debug("[!] Running MRA")
     val mraSolver = MemoryRegionAnalysisSolver(IRProgram, globalAddresses, globalOffsets, mergedSubroutines, constPropResult, ANRResult, RNAResult, regionAccessesAnalysisResults, reachingDefinitionsAnalysisResults)
     val mraResult = mraSolver.analyze()
@@ -422,6 +425,10 @@ object StaticAnalysis {
       Logger.warn(s"Disabling IDE solver tests due to external main procedure: ${IRProgram.mainProcedure.name}")
     }
 
+
+    transforms.doCopyPropTransform(ctx.program, reachingDefinitionsAnalysisResults)
+    writeToFile(serialiseIL(IRProgram), s"il-after-copyprop-2.il")
+
     StaticAnalysisContext(
       constPropResult = constPropResult,
       IRconstPropResult = newCPResult,
@@ -505,7 +512,7 @@ object RunUtils {
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
     val analysis = q.staticAnalysis.map(conf => staticAnalysis(conf, ctx))
-    q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-analysis.il"))
+    q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-all-analysis.il"))
 
     if (q.runInterpret) {
       val fs = eval.interpretTrace(ctx)

From 7769357afa8177372f59a9887bfdacf81ce97bb7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 25 Sep 2024 14:48:25 +1000
Subject: [PATCH 060/127] fixup analysis

---
 src/main/scala/Main.scala               |   6 +-
 src/main/scala/ir/transforms/Simp.scala | 137 ++++++++----------------
 src/main/scala/util/BASILConfig.scala   |   4 +-
 src/main/scala/util/RunUtils.scala      |   6 +-
 4 files changed, 55 insertions(+), 98 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 498c6eacb..6622c9a56 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -49,7 +49,9 @@ object Main {
       @arg(name = "threads", short = 't', doc = "Separates threads into multiple .bpl files with given output filename as prefix (requires --analyse flag)")
       threadSplit: Flag,
       @arg(name = "summarise-procedures", doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)")
-      summariseProcedures: Flag
+      summariseProcedures: Flag,
+      @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
+      simplify: Flag
   )
 
   def main(args: Array[String]): Unit = {
@@ -82,7 +84,7 @@ object Main {
     val q = BASILConfig(
       loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth),
       runInterpret = conf.interpret.value,
-      staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot, conf.threadSplit.value, conf.summariseProcedures.value)) else None,
+      staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot, conf.threadSplit.value, conf.summariseProcedures.value, conf.simplify.value)) else None,
       boogieTranslation = BoogieGeneratorConfig(if conf.lambdaStores.value then BoogieMemoryAccessMode.LambdaStoreSelect else BoogieMemoryAccessMode.SuccessiveStoreSelect,
         true, rely, conf.threadSplit.value),
       outputPrefix = conf.outFileName,
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 25b2477ea..e4d749ba9 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -16,68 +16,6 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
-class Product[L, R, AL <: AbstractDomain[L], AR <: AbstractDomain[R]](val l: AL, val r: AR)
-    extends AbstractDomain[(L, R)] {
-  override def join(a: (L, R), b: (L, R)): (L, R) = (l.join(a._1, b._1), r.join(a._2, b._2))
-  override def widen(a: (L, R), b: (L, R)): (L, R) = (l.widen(a._1, b._1), r.widen(a._2, b._2))
-  override def narrow(a: (L, R), b: (L, R)): (L, R) = (l.narrow(a._1, b._1), r.narrow(a._2, b._2))
-  override def transfer(a: (L, R), b: Statement): (L, R) = (l.transfer(a._1, b), r.transfer(a._2, b))
-
-  override def top = (l.top, r.top)
-  override def bot = (l.bot, r.bot)
-}
-
-enum MapWithDefault[+L] {
-  case Top
-  case Bot
-  // current lattice value, memory of lattice values at each code point
-  case V(value: L, memory: Map[Statement, L])
-}
-
-class MapDomain[L, D <: AbstractDomain[L]](val d: D) extends AbstractDomain[MapWithDefault[L]] {
-
-  def top = MapWithDefault.Top
-  def bot = MapWithDefault.Bot
-
-  def toMap(v: MapWithDefault[L]): Map[Statement, L] = {
-    v match {
-      case MapWithDefault.Top     => Map().withDefaultValue(d.top)
-      case MapWithDefault.Bot     => Map().withDefaultValue(d.bot)
-      case MapWithDefault.V(_, m) => m.withDefaultValue(d.bot)
-    }
-  }
-
-  def join(a: MapWithDefault[L], b: MapWithDefault[L]): MapWithDefault[L] = {
-    (a, b) match {
-      case (MapWithDefault.Top, MapWithDefault.Bot) => MapWithDefault.Top
-      case (MapWithDefault.Bot, MapWithDefault.Top) => MapWithDefault.Top
-      case (MapWithDefault.Top, _)                  => MapWithDefault.Top
-      case (MapWithDefault.Bot, v)                  => v
-      case (v, MapWithDefault.Bot)                  => v
-      case (MapWithDefault.V(vl1, v1), MapWithDefault.V(vl2, v2)) => {
-        MapWithDefault.V(
-          d.join(vl1, vl2),
-          v1.keys.foldLeft(v2)((m, a) => m + (a -> d.join(v1.get(a).getOrElse(d.bot), v2.get(a).getOrElse(d.bot))))
-        )
-      }
-    }
-  }
-
-  def transfer(a: MapWithDefault[L], b: Statement): MapWithDefault[L] = {
-    a match {
-      case MapWithDefault.Top => MapWithDefault.Top
-      case MapWithDefault.Bot => {
-        val c = d.transfer(d.bot, b)
-        MapWithDefault.V(c, Map(b -> c))
-      }
-      case MapWithDefault.V(vl, m) => {
-        val c = d.transfer(vl, b)
-        MapWithDefault.V(c, m.updated(b, c))
-      }
-    }
-  }
-}
-
 def doCopyPropTransform(
     p: Program,
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
@@ -91,16 +29,13 @@ def doCopyPropTransform(
   while (rerun && runs < 5) {
     Logger.info(s"Simp run $runs")
     runs += 1
-    rerun = false
     val solver = workListSolver(d)
     val result = solver.solveProg(p, Set(), Set())
 
     for ((p, xf) <- result) {
       val vis = Simplify(xf, reachingDefs)
       visit_proc(vis, p)
-      if (vis.madeAnyChange) {
-        rerun = true
-      }
+      rerun = vis.madeAnyChange
     }
   }
 }
@@ -179,17 +114,19 @@ class workListSolver[L, A <: AbstractDomain[L]](domain: A) {
   }
 }
 
-case class CopyProp(expr: Expr, deps: Set[RegisterWrapperEqualSets])
+case class CopyProp(expr: Expr, deps: Set[RegisterVariableWrapper])
 
 case class CCP(
-    constants: Map[RegisterWrapperEqualSets, Literal],
+    constants: Map[RegisterVariableWrapper, Literal],
     // variable -> expr * dependencies
-    val exprs: Map[RegisterWrapperEqualSets, CopyProp]
+    val exprs: Map[RegisterVariableWrapper, CopyProp]
 )
 
 class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])])
     extends AbstractDomain[CCP] {
 
+  private final val callClobbers = (0 to 30).map("R" + _).map(c => Register(c, 64))
+
   def top: CCP = CCP(Map(), Map())
   def bot: CCP = CCP(Map(), Map())
 
@@ -206,13 +143,13 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
         c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
       }
       case Assign(lv, r, lb) => {
-        val l = RegisterWrapperEqualSets(lv, getDefinition(lv, s, reachingDefs))
+        val l = RegisterVariableWrapper(lv, getDefinition(lv, s, reachingDefs))
 
         var p = c
         val evaled = exprSimp(
-          eval.partialEvalExpr(r, v => p.constants.get(RegisterWrapperEqualSets(v, getUse(v, s, reachingDefs))))
+          eval.partialEvalExpr(exprSimp(r), v => p.constants.get(RegisterVariableWrapper(v, getUse(v, s, reachingDefs))))
         )
-        val rhsDeps = evaled.variables.map(v => RegisterWrapperEqualSets(v, getDefinition(v, s, reachingDefs)))
+        val rhsDeps = evaled.variables.map(v => RegisterVariableWrapper(v, getDefinition(v, s, reachingDefs)))
 
         p = evaled match {
           case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
@@ -224,11 +161,17 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
           p = p.copy(exprs = p.exprs.filter((k, v) => v.expr.loads.isEmpty))
         }
         // remove candidates whose value changes due to this update
-        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.contains(l)))
-        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.contains(k)))
+        // without an SSA form in the output, we can't propagate assignments such that R0_1 := f(R0_0)
+        //  or; only replace such that all uses are copyproped, the dead definition is removed
+        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.variable.name == l.variable.name)))
+        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(d => d.variable.name == k.variable.name)))
 
         p
       }
+      case x: Call => {
+        val toClob = callClobbers.map(v => RegisterVariableWrapper(v, getDefinition(v, s, reachingDefs)))
+        toClob.foldLeft(c)((c,l) => c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l))))
+      }
       case _ => c
     }
   }
@@ -239,7 +182,7 @@ def exprSimp(e: Expr): Expr = {
   def simpOne(e: Expr): Expr = {
     e match {
       // normalise
-      case BinaryExpr(op, x: Literal, y: Variable) => BinaryExpr(op, y, x)
+      case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] => BinaryExpr(op, y, x)
 
       // identities
       case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => exprSimp(body)
@@ -250,7 +193,6 @@ def exprSimp(e: Expr): Expr = {
       case Repeat(1, body)                                                                 => exprSimp(body)
       case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => exprSimp(body)
       case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => exprSimp(body)
-      // case Extract(ed, 0, BinaryExpr(op, ZeroExtend(ex, hasVar), BitVecLiteral(v, sz)))    =>
       case BinaryExpr(BVXOR, l, r) if l == r =>
         e.getType match {
           case BitVecType(sz) => BitVecLiteral(0, sz)
@@ -260,14 +202,16 @@ def exprSimp(e: Expr): Expr = {
       case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => exprSimp(body)
       case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => exprSimp(body)
 
-      // this simplifies the slice register and then extend pattern on operations with bitvectors
-      // to instead extend the bitvector to match the size of the variable
-      case ZeroExtend(ed, BinaryExpr(op, Extract(sz1, 0, hasVar), BitVecLiteral(v, sz2)))
-          if Set(BVADD, BVMUL, BVAND, BVOR).contains(op) =>
-        BinaryExpr(op, hasVar, BitVecLiteral(v, ed + sz1))
+      // compose slices
+      case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 - be2, be1 + be2, exprSimp(body))
+
+      // (comp (comp x y) 1) = (comp x y)
+      case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => exprSimp(body)
+      case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, exprSimp(body))
+      case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)), BitVecLiteral(1, 1)) => BinaryExpr(BVEQ, exprSimp(body), BitVecLiteral(0, 1))
 
       // constant folding
-      // const + (x + const) -> (const + const) + x
+      // const + (e + const) -> (const + const) + e
       case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
         BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), exprSimp(body))
       case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
@@ -281,7 +225,7 @@ def exprSimp(e: Expr): Expr = {
   }
 
   var pe = e
-  var ne = simpOne(pe)
+  var ne =   simpOne(pe)
   while (ne != pe) {
     pe = ne
     ne = simpOne(pe)
@@ -294,30 +238,37 @@ class Simplify(
     val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
 ) extends CILVisitor {
 
-  println(res)
   var madeAnyChange = false
   var statement: Statement = null
 
+  def simp(pe: Expr)(ne: Expr) = {
+    val simped = eval.partialEvalExpr(exprSimp(ne), x => None)
+    if (pe != simped) {
+      madeAnyChange = true
+    }
+
+    simped
+  }
+
   override def vexpr(e: Expr) = {
     e match {
-      case v: Variable if res.constants.contains(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))) => {
+      case v: Variable if res.constants.contains(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))) => {
         madeAnyChange = true
         ChangeDoChildrenPost(
-          res.constants(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))),
-          exprSimp
+          res.constants(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))),
+          simp(e) 
         )
       }
-      case v: Variable if res.exprs.contains(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))) => {
-        val repl = res.exprs(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs)))
-        val u = RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs))
-        println(s"COPYPROP $u repl=$repl")
+      case v: Variable if res.exprs.contains(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))) => {
+        val repl = res.exprs(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs)))
+        val u = RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))
         madeAnyChange = true
         ChangeDoChildrenPost(
           repl.expr,
           exprSimp
         )
       }
-      case e => ChangeDoChildrenPost(e, exprSimp)
+      case e => ChangeDoChildrenPost(e, simp(e))
     }
   }
 
@@ -333,7 +284,7 @@ class Simplify(
         val state = res
         val nr = eval.partialEvalExpr(
           r,
-          v => state.constants.get(RegisterWrapperEqualSets(v, getUse(v, statement, reachingDefs)))
+          v => state.constants.get(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs)))
         )
         if (nr != r) {
           madeAnyChange = true
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index b323e4026..e65b94af5 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -19,7 +19,9 @@ case class StaticAnalysisConfig(dumpILToPath: Option[String] = None,
                                 analysisResultsPath: Option[String] = None,
                                 analysisDotPath: Option[String] = None,
                                 threadSplit: Boolean = false,
-                                summariseProcedures: Boolean = false)
+                                summariseProcedures: Boolean = false,
+                                simplify: Boolean = false
+                               )
 enum BoogieMemoryAccessMode:
   case SuccessiveStoreSelect, LambdaStoreSelect
 
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index c9147b903..a50007fa3 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -369,8 +369,10 @@ object StaticAnalysis {
     val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
     val constPropResultWithSSA = constPropSolverWithSSA.analyze()
 
-    transforms.doCopyPropTransform(ctx.program, reachingDefinitionsAnalysisResults)
-    writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
+    if (config.simplify) {
+      transforms.doCopyPropTransform(ctx.program, reachingDefinitionsAnalysisResults)
+      writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
+    }
 
     Logger.debug("[!] Running MRA")
     val mraSolver = MemoryRegionAnalysisSolver(IRProgram, globalAddresses, globalOffsets, mergedSubroutines, constPropResult, ANRResult, RNAResult, regionAccessesAnalysisResults, reachingDefinitionsAnalysisResults)

From 533ccce64029d723af0037609004b28fc48b88af Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 25 Sep 2024 14:50:02 +1000
Subject: [PATCH 061/127] wl optim

---
 src/main/scala/analysis/ANR.scala       |  2 +-
 src/main/scala/analysis/RNA.scala       |  2 +-
 src/main/scala/ir/Program.scala         |  2 +-
 src/main/scala/ir/transforms/Simp.scala | 26 +++++++++++++++----------
 src/main/scala/util/RunUtils.scala      |  4 ----
 src/test/scala/SystemTests.scala        | 12 ++++++------
 6 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/src/main/scala/analysis/ANR.scala b/src/main/scala/analysis/ANR.scala
index 196ef8634..d9ee0f822 100644
--- a/src/main/scala/analysis/ANR.scala
+++ b/src/main/scala/analysis/ANR.scala
@@ -61,4 +61,4 @@ class ANRAnalysisSolver(program: Program) extends ANRAnalysis(program)
     with IRIntraproceduralForwardDependencies
     with Analysis[Map[CFGPosition, Set[Variable]]]
     with SimpleWorklistFixpointSolver[CFGPosition, Set[Variable], PowersetLattice[Variable]] {
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/RNA.scala b/src/main/scala/analysis/RNA.scala
index b58e74dd9..ea205c06a 100644
--- a/src/main/scala/analysis/RNA.scala
+++ b/src/main/scala/analysis/RNA.scala
@@ -65,4 +65,4 @@ class RNAAnalysisSolver(
     with IRIntraproceduralBackwardDependencies
     with Analysis[Map[CFGPosition, Set[Variable]]]
     with SimpleWorklistFixpointSolver[CFGPosition, Set[Variable], PowersetLattice[Variable]] {
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 0cd12ad6e..bf32159c3 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -350,7 +350,7 @@ class Block private (
 
   def jump: Jump = _jump
 
-  var rpoOrder : Long = 0
+  var rpoOrder : Long = -1
 
   private def jump_=(j: Jump): Unit = {
     require(!j.hasParent)
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index e4d749ba9..7150fc49e 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -21,15 +21,14 @@ def doCopyPropTransform(
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
 ) = {
   val d = ConstCopyProp(reachingDefs)
-  Logger.info("RPO")
-  applyRPO(p)
   var rerun = true
 
+  applyRPO(p)
   var runs = 0
   while (rerun && runs < 5) {
     Logger.info(s"Simp run $runs")
     runs += 1
-    val solver = workListSolver(d)
+    val solver = worklistSolver(d)
     val result = solver.solveProg(p, Set(), Set())
 
     for ((p, xf) <- result) {
@@ -65,14 +64,14 @@ def applyRPO(p: Program) = {
   }
 }
 
-class workListSolver[L, A <: AbstractDomain[L]](domain: A) {
+class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
 
   def solveProg(
       p: Program,
       widenpoints: Set[Block], // set of loop heads
       narrowpoints: Set[Block] // set of conditions
   ): Map[Procedure, L] = {
-    val initDom = p.procedures.map(p => (p, p.blocks.filter(x => x.nextBlocks.size > 1 || x.prevBlocks.size > 1)))
+    val initDom = p.procedures.map(p => (p, p.blocks.filter(x => (x.nextBlocks.size > 1 || x.prevBlocks.size > 1) && x.rpoOrder != -1)))
 
     initDom.map(d => (d._1, solve(d._2, Set(), Set()))).toMap
   }
@@ -83,12 +82,19 @@ class workListSolver[L, A <: AbstractDomain[L]](domain: A) {
       narrowpoints: Set[Block] // set of conditions
   ): L = {
     val saved: mutable.HashMap[Block, L] = mutable.HashMap()
-    val workList = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
-    workList.addAll(initial)
+    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+    worklist.addAll(initial)
 
     var x = domain.bot
-    while (workList.nonEmpty) {
-      val b = workList.dequeue
+    while (worklist.nonEmpty) {
+      val b = worklist.dequeue
+
+      while (worklist.nonEmpty && (worklist.head.rpoOrder >= b.rpoOrder)) do {
+        // drop rest of blocks with same priority
+        val m = worklist.dequeue()
+        assert(m == b, s"Different nodes with same priority ${m.rpoOrder} ${b.rpoOrder}, violates PriorityQueueWorklist assumption: $b and $m")
+      }
+
       def bs(b: Block): List[Block] = {
         if (b.nextBlocks.size == 1) {
           val n = b.nextBlocks.head
@@ -106,7 +112,7 @@ class workListSolver[L, A <: AbstractDomain[L]](domain: A) {
       var nx = todo.foldLeft(x)(xf_block)
       saved(lastBlock) = nx
       if (nx != x) then {
-        workList.addAll(lastBlock.nextBlocks)
+        worklist.addAll(lastBlock.nextBlocks)
       }
       x = nx
     }
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index a50007fa3..336ddf96d 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -427,10 +427,6 @@ object StaticAnalysis {
       Logger.warn(s"Disabling IDE solver tests due to external main procedure: ${IRProgram.mainProcedure.name}")
     }
 
-
-    transforms.doCopyPropTransform(ctx.program, reachingDefinitionsAnalysisResults)
-    writeToFile(serialiseIL(IRProgram), s"il-after-copyprop-2.il")
-
     StaticAnalysisContext(
       constPropResult = constPropResult,
       IRconstPropResult = newCPResult,
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index 920eaa1e2..9efe3b26f 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -175,17 +175,17 @@ trait SystemTests extends AnyFunSuite, BASILTest {
 
 }
 
-class SystemTestsBAP extends SystemTests {
-  runTests("correct", TestConfig(useBAPFrontend = true, expectVerify = true, logResults = true))
-  runTests("incorrect", TestConfig(useBAPFrontend = true, expectVerify = false, logResults = true))
+class SystemTestsBAP extends SystemTests  {
+  runTests(correctPrograms, correctPath, "correct", TestConfig(useBAPFrontend=true, expectVerify=true))
+  runTests(incorrectPrograms, incorrectPath, "incorrect", TestConfig(useBAPFrontend=true, expectVerify=false))
   test("summary-BAP") {
     summary("testresult-BAP")
   }
 }
 
-class SystemTestsGTIRB extends SystemTests {
-  runTests("correct", TestConfig(useBAPFrontend = false, expectVerify = true, checkExpected = true, logResults = true))
-  runTests("incorrect", TestConfig(useBAPFrontend = false, expectVerify = false, checkExpected = true, logResults = true))
+class SystemTestsGTIRB extends SystemTests  {
+  runTests(correctPrograms, correctPath, "correct", TestConfig(useBAPFrontend=false, expectVerify=true, BASILFlags = Seq("--analyse")))
+  runTests(incorrectPrograms, incorrectPath, "incorrect", TestConfig(useBAPFrontend=false, expectVerify=false, BASILFlags = Seq("--analyse")))
   test("summary-GTIRB") {
     summary("testresult-GTIRB")
   }

From febadbda5ec9bdc34d0a30b4a03e81d7a2464c2f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 25 Sep 2024 14:50:40 +1000
Subject: [PATCH 062/127] rename w ssa

---
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   6 +-
 src/main/scala/ir/transforms/Simp.scala       | 150 +++++++++++++++---
 src/main/scala/util/RunUtils.scala            |  17 +-
 3 files changed, 144 insertions(+), 29 deletions(-)

diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 5583b12da..1f30b39b9 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -29,6 +29,7 @@ trait CILVisitor:
 
   def vexpr(e: Expr): VisitAction[Expr] = DoChildren()
   def vvar(e: Variable): VisitAction[Variable] = DoChildren()
+  def vlvar(e: Variable): VisitAction[Variable] = DoChildren()
   def vmem(e: Memory): VisitAction[Memory] = DoChildren()
 
   def enter_scope(params: ArrayBuffer[Parameter]): Unit = ()
@@ -63,6 +64,9 @@ class CILVisitorImpl(val v: CILVisitor) {
     doVisit(v, v.vvar(n), n, (n) => n)
   }
 
+  def visit_lvar(n: Variable): Variable = {
+    doVisit(v, v.vlvar(n), n, (n) => n)
+  }
 
   def visit_mem(n: Memory): Memory = {
     doVisit(v, v.vmem(n), n, (n) => n)
@@ -108,7 +112,7 @@ class CILVisitorImpl(val v: CILVisitor) {
       }
       case m: Assign => {
         m.rhs = visit_expr(m.rhs)
-        m.lhs = visit_var(m.lhs)
+        m.lhs = visit_lvar(m.lhs)
         m
       }
       case s: Assert => {
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 7150fc49e..c5253adc1 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -20,12 +20,15 @@ def doCopyPropTransform(
     p: Program,
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
 ) = {
-  val d = ConstCopyProp(reachingDefs)
-  var rerun = true
 
-  applyRPO(p)
   var runs = 0
-  while (rerun && runs < 5) {
+  var rerun = true
+  while (runs < 5) {
+    val rds2 = ReachingDefinitionsAnalysisSolver(p)
+    val reachingDefs = rds2.analyze()
+    val d = ConstCopyProp(reachingDefs)
+    applyRPO(p)
+
     Logger.info(s"Simp run $runs")
     runs += 1
     val solver = worklistSolver(d)
@@ -71,7 +74,9 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       widenpoints: Set[Block], // set of loop heads
       narrowpoints: Set[Block] // set of conditions
   ): Map[Procedure, L] = {
-    val initDom = p.procedures.map(p => (p, p.blocks.filter(x => (x.nextBlocks.size > 1 || x.prevBlocks.size > 1) && x.rpoOrder != -1)))
+    val initDom = p.procedures.map(p =>
+      (p, p.blocks.filter(x => (x.nextBlocks.size > 1 || x.prevBlocks.size > 1) && x.rpoOrder != -1))
+    )
 
     initDom.map(d => (d._1, solve(d._2, Set(), Set()))).toMap
   }
@@ -89,10 +94,17 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
     while (worklist.nonEmpty) {
       val b = worklist.dequeue
 
+      if (b.label == "lmain_goto_l00000321") {
+        println(s"$b\n  prevs : ${b.prevBlocks.map(c => saved.get(c))}")
+      }
+
       while (worklist.nonEmpty && (worklist.head.rpoOrder >= b.rpoOrder)) do {
         // drop rest of blocks with same priority
         val m = worklist.dequeue()
-        assert(m == b, s"Different nodes with same priority ${m.rpoOrder} ${b.rpoOrder}, violates PriorityQueueWorklist assumption: $b and $m")
+        assert(
+          m == b,
+          s"Different nodes with same priority ${m.rpoOrder} ${b.rpoOrder}, violates PriorityQueueWorklist assumption: $b and $m"
+        )
       }
 
       def bs(b: Block): List[Block] = {
@@ -104,7 +116,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
         }
       }
 
-      x = b.prevBlocks.map(ib => saved.get(ib).getOrElse(domain.bot)).foldLeft(x)(domain.join)
+      x = b.prevBlocks.flatMap(ib => saved.get(ib).toList).foldLeft(x)(domain.join)
       val todo = bs(b)
       val lastBlock = todo.last
 
@@ -138,8 +150,8 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
 
   override def join(l: CCP, r: CCP): CCP = {
     CCP(
-      (l.constants ++ r.constants).removedAll(l.constants.keySet.intersect(r.constants.keySet)),
-      (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet))
+      (l.constants ++ r.constants).removedAll(l.constants.keySet.intersect(r.constants.keySet).filterNot(k => l.constants(k) == r.constants(k))),
+      (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet).filterNot(k => l.exprs(k) == r.exprs(k)))
     )
   }
 
@@ -153,13 +165,17 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
 
         var p = c
         val evaled = exprSimp(
-          eval.partialEvalExpr(exprSimp(r), v => p.constants.get(RegisterVariableWrapper(v, getUse(v, s, reachingDefs))))
+          eval.partialEvalExpr(
+            exprSimp(r),
+            v => p.constants.get(RegisterVariableWrapper(v, getUse(v, s, reachingDefs)))
+          )
         )
-        val rhsDeps = evaled.variables.map(v => RegisterVariableWrapper(v, getDefinition(v, s, reachingDefs)))
+        val rhsDeps = evaled.variables.map(v => RegisterVariableWrapper(v, getUse(v, s, reachingDefs)))
 
         p = evaled match {
           case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
-          case _: Expr => p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(evaled, rhsDeps)))
+          case _: Expr =>
+            p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(evaled, rhsDeps)))
         }
 
         if (r.loads.nonEmpty) {
@@ -170,13 +186,14 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
         // without an SSA form in the output, we can't propagate assignments such that R0_1 := f(R0_0)
         //  or; only replace such that all uses are copyproped, the dead definition is removed
         p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.variable.name == l.variable.name)))
-        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(d => d.variable.name == k.variable.name)))
 
         p
       }
       case x: Call => {
         val toClob = callClobbers.map(v => RegisterVariableWrapper(v, getDefinition(v, s, reachingDefs)))
-        toClob.foldLeft(c)((c,l) => c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l))))
+        toClob.foldLeft(c)((c, l) =>
+          c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
+        )
       }
       case _ => c
     }
@@ -185,10 +202,14 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
 
 def exprSimp(e: Expr): Expr = {
 
+  val assocOps: Set[BinOp] =
+    Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
+
   def simpOne(e: Expr): Expr = {
     e match {
       // normalise
-      case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] => BinaryExpr(op, y, x)
+      case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
+        BinaryExpr(op, y, x)
 
       // identities
       case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => exprSimp(body)
@@ -214,7 +235,12 @@ def exprSimp(e: Expr): Expr = {
       // (comp (comp x y) 1) = (comp x y)
       case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => exprSimp(body)
       case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, exprSimp(body))
-      case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)), BitVecLiteral(1, 1)) => BinaryExpr(BVEQ, exprSimp(body), BitVecLiteral(0, 1))
+      case BinaryExpr(
+            BVEQ,
+            BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
+            BitVecLiteral(1, 1)
+          ) =>
+        BinaryExpr(BVEQ, exprSimp(body), BitVecLiteral(0, 1))
 
       // constant folding
       // const + (e + const) -> (const + const) + e
@@ -231,7 +257,7 @@ def exprSimp(e: Expr): Expr = {
   }
 
   var pe = e
-  var ne =   simpOne(pe)
+  var ne = simpOne(pe)
   while (ne != pe) {
     pe = ne
     ne = simpOne(pe)
@@ -239,6 +265,88 @@ def exprSimp(e: Expr): Expr = {
   ne
 }
 
+object SSARename:
+
+  def concretiseSSA(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) = {
+    println("SSA conc ")
+    val c = SSACollect(p, reachingDefs)
+    c.initial()
+    visit_prog(c, p)
+    println(c.names)
+    val rn = SSARename(p, c.names, reachingDefs)
+    visit_prog(rn, p)
+  }
+
+  class SSARename(p: Program, renames: mutable.HashMap[Assign, Int], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
+    var statement : Statement = null
+
+    override def vvar(v: Variable) = {
+      val assigns = getUse(v, statement, reachingDefs)
+      assigns.headOption.map(doRename(v, _)) match {
+        case Some(nv) => ChangeTo(nv)
+        case None => SkipChildren()
+      }
+    }
+
+    def doRename(v: Variable, definition: Assign): Variable = {
+      renames.get(definition) match {
+        case Some(idx) => {
+          v match {
+            case Register(n, sz) => Register(n + "_" + idx, sz)
+            case LocalVar(n, t) => LocalVar(n + "_" + idx, t)
+          }
+        }
+        case None => v
+      }
+    }
+
+    override def vstmt(s: Statement) = {
+      statement = s
+      s match {
+        case a @ Assign(l, r, _) => {
+          a.lhs = doRename(l, a)
+          DoChildren()
+        }
+        case _ => DoChildren()
+      }
+    }
+
+  }
+
+  class SSACollect(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
+    val names = mutable.HashMap[Assign, Int]()
+    var count = 0
+    var statement : Statement = null
+
+    override def vvar(v: Variable) =  {
+      val assigns = getUse(v, statement, reachingDefs)
+      if (assigns.size > 1) {
+        count += 1
+        for (a <- assigns) {
+          names(a) = count 
+        }
+      }
+      DoChildren()
+    }
+
+    def initial() = {
+      // give each definition a unique index
+      for (c <- p) {
+        count += 1
+        c match {
+          case a : Assign => names(a) = count
+          case _ => ()
+        }
+      }
+    }
+
+    override def vstmt(s: Statement) = {
+      statement = s
+      DoChildren()
+    }
+
+  }
+
 class Simplify(
     val res: CCP,
     val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
@@ -262,7 +370,7 @@ class Simplify(
         madeAnyChange = true
         ChangeDoChildrenPost(
           res.constants(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))),
-          simp(e) 
+          simp(e)
         )
       }
       case v: Variable if res.exprs.contains(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))) => {
@@ -271,17 +379,13 @@ class Simplify(
         madeAnyChange = true
         ChangeDoChildrenPost(
           repl.expr,
-          exprSimp
+          simp(e)
         )
       }
       case e => ChangeDoChildrenPost(e, simp(e))
     }
   }
 
-  override def vjump(j: Jump) = {
-    SkipChildren()
-  }
-
   override def vstmt(s: Statement) = {
     statement = s
 
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 336ddf96d..9766768df 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -344,6 +344,7 @@ object StaticAnalysis {
     val reachingDefinitionsAnalysisSolver = ReachingDefinitionsAnalysisSolver(IRProgram)
     val reachingDefinitionsAnalysisResults = reachingDefinitionsAnalysisSolver.analyze()
 
+
     config.analysisDotPath.foreach(s => {
       writeToFile(
         toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> reachingDefinitionsAnalysisResults(b).toString).toMap),
@@ -365,15 +366,21 @@ object StaticAnalysis {
       )
     })
 
-    Logger.debug("[!] Running Constant Propagation with SSA")
-    val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
-    val constPropResultWithSSA = constPropSolverWithSSA.analyze()
-
     if (config.simplify) {
-      transforms.doCopyPropTransform(ctx.program, reachingDefinitionsAnalysisResults)
+      transforms.SSARename.concretiseSSA(ctx.program, reachingDefinitionsAnalysisResults)
+
+      val rds2 = ReachingDefinitionsAnalysisSolver(IRProgram)
+      val rdr2 = rds2.analyze()
+
+      transforms.doCopyPropTransform(ctx.program, rdr2)
       writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
     }
 
+    Logger.info("[!] Running Constant Propagation with SSA")
+    val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
+    val constPropResultWithSSA = constPropSolverWithSSA.analyze()
+
+
     Logger.debug("[!] Running MRA")
     val mraSolver = MemoryRegionAnalysisSolver(IRProgram, globalAddresses, globalOffsets, mergedSubroutines, constPropResult, ANRResult, RNAResult, regionAccessesAnalysisResults, reachingDefinitionsAnalysisResults)
     val mraResult = mraSolver.analyze()

From 4465cfb3d5ac4d8cd4a5fd30c2d25ec048828836 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 20 Sep 2024 15:58:59 +1000
Subject: [PATCH 063/127] tweak ssa

---
 src/main/scala/ir/transforms/Simp.scala | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index c5253adc1..142454819 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -16,6 +16,7 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
+
 def doCopyPropTransform(
     p: Program,
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
@@ -267,6 +268,11 @@ def exprSimp(e: Expr): Expr = {
 
 object SSARename:
 
+
+// TODO: remove assigned and unread variables
+// TODO: Make procedure calls and returns assignments of all registers so they can become global and be ssa,
+//  and returned variables are not unread, and there is a clear modifies set across calls
+
   def concretiseSSA(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) = {
     println("SSA conc ")
     val c = SSACollect(p, reachingDefs)
@@ -315,15 +321,15 @@ object SSARename:
 
   class SSACollect(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
     val names = mutable.HashMap[Assign, Int]()
-    var count = 0
+    var count = mutable.HashMap[Variable, Int]().withDefaultValue(0)
     var statement : Statement = null
 
     override def vvar(v: Variable) =  {
       val assigns = getUse(v, statement, reachingDefs)
       if (assigns.size > 1) {
-        count += 1
+        count(v) = count(v) + 1
         for (a <- assigns) {
-          names(a) = count 
+          names(a) = count(v)
         }
       }
       DoChildren()
@@ -332,9 +338,11 @@ object SSARename:
     def initial() = {
       // give each definition a unique index
       for (c <- p) {
-        count += 1
         c match {
-          case a : Assign => names(a) = count
+          case a : Assign => {
+            count(a.lhs) = count(a.lhs) + 1
+            names(a) = count(a.lhs)
+          }
           case _ => ()
         }
       }

From a6cc33f91a107ab5cb82f44ce1d541976883856b Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 30 Sep 2024 11:26:10 +1000
Subject: [PATCH 064/127] change param to localvar

---
 src/main/scala/ir/Interpreter.scala           | 16 ++++----
 src/main/scala/ir/Program.scala               | 23 ++++++++---
 src/main/scala/ir/Statement.scala             |  3 +-
 src/main/scala/ir/Visitor.scala               | 23 ++++-------
 src/main/scala/ir/cilvisitor/CILVisitor.scala | 29 +++++++------
 .../transforms/IndirectCallResolution.scala   |  2 +-
 .../ir/transforms/ProcedureParameters.scala   |  4 ++
 src/main/scala/translating/BAPToIR.scala      | 15 +++----
 src/main/scala/translating/GTIRBToIR.scala    | 16 ++++----
 src/main/scala/translating/ILtoIL.scala       | 12 +++---
 .../translating/SpecificationLoader.scala     | 41 ++++++++-----------
 11 files changed, 95 insertions(+), 89 deletions(-)
 create mode 100644 src/main/scala/ir/transforms/ProcedureParameters.scala

diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/Interpreter.scala
index d3b48a549..53d78e279 100644
--- a/src/main/scala/ir/Interpreter.scala
+++ b/src/main/scala/ir/Interpreter.scala
@@ -209,14 +209,14 @@ class Interpreter() {
     Logger.debug(s"Procedure(${p.name}, ${p.address.getOrElse("None")})")
 
     // Procedure.in
-    for ((in, index) <- p.in.zipWithIndex) {
-      Logger.debug(s"\tin[$index]:${in.name} ${in.size} ${in.value}")
-    }
-
-    // Procedure.out
-    for ((out, index) <- p.out.zipWithIndex) {
-      Logger.debug(s"\tout[$index]:${out.name} ${out.size} ${out.value}")
-    }
+    //for ((in, index) <- p.in.zipWithIndex) {
+    //  Logger.debug(s"\tin[$index]:${in.name} ${in.size} ${in.value}")
+    //}
+
+    //// Procedure.out
+    //for ((out, index) <- p.out.zipWithIndex) {
+    //  Logger.debug(s"\tout[$index]:${out.name} ${out.size} ${out.value}")
+    //}
 
     // Procedure.Block
     p.entryBlock match {
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index d06e4b59c..2ee6dde57 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -141,17 +141,25 @@ class Program(var procedures: ArrayBuffer[Procedure],
 class ProgramThread(val entry: Procedure,
                     val procedures: mutable.LinkedHashSet[Procedure],
                     val creationSite: Option[DirectCall]) {
-
 }
 
+/*
+ * R0 := call procname(R0, R1, R2)
+ *
+ * procname (R0a, R1a, R2a):  
+ *  ...
+ *  return (R0)
+ *
+*/
+
 class Procedure private (
                   var name: String,
                   var address: Option[BigInt],
                   private var _entryBlock: Option[Block],
                   private var _returnBlock: Option[Block],
                   private val _blocks: mutable.LinkedHashSet[Block],
-                  var in: ArrayBuffer[Parameter],
-                  var out: ArrayBuffer[Parameter],
+                  var formalInParam: ArrayBuffer[LocalVar],
+                  var formalOutParam: ArrayBuffer[LocalVar],
                   var requires: List[BExpr],
                   var ensures: List[BExpr],
                 ) {
@@ -161,12 +169,15 @@ class Procedure private (
   require(_returnBlock.forall(b => _blocks.contains(b)) && _entryBlock.forall(b => _blocks.contains(b)))
   require(_blocks.isEmpty == _entryBlock.isEmpty) // blocks.nonEmpty <==> entryBlock.isDefined
 
-  def this(name: String, address: Option[BigInt] = None , entryBlock: Option[Block] = None, returnBlock: Option[Block] = None, blocks: Iterable[Block] = ArrayBuffer(), in: IterableOnce[Parameter] = ArrayBuffer(), out: IterableOnce[Parameter] = ArrayBuffer(), requires: IterableOnce[BExpr] = ArrayBuffer(), ensures: IterableOnce[BExpr] = ArrayBuffer()) = {
-    this(name, address, entryBlock, returnBlock, mutable.LinkedHashSet.from(blocks), ArrayBuffer.from(in), ArrayBuffer.from(out), List.from(requires), List.from(ensures))
+  def this(name: String, address: Option[BigInt] = None , entryBlock: Option[Block] = None, 
+      returnBlock: Option[Block] = None, blocks: Iterable[Block] = ArrayBuffer(), 
+      formalInParam: IterableOnce[LocalVar] = ArrayBuffer(), formalOutParam: IterableOnce[LocalVar] = ArrayBuffer(), 
+      requires: IterableOnce[BExpr] = ArrayBuffer(), ensures: IterableOnce[BExpr] = ArrayBuffer()) = {
+    this(name, address, entryBlock, returnBlock, mutable.LinkedHashSet.from(blocks), ArrayBuffer.from(formalInParam), ArrayBuffer.from(formalOutParam), List.from(requires), List.from(ensures))
   }
 
   override def toString: String = {
-    s"Procedure $name at ${address.getOrElse("None")} with ${blocks.size} blocks and ${in.size} in and ${out.size} out parameters"
+    s"Procedure $name at ${address.getOrElse("None")} with ${blocks.size} blocks and ${formalInParam.size} in and ${formalOutParam.size} out parameters"
   }
 
   def calls: Set[Procedure] = blocks.iterator.flatMap(_.calls).toSet
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index ce49bc82e..f0dd40d11 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -87,7 +87,7 @@ class Unreachable(override val label: Option[String] = None) extends Jump {
   override def acceptVisit(visitor: Visitor): Jump = this
 }
 
-class Return(override val label: Option[String] = None) extends Jump {
+class Return(override val label: Option[String] = None, val outParams : List[Expr] = List()) extends Jump {
   override def acceptVisit(visitor: Visitor): Jump = this
 }
 
@@ -145,6 +145,7 @@ sealed trait Call extends Statement {
 }
 
 class DirectCall(val target: Procedure,
+                 val params: Map[LocalVar, Expr] = Map(), // lhs match target.formal_inparams
                  override val label: Option[String] = None
                 ) extends Call {
   /* override def locals: Set[Variable] = condition match {
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index 1cc9c1b40..3e2652c19 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -60,11 +60,11 @@ abstract class Visitor {
     for (b <- node.blocks) {
       node.replaceBlock(b, visitBlock(b))
     }
-    for (i <- node.in.indices) {
-      node.in(i) = visitParameter(node.in(i))
+    for (i <- node.formalInParam.indices) {
+      node.formalInParam(i) = visitLocalVar(node.formalInParam(i))
     }
-    for (i <- node.out.indices) {
-      node.out(i) = visitParameter(node.out(i))
+    for (i <- node.formalOutParam.indices) {
+      node.formalOutParam(i) = visitLocalVar(node.formalOutParam(i))
     }
     node
   }
@@ -220,11 +220,11 @@ abstract class ReadOnlyVisitor extends Visitor {
     for (i <- node.blocks) {
       visitBlock(i)
     }
-    for (i <- node.in) {
-      visitParameter(i)
+    for (i <- node.formalInParam) {
+      visitLocalVar(i)
     }
-    for (i <- node.out) {
-      visitParameter(i)
+    for (i <- node.formalOutParam) {
+      visitLocalVar(i)
     }
     node
   }
@@ -382,13 +382,6 @@ class Renamer(reserved: Set[String]) extends Visitor {
     }
   }
 
-  override def visitParameter(node: Parameter): Parameter = {
-    if (reserved.contains(node.name)) {
-      node.name = s"#${node.name}"
-    }
-    super.visitParameter(node)
-  }
-
   override def visitProcedure(node: Procedure): Procedure = {
     if (reserved.contains(node.name)) {
       node.name = s"#${node.name}"
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 5583b12da..f503a8563 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -31,8 +31,8 @@ trait CILVisitor:
   def vvar(e: Variable): VisitAction[Variable] = DoChildren()
   def vmem(e: Memory): VisitAction[Memory] = DoChildren()
 
-  def enter_scope(params: ArrayBuffer[Parameter]): Unit = ()
-  def leave_scope(outparam: ArrayBuffer[Parameter]): Unit = ()
+  def enter_scope(params: Map[LocalVar, Expr]): Unit = ()
+  def leave_scope(): Unit = ()
 
 
 def doVisitList[T](v: CILVisitor, a: VisitAction[List[T]], n: T, continue: (T) => T): List[T] = {
@@ -55,10 +55,6 @@ def doVisit[T](v: CILVisitor, a: VisitAction[T], n: T, continue: (T) => T): T =
 
 class CILVisitorImpl(val v: CILVisitor) {
 
-  def visit_parameters(p: ArrayBuffer[Parameter]): ArrayBuffer[Parameter] = {
-    doVisit(v, v.vparams(p), p, (n) => n)
-  }
-
   def visit_var(n: Variable): Variable = {
     doVisit(v, v.vvar(n), n, (n) => n)
   }
@@ -70,7 +66,14 @@ class CILVisitorImpl(val v: CILVisitor) {
 
 
   def visit_jump(j: Jump): Jump = {
-    doVisit(v, v.vjump(j), j, (j) => j)
+    val ji = j match {
+      case r: Return => {
+        v.leave_scope()
+        r
+      }
+      case x => x
+    }
+    doVisit(v, v.vjump(ji), ji, (x) => x)
   }
 
   def visit_fallthrough(j: Option[GoTo]): Option[GoTo] = {
@@ -95,7 +98,10 @@ class CILVisitorImpl(val v: CILVisitor) {
 
   def visit_stmt(s: Statement): List[Statement] = {
     def continue(n: Statement) = n match {
-      case d: DirectCall => d
+      case d: DirectCall => {
+        v.enter_scope(d.params)
+        d
+      }
       case i: IndirectCall => {
         i.target = visit_var(i.target)
         i
@@ -144,13 +150,12 @@ class CILVisitorImpl(val v: CILVisitor) {
 
   def visit_proc(p: Procedure): List[Procedure] = {
     def continue(p: Procedure) = {
-      p.in = visit_parameters(p.in)
-      v.enter_scope(p.in)
+      // manage scope on call/return
+      // v.enter_scope(ArrayBuffer())
       for (b <- p.blocks) {
         p.replaceBlock(b, visit_block(b))
       }
-      p.out = visit_parameters(p.out)
-      v.leave_scope(p.out)
+      // v.leave_scope(ArrayBuffer())
       p
     }
 
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index 8f1ae8e3b..beae065c0 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -110,7 +110,7 @@ def resolveIndirectCallsUsingPointsTo(
       if (targets.size == 1) {
         modified = true
 
-        val newCall = DirectCall(targets.head, indirectCall.label)
+        val newCall = DirectCall(targets.head, Map(), indirectCall.label)
         block.statements.replace(indirectCall, newCall)
       } else if (targets.size > 1) {
 
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
new file mode 100644
index 000000000..a8d03b370
--- /dev/null
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -0,0 +1,4 @@
+
+/**
+ * Use ANR and RNA to identify procedure parameters.
+ */
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index ae501c277..a2e94cbcf 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -6,6 +6,7 @@ import ir.{UnaryExpr, BinaryExpr, *}
 import specification.*
 
 import scala.collection.mutable
+import scala.collection.immutable
 import scala.collection.mutable.Map
 import scala.collection.mutable.ArrayBuffer
 import util.intrusive_list.*
@@ -28,12 +29,12 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
         }
         labelToBlock.addOne(b.label, block)
       }
-      for (p <- s.in) {
-        procedure.in.append(p.toIR)
-      }
-      for (p <- s.out) {
-        procedure.out.append(p.toIR)
-      }
+      // for (p <- s.in) {
+      //   procedure.in.append(p.toIR)
+      // }
+      // for (p <- s.out) {
+      //   procedure.out.append(p.toIR)
+      // }
       if (s.address.get == mainAddress) {
         mainProcedure = Some(procedure)
       }
@@ -135,7 +136,7 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
     } else {
       jumps.head match {
         case b: BAPDirectCall =>
-          val call = Some(DirectCall(nameToProcedure(b.target),Some(b.line)))
+          val call = Some(DirectCall(nameToProcedure(b.target),immutable.Map(), Some(b.line)))
           val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Unreachable())
           (call, ft, ArrayBuffer())
         case b: BAPIndirectCall =>
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index 7bbe493b4..9039ee028 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -131,17 +131,17 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
 
   // TODO this is a hack to imitate BAP so that the existing specifications relying on this will work
   // we cannot and should not rely on this at all
-  private def createArguments(name: String): (ArrayBuffer[Parameter], ArrayBuffer[Parameter]) = {
+  private def createArguments(name: String): (ArrayBuffer[LocalVar], ArrayBuffer[LocalVar]) = {
     val args = ArrayBuffer.newBuilder[Parameter]
     var regNum = 0
 
     val in = if (name == "main") {
-      ArrayBuffer(Parameter("main_argc", 32, Register("R0", 64)), Parameter("main_argv", 64, Register("R1", 64)))
+      ArrayBuffer(LocalVar("main_argc", BitVecType(32)), LocalVar("main_argv", BitVecType(32)))
     } else {
       ArrayBuffer()
     }
 
-    val out = ArrayBuffer(Parameter(name + "_result", 32, Register("R0", 64)))
+    val out = ArrayBuffer(LocalVar(name + "_result", BitVecType(64)))
 
     (in, out)
   }
@@ -258,7 +258,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
 
     val (in, out) = createArguments(name)
 
-    val procedure = Procedure(name, address, in = in, out = out)
+    val procedure = Procedure(name, address, formalInParam = in, formalOutParam = out)
     uuidToProcedure += (functionUUID -> procedure)
     entranceUUIDtoProcedure += (entranceUUID -> procedure)
 
@@ -412,7 +412,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               proc
             }
             val label = removePCAssign(block)
-            (Some(DirectCall(target, label)), Unreachable())
+            (Some(DirectCall(target, immutable.Map(), label)), Unreachable())
           }
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           // resolved indirect jump
@@ -434,7 +434,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           val jump = if (procedure == targetProc) {
             (None, GoTo(mutable.Set(uuidToBlock(edge.targetUuid)), label))
           } else {
-            (Some(DirectCall(targetProc, label)), Unreachable())
+            (Some(DirectCall(targetProc, immutable.Map(), label)), Unreachable())
           }
           jump
         } else if (uuidToBlock.contains(edge.targetUuid)) {
@@ -468,7 +468,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
           val target = entranceUUIDtoProcedure(edge.targetUuid)
           val label = removePCAssign(block)
-          (Some(DirectCall(target, label)), Unreachable())
+          (Some(DirectCall(target, immutable.Map(), label)), Unreachable())
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known procedure entrance")
         }
@@ -597,7 +597,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // resolved indirect call
       val target = entranceUUIDtoProcedure(call.targetUuid)
       val label = removePCAssign(block)
-      (Some(DirectCall(target, label)), GoTo(Set(returnTarget)))
+      (Some(DirectCall(target, immutable.Map(), label)), GoTo(Set(returnTarget)))
     }
   }
 
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index 856b18934..99da21456 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -126,17 +126,17 @@ private class ILSerialiser extends ReadOnlyVisitor {
     indentLevel += 1
 
     program ++= "in("
-    for (i <- node.in.indices) {
-      visitParameter(node.in(i))
-      if (i != node.in.size - 1) {
+    for (i <- node.formalInParam.indices) {
+      visitLocalVar(node.formalInParam(i))
+      if (i != node.formalInParam.size - 1) {
         program ++= ", "
       }
     }
     program ++= "), "
     program ++= "out("
-    for (i <- node.out.indices) {
-      visitParameter(node.out(i))
-      if (i != node.out.size - 1)
+    for (i <- node.formalInParam.indices) {
+      visitLocalVar(node.formalInParam(i))
+      if (i != node.formalInParam.size - 1)
         program ++= ", "
     }
     program ++= "), "
diff --git a/src/main/scala/translating/SpecificationLoader.scala b/src/main/scala/translating/SpecificationLoader.scala
index 1d9b82336..f241c597d 100644
--- a/src/main/scala/translating/SpecificationLoader.scala
+++ b/src/main/scala/translating/SpecificationLoader.scala
@@ -152,7 +152,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitExpr(
       ctx: ExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = {
     val exprs = ctx.impliesExpr.asScala.map(e => visitImpliesExpr(e, nameToGlobals, params))
     if (exprs.size > 1) {
@@ -165,7 +165,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitImpliesExpr(
       ctx: ImpliesExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -179,7 +179,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitLogicalExpr(
       ctx: LogicalExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = {
     val rels = ctx.relExpr.asScala.map(r => visitRelExpr(r, nameToGlobals, params))
     if (rels.size > 1) {
@@ -197,7 +197,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitRelExpr(
       ctx: RelExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -211,7 +211,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitTerm(
       ctx: TermContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -225,7 +225,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitFactor(
       ctx: FactorContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -239,7 +239,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitUnaryExpr(
       ctx: UnaryExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = ctx match {
     case n: NegExprContext       => UnaryBExpr(BVNEG, visitUnaryExpr(n.unaryExpr, nameToGlobals, params))
     case a: AtomUnaryExprContext => visitAtomExpr(a.atomExpr, nameToGlobals, params)
@@ -249,7 +249,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitAtomExpr(
       ctx: AtomExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): BExpr = ctx match {
     case b: BoolLitExprContext     => visitBoolLit(b.boolLit)
     case i: IdExprContext          => visitId(i.id, nameToGlobals, params)
@@ -264,7 +264,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitArrayAccess(
       ctx: ArrayAccessContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): ArrayAccess = {
     val global = visitId(ctx.id, nameToGlobals, params) match {
       case g: SpecGlobal => g
@@ -294,13 +294,13 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitOldExpr(
       ctx: OldExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): Old = Old(visitExpr(ctx.expr, nameToGlobals, params))
 
   def visitIfThenElseExpr(
       ctx: IfThenElseExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, Parameter] = Map()
+      params: Map[String, LocalVar] = Map()
   ): IfThenElse = {
     IfThenElse(
       visitExpr(ctx.guard, nameToGlobals, params),
@@ -316,7 +316,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
     case "false" => FalseBLiteral
   }
 
-  def visitId(ctx: IdContext, nameToGlobals: Map[String, SpecGlobal], params: Map[String, Parameter] = Map()): BExpr = {
+  def visitId(ctx: IdContext, nameToGlobals: Map[String, SpecGlobal], params: Map[String, LocalVar] = Map()): BExpr = {
     val id = ctx.getText
     id match {
       case id if id.startsWith("Gamma_R") => {
@@ -325,7 +325,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
       case id if (id.startsWith("Gamma_")) => {
       val gamma_id = id.stripPrefix("Gamma_")
       params.get(gamma_id) match {
-        case Some(p: Parameter) => p.value.toGamma
+        case Some(p: LocalVar) => p.toGamma
         case None =>
           nameToGlobals.get(gamma_id) match {
             case Some(g: SpecGlobal) => SpecGamma(g)
@@ -338,16 +338,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
       }
       case id =>  {
         params.get(id) match {
-          case Some(p: Parameter) =>
-            val registerSize = p.value.size
-            val paramSize = p.size
-            if (paramSize == registerSize) {
-              p.value.toBoogie
-            } else if (registerSize > paramSize) {
-              BVExtract(registerSize - p.size, 0, p.value.toBoogie)
-            } else {
-              throw Exception(s"parameter $p doesn't fit in register ${p.value} for ID $id")
-            }
+          case Some(p: LocalVar) => p.toBoogie
           case None =>
             nameToGlobals.get(ctx.getText) match {
               case Some(g: SpecGlobal) => g
@@ -383,10 +374,10 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
     val name = ctx.id.getText
     val irProc = program.procedures.collectFirst { case p if p.name == name => p }
 
-    val params: Map[String, Parameter] = irProc match {
+    val params: Map[String, LocalVar] = irProc match {
       case None => Map()
       case Some(p) =>
-        p.in.map(p => p.name -> p).toMap ++ p.out.map(p => p.name -> p).toMap
+        p.formalInParam.map(p => p.name -> p).toMap ++ p.formalOutParam.map(p => p.name -> p).toMap
     }
 
     val requires = ctx.requires.asScala.collect { case r: ParsedRequiresContext =>

From 750d94906a98c1a09c7f9cefd577a4c3ea37fb41 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 30 Sep 2024 11:28:59 +1000
Subject: [PATCH 065/127] distinguish lvars and rvars in cilvisitor

---
 src/main/scala/ir/cilvisitor/CILVisitor.scala | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index f503a8563..1ede97aee 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -28,7 +28,8 @@ trait CILVisitor:
   def vfallthrough(j: Option[GoTo]): VisitAction[Option[GoTo]] = DoChildren()
 
   def vexpr(e: Expr): VisitAction[Expr] = DoChildren()
-  def vvar(e: Variable): VisitAction[Variable] = DoChildren()
+  def vrvar(e: Variable): VisitAction[Variable] = DoChildren()
+  def vlvar(e: Variable): VisitAction[Variable] = DoChildren()
   def vmem(e: Memory): VisitAction[Memory] = DoChildren()
 
   def enter_scope(params: Map[LocalVar, Expr]): Unit = ()
@@ -55,16 +56,20 @@ def doVisit[T](v: CILVisitor, a: VisitAction[T], n: T, continue: (T) => T): T =
 
 class CILVisitorImpl(val v: CILVisitor) {
 
-  def visit_var(n: Variable): Variable = {
-    doVisit(v, v.vvar(n), n, (n) => n)
+  def visit_rvar(n: Variable): Variable = {
+    // variable in right expression
+    doVisit(v, v.vrvar(n), n, (n) => n)
   }
 
+  def visit_lvar(n: Variable): Variable = {
+    // variable in left expression
+    doVisit(v, v.vlvar(n), n, (n) => n)
+  }
 
   def visit_mem(n: Memory): Memory = {
     doVisit(v, v.vmem(n), n, (n) => n)
   }
 
-
   def visit_jump(j: Jump): Jump = {
     val ji = j match {
       case r: Return => {
@@ -90,7 +95,7 @@ class CILVisitorImpl(val v: CILVisitor) {
       case SignExtend(bits, arg)                => SignExtend(bits, visit_expr(arg))
       case BinaryExpr(op, arg, arg2)            => BinaryExpr(op, visit_expr(arg), visit_expr(arg2))
       case UnaryExpr(op, arg)                   => UnaryExpr(op, visit_expr(arg))
-      case v: Variable                          => visit_var(v)
+      case v: Variable                          => visit_rvar(v)
       case UninterpretedFunction(n, params, rt) => UninterpretedFunction(n, params.map(visit_expr), rt)
     }
     doVisit(v, v.vexpr(n), n, continue)
@@ -103,7 +108,7 @@ class CILVisitorImpl(val v: CILVisitor) {
         d
       }
       case i: IndirectCall => {
-        i.target = visit_var(i.target)
+        i.target = visit_rvar(i.target)
         i
       }
       case m: MemoryAssign => {
@@ -114,7 +119,7 @@ class CILVisitorImpl(val v: CILVisitor) {
       }
       case m: Assign => {
         m.rhs = visit_expr(m.rhs)
-        m.lhs = visit_var(m.lhs)
+        m.lhs = visit_lvar(m.lhs)
         m
       }
       case s: Assert => {

From c9c41814bfbfb3b481a795de08e1ba3aefb9f4d6 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 1 Oct 2024 17:49:13 +1000
Subject: [PATCH 066/127] transform ir and spec and loader to have params

---
 src/main/scala/analysis/ANR.scala             |  10 +-
 src/main/scala/analysis/RNA.scala             |  11 +-
 .../scala/analysis/SummaryGenerator.scala     |   2 +-
 .../analysis/VariableDependencyAnalysis.scala |   2 +-
 src/main/scala/bap/BAPProgram.scala           |  16 +-
 src/main/scala/boogie/BCmd.scala              |   2 +-
 src/main/scala/boogie/BExpr.scala             | 153 ++++++++++-
 src/main/scala/boogie/BProgram.scala          |   4 +-
 src/main/scala/ir/Expr.scala                  |   9 +-
 src/main/scala/ir/Program.scala               |  72 +++---
 src/main/scala/ir/Statement.scala             |  10 +-
 src/main/scala/ir/Visitor.scala               |  20 +-
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   3 +-
 .../transforms/IndirectCallResolution.scala   |   2 +-
 .../ir/transforms/ProcedureParameters.scala   | 242 +++++++++++++++++-
 .../scala/specification/Specification.scala   | 148 -----------
 src/main/scala/translating/BAPToIR.scala      |  27 +-
 src/main/scala/translating/GTIRBToIR.scala    |  30 ++-
 src/main/scala/translating/ILtoIL.scala       |  25 +-
 src/main/scala/translating/IRToBoogie.scala   |  20 +-
 .../scala/translating/ReadELFLoader.scala     |   1 +
 .../translating/SpecificationLoader.scala     |  31 ++-
 src/main/scala/util/RunUtils.scala            |  16 +-
 .../util/intrusive_list/IntrusiveList.scala   |  10 +
 .../basic_function_call_caller.spec           |   2 +-
 src/test/scala/IndirectCallTests.scala        |   4 +-
 src/test/scala/PointsToTest.scala             |   3 +-
 src/test/scala/ir/CILVisitorTest.scala        |  35 ++-
 src/test/scala/ir/InterpreterTests.scala      |   2 +-
 29 files changed, 612 insertions(+), 300 deletions(-)

diff --git a/src/main/scala/analysis/ANR.scala b/src/main/scala/analysis/ANR.scala
index 196ef8634..6484a7aa3 100644
--- a/src/main/scala/analysis/ANR.scala
+++ b/src/main/scala/analysis/ANR.scala
@@ -9,7 +9,7 @@ import scala.collection.immutable
  * Calculates the set of variables that are not read after being written up to that point in the program.
  * Useful for detecting dead stores, constants and if what variables are passed as parameters in a function call.
  */
-trait ANRAnalysis(program: Program) {
+trait ANRAnalysis(program: Program, ignoreStackPtrs: Boolean = false) {
 
   val powersetLattice: PowersetLattice[Variable] = PowersetLattice()
 
@@ -21,7 +21,7 @@ trait ANRAnalysis(program: Program) {
   private val linkRegister = Register("R30", 64)
   private val framePointer = Register("R29", 64)
 
-  private val ignoreRegions: Set[Expr] = Set(linkRegister, framePointer, stackPointer)
+  private val ignoreRegions: Set[Expr] = if (ignoreStackPtrs) then Set(linkRegister, framePointer, stackPointer) else Set()
 
   /** Default implementation of eval.
     */
@@ -33,7 +33,7 @@ trait ANRAnalysis(program: Program) {
       case assert: Assert =>
         m.diff(assert.body.variables)
       case memoryAssign: MemoryAssign =>
-        m.diff(memoryAssign.index.variables)
+        m.diff(memoryAssign.index.variables ++ memoryAssign.value.variables)
       case indirectCall: IndirectCall =>
         m - indirectCall.target
       case assign: Assign =>
@@ -57,8 +57,8 @@ trait ANRAnalysis(program: Program) {
   def transfer(n: CFGPosition, s: Set[Variable]): Set[Variable] = localTransfer(n, s)
 }
 
-class ANRAnalysisSolver(program: Program) extends ANRAnalysis(program)
+class ANRAnalysisSolver(program: Program, ignoreStack : Boolean = true) extends ANRAnalysis(program, ignoreStack)
     with IRIntraproceduralForwardDependencies
     with Analysis[Map[CFGPosition, Set[Variable]]]
     with SimpleWorklistFixpointSolver[CFGPosition, Set[Variable], PowersetLattice[Variable]] {
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/RNA.scala b/src/main/scala/analysis/RNA.scala
index b58e74dd9..15a401808 100644
--- a/src/main/scala/analysis/RNA.scala
+++ b/src/main/scala/analysis/RNA.scala
@@ -10,7 +10,7 @@ import scala.collection.immutable
  * This helps to identify the set of variables that are read from memory before they have been initialised.
  * This could be used on callee side to identify what parameters where passed to the function.
  */
-trait RNAAnalysis(program: Program) {
+trait RNAAnalysis(program: Program, ignoreStackPtrs: Boolean = true) {
 
   val powersetLattice: PowersetLattice[Variable] = PowersetLattice()
 
@@ -22,7 +22,7 @@ trait RNAAnalysis(program: Program) {
   private val linkRegister = Register("R30", 64)
   private val framePointer = Register("R29", 64)
 
-  private val ignoreRegions: Set[Expr] = Set(linkRegister, framePointer, stackPointer)
+  private val ignoreRegions: Set[Expr] = if (ignoreStackPtrs) then Set(linkRegister, framePointer, stackPointer) else Set()
 
   /** Default implementation of eval.
     */
@@ -34,7 +34,7 @@ trait RNAAnalysis(program: Program) {
       case assert: Assert =>
         m.union(assert.body.variables.filter(!ignoreRegions.contains(_)))
       case memoryAssign: MemoryAssign =>
-        m.union(memoryAssign.index.variables.filter(!ignoreRegions.contains(_)))
+        m.union((memoryAssign.index.variables ++ memoryAssign.value.variables).filter(!ignoreRegions.contains(_)))
       case indirectCall: IndirectCall =>
         if (ignoreRegions.contains(indirectCall.target)) return m
         m + indirectCall.target
@@ -61,8 +61,9 @@ trait RNAAnalysis(program: Program) {
 
 class RNAAnalysisSolver(
     program: Program,
-) extends RNAAnalysis(program)
+    ignoreStackPtrs: Boolean = true,
+) extends RNAAnalysis(program, ignoreStackPtrs)
     with IRIntraproceduralBackwardDependencies
     with Analysis[Map[CFGPosition, Set[Variable]]]
     with SimpleWorklistFixpointSolver[CFGPosition, Set[Variable], PowersetLattice[Variable]] {
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/SummaryGenerator.scala b/src/main/scala/analysis/SummaryGenerator.scala
index 552295f23..afd8a229b 100644
--- a/src/main/scala/analysis/SummaryGenerator.scala
+++ b/src/main/scala/analysis/SummaryGenerator.scala
@@ -4,7 +4,7 @@ import analysis.*
 import ir.*
 import boogie.*
 import util.Logger
-import specification.SpecGlobal
+import boogie.SpecGlobal
 
 /**
  * A temporary copy of RNA analysis which works on Taintables.
diff --git a/src/main/scala/analysis/VariableDependencyAnalysis.scala b/src/main/scala/analysis/VariableDependencyAnalysis.scala
index ed1ed1eaf..7ce228503 100644
--- a/src/main/scala/analysis/VariableDependencyAnalysis.scala
+++ b/src/main/scala/analysis/VariableDependencyAnalysis.scala
@@ -4,7 +4,7 @@ import analysis.solvers.ForwardIDESolver
 import ir.*
 import boogie.*
 import util.Logger
-import specification.SpecGlobal
+import boogie.SpecGlobal
 
 import scala.collection.mutable
 
diff --git a/src/main/scala/bap/BAPProgram.scala b/src/main/scala/bap/BAPProgram.scala
index c586f5980..0b16a9b12 100644
--- a/src/main/scala/bap/BAPProgram.scala
+++ b/src/main/scala/bap/BAPProgram.scala
@@ -46,14 +46,22 @@ case class BAPBlock(label: String, address: Option[BigInt], statements: List[BAP
 }
 
 case class BAPParameter(name: String, size: Int, value: BAPVar) {
-  def toIR: Parameter = {
+
+  def toAssign : Assign = {
     val register = value.toIR
     register match {
-      case r: Register => Parameter(name, size, r)
-      case _           => throw Exception(s"subroutine parameter $this refers to non-register variable $value")
+      case r: Register => {
+        if (r.size == size) then {
+          Assign(r, toIR)
+        } else {
+          Assign(r, ZeroExtend(r.size - size, toIR))
+        }
+      }
+      case _ => throw Exception(s"subroutine parameter $this refers to non-register variable $value")
     }
-
   }
+
+  def toIR: LocalVar = LocalVar(name, BitVecType(size))
 }
 
 case class BAPMemorySection(name: String, address: BigInt, size: Int, bytes: Seq[BAPLiteral])
diff --git a/src/main/scala/boogie/BCmd.scala b/src/main/scala/boogie/BCmd.scala
index 63a1d19d9..cc1b4b929 100644
--- a/src/main/scala/boogie/BCmd.scala
+++ b/src/main/scala/boogie/BCmd.scala
@@ -101,7 +101,7 @@ case class GoToCmd(destinations: Seq[String], comment: Option[String] = None) ex
 
 case object ReturnCmd extends BCmd {
   override def comment: Option[String] = None
-  override def toString: String = "return;"
+  override def toString: String = s"return;"
 }
 
 case class Comment(actualComment: String) extends BCmd {
diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala
index 2c5b5c1d8..c00985361 100644
--- a/src/main/scala/boogie/BExpr.scala
+++ b/src/main/scala/boogie/BExpr.scala
@@ -5,7 +5,7 @@ import collection.mutable
 
 import java.io.Writer
 
-trait BExpr {
+sealed trait BExpr {
   def getType: BType
   def functionOps: Set[FunctionOp] = Set()
   def locals: Set[BVar] = Set()
@@ -783,3 +783,154 @@ case class L(memory: BMapVar, index: BExpr) extends BExpr {
   override def globals: Set[BVar] = index.globals
   override def loads: Set[BExpr] = index.loads
 }
+
+/** spec **/
+
+trait SpecVar extends BExpr {
+  override def getType: BType = {
+    throw new Exception("getType called on SpecVar")
+  }
+}
+
+trait SpecGlobalOrAccess extends SpecVar {
+  val toAddrVar: BExpr
+  val toOldVar: BVar
+  val toOldGamma: BVar
+  val size: Int
+}
+
+case class SpecGlobal(name: String, override val size: Int, arraySize: Option[Int], address: BigInt)
+    extends SpecGlobalOrAccess {
+  override def specGlobals: Set[SpecGlobalOrAccess] = Set(this)
+  override val toAddrVar: BVar = BVariable("$" + s"${name}_addr", BitVecBType(64), Scope.Const)
+  override val toOldVar: BVar = BVariable(s"${name}_old", BitVecBType(size), Scope.Local)
+  override val toOldGamma: BVar = BVariable(s"Gamma_${name}_old", BoolBType, Scope.Local)
+  val toAxiom: BAxiom = BAxiom(BinaryBExpr(BoolEQ, toAddrVar, BitVecBLiteral(address, 64)), List.empty)
+  override def resolveSpec: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global),
+    toAddrVar,
+    Endian.LittleEndian,
+    size
+  )
+  override def resolveSpecParam: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
+    toAddrVar,
+    Endian.LittleEndian,
+    size
+  )
+  override def resolveSpecParamOld: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
+    toAddrVar,
+    Endian.LittleEndian,
+    size
+  )
+  override def resolveSpecInv: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
+    toAddrVar,
+    Endian.LittleEndian,
+    size
+  )
+  override def resolveSpecInvOld: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
+    toAddrVar,
+    Endian.LittleEndian,
+    size
+  )
+  override def resolveOld: BMemoryLoad = resolveSpec
+  override def resolveInsideOld: BExpr = toOldVar
+  override def removeOld: BMemoryLoad = resolveSpec
+  override def resolveSpecL: BMemoryLoad = BMemoryLoad(
+    BMapVar("memory", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
+    toAddrVar,
+    Endian.LittleEndian,
+    size
+  )
+}
+
+case class SpecGamma(global: SpecGlobal) extends SpecVar {
+  // TODO don't hardcode this
+  override def resolveSpec: GammaLoad = GammaLoad(
+    BMapVar("Gamma_mem", MapBType(BitVecBType(64), BoolBType), Scope.Global),
+    global.toAddrVar,
+    global.size,
+    global.size / 8
+  )
+  override def resolveSpecParam: GammaLoad = GammaLoad(
+    BMapVar("Gamma_mem$out", MapBType(BitVecBType(64), BoolBType), Scope.Parameter),
+    global.toAddrVar,
+    global.size,
+    global.size / 8
+  )
+  override def resolveSpecParamOld: GammaLoad = GammaLoad(
+    BMapVar("Gamma_mem$in", MapBType(BitVecBType(64), BoolBType), Scope.Parameter),
+    global.toAddrVar,
+    global.size,
+    global.size / 8
+  )
+  override def resolveSpecInv: GammaLoad = GammaLoad(
+    BMapVar("Gamma_mem$inv2", MapBType(BitVecBType(64), BoolBType), Scope.Local),
+    global.toAddrVar,
+    global.size,
+    global.size / 8
+  )
+  override def resolveSpecInvOld: GammaLoad = GammaLoad(
+    BMapVar("Gamma_mem$inv1", MapBType(BitVecBType(64), BoolBType), Scope.Local),
+    global.toAddrVar,
+    global.size,
+    global.size / 8
+  )
+  override def resolveOld: GammaLoad = resolveSpec
+  override def resolveInsideOld: BExpr = global.toOldGamma
+  override def removeOld: GammaLoad = resolveSpec
+  override def resolveSpecL: GammaLoad = resolveSpec
+}
+
+case class ArrayAccess(global: SpecGlobal, index: Int) extends SpecGlobalOrAccess {
+  override val size: Int = global.size
+  private val accessIndex = BitVecBLiteral(index * (global.size / 8), 64)
+  override val toOldVar: BVar = BVariable(s"${global.name}$$${index}_old", BitVecBType(global.size), Scope.Local)
+  override val toAddrVar: BExpr = BinaryBExpr(BVADD, global.toAddrVar, accessIndex)
+  override val toOldGamma: BVar = BVariable(s"Gamma_${global.name}$$${index}_old", BoolBType, Scope.Local)
+  override def specGlobals: Set[SpecGlobalOrAccess] = Set(this)
+  override def resolveSpec: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global),
+    toAddrVar,
+    Endian.LittleEndian,
+    global.size
+  )
+  override def resolveSpecParam: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
+    toAddrVar,
+    Endian.LittleEndian,
+    global.size
+  )
+  override def resolveSpecParamOld: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
+    toAddrVar,
+    Endian.LittleEndian,
+    global.size
+  )
+
+  override def resolveSpecInv: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
+    toAddrVar,
+    Endian.LittleEndian,
+    global.size
+  )
+  override def resolveSpecInvOld: BMemoryLoad = BMemoryLoad(
+    BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
+    toAddrVar,
+    Endian.LittleEndian,
+    global.size
+  )
+  override def resolveOld: BMemoryLoad = resolveSpec
+  override def resolveInsideOld: BExpr = toOldVar
+  override def removeOld: BMemoryLoad = resolveSpec
+  override def resolveSpecL: BMemoryLoad = BMemoryLoad(
+    BMapVar("memory", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
+    toAddrVar,
+    Endian.LittleEndian,
+    global.size
+  )
+}
+
diff --git a/src/main/scala/boogie/BProgram.scala b/src/main/scala/boogie/BProgram.scala
index fe6d19e0b..cfb142699 100644
--- a/src/main/scala/boogie/BProgram.scala
+++ b/src/main/scala/boogie/BProgram.scala
@@ -55,8 +55,8 @@ case class BProcedure(
     val ensuresStrs = ensures.map(e => s"  ensures $e;") ++ ensuresDirect.map(e => s"  ensures $e;")
     val freeRequiresStrs = freeRequires.map(r => s"  free requires $r;")
     val freeEnsuresStrs = freeEnsures.map(e => s"  free ensures $e;")
-    val locals = body.flatMap(l => l.locals).distinct.sorted
-    val localDefs = locals.map(l => "  " + BVarDecl(l).toString)
+    val locals : Set[BVar] = (body.flatMap(l => l.locals).toSet) --  (in.toSet ++ out.toSet)
+    val localDefs = locals.toList.sorted.map(l => "  " + BVarDecl(l).toString)
     val bodyStr = if (body.nonEmpty) {
       List("{") ++ localDefs ++ body.flatMap(x => x.toBoogie).map(s => "  " + s) ++ List("}")
     } else {
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 6a7c862cd..bfa816d58 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -351,6 +351,10 @@ sealed trait Variable extends Expr {
     throw new Exception("visitor " + visitor + " unimplemented for: " + this)
 }
 
+object Variable {
+  implicit def ordering[V <: Variable]: Ordering[V] = Ordering.by(_.name)
+}
+
 // Variable with global scope (in a 'accessible from any procedure' sense), not related to the concurrent shared memory sense
 // These are all hardware registers
 case class Register(override val name: String, size: Int) extends Variable with Global {
@@ -365,10 +369,11 @@ case class Register(override val name: String, size: Int) extends Variable with
 case class LocalVar(override val name: String, override val irType: IRType) extends Variable {
   override def toGamma: BVar = BVariable(s"Gamma_$name", BoolBType, Scope.Local)
   override def toBoogie: BVar = BVariable(s"$name", irType.toBoogie, Scope.Local)
-  override def toString: String = s"LocalVar(${name}_$sharedVariable, $irType)"
+  override def toString: String = s"LocalVar(${name}, ${if sharedVariable then "shared" else "unshared"}, $irType)"
   override def acceptVisit(visitor: Visitor): Variable = visitor.visitLocalVar(this)
 }
 
+
 // A memory section
 sealed trait Memory extends Global {
   val name: String
@@ -391,4 +396,4 @@ case class StackMemory(override val name: String, override val addressSize: Int,
 // A non-stack region of memory, which is shared between threads
 case class SharedMemory(override val name: String, override val addressSize: Int, override val valueSize: Int) extends Memory {
   override def acceptVisit(visitor: Visitor): Memory = visitor.visitSharedMemory(this)
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 2ee6dde57..39d883975 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -7,6 +7,32 @@ import analysis.BitVectorEval
 import util.intrusive_list.*
 import translating.serialiseIL
 
+
+/**
+  * Iterator in approximate syntactic pre-order of procedures, blocks, and commands. Blocks and procedures are 
+  * not guaranteed to be in any defined order. 
+  */
+class ILUnorderedIterator(private val begin: Iterable[CFGPosition]) extends Iterator[CFGPosition] {
+  private val stack = mutable.Stack[CFGPosition]()
+  stack.addAll(begin)
+
+  override def hasNext: Boolean = {
+    stack.nonEmpty
+  }
+
+  override def next(): CFGPosition = {
+    val n: CFGPosition = stack.pop()
+
+    stack.pushAll(n match {
+      case p: Procedure => p.blocks
+      case b: Block => Seq() ++ b.statements.toSeq ++ Seq(b.jump)
+      case s: Command => Seq()
+    })
+    n
+  }
+
+}
+
 class Program(var procedures: ArrayBuffer[Procedure],
               var mainProcedure: Procedure,
               var initialMemory: ArrayBuffer[MemorySection],
@@ -94,37 +120,13 @@ class Program(var procedures: ArrayBuffer[Procedure],
     initialMemory = initialMemoryNew
   }
 
-  /**
-   * Iterator in approximate syntactic pre-order of procedures, blocks, and commands. Blocks and procedures are 
-   * not guaranteed to be in any defined order. 
-   */
-  private class ILUnorderedIterator(private val begin: Program) extends Iterator[CFGPosition] {
-    private val stack = mutable.Stack[CFGPosition]()
-    stack.addAll(begin.procedures)
-
-    override def hasNext: Boolean = {
-      stack.nonEmpty
-    }
-
-    override def next(): CFGPosition = {
-      val n: CFGPosition = stack.pop()
-
-      stack.pushAll(n match {
-        case p: Procedure => p.blocks
-        case b: Block => Seq() ++ b.statements.toSeq ++ Seq(b.jump)
-        case s: Command => Seq()
-      })
-      n
-    }
-
-  }
 
   /**
    * Get an Iterator in approximate syntactic pre-order of procedures, blocks, and commands. Blocks and procedures are 
    * not guaranteed to be in any defined order. 
    */
   def iterator: Iterator[CFGPosition] = {
-    ILUnorderedIterator(this)
+    ILUnorderedIterator(this.procedures)
   }
 
   def nameToProcedure: Map[String, Procedure] = {
@@ -158,11 +160,11 @@ class Procedure private (
                   private var _entryBlock: Option[Block],
                   private var _returnBlock: Option[Block],
                   private val _blocks: mutable.LinkedHashSet[Block],
-                  var formalInParam: ArrayBuffer[LocalVar],
-                  var formalOutParam: ArrayBuffer[LocalVar],
+                  var formalInParam: mutable.SortedSet[LocalVar],
+                  var formalOutParam: mutable.SortedSet[LocalVar],
                   var requires: List[BExpr],
                   var ensures: List[BExpr],
-                ) {
+                ) extends Iterable[CFGPosition] {
   private val _callers = mutable.HashSet[DirectCall]()
   _blocks.foreach(_.parent = this)
   // class invariant
@@ -173,7 +175,12 @@ class Procedure private (
       returnBlock: Option[Block] = None, blocks: Iterable[Block] = ArrayBuffer(), 
       formalInParam: IterableOnce[LocalVar] = ArrayBuffer(), formalOutParam: IterableOnce[LocalVar] = ArrayBuffer(), 
       requires: IterableOnce[BExpr] = ArrayBuffer(), ensures: IterableOnce[BExpr] = ArrayBuffer()) = {
-    this(name, address, entryBlock, returnBlock, mutable.LinkedHashSet.from(blocks), ArrayBuffer.from(formalInParam), ArrayBuffer.from(formalOutParam), List.from(requires), List.from(ensures))
+    this(name, address, entryBlock, returnBlock, mutable.LinkedHashSet.from(blocks), mutable.SortedSet.from(formalInParam), mutable.SortedSet.from(formalOutParam), List.from(requires), List.from(ensures))
+  }
+
+
+  def iterator: Iterator[CFGPosition] = {
+    ILUnorderedIterator(this)
   }
 
   override def toString: String = {
@@ -331,13 +338,6 @@ class Procedure private (
   }
 }
 
-class Parameter(var name: String, var size: Int, var value: Register) {
-  def toBoogie: BVariable = BParam(name, BitVecBType(size))
-  def toGamma: BVariable = BParam(s"Gamma_$name", BoolBType)
-}
-
-
-
 class Block private (
  val label: String,
  val address: Option[BigInt],
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index f0dd40d11..3715e683c 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -1,6 +1,7 @@
 package ir
 import util.intrusive_list.IntrusiveListElement
 import boogie.{BMapVar, GammaStore}
+import collection.immutable.SortedMap
 
 import collection.mutable
 
@@ -87,7 +88,7 @@ class Unreachable(override val label: Option[String] = None) extends Jump {
   override def acceptVisit(visitor: Visitor): Jump = this
 }
 
-class Return(override val label: Option[String] = None, val outParams : List[Expr] = List()) extends Jump {
+class Return(override val label: Option[String] = None, var outParams : SortedMap[LocalVar, Expr] = SortedMap()) extends Jump {
   override def acceptVisit(visitor: Visitor): Jump = this
 }
 
@@ -145,8 +146,9 @@ sealed trait Call extends Statement {
 }
 
 class DirectCall(val target: Procedure,
-                 val params: Map[LocalVar, Expr] = Map(), // lhs match target.formal_inparams
-                 override val label: Option[String] = None
+                 override val label: Option[String] = None,
+                 var outParams: SortedMap[LocalVar, Variable] = SortedMap(), // out := formal
+                 var actualParams: SortedMap[LocalVar, Expr] = SortedMap(), // formal := actual
                 ) extends Call {
   /* override def locals: Set[Variable] = condition match {
     case Some(c) => c.locals
@@ -169,7 +171,7 @@ class DirectCall(val target: Procedure,
 }
 
 object DirectCall:
-  def unapply(i: DirectCall): Option[(Procedure, Option[String])] = Some(i.target, i.label)
+  def unapply(i: DirectCall): Option[(Procedure, Map[LocalVar, Variable], Map[LocalVar, Expr], Option[String])] = Some(i.target, i.outParams, i.actualParams, i.label)
 
 class IndirectCall(var target: Variable,
                    override val label: Option[String] = None
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index 3e2652c19..f04e6d786 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -60,17 +60,8 @@ abstract class Visitor {
     for (b <- node.blocks) {
       node.replaceBlock(b, visitBlock(b))
     }
-    for (i <- node.formalInParam.indices) {
-      node.formalInParam(i) = visitLocalVar(node.formalInParam(i))
-    }
-    for (i <- node.formalOutParam.indices) {
-      node.formalOutParam(i) = visitLocalVar(node.formalOutParam(i))
-    }
-    node
-  }
-
-  def visitParameter(node: Parameter): Parameter = {
-    node.value = visitRegister(node.value)
+    node.formalInParam = node.formalInParam.map(visitLocalVar)
+    node.formalOutParam = node.formalOutParam.map(visitLocalVar)
     node
   }
 
@@ -229,10 +220,6 @@ abstract class ReadOnlyVisitor extends Visitor {
     node
   }
 
-  override def visitParameter(node: Parameter): Parameter = {
-    visitRegister(node.value)
-    node
-  }
 
   override def visitProgram(node: Program): Program = {
     for (i <- node.procedures) {
@@ -301,6 +288,7 @@ class StackSubstituter extends IntraproceduralControlFlowVisitor {
     // reset for each procedure
     stackRefs.clear()
     stackRefs.add(stackPointer)
+    stackRefs.add(LocalVar("R31", BitVecType(64)))
     super.visitProcedure(node)
   }
 
@@ -325,7 +313,7 @@ class StackSubstituter extends IntraproceduralControlFlowVisitor {
     val rhsStackRefs = variableVisitor.variables.toSet.intersect(stackRefs)
     if (rhsStackRefs.nonEmpty) {
       stackRefs.add(node.lhs)
-    } else if (stackRefs.contains(node.lhs) && node.lhs != stackPointer) {
+    } else if (stackRefs.contains(node.lhs) && node.lhs.name != stackPointer.name) {
       stackRefs.remove(node.lhs)
     }
     node
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 1ede97aee..443bffa21 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -20,7 +20,6 @@ case class ChangeDoChildrenPost[T](e: T, f: T => T) extends VisitAction[T]
 trait CILVisitor:
   def vprog(e: Program): VisitAction[Program] = DoChildren()
   def vproc(e: Procedure): VisitAction[List[Procedure]] = DoChildren()
-  def vparams(e: ArrayBuffer[Parameter]): VisitAction[ArrayBuffer[Parameter]] = DoChildren()
   def vblock(e: Block): VisitAction[Block] = DoChildren()
 
   def vstmt(e: Statement): VisitAction[List[Statement]] = DoChildren()
@@ -104,7 +103,7 @@ class CILVisitorImpl(val v: CILVisitor) {
   def visit_stmt(s: Statement): List[Statement] = {
     def continue(n: Statement) = n match {
       case d: DirectCall => {
-        v.enter_scope(d.params)
+        v.enter_scope(d.actualParams)
         d
       }
       case i: IndirectCall => {
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index beae065c0..8f1ae8e3b 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -110,7 +110,7 @@ def resolveIndirectCallsUsingPointsTo(
       if (targets.size == 1) {
         modified = true
 
-        val newCall = DirectCall(targets.head, Map(), indirectCall.label)
+        val newCall = DirectCall(targets.head, indirectCall.label)
         block.statements.replace(indirectCall, newCall)
       } else if (targets.size > 1) {
 
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index a8d03b370..354487388 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -1,4 +1,240 @@
+package ir.transforms
+import ir.cilvisitor.*
+import ir.*
+import scala.collection.mutable.ArrayBuffer
+import scala.collection.mutable
+import collection.immutable.SortedMap
+import specification.Specification
+
+/** Use ANR and RNA to identify procedure parameters.
+  */
+
+// procedure ->
+//  rna at beginning = in params
+//  anr at return = out parms
+
+// call : forall vars in scope if name matches formal inparams of target = actual parameters
+// return : forall vars in scope if name matches formal outparams of proc = actual outparams
+
+def liftProcedureCallAbstraction(ctx: util.IRContext) : util.IRContext = {
+  val p = ctx.program
+  val anr = analysis.ANRAnalysisSolver(p, false).analyze()
+  val rna = analysis.RNAAnalysisSolver(p, false).analyze()
+
+  // functions for which we don't know their behaviour and assume they modify all registers
+  val external = ctx.externalFunctions.map(_.name) ++ ctx.program.collect {
+    case b: Procedure if b.blocks.isEmpty => b.name
+  }
+
+  val formalParams = SetFormalParams(anr, rna, external)
+  visit_prog(formalParams, p)
+  val actualParams = SetActualParams(formalParams.mappingInparam, formalParams.mappingOutparam, external)
+  visit_prog(actualParams, p)
+
+  ctx.copy(specification = specToProcForm(ctx.specification, formalParams.mappingInparam, formalParams.mappingOutparam))
+}
+
+def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
+  val lvars = p.blocks.toSet.flatMap(_.statements.flatMap(s => {
+    s match {
+      case Assign(l, _, _)        => Set(l)
+      case DirectCall(t, o, _, _) => o.toSet.map(_._2)
+      case _                      => Set()
+    }
+  })) ++ p.blocks
+    .map(_.jump)
+    .collect { case r: Return =>
+      r.outParams.toSet.map(_._1)
+    }
+    .flatten
+  val rvars = p.blocks.toSet.flatMap(_.statements.flatMap(s => {
+    s match {
+      case Assign(l, r, _)                => r.variables
+      case Assume(l, _, _, _)             => l.variables
+      case Assert(l, _, _)                => l.variables
+      case MemoryAssign(m, i, v, _, _, _) => i.variables ++ v.variables
+      case IndirectCall(l, _)             => Set(l)
+      case DirectCall(t, o, l, _)         => l.toSet.flatMap(_._2.variables)
+      case _                              => Set()
+    }
+  }))
+
+  (lvars.toSet, rvars.toSet)
+}
+
+class SetFormalParams(val anr: Map[CFGPosition, Set[Variable]], val rna: Map[CFGPosition, Set[Variable]],
+    val externalFunctions: Set[String]
+  )
+    extends CILVisitor {
+  // expects programs to be in single return form
+
+  var mappingOutparam = Map[Procedure, Map[LocalVar, Variable]]()
+  var mappingInparam = Map[Procedure, Map[LocalVar, Variable]]()
+
+  def externalIn : Map[LocalVar, Variable] = {
+    (0 to 31).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
+  }
+  def externalOut : Map[LocalVar, Variable] = {
+    (0 to 31).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
+  }
+
+  override def vproc(p: Procedure) = {
+    if (externalFunctions.contains(p.name)) {
+      p.formalInParam = mutable.SortedSet.from(externalIn.map(_._1))
+      p.formalOutParam = mutable.SortedSet.from(externalOut.map(_._1))
+      mappingInparam = mappingInparam.updated(p, externalIn)
+      mappingOutparam = mappingOutparam.updated(p, externalOut)
+      SkipChildren()
+    } else {
+      val (lvars, rvars) = collectVariables(p)
+
+      val in = IRWalk.firstInProc(p)
+      if (in.isDefined) {
+        val inparams = (rna(in.get).toSet -- p.formalInParam).map(v =>
+          (LocalVar(v.name + "_in", v.getType), LocalVar(v.name, v.getType))
+        )
+        p.formalInParam.addAll(inparams.map(_._1))
+        mappingInparam = mappingInparam.updated(p, inparams.toMap)
+      }
+
+      // outparams is everything touched
+      val outparams = lvars.map(v => LocalVar(v.name + "_out", v.getType) -> LocalVar(v.name, v.getType))
+      p.formalOutParam = mutable.SortedSet.from(outparams.map(_._1))
+      mappingOutparam = mappingOutparam.updated(p, outparams.toMap)
+
+      SkipChildren()
+    }
+  }
+}
+
+class SetActualParams(
+    val inBinding: Map[Procedure, Map[LocalVar, Variable]],
+    val outBinding: Map[Procedure, Map[LocalVar, Variable]],
+    val externalFunctions: Set[String]
+) extends CILVisitor {
+  // expects programs to be in single return form
+  var currStmt: Option[Statement] = None
+
+  def externalIn : Map[LocalVar, Variable] = {
+    (0 to 31).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
+  }
+  def externalOut : Map[LocalVar, Variable] = {
+    (0 to 31).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
+  }
+
+  override def vproc(p: Procedure) = {
+    val incoming =
+      p.formalInParam.toList.flatMap(param => inBinding.get(p).flatMap(_.get(param)).map(p => Assign(p, param)).toList)
+    p.entryBlock.foreach(b => b.statements.prependAll(incoming))
+    DoChildren()
+  }
+
+  override def vstmt(s: Statement) = {
+    currStmt = Some(s)
+    s match {
+      case d: DirectCall if !externalFunctions.contains(d.target.name) => {
+        // we have changed the parameter-passed variable to locals so we have LocalVar(n) -> LocalVar(n)
+        for (binding <- inBinding.get(d.target)) {
+          if (externalFunctions.contains(d.target.name)) {
+            d.actualParams = SortedMap.from(binding)
+          } else {
+            d.actualParams = d.actualParams ++ SortedMap.from(binding)
+          }
+        }
+        for (binding <- outBinding.get(d.target)) {
+          d.outParams = SortedMap.from(binding)
+        }
+      }
+      case d: DirectCall /* if external */ => {
+          d.actualParams = SortedMap.from(externalIn)
+          d.outParams = SortedMap.from(externalOut)
+      }
+      case _ => ()
+    }
+    DoChildren()
+  }
+
+  override def vjump(j: Jump) = {
+    j match {
+      case r: Return => {
+        for (binding <- outBinding.get(r.parent.parent)) {
+          r.outParams = SortedMap.from(binding)
+        }
+        DoChildren()
+      }
+      case _ => DoChildren()
+    }
+  }
+
+  override def vlvar(v: Variable) = {
+    ChangeTo(LocalVar(v.name, v.getType))
+  }
+  override def vrvar(v: Variable) = {
+    ChangeTo(LocalVar(v.name, v.getType))
+  }
+
+}
+
+
+def specToProcForm(
+    spec: Specification,
+    mappingInparam: Map[Procedure, Map[LocalVar, Variable]],
+    mappingOutparam: Map[Procedure, Map[LocalVar, Variable]]
+): Specification = {
+  import boogie.*
+
+  def toNameMapping(v : Map[LocalVar, Variable]): Map[String, String] = {
+    v.map(v => (v._2.name, v._1.name)) ++ v.map(v => ("Gamma_" + v._2.name, "Gamma_" + v._1.name))
+  }
+  val varToInVar: Map[String, Map[String, String]] = mappingInparam.map(p => (p._1.name -> toNameMapping(p._2)))
+  val varToOutVar: Map[String, Map[String, String]]  = mappingOutparam.map(p => (p._1.name -> toNameMapping(p._2)))
+
+  def convVarToOld(varInPre: Map[String, String], varInPost: Map[String, String], isPost: Boolean = false)(b: BExpr): BExpr = {
+    val varToOld = convVarToOld(varInPre, varInPost, isPost)
+    b match {
+      case b: BVariable if isPost && varInPost.contains(b.name) => BVariable(varInPost(b.name), b.getType, b.scope)
+      case b: BVariable if !isPost && varInPre.contains(b.name) => BVariable(varInPre(b.name), b.getType, b.scope)
+      case b: BVar => b
+      // case b : _ => varToOld(b)
+      case b: BLiteral       => b
+      case b: BVExtract      => b.copy(body = varToOld(b.body))
+      case b: BVRepeat       => b.copy(body = varToOld(b.body))
+      case b: BVZeroExtend   => b.copy(body = varToOld(b.body))
+      case b: BVSignExtend   => b.copy(body = varToOld(b.body))
+      case b: BFunctionCall  => b.copy(args = b.args.map(varToOld))
+      case b: UnaryBExpr     => b.copy(arg = varToOld(b.arg))
+      case b: BinaryBExpr    => b.copy(arg1 = varToOld(b.arg1), arg2 = varToOld(b.arg2))
+      case b: IfThenElse     => IfThenElse(varToOld(b.guard), varToOld(b.thenExpr), varToOld(b.elseExpr))
+      case b: QuantifierExpr => b
+      case b: Old            => {
+        if (isPost) {
+          convVarToOld(varInPre, varInPost, false)(b.body)
+        } else {
+          throw Exception("Illegal nested or non-relation Old()")
+        }
+      }
+      case b: MapAccess      => b.copy(index = varToOld(b.index))
+      case b: MapUpdate      => b.copy(index = varToOld(b.index), value = varToOld(b.value))
+      case b: BByteExtract   => b.copy(value = varToOld(b.value), offset = varToOld(b.offset))
+      case b: BInBounds      => b.copy(base = varToOld(b.base), len = varToOld(b.len), i = varToOld(b.i))
+      case b: BMemoryLoad    => b.copy(index = varToOld(b.index))
+      case b: BMemoryStore   => b.copy(index = varToOld(b.index), value = varToOld(b.value))
+      case b: BDirectExpr    => b
+      case b: GammaLoad      => b.copy(index = varToOld(b.index))
+      case b: GammaStore     => b.copy(index = varToOld(b.index), value = varToOld(b.value))
+      case b: L              => b.copy(index = varToOld(b.index))
+      case b: SpecVar        => b
+    }
+  }
+
+
+  println(spec.subroutines)
+  val ns = spec.copy(subroutines = spec.subroutines.map(s => {
+    s.copy(requires = 
+      s.requires.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), false)), 
+      ensures = s.ensures.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), true)))
+  }))
+  println(ns.subroutines)
+  ns
+}
 
-/**
- * Use ANR and RNA to identify procedure parameters.
- */
diff --git a/src/main/scala/specification/Specification.scala b/src/main/scala/specification/Specification.scala
index 6ae8d8cfe..127bb528f 100644
--- a/src/main/scala/specification/Specification.scala
+++ b/src/main/scala/specification/Specification.scala
@@ -4,154 +4,6 @@ import boogie._
 import ir._
 import util.Logger
 
-trait SpecVar extends BExpr {
-  override def getType: BType = {
-    throw new Exception("getType called on SpecVar")
-  }
-}
-
-trait SpecGlobalOrAccess extends SpecVar {
-  val toAddrVar: BExpr
-  val toOldVar: BVar
-  val toOldGamma: BVar
-  val size: Int
-}
-
-case class SpecGlobal(name: String, override val size: Int, arraySize: Option[Int], address: BigInt)
-    extends SpecGlobalOrAccess {
-  override def specGlobals: Set[SpecGlobalOrAccess] = Set(this)
-  override val toAddrVar: BVar = BVariable("$" + s"${name}_addr", BitVecBType(64), Scope.Const)
-  override val toOldVar: BVar = BVariable(s"${name}_old", BitVecBType(size), Scope.Local)
-  override val toOldGamma: BVar = BVariable(s"Gamma_${name}_old", BoolBType, Scope.Local)
-  val toAxiom: BAxiom = BAxiom(BinaryBExpr(BoolEQ, toAddrVar, BitVecBLiteral(address, 64)), List.empty)
-  override def resolveSpec: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global),
-    toAddrVar,
-    Endian.LittleEndian,
-    size
-  )
-  override def resolveSpecParam: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
-    toAddrVar,
-    Endian.LittleEndian,
-    size
-  )
-  override def resolveSpecParamOld: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
-    toAddrVar,
-    Endian.LittleEndian,
-    size
-  )
-  override def resolveSpecInv: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
-    toAddrVar,
-    Endian.LittleEndian,
-    size
-  )
-  override def resolveSpecInvOld: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
-    toAddrVar,
-    Endian.LittleEndian,
-    size
-  )
-  override def resolveOld: BMemoryLoad = resolveSpec
-  override def resolveInsideOld: BExpr = toOldVar
-  override def removeOld: BMemoryLoad = resolveSpec
-  override def resolveSpecL: BMemoryLoad = BMemoryLoad(
-    BMapVar("memory", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
-    toAddrVar,
-    Endian.LittleEndian,
-    size
-  )
-}
-
-case class SpecGamma(global: SpecGlobal) extends SpecVar {
-  // TODO don't hardcode this
-  override def resolveSpec: GammaLoad = GammaLoad(
-    BMapVar("Gamma_mem", MapBType(BitVecBType(64), BoolBType), Scope.Global),
-    global.toAddrVar,
-    global.size,
-    global.size / 8
-  )
-  override def resolveSpecParam: GammaLoad = GammaLoad(
-    BMapVar("Gamma_mem$out", MapBType(BitVecBType(64), BoolBType), Scope.Parameter),
-    global.toAddrVar,
-    global.size,
-    global.size / 8
-  )
-  override def resolveSpecParamOld: GammaLoad = GammaLoad(
-    BMapVar("Gamma_mem$in", MapBType(BitVecBType(64), BoolBType), Scope.Parameter),
-    global.toAddrVar,
-    global.size,
-    global.size / 8
-  )
-  override def resolveSpecInv: GammaLoad = GammaLoad(
-    BMapVar("Gamma_mem$inv2", MapBType(BitVecBType(64), BoolBType), Scope.Local),
-    global.toAddrVar,
-    global.size,
-    global.size / 8
-  )
-  override def resolveSpecInvOld: GammaLoad = GammaLoad(
-    BMapVar("Gamma_mem$inv1", MapBType(BitVecBType(64), BoolBType), Scope.Local),
-    global.toAddrVar,
-    global.size,
-    global.size / 8
-  )
-  override def resolveOld: GammaLoad = resolveSpec
-  override def resolveInsideOld: BExpr = global.toOldGamma
-  override def removeOld: GammaLoad = resolveSpec
-  override def resolveSpecL: GammaLoad = resolveSpec
-}
-
-case class ArrayAccess(global: SpecGlobal, index: Int) extends SpecGlobalOrAccess {
-  override val size: Int = global.size
-  private val accessIndex = BitVecBLiteral(index * (global.size / 8), 64)
-  override val toOldVar: BVar = BVariable(s"${global.name}$$${index}_old", BitVecBType(global.size), Scope.Local)
-  override val toAddrVar: BExpr = BinaryBExpr(BVADD, global.toAddrVar, accessIndex)
-  override val toOldGamma: BVar = BVariable(s"Gamma_${global.name}$$${index}_old", BoolBType, Scope.Local)
-  override def specGlobals: Set[SpecGlobalOrAccess] = Set(this)
-  override def resolveSpec: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global),
-    toAddrVar,
-    Endian.LittleEndian,
-    global.size
-  )
-  override def resolveSpecParam: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
-    toAddrVar,
-    Endian.LittleEndian,
-    global.size
-  )
-  override def resolveSpecParamOld: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
-    toAddrVar,
-    Endian.LittleEndian,
-    global.size
-  )
-
-  override def resolveSpecInv: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
-    toAddrVar,
-    Endian.LittleEndian,
-    global.size
-  )
-  override def resolveSpecInvOld: BMemoryLoad = BMemoryLoad(
-    BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local),
-    toAddrVar,
-    Endian.LittleEndian,
-    global.size
-  )
-  override def resolveOld: BMemoryLoad = resolveSpec
-  override def resolveInsideOld: BExpr = toOldVar
-  override def removeOld: BMemoryLoad = resolveSpec
-  override def resolveSpecL: BMemoryLoad = BMemoryLoad(
-    BMapVar("memory", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter),
-    toAddrVar,
-    Endian.LittleEndian,
-    global.size
-  )
-}
-
 case class Specification(
     globals: Set[SpecGlobal],
     LPreds: Map[SpecGlobal, BExpr],
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index a2e94cbcf..9d08bc273 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -4,6 +4,7 @@ import bap.*
 import boogie.UnaryBExpr
 import ir.{UnaryExpr, BinaryExpr, *}
 import specification.*
+import ir.cilvisitor.*
 
 import scala.collection.mutable
 import scala.collection.immutable
@@ -29,12 +30,24 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
         }
         labelToBlock.addOne(b.label, block)
       }
-      // for (p <- s.in) {
-      //   procedure.in.append(p.toIR)
-      // }
-      // for (p <- s.out) {
-      //   procedure.out.append(p.toIR)
-      // }
+      procedure.formalInParam = mutable.SortedSet.from(s.in.map(_.toIR))
+      procedure.formalOutParam = mutable.SortedSet.from(s.out.map(_.toIR))
+      class FixCallParams(s: BAPSubroutine) extends CILVisitor {
+        override def vstmt(st: Statement) = st match {
+          case d: DirectCall => {
+            ChangeTo(List(DirectCall(d.target, d.label, 
+              immutable.SortedMap.from(s.in.map(s => s.toIR -> s.value.toIR)),
+              immutable.SortedMap.from(s.out.map(s => s.toIR -> s.value.toIR)))))
+          }
+          case _ => SkipChildren()
+        }
+      }
+      visit_proc(FixCallParams(s), procedure)
+
+      for (eb <- procedure.entryBlock) {
+        eb.statements.prependAll(s.in.map(_.toAssign))
+      }
+
       if (s.address.get == mainAddress) {
         mainProcedure = Some(procedure)
       }
@@ -136,7 +149,7 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
     } else {
       jumps.head match {
         case b: BAPDirectCall =>
-          val call = Some(DirectCall(nameToProcedure(b.target),immutable.Map(), Some(b.line)))
+          val call = Some(DirectCall(nameToProcedure(b.target), Some(b.line)))
           val ft = (b.returnTarget.map(t => labelToBlock(t))).map(x => GoTo(Set(x))).getOrElse(Unreachable())
           (call, ft, ArrayBuffer())
         case b: BAPIndirectCall =>
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index 9039ee028..2dc88945d 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -131,17 +131,22 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
 
   // TODO this is a hack to imitate BAP so that the existing specifications relying on this will work
   // we cannot and should not rely on this at all
-  private def createArguments(name: String): (ArrayBuffer[LocalVar], ArrayBuffer[LocalVar]) = {
-    val args = ArrayBuffer.newBuilder[Parameter]
+  private def createArguments(name: String): ((ArrayBuffer[LocalVar],ArrayBuffer[Assign]), ArrayBuffer[LocalVar]) = {
     var regNum = 0
 
     val in = if (name == "main") {
-      ArrayBuffer(LocalVar("main_argc", BitVecType(32)), LocalVar("main_argv", BitVecType(32)))
+      (ArrayBuffer(LocalVar("main_argc", BitVecType(32)), 
+        LocalVar("main_argv", BitVecType(32))),
+      ArrayBuffer(
+        Assign(Register("R0", 64), ZeroExtend(32, LocalVar("main_argc", BitVecType(32)))),
+        Assign(Register("R1", 64), ZeroExtend(32, LocalVar("main_argv", BitVecType(32))))
+        )
+      )
     } else {
-      ArrayBuffer()
+      (ArrayBuffer(),ArrayBuffer())
     }
 
-    val out = ArrayBuffer(LocalVar(name + "_result", BitVecType(64)))
+    val out = ArrayBuffer[LocalVar]()
 
     (in, out)
   }
@@ -258,7 +263,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
 
     val (in, out) = createArguments(name)
 
-    val procedure = Procedure(name, address, formalInParam = in, formalOutParam = out)
+    val procedure = Procedure(name, address, formalInParam = in._1, formalOutParam = out)
     uuidToProcedure += (functionUUID -> procedure)
     entranceUUIDtoProcedure += (entranceUUID -> procedure)
 
@@ -272,6 +277,11 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       createBlock(blockUUID, procedure, entranceUUID, blockCount)
       blockCount += 1
     }
+
+    for (eb <- procedure.entryBlock) {
+      eb.statements.prependAll(in._2)
+    }
+
     procedure
   }
 
@@ -412,7 +422,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
               proc
             }
             val label = removePCAssign(block)
-            (Some(DirectCall(target, immutable.Map(), label)), Unreachable())
+            (Some(DirectCall(target, label)), Unreachable())
           }
         } else if (uuidToBlock.contains(edge.targetUuid)) {
           // resolved indirect jump
@@ -434,7 +444,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
           val jump = if (procedure == targetProc) {
             (None, GoTo(mutable.Set(uuidToBlock(edge.targetUuid)), label))
           } else {
-            (Some(DirectCall(targetProc, immutable.Map(), label)), Unreachable())
+            (Some(DirectCall(targetProc, label)), Unreachable())
           }
           jump
         } else if (uuidToBlock.contains(edge.targetUuid)) {
@@ -468,7 +478,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
         if (entranceUUIDtoProcedure.contains(edge.targetUuid)) {
           val target = entranceUUIDtoProcedure(edge.targetUuid)
           val label = removePCAssign(block)
-          (Some(DirectCall(target, immutable.Map(), label)), Unreachable())
+          (Some(DirectCall(target, label)), Unreachable())
         } else {
           throw Exception(s"edge from ${block.label} to ${byteStringToString(edge.targetUuid)} does not point to a known procedure entrance")
         }
@@ -597,7 +607,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       // resolved indirect call
       val target = entranceUUIDtoProcedure(call.targetUuid)
       val label = removePCAssign(block)
-      (Some(DirectCall(target, immutable.Map(), label)), GoTo(Set(returnTarget)))
+      (Some(DirectCall(target, label)), GoTo(Set(returnTarget)))
     }
   }
 
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index 99da21456..5575e551a 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -64,13 +64,12 @@ private class ILSerialiser extends ReadOnlyVisitor {
     node match {
       case j: GoTo => program ++= s"goTo(${j.targets.map(_.label).mkString(", ")})" 
       case h: Unreachable => program ++= "halt"
-      case h: Return => program ++= "return"
+      case h: Return => program ++= s"return (${h.outParams.map(_._2).mkString(", ")})"
     }
 
     node
   }
 
-
   override def visitGoTo(node: GoTo): GoTo = {
     program ++= "GoTo("
     program ++= node.targets.map(blockIdentifier).mkString(", ")
@@ -81,7 +80,9 @@ private class ILSerialiser extends ReadOnlyVisitor {
 
   override def visitDirectCall(node: DirectCall): Statement = {
     program ++= "DirectCall("
+    program ++= "(" + node.outParams.map(_._2).mkString(", ") + ") := call "
     program ++= procedureIdentifier(node.target)
+    program ++= "(" + node.actualParams + ")"
     program ++= ")" // DirectCall
     node
   }
@@ -126,19 +127,10 @@ private class ILSerialiser extends ReadOnlyVisitor {
     indentLevel += 1
 
     program ++= "in("
-    for (i <- node.formalInParam.indices) {
-      visitLocalVar(node.formalInParam(i))
-      if (i != node.formalInParam.size - 1) {
-        program ++= ", "
-      }
-    }
+    program ++= node.formalInParam.mkString(", ")
     program ++= "), "
     program ++= "out("
-    for (i <- node.formalInParam.indices) {
-      visitLocalVar(node.formalInParam(i))
-      if (i != node.formalInParam.size - 1)
-        program ++= ", "
-    }
+    program ++= node.formalOutParam.mkString(", ")
     program ++= "), "
     program ++= "blocks(\n"
     for (b <- node.blocks) {
@@ -149,13 +141,6 @@ private class ILSerialiser extends ReadOnlyVisitor {
     node
   }
 
-  override def visitParameter(node: Parameter): Parameter = {
-    program ++= "Parameter("
-    visitRegister(node.value)
-    program ++= ")"
-    node
-  }
-
   override def visitProgram(node: Program): Program = {
     for (i <- node.procedures) {
       visitProcedure(i)
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 48c4eb9d2..6032be13f 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -462,10 +462,13 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
     val freeEnsures = modifiedPreserveEnsures ++ readOnlyMemory
 
+    val inparams = p.formalInParam.toList.flatMap(para => Seq(para.toBoogie, para.toGamma))
+    val outparams = p.formalOutParam.toList.flatMap(para => Seq(para.toBoogie, para.toGamma))
+
     BProcedure(
       p.name,
-      List(),
-      List(),
+      inparams,
+      outparams,
       procEnsures,
       procRequires,
       procEnsuresDirect,
@@ -648,13 +651,22 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       }
       val jump = GoToCmd(g.targets.map(_.label).toSeq)
       conditionAssert :+ jump
-    case r: Return => List(ReturnCmd)
+    case r: Return => {
+      val out = r.outParams.toList
+      if (out.nonEmpty) then List(
+        AssignCmd(out.map(_._1.toBoogie), out.map(_._2.toBoogie)),
+        AssignCmd(out.map(_._1.toGamma), out.map(_._2.toGamma)),
+        ReturnCmd) else List(ReturnCmd)
+    }
     case r: Unreachable => List(BAssume(FalseBLiteral))
   }
 
   def translate(j: Call): List[BCmd] = j match {
     case d: DirectCall =>
-      val call = BProcedureCall(d.target.name)
+      val call = BProcedureCall(d.target.name, 
+        d.outParams.toList.flatMap(c => Seq(c._2.toBoogie, c._2.toGamma)),
+        d.actualParams.toList.flatMap(c => Seq(c._2.toBoogie, c._2.toGamma))
+      )
 
       (config.procedureRely match {
         case Some(ProcRelyVersion.Function) =>
diff --git a/src/main/scala/translating/ReadELFLoader.scala b/src/main/scala/translating/ReadELFLoader.scala
index a57836bc8..82da586ee 100644
--- a/src/main/scala/translating/ReadELFLoader.scala
+++ b/src/main/scala/translating/ReadELFLoader.scala
@@ -1,6 +1,7 @@
 package translating
 
 import Parsers.ReadELFParser.*
+import boogie.*
 import specification.*
 import util.ILLoadingConfig
 
diff --git a/src/main/scala/translating/SpecificationLoader.scala b/src/main/scala/translating/SpecificationLoader.scala
index f241c597d..f33068250 100644
--- a/src/main/scala/translating/SpecificationLoader.scala
+++ b/src/main/scala/translating/SpecificationLoader.scala
@@ -152,7 +152,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitExpr(
       ctx: ExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = {
     val exprs = ctx.impliesExpr.asScala.map(e => visitImpliesExpr(e, nameToGlobals, params))
     if (exprs.size > 1) {
@@ -165,7 +165,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitImpliesExpr(
       ctx: ImpliesExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -179,7 +179,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitLogicalExpr(
       ctx: LogicalExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = {
     val rels = ctx.relExpr.asScala.map(r => visitRelExpr(r, nameToGlobals, params))
     if (rels.size > 1) {
@@ -197,7 +197,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitRelExpr(
       ctx: RelExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -211,7 +211,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitTerm(
       ctx: TermContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -225,7 +225,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitFactor(
       ctx: FactorContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = Option(ctx.arg2) match {
     case Some(_) =>
       BinaryBExpr(
@@ -239,7 +239,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitUnaryExpr(
       ctx: UnaryExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = ctx match {
     case n: NegExprContext       => UnaryBExpr(BVNEG, visitUnaryExpr(n.unaryExpr, nameToGlobals, params))
     case a: AtomUnaryExprContext => visitAtomExpr(a.atomExpr, nameToGlobals, params)
@@ -249,7 +249,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitAtomExpr(
       ctx: AtomExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): BExpr = ctx match {
     case b: BoolLitExprContext     => visitBoolLit(b.boolLit)
     case i: IdExprContext          => visitId(i.id, nameToGlobals, params)
@@ -264,7 +264,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitArrayAccess(
       ctx: ArrayAccessContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): ArrayAccess = {
     val global = visitId(ctx.id, nameToGlobals, params) match {
       case g: SpecGlobal => g
@@ -294,13 +294,13 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
   def visitOldExpr(
       ctx: OldExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): Old = Old(visitExpr(ctx.expr, nameToGlobals, params))
 
   def visitIfThenElseExpr(
       ctx: IfThenElseExprContext,
       nameToGlobals: Map[String, SpecGlobal],
-      params: Map[String, LocalVar] = Map()
+      params: Map[String, Expr] = Map()
   ): IfThenElse = {
     IfThenElse(
       visitExpr(ctx.guard, nameToGlobals, params),
@@ -316,7 +316,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
     case "false" => FalseBLiteral
   }
 
-  def visitId(ctx: IdContext, nameToGlobals: Map[String, SpecGlobal], params: Map[String, LocalVar] = Map()): BExpr = {
+  def visitId(ctx: IdContext, nameToGlobals: Map[String, SpecGlobal], params: Map[String, Expr] = Map()): BExpr = {
     val id = ctx.getText
     id match {
       case id if id.startsWith("Gamma_R") => {
@@ -326,6 +326,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
       val gamma_id = id.stripPrefix("Gamma_")
       params.get(gamma_id) match {
         case Some(p: LocalVar) => p.toGamma
+        case Some(p: Expr) => p.toGamma
         case None =>
           nameToGlobals.get(gamma_id) match {
             case Some(g: SpecGlobal) => SpecGamma(g)
@@ -339,6 +340,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
       case id =>  {
         params.get(id) match {
           case Some(p: LocalVar) => p.toBoogie
+          case Some(p: Expr) => p.toBoogie
           case None =>
             nameToGlobals.get(ctx.getText) match {
               case Some(g: SpecGlobal) => g
@@ -374,10 +376,11 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
     val name = ctx.id.getText
     val irProc = program.procedures.collectFirst { case p if p.name == name => p }
 
-    val params: Map[String, LocalVar] = irProc match {
+    val params: Map[String, Expr] = irProc match {
       case None => Map()
       case Some(p) =>
-        p.formalInParam.map(p => p.name -> p).toMap ++ p.formalOutParam.map(p => p.name -> p).toMap
+        p.formalInParam.map(p => p.name -> p).toMap ++ p.formalOutParam.map(p => p.name -> p).toMap 
+        + (p.name + "_result" -> (Extract(32,0,Register("R0", 64)))) 
     }
 
     val requires = ctx.requires.asScala.collect { case r: ParsedRequiresContext =>
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 9a0484c30..98fabedd0 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -206,7 +206,7 @@ object IRTransform {
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
 
-    ctx
+    ir.transforms.liftProcedureCallAbstraction(ctx)
   }
 
   /** Cull unneccessary information that does not need to be included in the translation, and infer stack regions, and
@@ -272,6 +272,7 @@ object IRTransform {
 /** Methods relating to program static analysis.
   */
 object StaticAnalysis {
+  var first : Boolean = true
   /** Run all static analysis passes on the provided IRProgram.
     */
   def analyse(
@@ -320,10 +321,18 @@ object StaticAnalysis {
     val ANRSolver = ANRAnalysisSolver(IRProgram)
     val ANRResult = ANRSolver.analyze()
 
+
     Logger.debug("[!] Running RNA")
     val RNASolver = RNAAnalysisSolver(IRProgram)
     val RNAResult = RNASolver.analyze()
 
+    config.analysisResultsPath.foreach(s =>
+      writeToFile(printAnalysisResults(IRProgram, ANRResult), s"${s}-anr-result$iteration.txt")
+    )
+    config.analysisResultsPath.foreach(s =>
+      writeToFile(printAnalysisResults(IRProgram, RNAResult), s"${s}-rna-result$iteration.txt")
+    )
+
     Logger.debug("[!] Running Constant Propagation")
     val constPropSolver = ConstantPropagationSolver(IRProgram)
     val constPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]] = constPropSolver.analyze()
@@ -427,6 +436,7 @@ object StaticAnalysis {
       Logger.warn(s"Disabling IDE solver tests due to external main procedure: ${IRProgram.mainProcedure.name}")
     }
 
+    first = false
     StaticAnalysisContext(
       constPropResult = constPropResult,
       IRconstPropResult = newCPResult,
@@ -504,9 +514,9 @@ object RunUtils {
 
   def loadAndTranslate(q: BASILConfig): BASILResult = {
     Logger.debug("[!] Loading Program")
-    val ctx = IRLoading.load(q.loading)
+    var ctx = IRLoading.load(q.loading)
 
-    IRTransform.doCleanup(ctx)
+    ctx = IRTransform.doCleanup(ctx)
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
     val analysis = q.staticAnalysis.map(conf => staticAnalysis(conf, ctx))
diff --git a/src/main/scala/util/intrusive_list/IntrusiveList.scala b/src/main/scala/util/intrusive_list/IntrusiveList.scala
index 9ba9e14e5..3a79be03e 100644
--- a/src/main/scala/util/intrusive_list/IntrusiveList.scala
+++ b/src/main/scala/util/intrusive_list/IntrusiveList.scala
@@ -192,6 +192,16 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     newElem
   }
 
+  def prependAll(elems: Iterable[T]) = {
+    // first == None ==> empty list
+    insertAllBefore(firstElem, elems)
+  }
+
+  def appendAll(elems: Iterable[T]) = {
+    // last == None ==> empty list
+    insertAllAfter(lastElem, elems)
+  }
+
   /**
    * Add an element to the end of the list.
    * The element must not be a member of any other IntrusiveList.
diff --git a/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec b/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
index 16bedaaa2..d1ee36291 100644
--- a/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
+++ b/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
@@ -10,4 +10,4 @@ Subroutine: main
 Requires: Gamma_main_argc == false
 
 Subroutine: zero
-Ensures: zero_result == 0bv32 && Gamma_zero_result
\ No newline at end of file
+Ensures: R0 == 0bv64  && Gamma_R0
diff --git a/src/test/scala/IndirectCallTests.scala b/src/test/scala/IndirectCallTests.scala
index 02d0e614b..10679efe6 100644
--- a/src/test/scala/IndirectCallTests.scala
+++ b/src/test/scala/IndirectCallTests.scala
@@ -171,7 +171,7 @@ class IndirectCallTests extends AnyFunSuite, BASILTest {
             if (targets.size == resolution.procTargets.size) {
               val targetNames = targets.flatMap {
                 _.statements.lastElem match {
-                  case Some(DirectCall(target, _)) => Some(target.name)
+                  case Some(DirectCall(target, _, _, _)) => Some(target.name)
                   case _ => None
                 }
               }
@@ -416,4 +416,4 @@ class IndirectCallTests extends AnyFunSuite, BASILTest {
     runTest("switch2", "clang", GTIRBConfig, resolvedCalls)
   }
 
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/PointsToTest.scala b/src/test/scala/PointsToTest.scala
index acc0a7475..230a482d7 100644
--- a/src/test/scala/PointsToTest.scala
+++ b/src/test/scala/PointsToTest.scala
@@ -3,6 +3,7 @@ import ir.Endian.LittleEndian
 import org.scalatest.*
 import org.scalatest.funsuite.*
 import specification.*
+import boogie.*
 import util.{RunUtils, StaticAnalysisConfig, StaticAnalysis, StaticAnalysisContext, IRContext}
 
 import java.io.IOException
@@ -274,4 +275,4 @@ class PointsToTest extends AnyFunSuite with OneInstancePerTest {
 //
 //    runSteensgaardAnalysis(program, globals = globals, globalOffsets = globalOffsets)
 //  }
-}
\ No newline at end of file
+}
diff --git a/src/test/scala/ir/CILVisitorTest.scala b/src/test/scala/ir/CILVisitorTest.scala
index f06528cbf..b41b604fb 100644
--- a/src/test/scala/ir/CILVisitorTest.scala
+++ b/src/test/scala/ir/CILVisitorTest.scala
@@ -10,7 +10,11 @@ import ir.cilvisitor.*
 class FindVars extends CILVisitor {
   val vars = mutable.ArrayBuffer[Variable]()
 
-  override def vvar(v: Variable) = {
+  override def vrvar(v: Variable) = {
+    vars.append(v)
+    SkipChildren()
+  }
+  override def vlvar(v: Variable) = {
     vars.append(v)
     SkipChildren()
   }
@@ -95,7 +99,14 @@ class CILVisitorTest extends AnyFunSuite {
     class ExprTrace extends CILVisitor {
       val res = mutable.ArrayBuffer[String]()
 
-      override def vvar(e: Variable) = {
+      override def vlvar(e: Variable) = {
+        e match {
+          case Register(n, _) => res.append(n);
+          case _              => ??? // only reg in source program
+        }
+        DoChildren()
+      }
+      override def vrvar(e: Variable) = {
         e match {
           case Register(n, _) => res.append(n);
           case _              => ??? // only reg in source program
@@ -135,12 +146,19 @@ class CILVisitorTest extends AnyFunSuite {
     class VarTrace extends CILVisitor {
       val res = mutable.ArrayBuffer[String]()
 
-      override def vvar(e: Variable) = { res.append(e.name); SkipChildren() }
+      override def vrvar(e: Variable) = { res.append(e.name); SkipChildren() }
+      override def vlvar(e: Variable) = { res.append(e.name); SkipChildren() }
 
     }
 
     class RegReplace extends CILVisitor {
-      override def vvar(e: Variable) = {
+      override def vrvar(e: Variable) = {
+        e match {
+          case Register(n, _) => ChangeTo(LocalVar("l" + n, e.getType));
+          case _               => DoChildren()
+        }
+      }
+      override def vlvar(e: Variable) = {
         e match {
           case Register(n, _) => ChangeTo(LocalVar("l" + n, e.getType));
           case _               => DoChildren()
@@ -151,8 +169,15 @@ class CILVisitorTest extends AnyFunSuite {
 
     class RegReplacePost extends CILVisitor {
       val res = mutable.ArrayBuffer[String]()
+      override def vlvar(e: Variable) = {
+        e match {
+          case LocalVar(n, _) =>
+            ChangeDoChildrenPost(LocalVar("e" + n, e.getType), e => { res.append(e.name); e });
+          case _ => DoChildren()
+        }
+      }
 
-      override def vvar(e: Variable) = {
+      override def vrvar(e: Variable) = {
         e match {
           case LocalVar(n, _) =>
             ChangeDoChildrenPost(LocalVar("e" + n, e.getType), e => { res.append(e.name); e });
diff --git a/src/test/scala/ir/InterpreterTests.scala b/src/test/scala/ir/InterpreterTests.scala
index 874f20991..a578107a6 100644
--- a/src/test/scala/ir/InterpreterTests.scala
+++ b/src/test/scala/ir/InterpreterTests.scala
@@ -3,7 +3,7 @@ package ir
 import analysis.BitVectorEval.*
 import org.scalatest.funsuite.AnyFunSuite
 import org.scalatest.BeforeAndAfter
-import specification.SpecGlobal
+import boogie.SpecGlobal
 import translating.BAPToIR
 import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}

From f83fd749416cadad5b2becd869ca762e987bf57e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 2 Oct 2024 13:32:15 +1000
Subject: [PATCH 067/127] cleanup spec param handling

---
 src/main/scala/Main.scala                     |  4 +-
 src/main/scala/bap/BAPProgram.scala           | 31 +++++++++++---
 src/main/scala/ir/Program.scala               |  8 +++-
 .../ir/invariant/CorrectCallParams.scala      | 21 ++++++++++
 .../transforms/IndirectCallResolution.scala   |  4 +-
 .../ir/transforms/ProcedureParameters.scala   | 30 ++++++++++++-
 src/main/scala/translating/BAPToIR.scala      | 42 ++++++++++++-------
 src/main/scala/translating/GTIRBToIR.scala    | 21 ++++------
 .../translating/SpecificationLoader.scala     |  5 ++-
 src/main/scala/util/BASILConfig.scala         |  4 +-
 src/main/scala/util/RunUtils.scala            |  9 +++-
 11 files changed, 135 insertions(+), 44 deletions(-)
 create mode 100644 src/main/scala/ir/invariant/CorrectCallParams.scala

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 498c6eacb..a9f1ce47f 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -48,6 +48,8 @@ object Main {
       analysisResultsDot: Option[String],
       @arg(name = "threads", short = 't', doc = "Separates threads into multiple .bpl files with given output filename as prefix (requires --analyse flag)")
       threadSplit: Flag,
+      @arg(name = "parameter-form", doc = "Lift registers to local variables passed by parameter")
+      parameterForm: Flag,
       @arg(name = "summarise-procedures", doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)")
       summariseProcedures: Flag
   )
@@ -80,7 +82,7 @@ object Main {
     }
 
     val q = BASILConfig(
-      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth),
+      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value),
       runInterpret = conf.interpret.value,
       staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot, conf.threadSplit.value, conf.summariseProcedures.value)) else None,
       boogieTranslation = BoogieGeneratorConfig(if conf.lambdaStores.value then BoogieMemoryAccessMode.LambdaStoreSelect else BoogieMemoryAccessMode.SuccessiveStoreSelect,
diff --git a/src/main/scala/bap/BAPProgram.scala b/src/main/scala/bap/BAPProgram.scala
index 0b16a9b12..20316dac1 100644
--- a/src/main/scala/bap/BAPProgram.scala
+++ b/src/main/scala/bap/BAPProgram.scala
@@ -47,19 +47,40 @@ case class BAPBlock(label: String, address: Option[BigInt], statements: List[BAP
 
 case class BAPParameter(name: String, size: Int, value: BAPVar) {
 
-  def toAssign : Assign = {
-    val register = value.toIR
-    register match {
+  def paramRegisterLVal: Variable = value.toIR
+  def paramVariable = toIR
+  def paramRegisterRVal: Expr = {
+    paramRegisterLVal match {
       case r: Register => {
         if (r.size == size) then {
-          Assign(r, toIR)
+          r
         } else {
-          Assign(r, ZeroExtend(r.size - size, toIR))
+          Extract(size, 0, r)
         }
       }
       case _ => throw Exception(s"subroutine parameter $this refers to non-register variable $value")
     }
   }
+  def paramVariableRVal: Expr = {
+    paramRegisterLVal match {
+      case r: Register => {
+        if (r.size == size) then {
+          toIR
+        } else {
+          ZeroExtend(r.size - size, toIR)
+        }
+      }
+      case _ => throw Exception(s"subroutine parameter $this refers to non-register variable $value")
+    }
+  }
+
+  def toAssignOut : Assign = {
+    Assign(paramVariable, paramRegisterRVal)
+  }
+
+  def toAssignIn : Assign = {
+    Assign(paramRegisterLVal, paramVariableRVal)
+  }
 
   def toIR: LocalVar = LocalVar(name, BitVecType(size))
 }
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 39d883975..0004b8027 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -162,6 +162,8 @@ class Procedure private (
                   private val _blocks: mutable.LinkedHashSet[Block],
                   var formalInParam: mutable.SortedSet[LocalVar],
                   var formalOutParam: mutable.SortedSet[LocalVar],
+                  var inParamDefaultBinding: immutable.SortedMap[LocalVar, Expr],
+                  var outParamDefaultBinding: immutable.SortedMap[LocalVar, Variable],
                   var requires: List[BExpr],
                   var ensures: List[BExpr],
                 ) extends Iterable[CFGPosition] {
@@ -174,10 +176,14 @@ class Procedure private (
   def this(name: String, address: Option[BigInt] = None , entryBlock: Option[Block] = None, 
       returnBlock: Option[Block] = None, blocks: Iterable[Block] = ArrayBuffer(), 
       formalInParam: IterableOnce[LocalVar] = ArrayBuffer(), formalOutParam: IterableOnce[LocalVar] = ArrayBuffer(), 
+      inParamDefaultBinding: Map[LocalVar, Expr] = Map(), outParamDefaultBinding: Map[LocalVar, Variable] = Map(), 
       requires: IterableOnce[BExpr] = ArrayBuffer(), ensures: IterableOnce[BExpr] = ArrayBuffer()) = {
-    this(name, address, entryBlock, returnBlock, mutable.LinkedHashSet.from(blocks), mutable.SortedSet.from(formalInParam), mutable.SortedSet.from(formalOutParam), List.from(requires), List.from(ensures))
+    this(name, address, entryBlock, returnBlock, mutable.LinkedHashSet.from(blocks), mutable.SortedSet.from(formalInParam), mutable.SortedSet.from(formalOutParam), 
+      immutable.SortedMap.from(inParamDefaultBinding), immutable.SortedMap.from(outParamDefaultBinding),
+      List.from(requires), List.from(ensures))
   }
 
+  def makeCall(label: Option[String] = None) = DirectCall(this, label, outParamDefaultBinding, inParamDefaultBinding)
 
   def iterator: Iterator[CFGPosition] = {
     ILUnorderedIterator(this)
diff --git a/src/main/scala/ir/invariant/CorrectCallParams.scala b/src/main/scala/ir/invariant/CorrectCallParams.scala
new file mode 100644
index 000000000..016d00a6b
--- /dev/null
+++ b/src/main/scala/ir/invariant/CorrectCallParams.scala
@@ -0,0 +1,21 @@
+package ir.invariant
+import ir._
+
+
+/*
+ * DirectCalls are provided actual and return parameters matchign their target's parameters
+ */
+
+
+def correctCalls(p: Program) : Boolean = {
+  p.forall {
+    case c: DirectCall => {
+      val t = c.target
+      (c.actualParams.keySet == t.formalInParam) && (c.outParams.keySet == t.formalOutParam) 
+      && c.actualParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k,v) => k.getType == v.getType)
+    }
+    case _ => true
+  }
+}
+
+
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index 8f1ae8e3b..fe768597d 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -110,7 +110,7 @@ def resolveIndirectCallsUsingPointsTo(
       if (targets.size == 1) {
         modified = true
 
-        val newCall = DirectCall(targets.head, indirectCall.label)
+        val newCall = targets.head.makeCall(indirectCall.label)
         block.statements.replace(indirectCall, newCall)
       } else if (targets.size > 1) {
 
@@ -127,7 +127,7 @@ def resolveIndirectCallsUsingPointsTo(
           }
           val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(address, 64)))
           val newLabel: String = block.label + t.name
-          val directCall = DirectCall(t)
+          val directCall = t.makeCall()
 
           /* copy the goto node resulting */
           val fallthrough = oft match {
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index 354487388..c3d54a768 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -2,7 +2,7 @@ package ir.transforms
 import ir.cilvisitor.*
 import ir.*
 import scala.collection.mutable.ArrayBuffer
-import scala.collection.mutable
+import scala.collection.{mutable, immutable}
 import collection.immutable.SortedMap
 import specification.Specification
 
@@ -34,6 +34,30 @@ def liftProcedureCallAbstraction(ctx: util.IRContext) : util.IRContext = {
   ctx.copy(specification = specToProcForm(ctx.specification, formalParams.mappingInparam, formalParams.mappingOutparam))
 }
 
+def clearParams(p: Program) = {
+
+  class RemoveCallParams extends CILVisitor {
+    override def vstmt(s: Statement) = s match {
+      case d: DirectCall => ChangeTo(List(DirectCall(d.target, d.label,immutable.SortedMap.empty, immutable.SortedMap.empty)))
+      case _ => SkipChildren()
+    }
+  }
+
+  for (c <- p) {
+    c match {
+      case proc: Procedure => {
+        proc.formalInParam.clear
+        proc.formalOutParam.clear
+        proc.inParamDefaultBinding = immutable.SortedMap.empty
+        proc.outParamDefaultBinding = immutable.SortedMap.empty
+      }
+      case _ => ()
+    }
+  }
+
+  visit_prog(RemoveCallParams(), p)
+}
+
 def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
   val lvars = p.blocks.toSet.flatMap(_.statements.flatMap(s => {
     s match {
@@ -82,6 +106,8 @@ class SetFormalParams(val anr: Map[CFGPosition, Set[Variable]], val rna: Map[CFG
     if (externalFunctions.contains(p.name)) {
       p.formalInParam = mutable.SortedSet.from(externalIn.map(_._1))
       p.formalOutParam = mutable.SortedSet.from(externalOut.map(_._1))
+      p.inParamDefaultBinding = immutable.SortedMap.from(externalIn)
+      p.outParamDefaultBinding = immutable.SortedMap.from(externalOut)
       mappingInparam = mappingInparam.updated(p, externalIn)
       mappingOutparam = mappingOutparam.updated(p, externalOut)
       SkipChildren()
@@ -95,12 +121,14 @@ class SetFormalParams(val anr: Map[CFGPosition, Set[Variable]], val rna: Map[CFG
         )
         p.formalInParam.addAll(inparams.map(_._1))
         mappingInparam = mappingInparam.updated(p, inparams.toMap)
+        p.inParamDefaultBinding = immutable.SortedMap.from(inparams)
       }
 
       // outparams is everything touched
       val outparams = lvars.map(v => LocalVar(v.name + "_out", v.getType) -> LocalVar(v.name, v.getType))
       p.formalOutParam = mutable.SortedSet.from(outparams.map(_._1))
       mappingOutparam = mappingOutparam.updated(p, outparams.toMap)
+      p.outParamDefaultBinding = immutable.SortedMap.from(outparams)
 
       SkipChildren()
     }
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index 9d08bc273..ef382a3e5 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -32,21 +32,8 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
       }
       procedure.formalInParam = mutable.SortedSet.from(s.in.map(_.toIR))
       procedure.formalOutParam = mutable.SortedSet.from(s.out.map(_.toIR))
-      class FixCallParams(s: BAPSubroutine) extends CILVisitor {
-        override def vstmt(st: Statement) = st match {
-          case d: DirectCall => {
-            ChangeTo(List(DirectCall(d.target, d.label, 
-              immutable.SortedMap.from(s.in.map(s => s.toIR -> s.value.toIR)),
-              immutable.SortedMap.from(s.out.map(s => s.toIR -> s.value.toIR)))))
-          }
-          case _ => SkipChildren()
-        }
-      }
-      visit_proc(FixCallParams(s), procedure)
-
-      for (eb <- procedure.entryBlock) {
-        eb.statements.prependAll(s.in.map(_.toAssign))
-      }
+      procedure.inParamDefaultBinding = immutable.SortedMap.from(s.in.map(s => s.toIR -> s.paramRegisterRVal))
+      procedure.outParamDefaultBinding = immutable.SortedMap.from(s.out.map(s => s.toIR -> s.paramRegisterLVal))
 
       if (s.address.get == mainAddress) {
         mainProcedure = Some(procedure)
@@ -82,7 +69,30 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
       memorySections.append(MemorySection(m.name, m.address, m.size, bytes))
     }
 
-    Program(procedures, mainProcedure.get, memorySections, ArrayBuffer())
+    class FixCallParams(subroutines: immutable.Map[String, BAPSubroutine]) extends CILVisitor {
+      override def vstmt(st: Statement) = st match {
+        case d: DirectCall => {
+          if (subroutines.contains(d.target.name)) {
+            val s = subroutines(d.target.name)
+            ChangeTo(List(DirectCall(d.target, d.label, 
+              d.target.outParamDefaultBinding,
+              d.target.inParamDefaultBinding)))
+          }  else {
+            SkipChildren()
+          }
+        }
+        case _ => SkipChildren()
+      }
+    }
+
+    val specParams = program.subroutines.map(s => s.name -> {
+      val in = (s.in.map(p => p.name -> p.paramRegisterRVal))
+      val out = (s.out.map(p => p.name -> p.paramRegisterRVal))
+      (in, out)
+    })
+
+    var prog = Program(procedures, mainProcedure.get, memorySections, ArrayBuffer())
+    visit_prog(FixCallParams(program.subroutines.map(s => s.name -> s).toMap), prog)
   }
 
   private def translate(s: BAPStatement) = s match {
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index 2dc88945d..f675631a2 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -131,19 +131,16 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
 
   // TODO this is a hack to imitate BAP so that the existing specifications relying on this will work
   // we cannot and should not rely on this at all
-  private def createArguments(name: String): ((ArrayBuffer[LocalVar],ArrayBuffer[Assign]), ArrayBuffer[LocalVar]) = {
+  private def createArguments(name: String): (Map[LocalVar, Expr], ArrayBuffer[LocalVar]) = {
     var regNum = 0
 
-    val in = if (name == "main") {
-      (ArrayBuffer(LocalVar("main_argc", BitVecType(32)), 
-        LocalVar("main_argv", BitVecType(32))),
-      ArrayBuffer(
-        Assign(Register("R0", 64), ZeroExtend(32, LocalVar("main_argc", BitVecType(32)))),
-        Assign(Register("R1", 64), ZeroExtend(32, LocalVar("main_argv", BitVecType(32))))
-        )
+    val in : Map[LocalVar, Expr] = if (name == "main") {
+      Map(
+        (LocalVar("main_argc", BitVecType(32)) -> Extract(32,0, Register("R0", (64)))),
+        (LocalVar("main_argv", BitVecType(32)) -> Extract(32,0, Register("R1", (64)))),
       )
     } else {
-      (ArrayBuffer(),ArrayBuffer())
+      Map()
     }
 
     val out = ArrayBuffer[LocalVar]()
@@ -263,7 +260,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
 
     val (in, out) = createArguments(name)
 
-    val procedure = Procedure(name, address, formalInParam = in._1, formalOutParam = out)
+    val procedure = Procedure(name, address, formalInParam = in.map(_._1), formalOutParam = out, inParamDefaultBinding=in.toMap)
     uuidToProcedure += (functionUUID -> procedure)
     entranceUUIDtoProcedure += (entranceUUID -> procedure)
 
@@ -278,10 +275,6 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
       blockCount += 1
     }
 
-    for (eb <- procedure.entryBlock) {
-      eb.statements.prependAll(in._2)
-    }
-
     procedure
   }
 
diff --git a/src/main/scala/translating/SpecificationLoader.scala b/src/main/scala/translating/SpecificationLoader.scala
index f33068250..f328f6bcb 100644
--- a/src/main/scala/translating/SpecificationLoader.scala
+++ b/src/main/scala/translating/SpecificationLoader.scala
@@ -379,8 +379,11 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
     val params: Map[String, Expr] = irProc match {
       case None => Map()
       case Some(p) =>
-        p.formalInParam.map(p => p.name -> p).toMap ++ p.formalOutParam.map(p => p.name -> p).toMap 
+        // p.formalInParam.map(p => p.name -> p).toMap ++ p.formalOutParam.map(p => p.name -> p).toMap ++
+        val r = p.inParamDefaultBinding.map(p => p._1.name -> p._2).toMap ++ p.outParamDefaultBinding.map(p => p._1.name -> p._2).toMap 
         + (p.name + "_result" -> (Extract(32,0,Register("R0", 64)))) 
+        println(r)
+        r
     }
 
     val requires = ctx.requires.asScala.collect { case r: ParsedRequiresContext =>
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index b323e4026..c3318c38c 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -13,7 +13,9 @@ case class ILLoadingConfig(inputFile: String,
                            specFile: Option[String] = None,
                            dumpIL: Option[String] = None,
                            mainProcedureName: String = "main",
-                           procedureTrimDepth: Int = Int.MaxValue)
+                           procedureTrimDepth: Int = Int.MaxValue,
+                           parameterForm: Boolean = false
+                           )
 
 case class StaticAnalysisConfig(dumpILToPath: Option[String] = None,
                                 analysisResultsPath: Option[String] = None,
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 98fabedd0..11f5c8616 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -205,8 +205,7 @@ object IRTransform {
     val renamer = Renamer(boogieReserved)
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
-
-    ir.transforms.liftProcedureCallAbstraction(ctx)
+    ctx
   }
 
   /** Cull unneccessary information that does not need to be included in the translation, and infer stack regions, and
@@ -518,6 +517,12 @@ object RunUtils {
 
     ctx = IRTransform.doCleanup(ctx)
 
+    if (q.loading.parameterForm) {
+      ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
+    } else {
+      ir.transforms.clearParams(ctx.program)
+    }
+
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
     val analysis = q.staticAnalysis.map(conf => staticAnalysis(conf, ctx))
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-analysis.il"))

From 3fce1c9e2bc48d0d3e79baf738872b8b6bccae36 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 2 Oct 2024 13:49:08 +1000
Subject: [PATCH 068/127] update visitor

---
 src/main/scala/ir/Visitor.scala                        | 6 +++++-
 src/main/scala/ir/cilvisitor/CILVisitor.scala          | 5 +++--
 src/main/scala/ir/transforms/ProcedureParameters.scala | 2 --
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index f04e6d786..d656600c4 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -40,7 +40,9 @@ abstract class Visitor {
   }
 
   def visitDirectCall(node: DirectCall): Statement = {
-    node
+    val ins = node.actualParams.map(i => i._1 -> visitExpr(i._2))
+    val outs = node.outParams.map(i => i._1 -> visitVariable(i._2))
+    DirectCall(node.target, node.label, outs, ins)
   }
 
   def visitIndirectCall(node: IndirectCall): Statement = {
@@ -191,6 +193,8 @@ abstract class ReadOnlyVisitor extends Visitor {
   }
 
   override def visitDirectCall(node: DirectCall): Statement = {
+    node.actualParams.foreach(i => visitExpr(i._2))
+    node.outParams.foreach(i => visitVariable(i._2))
     node
   }
 
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 443bffa21..39e21da42 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -103,8 +103,9 @@ class CILVisitorImpl(val v: CILVisitor) {
   def visit_stmt(s: Statement): List[Statement] = {
     def continue(n: Statement) = n match {
       case d: DirectCall => {
-        v.enter_scope(d.actualParams)
-        d
+        val actuals = d.actualParams.map(i => i._1 -> visit_expr(i._2))
+        v.enter_scope(actuals)
+        DirectCall(d.target, d.label, d.outParams, actuals)
       }
       case i: IndirectCall => {
         i.target = visit_rvar(i.target)
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index c3d54a768..4935e6bde 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -256,13 +256,11 @@ def specToProcForm(
   }
 
 
-  println(spec.subroutines)
   val ns = spec.copy(subroutines = spec.subroutines.map(s => {
     s.copy(requires = 
       s.requires.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), false)), 
       ensures = s.ensures.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), true)))
   }))
-  println(ns.subroutines)
   ns
 }
 

From eef39b9e602f59785156a8d9b627f61e3d854864 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 2 Oct 2024 14:47:56 +1000
Subject: [PATCH 069/127] add invariant check

---
 src/main/scala/bap/BAPProgram.scala           | 17 ++++++++++++-
 .../ir/invariant/CorrectCallParams.scala      | 24 +++++++++++++++++--
 src/main/scala/translating/BAPToIR.scala      | 10 ++------
 .../translating/SpecificationLoader.scala     |  2 --
 src/main/scala/util/BASILConfig.scala         |  2 +-
 src/main/scala/util/RunUtils.scala            |  2 ++
 6 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/src/main/scala/bap/BAPProgram.scala b/src/main/scala/bap/BAPProgram.scala
index 20316dac1..da8948b13 100644
--- a/src/main/scala/bap/BAPProgram.scala
+++ b/src/main/scala/bap/BAPProgram.scala
@@ -49,13 +49,28 @@ case class BAPParameter(name: String, size: Int, value: BAPVar) {
 
   def paramRegisterLVal: Variable = value.toIR
   def paramVariable = toIR
+  def toIROutParam =  {
+    paramRegisterLVal match {
+      case r: Register => {
+        if (r.size == size) then {
+          toIR
+        } else {
+          LocalVar(name, BitVecType(r.size))
+        }
+      }
+      case _ => throw Exception(s"subroutine parameter $this refers to non-register variable $value")
+    }
+
+  }
   def paramRegisterRVal: Expr = {
     paramRegisterLVal match {
       case r: Register => {
         if (r.size == size) then {
           r
-        } else {
+        } else if (r.size > size){
           Extract(size, 0, r)
+        } else {
+          ZeroExtend(size - r.size, r)
         }
       }
       case _ => throw Exception(s"subroutine parameter $this refers to non-register variable $value")
diff --git a/src/main/scala/ir/invariant/CorrectCallParams.scala b/src/main/scala/ir/invariant/CorrectCallParams.scala
index 016d00a6b..5721889ff 100644
--- a/src/main/scala/ir/invariant/CorrectCallParams.scala
+++ b/src/main/scala/ir/invariant/CorrectCallParams.scala
@@ -1,5 +1,6 @@
 package ir.invariant
 import ir._
+import util.Logger
 
 
 /*
@@ -11,8 +12,27 @@ def correctCalls(p: Program) : Boolean = {
   p.forall {
     case c: DirectCall => {
       val t = c.target
-      (c.actualParams.keySet == t.formalInParam) && (c.outParams.keySet == t.formalOutParam) 
-      && c.actualParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k,v) => k.getType == v.getType)
+      val inparams = (c.actualParams.keySet == t.formalInParam) 
+      val outparams = (c.outParams.keySet == t.formalOutParam) 
+      val typecheck = c.actualParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k,v) => k.getType == v.getType)
+      val r = inparams && outparams && typecheck
+      if (!inparams) {
+        Logger.error(s"call in arguments don't match formal params: ${c.target.name}(${c.actualParams}) != ${c.target.formalInParam}")
+      }
+      if (!outparams) {
+        Logger.error(s"call return lvalue doesnt match out params: ${c.outParams} := ${c.target.name}() = ${c.target.formalOutParam}")
+      }
+      if (!typecheck) {
+        val inp = c.actualParams.collect {
+          case (k,v) if k.getType != v.getType => s"$k := $v"
+        }
+        val out = c.outParams.collect {
+          case (k,v) if k.getType != v.getType => s"$v := $k"
+        }
+        Logger.error(s"Call $c doesn't typecheck${if inp.nonEmpty then " in : " else ""}${inp.mkString(" ")}${if out.nonEmpty then " out : " else ""}${out.mkString(" ")}")
+      }
+
+      r
     }
     case _ => true
   }
diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala
index ef382a3e5..dc54426b1 100644
--- a/src/main/scala/translating/BAPToIR.scala
+++ b/src/main/scala/translating/BAPToIR.scala
@@ -31,9 +31,9 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
         labelToBlock.addOne(b.label, block)
       }
       procedure.formalInParam = mutable.SortedSet.from(s.in.map(_.toIR))
-      procedure.formalOutParam = mutable.SortedSet.from(s.out.map(_.toIR))
+      procedure.formalOutParam = mutable.SortedSet.from(s.out.filterNot(_.name.endsWith("_result")).map(_.toIR))
       procedure.inParamDefaultBinding = immutable.SortedMap.from(s.in.map(s => s.toIR -> s.paramRegisterRVal))
-      procedure.outParamDefaultBinding = immutable.SortedMap.from(s.out.map(s => s.toIR -> s.paramRegisterLVal))
+      procedure.outParamDefaultBinding = immutable.SortedMap.from(s.out.filterNot(_.name.endsWith("_result")).map(s => s.toIR -> s.paramRegisterLVal))
 
       if (s.address.get == mainAddress) {
         mainProcedure = Some(procedure)
@@ -85,12 +85,6 @@ class BAPToIR(var program: BAPProgram, mainAddress: BigInt) {
       }
     }
 
-    val specParams = program.subroutines.map(s => s.name -> {
-      val in = (s.in.map(p => p.name -> p.paramRegisterRVal))
-      val out = (s.out.map(p => p.name -> p.paramRegisterRVal))
-      (in, out)
-    })
-
     var prog = Program(procedures, mainProcedure.get, memorySections, ArrayBuffer())
     visit_prog(FixCallParams(program.subroutines.map(s => s.name -> s).toMap), prog)
   }
diff --git a/src/main/scala/translating/SpecificationLoader.scala b/src/main/scala/translating/SpecificationLoader.scala
index f328f6bcb..73449f879 100644
--- a/src/main/scala/translating/SpecificationLoader.scala
+++ b/src/main/scala/translating/SpecificationLoader.scala
@@ -379,10 +379,8 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) {
     val params: Map[String, Expr] = irProc match {
       case None => Map()
       case Some(p) =>
-        // p.formalInParam.map(p => p.name -> p).toMap ++ p.formalOutParam.map(p => p.name -> p).toMap ++
         val r = p.inParamDefaultBinding.map(p => p._1.name -> p._2).toMap ++ p.outParamDefaultBinding.map(p => p._1.name -> p._2).toMap 
         + (p.name + "_result" -> (Extract(32,0,Register("R0", 64)))) 
-        println(r)
         r
     }
 
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index c3318c38c..4fd9fce14 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -14,7 +14,7 @@ case class ILLoadingConfig(inputFile: String,
                            dumpIL: Option[String] = None,
                            mainProcedureName: String = "main",
                            procedureTrimDepth: Int = Int.MaxValue,
-                           parameterForm: Boolean = false
+                           parameterForm: Boolean =true 
                            )
 
 case class StaticAnalysisConfig(dumpILToPath: Option[String] = None,
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 11f5c8616..dc0b38dfa 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -517,11 +517,13 @@ object RunUtils {
 
     ctx = IRTransform.doCleanup(ctx)
 
+    assert(invariant.correctCalls(ctx.program))
     if (q.loading.parameterForm) {
       ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
     } else {
       ir.transforms.clearParams(ctx.program)
     }
+    assert(invariant.correctCalls(ctx.program))
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
     val analysis = q.staticAnalysis.map(conf => staticAnalysis(conf, ctx))

From a21015cf179eb57d8647182673a30fc39d4a7873 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 2 Oct 2024 14:57:45 +1000
Subject: [PATCH 070/127] fix test issues in merge

---
 src/test/scala/IndirectCallsTests.scala |  1 +
 src/test/scala/SystemTests.scala        | 90 ++-----------------------
 src/test/scala/util/StateMonad.scala    |  1 -
 3 files changed, 7 insertions(+), 85 deletions(-)

diff --git a/src/test/scala/IndirectCallsTests.scala b/src/test/scala/IndirectCallsTests.scala
index c208e973b..d83a71e5d 100644
--- a/src/test/scala/IndirectCallsTests.scala
+++ b/src/test/scala/IndirectCallsTests.scala
@@ -4,6 +4,7 @@ import org.scalatest.*
 import org.scalatest.funsuite.*
 import specification.*
 import util.{BASILConfig, ILLoadingConfig, IRContext, RunUtils, StaticAnalysis, StaticAnalysisConfig, StaticAnalysisContext, BASILResult}
+import boogie.SpecGlobal
 
 import java.io.IOException
 import java.nio.file.*
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index 9efe3b26f..45081e4b6 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -175,17 +175,17 @@ trait SystemTests extends AnyFunSuite, BASILTest {
 
 }
 
-class SystemTestsBAP extends SystemTests  {
-  runTests(correctPrograms, correctPath, "correct", TestConfig(useBAPFrontend=true, expectVerify=true))
-  runTests(incorrectPrograms, incorrectPath, "incorrect", TestConfig(useBAPFrontend=true, expectVerify=false))
+class SystemTestsBAP extends SystemTests {
+  runTests("correct", TestConfig(useBAPFrontend = true, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(useBAPFrontend = true, expectVerify = false, logResults = true))
   test("summary-BAP") {
     summary("testresult-BAP")
   }
 }
 
-class SystemTestsGTIRB extends SystemTests  {
-  runTests(correctPrograms, correctPath, "correct", TestConfig(useBAPFrontend=false, expectVerify=true, BASILFlags = Seq("--analyse")))
-  runTests(incorrectPrograms, incorrectPath, "incorrect", TestConfig(useBAPFrontend=false, expectVerify=false, BASILFlags = Seq("--analyse")))
+class SystemTestsGTIRB extends SystemTests {
+  runTests("correct", TestConfig(useBAPFrontend = false, expectVerify = true, checkExpected = true, logResults = true))
+  runTests("incorrect", TestConfig(useBAPFrontend = false, expectVerify = false, checkExpected = true, logResults = true))
   test("summary-GTIRB") {
     summary("testresult-GTIRB")
   }
@@ -222,84 +222,6 @@ class ProcedureSummaryTests extends SystemTests {
     useBAPFrontend = false, expectVerify = true))
 }
 
-def mean(xs: Iterable[Double]): Double = xs.sum.toDouble / xs.size
-
-def variance(xs: Iterable[Double]): Double = {
-  val avg = mean(xs)
-
-  xs.map(a => math.pow(a - avg, 2)).sum / xs.size
-}
-
-def median(xs: Iterable[Double]) = xs.toArray.sorted.apply(xs.size / 2)
-
-def stdDev(xs: Iterable[Double]): Double = math.sqrt(variance(xs))
-
-def histogram(numBins: Int, bounds: Option[(Double, Double)] = None)(xs: Seq[Double]) : List[Int] = {
-  val (mn, mx) = bounds.getOrElse(xs.min, xs.max)
-  val binSize = ((mx - mn) / numBins) * (1.000001)
-  val counts = (0 to numBins).map(x => (mn + x * binSize, mn + (x + 1) * binSize))
-    .map((left, right) => xs.count(x => x >= left && x < right))
-    .toList
-  counts
-}
-
-def histoToSvg(title: String, imgWidth: Int, imgHeight: Int, bins: List[Int], minBin: Double, maxBin: Double) : String = {
-  def template(width: Int = 300, height: Int = 130, content: String) =
-    s""" <svg width="${width}" height="${height}" xmlns="http://www.w3.org/2000/svg">
-    ${content}
-  </svg> """
-  def mkRect(width: Int, height: Int, x: Int, y: Int, crx: Int=0, cry: Int=0, fill: String="Black") = {
-    s"""<rect width="$width" height="$height" x="$x" y="$y" rx="$crx" ry="$cry" fill="$fill" />"""
-  }
-  def text(content: String, x: Int, y: Int, cssClass: String = "small") = {
-    s"""<text x="$x" y="$y" class="$cssClass">$content</text>"""
-  }
-
-
-  val leftMargin = 20
-  val histWidth = imgWidth - leftMargin
-  val bottomMargin = 20
-  val topMargin = 20
-  val histHeight = imgHeight - topMargin - bottomMargin
-  val maxHeight = bins.max
-  val binWidth : Double = (histWidth).doubleValue / bins.size
-  val heightScaling : Double =  (histHeight.doubleValue)/(maxHeight)
-  val binPos = (0 to bins.size).map(i => (leftMargin + i * binWidth, binWidth * (i + 1)))
-    .zip(bins.map(bh => heightScaling * bh))
-
-  val rects = binPos.map((binXX, height) =>
-    mkRect(binWidth.ceil.intValue, height.intValue, binXX._1.floor.intValue, histHeight.intValue - height.intValue + topMargin))
-
-  val labels = {
-    (text(title, imgWidth / 8, topMargin - 5),
-      text("0", 0, histHeight + topMargin),
-      text(maxHeight.toInt.toString, 0, topMargin),
-      text(minBin.toInt.toString, 0, imgHeight),
-      text(maxBin.toInt.toString, (binWidth*(bins.size)).intValue - leftMargin, imgHeight))
-  }
-
-  val bg = mkRect(imgWidth, imgHeight, 0, 0, fill="White")
-
-  val content = (Seq(bg) ++ rects ++ labels.toList).mkString("\n")
-  template(imgWidth, imgHeight, content)
-}
-
-
-def loadHisto() = {
-  val source = scala.io.Source.fromFile("src/test/full-testresult-GTIRB.csv").getLines().toList
-  val headers = source.head.split(",")
-
-  val res = headers.map(h => h -> ArrayBuffer[String]()).toMap[String, ArrayBuffer[String]]
-
-  source.tail.map(line => {
-    val cols = line.split(",")
-    headers.zip(cols).foreach((h,v) => res(h).append(v))
-  })
-
-  val timeValues = res("verifyTime").map(_.toDouble)
-  val histo = histogram(50, Some(800.0, 1000.0))(timeValues.toSeq)
-  println(histoToSvg("test histogram", 500, 300, histo, 800.0, 1000.0))
-}
 // tests that require currently unimplemented functionality to pass
 class UnimplementedTests extends SystemTests {
   runTests("unimplemented", TestConfig(useBAPFrontend = false, expectVerify = true))
diff --git a/src/test/scala/util/StateMonad.scala b/src/test/scala/util/StateMonad.scala
index efcf4e767..a69f9aee4 100644
--- a/src/test/scala/util/StateMonad.scala
+++ b/src/test/scala/util/StateMonad.scala
@@ -6,7 +6,6 @@ import ir.eval._
 import ir.dsl._
 import org.scalatest.funsuite.AnyFunSuite
 import org.scalatest.BeforeAndAfter
-import specification.SpecGlobal
 import translating.BAPToIR
 import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}

From 409c455650e9ee1f1ab1a7208855a772dbb61f16 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 2 Oct 2024 17:25:27 +1000
Subject: [PATCH 071/127] make simplify work with params

---
 src/main/scala/analysis/ANR.scala             |   3 +
 src/main/scala/analysis/RNA.scala             |   3 +
 .../ReachingDefinitionsAnalysis.scala         |   4 +
 src/main/scala/ir/Program.scala               |   2 +-
 src/main/scala/ir/Statement.scala             |   2 +-
 src/main/scala/ir/Visitor.scala               |   1 +
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   9 +-
 src/main/scala/ir/transforms/Simp.scala       | 180 +++++++++++++++++-
 src/main/scala/util/BASILConfig.scala         |   2 +-
 src/main/scala/util/RunUtils.scala            |  20 +-
 src/test/scala/DifferentialAnalysis.scala     |  37 +++-
 src/test/scala/SystemTests.scala              |   8 +
 12 files changed, 253 insertions(+), 18 deletions(-)

diff --git a/src/main/scala/analysis/ANR.scala b/src/main/scala/analysis/ANR.scala
index 6484a7aa3..b00b51b71 100644
--- a/src/main/scala/analysis/ANR.scala
+++ b/src/main/scala/analysis/ANR.scala
@@ -36,6 +36,9 @@ trait ANRAnalysis(program: Program, ignoreStackPtrs: Boolean = false) {
         m.diff(memoryAssign.index.variables ++ memoryAssign.value.variables)
       case indirectCall: IndirectCall =>
         m - indirectCall.target
+      case call: DirectCall =>
+        m.diff(call.actualParams.flatMap(_._2.variables).toSet.filterNot(ignoreRegions.contains(_))) 
+        ++ call.outParams.map(_._2).toSet
       case assign: Assign =>
         m = m.diff(assign.rhs.variables)
         if ignoreRegions.contains(assign.lhs) then m else m + assign.lhs
diff --git a/src/main/scala/analysis/RNA.scala b/src/main/scala/analysis/RNA.scala
index 15a401808..b65959222 100644
--- a/src/main/scala/analysis/RNA.scala
+++ b/src/main/scala/analysis/RNA.scala
@@ -38,6 +38,9 @@ trait RNAAnalysis(program: Program, ignoreStackPtrs: Boolean = true) {
       case indirectCall: IndirectCall =>
         if (ignoreRegions.contains(indirectCall.target)) return m
         m + indirectCall.target
+      case call: DirectCall=>
+        (m ++ call.actualParams.flatMap(_._2.variables).toSet.filterNot(ignoreRegions.contains(_)))
+          .diff(call.outParams.map(_._2).toSet)
       case assign: Assign =>
         m = m - assign.lhs
         m.union(assign.rhs.variables.filter(!ignoreRegions.contains(_)))
diff --git a/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala b/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala
index 47592f082..2fb1b811d 100644
--- a/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala
+++ b/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala
@@ -71,6 +71,10 @@ case class ReachingDefinitionsAnalysis(program: Program) {
       transformUses(assume.body.variables, s)
     case indirectCall: IndirectCall =>
       transformUses(indirectCall.target.variables, s)
+    case r: DirectCall => 
+      transformUses(r.actualParams.toSet.flatMap(_._2.variables), s)
+    case r: Return => 
+      transformUses(r.outParams.toSet.flatMap(_._2.variables), s)
     case _ => s
   }
 }
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index c8b554df9..16cd6f2b4 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -187,7 +187,7 @@ class Procedure private (
   def makeCall(label: Option[String] = None) = DirectCall(this, label, outParamDefaultBinding, inParamDefaultBinding)
 
   def iterator: Iterator[CFGPosition] = {
-    ILUnorderedIterator(this)
+    ILUnorderedIterator(Seq(this))
   }
 
   override def toString: String = {
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 3715e683c..ea137c8d7 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -90,9 +90,9 @@ class Unreachable(override val label: Option[String] = None) extends Jump {
 
 class Return(override val label: Option[String] = None, var outParams : SortedMap[LocalVar, Expr] = SortedMap()) extends Jump {
   override def acceptVisit(visitor: Visitor): Jump = this
+  override def toString = s"Return(${outParams.mkString(",")})"
 }
 
-
 class GoTo private (private val _targets: mutable.LinkedHashSet[Block], override val label: Option[String]) extends Jump {
 
   def this(targets: Iterable[Block], label: Option[String] = None) = this(mutable.LinkedHashSet.from(targets), label)
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index d656600c4..edc19a1e0 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -292,6 +292,7 @@ class StackSubstituter extends IntraproceduralControlFlowVisitor {
     // reset for each procedure
     stackRefs.clear()
     stackRefs.add(stackPointer)
+    stackRefs.add(LocalVar("R31_in", BitVecType(64)))
     stackRefs.add(LocalVar("R31", BitVecType(64)))
     super.visitProcedure(node)
   }
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index a1ee358e5..8e8a4a226 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -68,14 +68,16 @@ class CILVisitorImpl(val v: CILVisitor) {
   }
 
   def visit_jump(j: Jump): Jump = {
-    val ji = j match {
+    def continue(j: Jump) = j match {
       case r: Return => {
+        val outs = r.outParams.map(o => o._1 -> visit_expr(o._2))
         v.leave_scope()
+        r.outParams = outs
         r
       }
       case x => x
     }
-    doVisit(v, v.vjump(ji), ji, (x) => x)
+    doVisit(v, v.vjump(j), j, continue)
   }
 
   def visit_fallthrough(j: Option[GoTo]): Option[GoTo] = {
@@ -102,8 +104,9 @@ class CILVisitorImpl(val v: CILVisitor) {
     def continue(n: Statement) = n match {
       case d: DirectCall => {
         val actuals = d.actualParams.map(i => i._1 -> visit_expr(i._2))
+        val outs = d.outParams.map(i => i._1 -> visit_lvar(i._2))
         v.enter_scope(actuals)
-        DirectCall(d.target, d.label, d.outParams, actuals)
+        DirectCall(d.target, d.label, outs, actuals)
       }
       case i: IndirectCall => {
         i.target = visit_rvar(i.target)
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 8cd3af04f..3db3f10f7 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -17,6 +17,98 @@ trait AbstractDomain[L] {
 }
 
 
+def getRedundantAssignments(v: Procedure) : Set[Assign] = {
+  /**
+   * Get all assign statements which define a variable never used, assuming ssa form.
+   */
+
+  enum VS:
+    case Bot
+    case Assigned(definition: Set[Assign])
+    case Read
+
+
+  def joinVS(a: VS, b: VS) = {
+    (a, b) match {
+      case (VS.Bot, o) => o
+      case (o, VS.Bot) => o
+      case (VS.Read, _) => VS.Read
+      case (_, VS.Read) => VS.Read
+      case (VS.Assigned(d1), VS.Assigned(d2)) => VS.Assigned(d1 ++ d2)
+    }
+  }
+
+  val assignedNotRead = mutable.Map[Variable, VS]().withDefaultValue(VS.Bot)
+
+  for (c <- v) {
+    c match {
+      case a : Assign => {
+        assignedNotRead(a.lhs) = joinVS(assignedNotRead(a.lhs), VS.Assigned(Set(a)))
+        a.rhs.variables.foreach(v => {
+          assignedNotRead(v) = VS.Read
+        })
+      }
+      case m: MemoryAssign => {
+        m.index.variables.foreach(v => {
+          assignedNotRead(v) = VS.Read
+        })
+        m.value.variables.foreach(v => {
+          assignedNotRead(v) = VS.Read
+        })
+      }
+      case m: IndirectCall => {
+        assignedNotRead(m.target) = VS.Read
+      }
+      case m: Assert => {
+        m.body.variables.foreach(v => {
+          assignedNotRead(v) = VS.Read
+        })
+      }
+      case m: Assume => {
+        m.body.variables.foreach(v => {
+          assignedNotRead(v) = VS.Read
+        })
+      }
+      case c: DirectCall => {
+        c.actualParams.flatMap(_._2.variables).foreach (v => {
+          assignedNotRead(v) = VS.Read
+        })
+
+      }
+      case p: Return => {
+        p.outParams.flatMap(_._2.variables).foreach(v => {
+          assignedNotRead(v) = VS.Read
+        })
+      }
+      case p: GoTo => ()
+      case p: NOP => ()
+      case p: Unreachable => ()
+      case p: Procedure => ()
+      case b: Block => ()
+    }
+  }
+
+  assignedNotRead.collect {
+    case (v, VS.Assigned(d)) => d
+  }.toSet.flatten
+}
+
+
+class CleanupAssignments extends CILVisitor {
+  var redundant = Set[Assign]()
+
+  override def vproc(p: Procedure) = {
+    redundant = getRedundantAssignments(p).filter(_.rhs.loads.isEmpty)
+    DoChildren()
+  }
+
+  override def vstmt(s: Statement) = s match {
+    case a: Assign if redundant.contains(a) => ChangeTo(List())
+    case _ => SkipChildren()
+  }
+
+}
+
 def doCopyPropTransform(
     p: Program,
     reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
@@ -41,6 +133,9 @@ def doCopyPropTransform(
       rerun = vis.madeAnyChange
     }
   }
+
+  visit_prog(CleanupAssignments(), p)
+
 }
 
 def reversePostOrder(startBlock: Block): Unit = {
@@ -96,7 +191,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       val b = worklist.dequeue
 
       if (b.label == "lmain_goto_l00000321") {
-        println(s"$b\n  prevs : ${b.prevBlocks.map(c => saved.get(c))}")
+        // println(s"$b\n  prevs : ${b.prevBlocks.map(c => saved.get(c))}")
       }
 
       while (worklist.nonEmpty && (worklist.head.rpoOrder >= b.rpoOrder)) do {
@@ -201,6 +296,72 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
   }
 }
 
+
+
+case class CCopyProp(expr: Expr, deps: Set[Variable])
+case class SSACCP(
+    constants: Map[Variable, Literal],
+    // variable -> expr * dependencies
+    val exprs: Map[Variable, CCopyProp]
+)
+
+class ConstCopyPropSSA()
+    extends AbstractDomain[SSACCP] {
+  // assuming concrete ssa form with renamed variables
+
+  def top: SSACCP = SSACCP(Map(), Map())
+  def bot: SSACCP = SSACCP(Map(), Map())
+
+  override def join(l: SSACCP, r: SSACCP): SSACCP = {
+    SSACCP(
+      (l.constants ++ r.constants).removedAll(l.constants.keySet.intersect(r.constants.keySet).filterNot(k => l.constants(k) == r.constants(k))),
+      (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet).filterNot(k => l.exprs(k) == r.exprs(k)))
+    )
+  }
+
+  override def transfer(c: SSACCP, s: Statement): SSACCP = {
+    s match {
+      case m: MemoryAssign => {
+        c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
+      }
+      case Assign(l, r, lb) => {
+
+        var p = c
+        val evaled = exprSimp(
+          eval.partialEvalExpr(
+            exprSimp(r),
+            v => p.constants.get(v)
+          )
+        )
+        val rhsDeps = evaled.variables
+
+        p = evaled match {
+          case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
+          case _: Expr =>
+            p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CCopyProp(evaled, rhsDeps)))
+        }
+
+        if (r.loads.nonEmpty) {
+          // don't re-order loads
+          p = p.copy(exprs = p.exprs.filter((k, v) => v.expr.loads.isEmpty))
+        }
+        // remove candidates whose value changes due to this update
+        // without an SSA form in the output, we can't propagate assignments such that R0_1 := f(R0_0)
+        //  or; only replace such that all uses are copyproped, the dead definition is removed
+        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.name == l.name)))
+        p
+      }
+      case d: DirectCall => {
+        val toClob = d.outParams.map(_._2)
+        toClob.foldLeft(c)((c, l) =>
+          c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
+        )
+      }
+      case _ => c
+    }
+  }
+}
+
 def exprSimp(e: Expr): Expr = {
 
   val assocOps: Set[BinOp] =
@@ -275,19 +436,23 @@ object SSARename:
 
   def concretiseSSA(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) = {
     println("SSA conc ")
+   //  println(reachingDefs)
     val c = SSACollect(p, reachingDefs)
     c.initial()
     visit_prog(c, p)
-    println(c.names)
+   // println(c.names)
     val rn = SSARename(p, c.names, reachingDefs)
     visit_prog(rn, p)
   }
 
   class SSARename(p: Program, renames: mutable.HashMap[Assign, Int], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
-    var statement : Statement = null
+    var statement : Command = null
 
     override def vrvar(v: Variable) = {
-      val assigns = getUse(v, statement, reachingDefs)
+      val assigns = statement match {
+        case a : Assign => getUse(v, statement, reachingDefs)
+        case _  => getDefinition(v, statement, reachingDefs)
+      }
       assigns.headOption.map(doRename(v, _)) match {
         case Some(nv) => ChangeTo(nv)
         case None => SkipChildren()
@@ -306,6 +471,12 @@ object SSARename:
       }
     }
 
+
+    override def vjump(s: Jump) = {
+      statement = s
+      DoChildren()
+    }
+
     override def vstmt(s: Statement) = {
       statement = s
       s match {
@@ -316,7 +487,6 @@ object SSARename:
         case _ => DoChildren()
       }
     }
-
   }
 
   class SSACollect(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index 585be82ab..288ebbcf5 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -14,7 +14,7 @@ case class ILLoadingConfig(inputFile: String,
                            dumpIL: Option[String] = None,
                            mainProcedureName: String = "main",
                            procedureTrimDepth: Int = Int.MaxValue,
-                           parameterForm: Boolean =true 
+                           parameterForm: Boolean = false
                            )
 
 case class StaticAnalysisConfig(dumpILToPath: Option[String] = None,
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index ce86aa1f5..fcba856fd 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -276,10 +276,11 @@ object StaticAnalysis {
   /** Run all static analysis passes on the provided IRProgram.
     */
   def analyse(
-      ctx: IRContext,
+      ictx: IRContext,
       config: StaticAnalysisConfig,
       iteration: Int
   ): StaticAnalysisContext = {
+    var ctx = ictx
     val IRProgram: Program = ctx.program
     val externalFunctions: Set[ExternalFunction] = ctx.externalFunctions
     val globals: Set[SpecGlobal] = ctx.globals
@@ -381,8 +382,19 @@ object StaticAnalysis {
       )
     })
 
-    if (config.simplify) {
-      transforms.SSARename.concretiseSSA(ctx.program, reachingDefinitionsAnalysisResults)
+    if (config.simplify && first) {
+      Logger.info("[!] Running simplification")
+      ctx = transforms.liftProcedureCallAbstraction(ctx)
+      writeToFile(serialiseIL(IRProgram), s"il-after-params.il")
+
+      val rd = ReachingDefinitionsAnalysisSolver(IRProgram).analyze()
+
+      config.analysisResultsPath.foreach(s =>
+        writeToFile(printAnalysisResults(IRProgram, rd), s"${s}-reachingdefs-result$iteration.txt")
+      )
+
+      transforms.SSARename.concretiseSSA(ctx.program, rd)
+      writeToFile(serialiseIL(IRProgram), s"il-after-ssa.il")
 
       val rds2 = ReachingDefinitionsAnalysisSolver(IRProgram)
       val rdr2 = rds2.analyze()
@@ -391,7 +403,7 @@ object StaticAnalysis {
       writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
     }
 
-    Logger.info("[!] Running Constant Propagation with SSA")
+    Logger.debug("[!] Running Constant Propagation with SSA")
     val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
     val constPropResultWithSSA = constPropSolverWithSSA.analyze()
 
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index 3ef3c7db1..a464d942d 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -19,7 +19,7 @@ import util.RunUtils.loadAndTranslate
 
 import scala.collection.mutable
 
-class DifferentialAnalysis extends AnyFunSuite {
+class DifferentialTest extends AnyFunSuite {
 
   Logger.setLevel(LogLevel.WARN)
 
@@ -61,7 +61,7 @@ class DifferentialAnalysis extends AnyFunSuite {
     assert(filterEvents(traceInit.t).mkString("\n") == filterEvents(traceRes.t).mkString("\n"))
   }
 
-  def testProgram(testName: String, examplePath: String, suffix: String =".adt") = {
+  def testProgram(testName: String, examplePath: String, suffix: String =".adt", staticAnalysisConfig : StaticAnalysisConfig = StaticAnalysisConfig(None, None, None)) = {
 
     val loading = ILLoadingConfig(inputFile = examplePath + testName + suffix,
       relfFile = examplePath + testName + ".relf",
@@ -73,10 +73,14 @@ class DifferentialAnalysis extends AnyFunSuite {
 
     var comparectx = IRLoading.load(loading)
     comparectx = IRTransform.doCleanup(ictx)
-    val analysisres = RunUtils.staticAnalysis(StaticAnalysisConfig(None, None, None), comparectx)
+    val analysisres = RunUtils.staticAnalysis(staticAnalysisConfig, comparectx)
 
     diffTest(ictx, comparectx)
   }
+}
+
+
+class DifferentialTestAnalysis extends DifferentialTest {
 
   test("indirect_call_example") {
     val testName = "indirect_call"
@@ -137,3 +141,30 @@ class DifferentialAnalysis extends AnyFunSuite {
 
   runSystemTests()
 }
+
+class DifferentialTestSimplification extends DifferentialTest {
+
+  def runSystemTests(): Unit = {
+
+    val path = System.getProperty("user.dir") + s"/src/test/correct/"
+    val programs: Array[String] = getSubdirectories(path)
+
+    // get all variations of each program
+    for (p <- programs) {
+      val programPath = path + "/" + p
+      val variations = getSubdirectories(programPath)
+      variations.foreach(variation => {
+        test("analysis_differential:" + p + "/" + variation + ":BAP") {
+          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt", staticAnalysisConfig=StaticAnalysisConfig(simplify=true))
+        }
+        //test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
+        //  testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
+        //}
+      }
+      )
+    }
+  }
+  runSystemTests()
+}
+
+
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index 45081e4b6..19b1c0e39 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -203,6 +203,14 @@ class ExtraSpecTests extends SystemTests {
   }
 }
 
+class SimplifySystemTests extends SystemTests {
+  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = true))
+  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = false))
+  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = true))
+  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = false))
+}
+
+
 class AnalysisSystemTestsBAP extends SystemTests {
   runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig()), useBAPFrontend = true, expectVerify = true))
   runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig()), useBAPFrontend = true, expectVerify = false))

From 81fd5e46b8891907757215787fb1a0ceb19805bd Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 4 Oct 2024 17:31:50 +1000
Subject: [PATCH 072/127] improve dsa and params w liveness

---
 .../ReachingDefinitionsAnalysis.scala         |   8 -
 src/main/scala/cfg_visualiser/DotTools.scala  |   7 +-
 src/main/scala/ir/Statement.scala             |   2 +-
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   4 +-
 .../ir/transforms/ProcedureParameters.scala   | 219 +++++--
 src/main/scala/ir/transforms/Simp.scala       | 542 +++++++++++++-----
 src/main/scala/translating/IRToBoogie.scala   |   6 +-
 src/main/scala/util/RunUtils.scala            |  62 +-
 .../basic_function_call_caller.spec           |   2 +-
 src/test/readme.md                            |  34 --
 src/test/scala/SystemTests.scala              |  21 +-
 11 files changed, 658 insertions(+), 249 deletions(-)
 delete mode 100644 src/test/readme.md

diff --git a/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala b/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala
index 2fb1b811d..975fd72c4 100644
--- a/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala
+++ b/src/main/scala/analysis/ReachingDefinitionsAnalysis.scala
@@ -22,14 +22,6 @@ case class ReachingDefinitionsAnalysis(program: Program) {
 
   val domain: Set[CFGPosition] = Set.empty ++ program
 
-  /*
-   * Good enough as stmts are unique
-   */
-  private def generateUniqueDefinition(
-      variable: Variable
-  ): Assign = {
-    Assign(variable, BitVecLiteral(0, 0))
-  }
 
   def transfer(n: CFGPosition, s: (Map[Variable, Set[Definition]], Map[Variable, Set[Definition]])): (Map[Variable, Set[Definition]], Map[Variable, Set[Definition]]) =
     localTransfer(n, s)
diff --git a/src/main/scala/cfg_visualiser/DotTools.scala b/src/main/scala/cfg_visualiser/DotTools.scala
index 937bd8293..cd7176950 100644
--- a/src/main/scala/cfg_visualiser/DotTools.scala
+++ b/src/main/scala/cfg_visualiser/DotTools.scala
@@ -11,7 +11,8 @@ object IDGenerator {
   }
 }
 
-def wrap(input: String, width: Integer = 20): String =
+def wrap(_input: String, width: Integer = 20): String =
+  var input = _input.replace("\n", "\\l")
   if (input.length() <= width) {
     input
   } else {
@@ -25,7 +26,7 @@ def wrap(input: String, width: Integer = 20): String =
       splitPoint = width
     }
     val line = input.substring(0, splitPoint)
-    line + "\\l" + wrap(input.substring(splitPoint), width)
+    "\\l    " + line + wrap(input.substring(splitPoint), width)
   }
 
 
@@ -51,7 +52,7 @@ class DotNode(val id: String, val label: String) extends DotElement {
   override def toString: String = toDotString
 
   def toDotString: String =
-    s"\"$id\"" + "[label=\"" + wrap(label, 80) + "\"]"
+    s"\"$id\"" + "[label=\"" + wrap(label, 100) + "\", shape=\"box\", fontname=\"Mono\"]"
 
 }
 
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index ea137c8d7..6889f65ee 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -155,7 +155,7 @@ class DirectCall(val target: Procedure,
     case None => Set()
   } */
   def calls: Set[Procedure] = Set(target)
-  override def toString: String = s"${labelStr}DirectCall(${target.name})"
+  override def toString: String = s"${labelStr}${outParams.mkString(",")} := DirectCall(${target.name})(${actualParams.mkString(",")})"
   override def acceptVisit(visitor: Visitor): Statement = visitor.visitDirectCall(this)
 
   override def linkParent(p: Block): Unit = {
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 8e8a4a226..871316c50 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -106,7 +106,9 @@ class CILVisitorImpl(val v: CILVisitor) {
         val actuals = d.actualParams.map(i => i._1 -> visit_expr(i._2))
         val outs = d.outParams.map(i => i._1 -> visit_lvar(i._2))
         v.enter_scope(actuals)
-        DirectCall(d.target, d.label, outs, actuals)
+        d.outParams = outs
+        d.actualParams = actuals
+        d
       }
       case i: IndirectCall => {
         i.target = visit_rvar(i.target)
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index 4935e6bde..0318aa964 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -5,6 +5,8 @@ import scala.collection.mutable.ArrayBuffer
 import scala.collection.{mutable, immutable}
 import collection.immutable.SortedMap
 import specification.Specification
+import analysis.{TwoElement, TwoElementTop, TwoElementBottom}
+import ir.CallGraph
 
 /** Use ANR and RNA to identify procedure parameters.
   */
@@ -16,17 +18,21 @@ import specification.Specification
 // call : forall vars in scope if name matches formal inparams of target = actual parameters
 // return : forall vars in scope if name matches formal outparams of proc = actual outparams
 
-def liftProcedureCallAbstraction(ctx: util.IRContext) : util.IRContext = {
+def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
   val p = ctx.program
   val anr = analysis.ANRAnalysisSolver(p, false).analyze()
   val rna = analysis.RNAAnalysisSolver(p, false).analyze()
 
+  val liveVars = analysis.InterLiveVarsAnalysis(ctx.program).analyze()
+
+  val params = inOutParams(ctx.program, liveVars)
+
   // functions for which we don't know their behaviour and assume they modify all registers
   val external = ctx.externalFunctions.map(_.name) ++ ctx.program.collect {
     case b: Procedure if b.blocks.isEmpty => b.name
   }
 
-  val formalParams = SetFormalParams(anr, rna, external)
+  val formalParams = SetFormalParams(anr, rna, params, external)
   visit_prog(formalParams, p)
   val actualParams = SetActualParams(formalParams.mappingInparam, formalParams.mappingOutparam, external)
   visit_prog(actualParams, p)
@@ -38,7 +44,8 @@ def clearParams(p: Program) = {
 
   class RemoveCallParams extends CILVisitor {
     override def vstmt(s: Statement) = s match {
-      case d: DirectCall => ChangeTo(List(DirectCall(d.target, d.label,immutable.SortedMap.empty, immutable.SortedMap.empty)))
+      case d: DirectCall =>
+        ChangeTo(List(DirectCall(d.target, d.label, immutable.SortedMap.empty, immutable.SortedMap.empty)))
       case _ => SkipChildren()
     }
   }
@@ -86,19 +93,21 @@ def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
   (lvars.toSet, rvars.toSet)
 }
 
-class SetFormalParams(val anr: Map[CFGPosition, Set[Variable]], val rna: Map[CFGPosition, Set[Variable]],
+class SetFormalParams(
+    val anr: Map[CFGPosition, Set[Variable]],
+    val rna: Map[CFGPosition, Set[Variable]],
+    val inoutparams: Map[Procedure, (Set[Variable], Set[Variable])],
     val externalFunctions: Set[String]
-  )
-    extends CILVisitor {
+) extends CILVisitor {
   // expects programs to be in single return form
 
   var mappingOutparam = Map[Procedure, Map[LocalVar, Variable]]()
   var mappingInparam = Map[Procedure, Map[LocalVar, Variable]]()
 
-  def externalIn : Map[LocalVar, Variable] = {
+  def externalIn: Map[LocalVar, Variable] = {
     (0 to 31).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
   }
-  def externalOut : Map[LocalVar, Variable] = {
+  def externalOut: Map[LocalVar, Variable] = {
     (0 to 31).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
   }
 
@@ -116,16 +125,14 @@ class SetFormalParams(val anr: Map[CFGPosition, Set[Variable]], val rna: Map[CFG
 
       val in = IRWalk.firstInProc(p)
       if (in.isDefined) {
-        val inparams = (rna(in.get).toSet -- p.formalInParam).map(v =>
-          (LocalVar(v.name + "_in", v.getType), LocalVar(v.name, v.getType))
-        )
+        val inparams = inoutparams(p)._1.map(v => (LocalVar(v.name + "_in", v.getType), LocalVar(v.name, v.getType)))
         p.formalInParam.addAll(inparams.map(_._1))
         mappingInparam = mappingInparam.updated(p, inparams.toMap)
         p.inParamDefaultBinding = immutable.SortedMap.from(inparams)
       }
 
       // outparams is everything touched
-      val outparams = lvars.map(v => LocalVar(v.name + "_out", v.getType) -> LocalVar(v.name, v.getType))
+      val outparams = inoutparams(p)._2.map(v => LocalVar(v.name + "_out", v.getType) -> LocalVar(v.name, v.getType))
       p.formalOutParam = mutable.SortedSet.from(outparams.map(_._1))
       mappingOutparam = mappingOutparam.updated(p, outparams.toMap)
       p.outParamDefaultBinding = immutable.SortedMap.from(outparams)
@@ -135,6 +142,142 @@ class SetFormalParams(val anr: Map[CFGPosition, Set[Variable]], val rna: Map[CFG
   }
 }
 
+object ReadWriteAnalysis {
+  sealed trait RW {
+    def getRWSet: Option[RWSet] = {
+      this match {
+        case Top      => None
+        case r: RWSet => Some(r)
+      }
+    }
+    def map[B](f: RW => RW) = {
+      f(this)
+    }
+  }
+  case class RWSet(reads: Set[Variable], writes: Set[Variable]) extends RW
+  case object Top extends RW
+
+  type st = Map[Procedure, RW]
+
+  def addReads(r: Iterable[Variable])(i: RW) = {
+    i match {
+      case Top      => Top
+      case i: RWSet => i.copy(reads = i.reads ++ r)
+    }
+  }
+  def addWrites(w: Iterable[Variable])(i: RW) = {
+    i match {
+      case Top      => Top
+      case i: RWSet => i.copy(writes = i.writes ++ w)
+    }
+  }
+
+  def join(a: RW, b: RW): RW = {
+    (a, b) match {
+      case (Top, _)             => Top
+      case (_, Top)             => Top
+      case (a: RWSet, b: RWSet) => RWSet(a.reads ++ b.reads, a.writes ++ b.writes)
+    }
+  }
+
+  def processProc(state: st, p: Procedure): RW = {
+    p.foldLeft(state(p))((ir, s) => {
+      s match {
+        case s: Assign => {
+          ir.map(addWrites(Seq(s.lhs)))
+            .map(addReads(s.rhs.variables))
+        }
+        case s: Return => {
+          ir.map(addWrites(s.outParams.flatMap(_._2.variables)))
+        }
+        case s: MemoryAssign => {
+          ir.map(addReads(s.index.variables ++ s.value.variables))
+        }
+        case s: DirectCall => {
+          ir.map(x => join(x, state(s.target)))
+            .map(addReads(s.actualParams.flatMap(_._2.variables)))
+            .map(addWrites(s.outParams.flatMap(_._2.variables)))
+        }
+        case s: IndirectCall => Top
+        case s: Assert       => ir.map(addReads(s.body.variables))
+        case s: Assume       => ir.map(addReads(s.body.variables))
+        case p: Procedure    => ir
+        case b: Block        => ir
+        case b: NOP          => ir
+        case b: Unreachable  => ir
+        case b: GoTo         => ir
+      }
+    })
+  }
+
+  def readWriteSets(p: Program): Map[Procedure, Option[RWSet]] = {
+    var state: st = Map[Procedure, RW]().withDefaultValue(RWSet(Set(), Set()))
+    val worklist = mutable.Stack.from(p.procedures)
+
+    while (worklist.nonEmpty) {
+      val proc = worklist.pop
+      val o = state(proc)
+      val n = processProc(state, proc)
+      if (o != n) {
+        worklist.addAll(CallGraph.pred(proc))
+        worklist.addAll(CallGraph.succ(proc))
+        state = state.updated(proc, n)
+      }
+    }
+
+    state.map(x => (x._1, x._2.getRWSet))
+  }
+}
+
+def inOutParams(
+    p: Program,
+    interLiveVarsResults: Map[CFGPosition, Map[Variable, TwoElement]]
+): Map[Procedure, (Set[Variable], Set[Variable])] = {
+  val overapprox = (0 to 31).map(i => Register(s"R${i}", 64)).toSet[Variable]
+  // in: live at entry & in procedure read set
+
+  val readWrites = ReadWriteAnalysis.readWriteSets(p: Program).collect {
+    case (p, None)    => (p, ReadWriteAnalysis.RWSet(overapprox, overapprox))
+    case (p, Some(x)) => (p, x)
+  }
+
+  val procEnd = p.procedures.map { case p =>
+    p -> p.returnBlock.getOrElse(p)
+  }.toMap
+
+  val lives = p.procedures
+    .map(p => {
+      val in = (interLiveVarsResults.get(p))
+      val out = (interLiveVarsResults.get(procEnd(p)))
+
+      def toLiveSet(p: Option[Map[Variable, TwoElement]]): Set[Variable] = {
+        p.map(p => {
+          p.collect { case (v, TwoElementTop) =>
+            v
+          }.toSet
+        }).getOrElse(overapprox)
+      }
+      p -> (toLiveSet(in), toLiveSet(out))
+    })
+    .toMap
+
+  val inout = readWrites.collect {
+    case (proc, rws) if p.mainProcedure == proc => {
+      // no callers of main procedure so keep the whole read/write set
+      // of registers
+      proc -> ((lives(proc)._1.intersect(rws.reads)), (overapprox.intersect(rws.writes)))
+    }
+    case (proc, rws) => {
+      val liveStart = lives(proc)._1
+      val liveEnd = lives(proc)._2
+
+      proc -> (liveStart.intersect(rws.reads), liveEnd.intersect(rws.writes))
+    }
+  }.toMap
+
+  inout.withDefaultValue((overapprox, overapprox))
+}
+
 class SetActualParams(
     val inBinding: Map[Procedure, Map[LocalVar, Variable]],
     val outBinding: Map[Procedure, Map[LocalVar, Variable]],
@@ -143,10 +286,10 @@ class SetActualParams(
   // expects programs to be in single return form
   var currStmt: Option[Statement] = None
 
-  def externalIn : Map[LocalVar, Variable] = {
+  def externalIn: Map[LocalVar, Variable] = {
     (0 to 31).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
   }
-  def externalOut : Map[LocalVar, Variable] = {
+  def externalOut: Map[LocalVar, Variable] = {
     (0 to 31).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
   }
 
@@ -174,8 +317,8 @@ class SetActualParams(
         }
       }
       case d: DirectCall /* if external */ => {
-          d.actualParams = SortedMap.from(externalIn)
-          d.outParams = SortedMap.from(externalOut)
+        d.actualParams = SortedMap.from(externalIn)
+        d.outParams = SortedMap.from(externalOut)
       }
       case _ => ()
     }
@@ -203,7 +346,6 @@ class SetActualParams(
 
 }
 
-
 def specToProcForm(
     spec: Specification,
     mappingInparam: Map[Procedure, Map[LocalVar, Variable]],
@@ -211,18 +353,20 @@ def specToProcForm(
 ): Specification = {
   import boogie.*
 
-  def toNameMapping(v : Map[LocalVar, Variable]): Map[String, String] = {
+  def toNameMapping(v: Map[LocalVar, Variable]): Map[String, String] = {
     v.map(v => (v._2.name, v._1.name)) ++ v.map(v => ("Gamma_" + v._2.name, "Gamma_" + v._1.name))
   }
   val varToInVar: Map[String, Map[String, String]] = mappingInparam.map(p => (p._1.name -> toNameMapping(p._2)))
-  val varToOutVar: Map[String, Map[String, String]]  = mappingOutparam.map(p => (p._1.name -> toNameMapping(p._2)))
+  val varToOutVar: Map[String, Map[String, String]] = mappingOutparam.map(p => (p._1.name -> toNameMapping(p._2)))
 
-  def convVarToOld(varInPre: Map[String, String], varInPost: Map[String, String], isPost: Boolean = false)(b: BExpr): BExpr = {
+  def convVarToOld(varInPre: Map[String, String], varInPost: Map[String, String], isPost: Boolean = false)(
+      b: BExpr
+  ): BExpr = {
     val varToOld = convVarToOld(varInPre, varInPost, isPost)
     b match {
       case b: BVariable if isPost && varInPost.contains(b.name) => BVariable(varInPost(b.name), b.getType, b.scope)
       case b: BVariable if !isPost && varInPre.contains(b.name) => BVariable(varInPre(b.name), b.getType, b.scope)
-      case b: BVar => b
+      case b: BVar                                              => b
       // case b : _ => varToOld(b)
       case b: BLiteral       => b
       case b: BVExtract      => b.copy(body = varToOld(b.body))
@@ -234,33 +378,32 @@ def specToProcForm(
       case b: BinaryBExpr    => b.copy(arg1 = varToOld(b.arg1), arg2 = varToOld(b.arg2))
       case b: IfThenElse     => IfThenElse(varToOld(b.guard), varToOld(b.thenExpr), varToOld(b.elseExpr))
       case b: QuantifierExpr => b
-      case b: Old            => {
+      case b: Old => {
         if (isPost) {
           convVarToOld(varInPre, varInPost, false)(b.body)
         } else {
           throw Exception("Illegal nested or non-relation Old()")
         }
       }
-      case b: MapAccess      => b.copy(index = varToOld(b.index))
-      case b: MapUpdate      => b.copy(index = varToOld(b.index), value = varToOld(b.value))
-      case b: BByteExtract   => b.copy(value = varToOld(b.value), offset = varToOld(b.offset))
-      case b: BInBounds      => b.copy(base = varToOld(b.base), len = varToOld(b.len), i = varToOld(b.i))
-      case b: BMemoryLoad    => b.copy(index = varToOld(b.index))
-      case b: BMemoryStore   => b.copy(index = varToOld(b.index), value = varToOld(b.value))
-      case b: BDirectExpr    => b
-      case b: GammaLoad      => b.copy(index = varToOld(b.index))
-      case b: GammaStore     => b.copy(index = varToOld(b.index), value = varToOld(b.value))
-      case b: L              => b.copy(index = varToOld(b.index))
-      case b: SpecVar        => b
+      case b: MapAccess    => b.copy(index = varToOld(b.index))
+      case b: MapUpdate    => b.copy(index = varToOld(b.index), value = varToOld(b.value))
+      case b: BByteExtract => b.copy(value = varToOld(b.value), offset = varToOld(b.offset))
+      case b: BInBounds    => b.copy(base = varToOld(b.base), len = varToOld(b.len), i = varToOld(b.i))
+      case b: BMemoryLoad  => b.copy(index = varToOld(b.index))
+      case b: BMemoryStore => b.copy(index = varToOld(b.index), value = varToOld(b.value))
+      case b: BDirectExpr  => b
+      case b: GammaLoad    => b.copy(index = varToOld(b.index))
+      case b: GammaStore   => b.copy(index = varToOld(b.index), value = varToOld(b.value))
+      case b: L            => b.copy(index = varToOld(b.index))
+      case b: SpecVar      => b
     }
   }
 
-
   val ns = spec.copy(subroutines = spec.subroutines.map(s => {
-    s.copy(requires = 
-      s.requires.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), false)), 
-      ensures = s.ensures.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), true)))
+    s.copy(
+      requires = s.requires.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), false)),
+      ensures = s.ensures.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), true))
+    )
   }))
   ns
 }
-
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 3db3f10f7..920a74cbe 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -16,24 +16,22 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
+def getRedundantAssignments(v: Procedure): Set[Assign] = {
 
-def getRedundantAssignments(v: Procedure) : Set[Assign] = {
-  /**
-   * Get all assign statements which define a variable never used, assuming ssa form.
-   */
+  /** Get all assign statements which define a variable never used, assuming ssa form.
+    */
 
   enum VS:
     case Bot
     case Assigned(definition: Set[Assign])
     case Read
 
-
   def joinVS(a: VS, b: VS) = {
     (a, b) match {
-      case (VS.Bot, o) => o
-      case (o, VS.Bot) => o
-      case (VS.Read, _) => VS.Read
-      case (_, VS.Read) => VS.Read
+      case (VS.Bot, o)                        => o
+      case (o, VS.Bot)                        => o
+      case (VS.Read, _)                       => VS.Read
+      case (_, VS.Read)                       => VS.Read
       case (VS.Assigned(d1), VS.Assigned(d2)) => VS.Assigned(d1 ++ d2)
     }
   }
@@ -42,7 +40,7 @@ def getRedundantAssignments(v: Procedure) : Set[Assign] = {
 
   for (c <- v) {
     c match {
-      case a : Assign => {
+      case a: Assign => {
         assignedNotRead(a.lhs) = joinVS(assignedNotRead(a.lhs), VS.Assigned(Set(a)))
         a.rhs.variables.foreach(v => {
           assignedNotRead(v) = VS.Read
@@ -70,30 +68,36 @@ def getRedundantAssignments(v: Procedure) : Set[Assign] = {
         })
       }
       case c: DirectCall => {
-        c.actualParams.flatMap(_._2.variables).foreach (v => {
-          assignedNotRead(v) = VS.Read
-        })
+        c.actualParams
+          .flatMap(_._2.variables)
+          .foreach(v => {
+            assignedNotRead(v) = VS.Read
+          })
 
       }
       case p: Return => {
-        p.outParams.flatMap(_._2.variables).foreach(v => {
-          assignedNotRead(v) = VS.Read
-        })
+        p.outParams
+          .flatMap(_._2.variables)
+          .foreach(v => {
+            assignedNotRead(v) = VS.Read
+          })
       }
-      case p: GoTo => ()
-      case p: NOP => ()
+      case p: GoTo        => ()
+      case p: NOP         => ()
       case p: Unreachable => ()
-      case p: Procedure => ()
-      case b: Block => ()
+      case p: Procedure   => ()
+      case b: Block       => ()
     }
   }
 
-  assignedNotRead.collect {
-    case (v, VS.Assigned(d)) => d
-  }.toSet.flatten
+  assignedNotRead
+    .collect { case (v, VS.Assigned(d)) =>
+      d
+    }
+    .toSet
+    .flatten
 }
 
-
 class CleanupAssignments extends CILVisitor {
   var redundant = Set[Assign]()
 
@@ -104,7 +108,7 @@ class CleanupAssignments extends CILVisitor {
 
   override def vstmt(s: Statement) = s match {
     case a: Assign if redundant.contains(a) => ChangeTo(List())
-    case _ => SkipChildren()
+    case _                                  => SkipChildren()
   }
 
 }
@@ -119,22 +123,32 @@ def doCopyPropTransform(
   while (runs < 5) {
     val rds2 = ReachingDefinitionsAnalysisSolver(p)
     val reachingDefs = rds2.analyze()
-    val d = ConstCopyProp(reachingDefs)
+    val d = ConstCopyProp()
     applyRPO(p)
 
-    Logger.info(s"Simp run $runs")
+    // Logger.info(s"Simp run $runs")
     runs += 1
     val solver = worklistSolver(d)
     val result = solver.solveProg(p, Set(), Set())
 
     for ((p, xf) <- result) {
-      val vis = Simplify(xf, reachingDefs)
+      val vis = Simplify(xf)
       visit_proc(vis, p)
       rerun = vis.madeAnyChange
     }
   }
 
-  visit_prog(CleanupAssignments(), p)
+  // cleanup
+  // visit_prog(CleanupAssignments(), p)
+  val toremove = p.collect {
+    case b:Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
+  }
+  for (b <- toremove) {
+    val p = b.prevBlocks.head
+    val n = b.nextBlocks.head
+    p.replaceJump((GoTo(n)))
+    b.parent.removeBlocks(b)
+  }
 
 }
 
@@ -228,16 +242,15 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
   }
 }
 
-case class CopyProp(expr: Expr, deps: Set[RegisterVariableWrapper])
+case class CopyProp(expr: Expr, deps: Set[Variable])
 
 case class CCP(
-    constants: Map[RegisterVariableWrapper, Literal],
+    constants: Map[Variable, Literal],
     // variable -> expr * dependencies
-    val exprs: Map[RegisterVariableWrapper, CopyProp]
+    val exprs: Map[Variable, CopyProp]
 )
 
-class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])])
-    extends AbstractDomain[CCP] {
+class ConstCopyProp() extends AbstractDomain[CCP] {
 
   private final val callClobbers = (0 to 30).map("R" + _).map(c => Register(c, 64))
 
@@ -246,86 +259,18 @@ class ConstCopyProp(val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign
 
   override def join(l: CCP, r: CCP): CCP = {
     CCP(
-      (l.constants ++ r.constants).removedAll(l.constants.keySet.intersect(r.constants.keySet).filterNot(k => l.constants(k) == r.constants(k))),
+      (l.constants ++ r.constants)
+        .removedAll(l.constants.keySet.intersect(r.constants.keySet).filterNot(k => l.constants(k) == r.constants(k))),
       (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet).filterNot(k => l.exprs(k) == r.exprs(k)))
     )
   }
 
   override def transfer(c: CCP, s: Statement): CCP = {
-    s match {
-      case m: MemoryAssign => {
-        c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
-      }
-      case Assign(lv, r, lb) => {
-        val l = RegisterVariableWrapper(lv, getDefinition(lv, s, reachingDefs))
-
-        var p = c
-        val evaled = exprSimp(
-          eval.partialEvalExpr(
-            exprSimp(r),
-            v => p.constants.get(RegisterVariableWrapper(v, getUse(v, s, reachingDefs)))
-          )
-        )
-        val rhsDeps = evaled.variables.map(v => RegisterVariableWrapper(v, getUse(v, s, reachingDefs)))
-
-        p = evaled match {
-          case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
-          case _: Expr =>
-            p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(evaled, rhsDeps)))
-        }
-
-        if (r.loads.nonEmpty) {
-          // don't re-order loads
-          p = p.copy(exprs = p.exprs.filter((k, v) => v.expr.loads.isEmpty))
-        }
-        // remove candidates whose value changes due to this update
-        // without an SSA form in the output, we can't propagate assignments such that R0_1 := f(R0_0)
-        //  or; only replace such that all uses are copyproped, the dead definition is removed
-        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.variable.name == l.variable.name)))
-
-        p
-      }
-      case x: Call => {
-        val toClob = callClobbers.map(v => RegisterVariableWrapper(v, getDefinition(v, s, reachingDefs)))
-        toClob.foldLeft(c)((c, l) =>
-          c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
-        )
-      }
-      case _ => c
-    }
-  }
-}
-
-
-
-case class CCopyProp(expr: Expr, deps: Set[Variable])
-case class SSACCP(
-    constants: Map[Variable, Literal],
-    // variable -> expr * dependencies
-    val exprs: Map[Variable, CCopyProp]
-)
-
-class ConstCopyPropSSA()
-    extends AbstractDomain[SSACCP] {
-  // assuming concrete ssa form with renamed variables
-
-  def top: SSACCP = SSACCP(Map(), Map())
-  def bot: SSACCP = SSACCP(Map(), Map())
-
-  override def join(l: SSACCP, r: SSACCP): SSACCP = {
-    SSACCP(
-      (l.constants ++ r.constants).removedAll(l.constants.keySet.intersect(r.constants.keySet).filterNot(k => l.constants(k) == r.constants(k))),
-      (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet).filterNot(k => l.exprs(k) == r.exprs(k)))
-    )
-  }
-
-  override def transfer(c: SSACCP, s: Statement): SSACCP = {
     s match {
       case m: MemoryAssign => {
         c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
       }
       case Assign(l, r, lb) => {
-
         var p = c
         val evaled = exprSimp(
           eval.partialEvalExpr(
@@ -337,8 +282,7 @@ class ConstCopyPropSSA()
 
         p = evaled match {
           case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
-          case _: Expr =>
-            p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CCopyProp(evaled, rhsDeps)))
+          case e: Expr => p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(e, e.variables)))
         }
 
         if (r.loads.nonEmpty) {
@@ -349,10 +293,16 @@ class ConstCopyPropSSA()
         // without an SSA form in the output, we can't propagate assignments such that R0_1 := f(R0_0)
         //  or; only replace such that all uses are copyproped, the dead definition is removed
         p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.name == l.name)))
+
         p
       }
-      case d: DirectCall => {
-        val toClob = d.outParams.map(_._2)
+      case x: DirectCall => {
+        val lhs = x.outParams.map(_._2)
+        lhs.foldLeft(c)((c, l) => c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
+        )
+      }
+      case x: IndirectCall => {
+        val toClob = callClobbers
         toClob.foldLeft(c)((c, l) =>
           c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
         )
@@ -362,6 +312,7 @@ class ConstCopyPropSSA()
   }
 }
 
+
 def exprSimp(e: Expr): Expr = {
 
   val assocOps: Set[BinOp] =
@@ -370,8 +321,8 @@ def exprSimp(e: Expr): Expr = {
   def simpOne(e: Expr): Expr = {
     e match {
       // normalise
-      case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
-        BinaryExpr(op, y, x)
+      case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) => BinaryExpr(op, y, x)
+      case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) => BinaryExpr(BVSUB, x, ir.eval.BitVectorEval.smt_bvneg(y))
 
       // identities
       case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => exprSimp(body)
@@ -429,33 +380,39 @@ def exprSimp(e: Expr): Expr = {
 
 object SSARename:
 
-
 // TODO: remove assigned and unread variables
 // TODO: Make procedure calls and returns assignments of all registers so they can become global and be ssa,
 //  and returned variables are not unread, and there is a clear modifies set across calls
 
-  def concretiseSSA(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) = {
+  def concretiseSSA(
+      p: Program,
+      reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+  ) = {
     println("SSA conc ")
-   //  println(reachingDefs)
+    //  println(reachingDefs)
     val c = SSACollect(p, reachingDefs)
     c.initial()
     visit_prog(c, p)
-   // println(c.names)
+    // println(c.names)
     val rn = SSARename(p, c.names, reachingDefs)
     visit_prog(rn, p)
   }
 
-  class SSARename(p: Program, renames: mutable.HashMap[Assign, Int], reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
-    var statement : Command = null
+  class SSARename(
+      p: Program,
+      renames: mutable.HashMap[Assign, Int],
+      reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+  ) extends CILVisitor {
+    var statement: Command = null
 
     override def vrvar(v: Variable) = {
       val assigns = statement match {
-        case a : Assign => getUse(v, statement, reachingDefs)
-        case _  => getDefinition(v, statement, reachingDefs)
+        case a: Assign => getUse(v, statement, reachingDefs)
+        case _         => getDefinition(v, statement, reachingDefs)
       }
       assigns.headOption.map(doRename(v, _)) match {
         case Some(nv) => ChangeTo(nv)
-        case None => SkipChildren()
+        case None     => SkipChildren()
       }
     }
 
@@ -464,14 +421,13 @@ object SSARename:
         case Some(idx) => {
           v match {
             case Register(n, sz) => Register(n + "_" + idx, sz)
-            case LocalVar(n, t) => LocalVar(n + "_" + idx, t)
+            case LocalVar(n, t)  => LocalVar(n + "_" + idx, t)
           }
         }
         case None => v
       }
     }
 
-
     override def vjump(s: Jump) = {
       statement = s
       DoChildren()
@@ -484,17 +440,339 @@ object SSARename:
           a.lhs = doRename(l, a)
           DoChildren()
         }
+        case a: DirectCall => {
+          // TODO: not handled
+          // a.outParams = a.outParams.map(p => (p._1, doRename(p._2, a)
+          DoChildren()
+        }
         case _ => DoChildren()
       }
     }
   }
 
-  class SSACollect(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]) extends CILVisitor {
+  def concretiseDSASinglePass(program: Program) = {
+
+    applyRPO(program)
+    case class DSARes(renames: Map[Variable, Int] = Map().withDefaultValue(-1)) // -1 means no rename
+
+    def addIndex(v: Variable, idx: Int) = {
+      if (idx != -1) {
+        v match {
+          case Register(n, sz) => Register(n + "_" + idx, sz)
+          case LocalVar(n, t)  => LocalVar(n + "_" + idx, t)
+        }
+      } else {
+        v
+      }
+    }
+
+    class StmtRenamer(renamesL: Map[Variable, Int] = Map(), renames: Map[Variable, Int] = Map()) extends CILVisitor {
+      override def vrvar(v: Variable) = v match {
+        case v if renames.contains(v) && renames(v) != -1 => ChangeTo(addIndex(v, renames(v)))
+        case _                                            => DoChildren()
+      }
+
+      override def vlvar(v: Variable) = v match {
+        case v if renamesL.contains(v) && renamesL(v) != -1 => ChangeTo(addIndex(v, renamesL(v)))
+        case _                                              => DoChildren()
+      }
+    }
+
+    def appendAssign(b: Block, s: Assign) = {
+      // maintain call end of lock invariant
+      if (b.statements.size > 0 && b.statements.last.isInstanceOf[Call]) {
+        b.statements.insertBefore(b.statements.last, s)
+      } else {
+        b.statements.append(s)
+      }
+    }
+
+    def njoin(
+        st: Map[Block, DSARes],
+        blocks: Iterable[Block],
+        assignsAdd: mutable.Map[Block, Map[Int, Int]],
+        count: mutable.Map[Variable, Int],
+        lhss: Map[Command, Map[Variable, Int]],
+        rhss: Map[Command, Map[Variable, Int]]
+    ) = {
+      var lhs = lhss
+      var rhs = rhss
+      var assignsappended: Map[Block, Map[Variable, Assign]] = Map().withDefaultValue(Map())
+      require(blocks.size >= 2)
+      val rs = blocks.map(st(_))
+      val all = rs.flatMap(_.renames.keySet)
+      val renames = all.collect {
+        case v if rs.forall(rl => rs.foldLeft(true)((b, rr) => b && (rl.renames(v) == rr.renames(v)))) => {
+          // all renames equal for this variable v
+          v -> rs.head.renames(v)
+        }
+        case v => {
+          // for branches which have different renamings of variables, we know the larger index renaming is so far unused
+          // on the branches with smaller indexes, so we add a copy to these branches renaming to the largest index
+          val maxrename = rs.map(_.renames(v)).foldLeft(-1)(Integer.max)
+          for (b <- blocks) {
+            if (st(b).renames(v) != maxrename && st(b).renames(v) != -1 && maxrename != -1) {
+              // if there is a call on this block assigning the variable, update its outparam's ssa index
+              // otherwise add an assignment to the block at the end or immediately before the call, and
+              // update the ssa index of the in-parameters to the call
+              b.statements.lastOption match {
+                case Some(d: DirectCall) if d.outParams.toSet.map(_._2).contains(v) => {
+                  rhs = rhs + (d -> (rhs.get(d).getOrElse(Map()) + (v -> st(b).renames(v))))
+                }
+                case c => {
+                  val assign = assignsappended(b).get(v).getOrElse(Assign(v, v))
+                  assignsappended = assignsappended + (b -> (assignsappended(b) + (v -> assign)))
+                  lhs = lhs + (assign -> (lhs.get(assign).getOrElse(Map()) + (v -> maxrename)))
+                  rhs = rhs + (assign -> (rhs.get(assign).getOrElse(Map()) + (v -> st(b).renames(v))))
+                  c match {
+                    case Some(call) => {
+                      rhs = rhs + (call -> (rhs.get(call).getOrElse(Map()) + (v -> maxrename)))
+                    }
+                    case _ => ()
+                  }
+                }
+              }
+            }
+          }
+          v -> maxrename
+        }
+      }.toMap
+
+      (DSARes(renames.withDefaultValue(-1)), lhs, rhs, assignsappended)
+    }
+
+    def join(
+        st: Map[Block, DSARes],
+        a: Block,
+        b: Block,
+        assignsAdd: mutable.Map[Block, Map[Int, Int]],
+        count: mutable.Map[Variable, Int]
+    ) = {
+      val l = st(a)
+      val r = st(b)
+
+      val all = l.renames.keySet ++ r.renames.keySet
+      val renames = all.collect {
+        case v if (l.renames(v) != r.renames(v)) => {
+          assignsAdd(a) = assignsAdd(a) + (l.renames(v) -> (count(v) + 1))
+          assignsAdd(b) = assignsAdd(b) + (r.renames(v) -> (count(v) + 1))
+          count(v) += 1
+          v -> count(v)
+        }
+        case v /* if (l.renames(v) == r.renames(v)) */ => v -> l.renames(v)
+      }.toMap
+
+      DSARes(renames)
+    }
+
+    def processCollect(
+        i: DSARes,
+        b: Block,
+        count: mutable.Map[Variable, Int],
+        lhs: Map[Command, Map[Variable, Int]],
+        rhs: Map[Command, Map[Variable, Int]]
+    ): (DSARes, Map[Command, Map[Variable, Int]], Map[Command, Map[Variable, Int]]) = {
+      var r = i
+      var lh = lhs
+      var rh = rhs
+
+      for (s <- b.statements) {
+        rh = rh.updated(s, rh(s) ++ r.renames)
+        val renames: Map[Variable, Int] = s match {
+          case a: Assign if (lh.get(a).flatMap(_.get(a.lhs))).map(_ == -1).getOrElse(true) => {
+            count(a.lhs) = count(a.lhs) + 1
+            Map(a.lhs -> count(a.lhs))
+          }
+          case a: DirectCall => {
+            var nnr = mutable.Map[Variable, Int]()
+            for (l <- a.outParams.map(_._2)) {
+              if (lh.get(s).flatMap(_.get(l)).map(_ == -1).getOrElse(true)) {
+                count(l) = count(l) + 1
+                nnr += (l -> count(l))
+              }
+            }
+            nnr.toMap
+          }
+          case _ => Map()
+        }
+        lh = lh.updated(s, lh(s) ++ renames)
+        r = r.copy(renames = r.renames ++ rh(s) ++ lh(s) ++ renames)
+      }
+      r = r.copy(renames = r.renames ++ rh(b.jump))
+
+      (r, lh, rh + (b.jump -> r.renames))
+    }
+
+    def renameAll(b: Block, lhs: Map[Command, Map[Variable, Int]], rhs: Map[Command, Map[Variable, Int]]) = {
+      //println(s"${b.label}")
+      for (s <- b.statements) {
+        s match {
+          case d: DirectCall => {
+            //println(s"$s --- ${lhs.get(s)} ${rhs.get(s)}")
+          }
+          case _ => ()
+        }
+        visit_stmt(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
+      }
+      val s = b.jump
+      visit_jump(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
+    }
+
+    def process(
+        i: DSARes,
+        b: Block,
+        count: mutable.Map[Variable, Int]
+    ): DSARes = {
+      var r = i
+      for (s <- b.statements) {
+        val renames: Map[Variable, Int] = s match {
+          case a: Assign => {
+            count(a.lhs) = count(a.lhs) + 1
+            Map(a.lhs -> count(a.lhs))
+          }
+          case a: DirectCall => {
+            var nnr = mutable.Map[Variable, Int]()
+            for (l <- a.outParams.map(_._2)) {
+              count(l) = count(l) + 1
+              nnr += (l -> count(l))
+              // nnr.copy(renames = nnr.renames + (l -> count(l)))
+            }
+            nnr.toMap
+          }
+          case _ => Map()
+        }
+        visit_stmt(StmtRenamer(renames, r.renames), s)
+        r = r.copy(renames = r.renames ++ renames)
+      }
+      visit_jump(StmtRenamer(Map(), r.renames), b.jump)
+      r
+    }
+
+    def visitProc(p: Procedure) = {
+      /*
+       * visit once in weak topological order, collect renames and copies of ssa variables
+       * we need to visit loops twice
+       */
+
+      // val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+      val worklist = mutable.Stack[Block]()
+      worklist.pushAll(p.entryBlock)
+      var seen = Set[Block]()
+      val assignsAdd = mutable.Map[Block, Map[Int, Int]]()
+      val count = mutable.Map[Variable, Int]().withDefaultValue(0)
+      var lhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
+      var rhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
+
+      // val stmtRenames = mutable.Map[Command, Map[Variable, Int]]()
+
+      var st = Map[Block, DSARes]().withDefaultValue(DSARes())
+      val bprocessed = mutable.Set[Block]()
+      var assignsappended: Map[Block, Map[Variable, Assign]] = Map().withDefaultValue(Map())
+
+      while (worklist.nonEmpty) {
+        val b = worklist.pop
+
+        //println(b)
+
+        if (b.prevBlocks.forall(st.contains(_)) && !seen(b)) {
+          worklist.pushAll(b.prevBlocks)
+          worklist.push(b)
+        } else {
+          val prev = if (b.incomingJumps.size > 1 && b.prevBlocks.forall(b => st.contains(b))) {
+            val (n, llhs, rrhs, assigns) = njoin(st, b.prevBlocks, assignsAdd, count, lhs, rhs)
+            assignsappended = assignsappended ++ assigns
+            lhs = llhs
+            rhs = rrhs
+            n
+          } else if (b.incomingJumps.size == 1) {
+            st(b.incomingJumps.head.parent)
+          } else {
+            DSARes()
+          }
+          val (processed, nlhs, nrhs) = processCollect(prev, b, count, lhs, rhs)
+          if (st(b) != processed || lhs != lhs || rhs != rhs) {
+            lhs = nlhs
+            rhs = nrhs
+            //println(processed)
+            //println()
+            worklist.pushAll(b.nextBlocks)
+            st = st.updated(b, processed)
+          }
+        }
+        //println(worklist.size)
+        seen += b
+      }
+      for (b <- assignsappended) {
+        for (v <- b._2) {
+          appendAssign(b._1, v._2)
+        }
+      }
+
+      for (b <- p.blocks) {
+        renameAll(b, lhs, rhs)
+      }
+      //println(s"done ${p.name}")
+
+    }
+
+    program.procedures.foreach(visitProc)
+    //println(s"done dsa}")
+  }
+
+  class SSASimp(p: Program) extends CILVisitor {
+
+    val names = mutable.HashMap[Command, Map[Variable, Int]]()
+    val copies = mutable.Map[Block, List[Statement]]()
+
+    var count = mutable.HashMap[Variable, Int]().withDefaultValue(0)
+    var statement: Statement = null
+
+    def rename(rv: Variable, oldIndex: Int, newIndex: Int) = {
+      names.foreach(n => {
+        names(n._1) = {
+          n._2.map(v =>
+            v match {
+              case (v, i) if v == rv && i == oldIndex => (v, newIndex)
+              case o                                  => o
+            }
+          )
+        }
+      })
+    }
+
+    def initial() = {
+      // give each definition a unique index
+      for (c <- p) {
+        c match {
+          case b: Block if (b.incomingJumps.size > 1) => {}
+          case c: Command =>
+            c match {
+              case a: Assign => {
+                count(a.lhs) = count(a.lhs) + 1
+                names(a) = names(a) + (a.lhs -> count(a.lhs))
+              }
+              case a: DirectCall => {
+                for (l <- a.outParams.map(_._2)) {
+                  count(l) = count(l) + 1
+                  names(a) = names(a) + (l -> count(l))
+                }
+              }
+              case _ => ()
+            }
+          case _ => ()
+        }
+      }
+    }
+
+  }
+
+  class SSACollect(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])])
+      extends CILVisitor {
     val names = mutable.HashMap[Assign, Int]()
     var count = mutable.HashMap[Variable, Int]().withDefaultValue(0)
-    var statement : Statement = null
+    var statement: Statement = null
 
-    override def vrvar(v: Variable) =  {
+    override def vrvar(v: Variable) = {
       val assigns = getUse(v, statement, reachingDefs)
       if (assigns.size > 1) {
         count(v) = count(v) + 1
@@ -509,7 +787,7 @@ object SSARename:
       // give each definition a unique index
       for (c <- p) {
         c match {
-          case a : Assign => {
+          case a: Assign => {
             count(a.lhs) = count(a.lhs) + 1
             names(a) = count(a.lhs)
           }
@@ -526,8 +804,7 @@ object SSARename:
   }
 
 class Simplify(
-    val res: CCP,
-    val reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+    val res: CCP
 ) extends CILVisitor {
 
   var madeAnyChange = false
@@ -544,16 +821,15 @@ class Simplify(
 
   override def vexpr(e: Expr) = {
     e match {
-      case v: Variable if res.constants.contains(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))) => {
+      case v: Variable if res.constants.contains(v) => {
         madeAnyChange = true
         ChangeDoChildrenPost(
-          res.constants(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))),
+          res.constants(v),
           simp(e)
         )
       }
-      case v: Variable if res.exprs.contains(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))) => {
-        val repl = res.exprs(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs)))
-        val u = RegisterVariableWrapper(v, getUse(v, statement, reachingDefs))
+      case v: Variable if res.exprs.contains(v) => {
+        val repl = res.exprs(v)
         madeAnyChange = true
         ChangeDoChildrenPost(
           repl.expr,
@@ -572,7 +848,7 @@ class Simplify(
         val state = res
         val nr = eval.partialEvalExpr(
           r,
-          v => state.constants.get(RegisterVariableWrapper(v, getUse(v, statement, reachingDefs)))
+          v => state.constants.get(v)
         )
         if (nr != r) {
           madeAnyChange = true
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 6032be13f..098250cd4 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -567,7 +567,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
   def translateBlock(b: Block): BBlock = {
     val captureState = captureStateStatement(s"${b.label}")
-    val cmds = List(captureState) ++ b.statements.flatMap(s => translate(s)) ++ translate(b.jump)
+    val cmds = List() ++ b.statements.flatMap(s => translate(s)) ++ translate(b.jump)
 
     BBlock(b.label, cmds)
   }
@@ -693,11 +693,11 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val lhsGamma = m.mem.toGamma
       val rhsGamma = GammaStore(m.mem.toGamma, m.index.toBoogie, m.value.toGamma, m.size, m.size / m.mem.valueSize)
       val store = AssignCmd(List(lhs, lhsGamma), List(rhs, rhsGamma))
-      val stateSplit = s match {
+      val stateSplit = List.empty /*s match {
         case MemoryAssign(_, _, _, _, _, Some(label)) => List(captureStateStatement(s"$label"))
         case Assign(_, _, Some(label)) => List(captureStateStatement(s"$label"))
         case _ => List.empty
-      }
+      } */
       m.mem match {
         case s: StackMemory =>
           List(store) ++ stateSplit
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index fcba856fd..cabd2d3e9 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -272,7 +272,6 @@ object IRTransform {
 /** Methods relating to program static analysis.
   */
 object StaticAnalysis {
-  var first : Boolean = true
   /** Run all static analysis passes on the provided IRProgram.
     */
   def analyse(
@@ -301,7 +300,40 @@ object StaticAnalysis {
     Logger.debug("Subroutine Addresses:")
     Logger.debug(subroutines)
 
+    if (config.simplify && iteration == 1) {
+      Logger.info("[!] Running simplification")
+      writeToFile(serialiseIL(IRProgram), s"il-after-params.il")
+
+      Logger.info("Reachingdefs")
+      val rd = ReachingDefinitionsAnalysisSolver(IRProgram).analyze()
+
+      config.analysisResultsPath.foreach(s =>
+        writeToFile(printAnalysisResults(IRProgram, rd), s"${s}-reachingdefs-result$iteration.txt")
+      )
+
+      Logger.info("DSA X")
+      // transforms.SSARename.concretiseSSA(ctx.program, rd)
+      transforms.SSARename.concretiseDSASinglePass(ctx.program)
+      writeToFile(serialiseIL(IRProgram), s"il-after-ssa.il")
+
+      Logger.info("reaching defs ")
+      val rds2 = ReachingDefinitionsAnalysisSolver(IRProgram)
+      val rdr2 = rds2.analyze()
+
+      config.analysisDotPath.foreach { s =>
+        writeToFile(dotBlockGraph(IRProgram, IRProgram.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa-$iteration.dot")
+      }
+      Logger.info("copyprop ")
+      transforms.doCopyPropTransform(ctx.program, rdr2)
+      writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
+      Logger.info("done copyprop")
+      config.analysisDotPath.foreach { s =>
+        writeToFile(dotBlockGraph(IRProgram, IRProgram.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp-$iteration.dot")
+      }
+    }
+
 
+    Logger.info("reducible loops")
     // reducible loops
     val detector = LoopDetector(IRProgram)
     val foundLoops = detector.identify_loops()
@@ -382,26 +414,6 @@ object StaticAnalysis {
       )
     })
 
-    if (config.simplify && first) {
-      Logger.info("[!] Running simplification")
-      ctx = transforms.liftProcedureCallAbstraction(ctx)
-      writeToFile(serialiseIL(IRProgram), s"il-after-params.il")
-
-      val rd = ReachingDefinitionsAnalysisSolver(IRProgram).analyze()
-
-      config.analysisResultsPath.foreach(s =>
-        writeToFile(printAnalysisResults(IRProgram, rd), s"${s}-reachingdefs-result$iteration.txt")
-      )
-
-      transforms.SSARename.concretiseSSA(ctx.program, rd)
-      writeToFile(serialiseIL(IRProgram), s"il-after-ssa.il")
-
-      val rds2 = ReachingDefinitionsAnalysisSolver(IRProgram)
-      val rdr2 = rds2.analyze()
-
-      transforms.doCopyPropTransform(ctx.program, rdr2)
-      writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
-    }
 
     Logger.debug("[!] Running Constant Propagation with SSA")
     val constPropSolverWithSSA = ConstantPropagationSolverWithSSA(IRProgram, reachingDefinitionsAnalysisResults)
@@ -461,7 +473,6 @@ object StaticAnalysis {
       Logger.warn(s"Disabling IDE solver tests due to external main procedure: ${IRProgram.mainProcedure.name}")
     }
 
-    first = false
     StaticAnalysisContext(
       constPropResult = constPropResult,
       IRconstPropResult = newCPResult,
@@ -537,8 +548,13 @@ object RunUtils {
     }
   }
 
-  def loadAndTranslate(q: BASILConfig): BASILResult = {
+  def loadAndTranslate(conf: BASILConfig): BASILResult = {
     Logger.debug("[!] Loading Program")
+    var q = conf
+    if (q.staticAnalysis.map(_.simplify).getOrElse(false)) {
+      q = q.copy(loading=q.loading.copy(parameterForm=true))
+    }
+
     var ctx = IRLoading.load(q.loading)
 
     ctx = IRTransform.doCleanup(ctx)
diff --git a/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec b/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
index d1ee36291..3a35abe63 100644
--- a/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
+++ b/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
@@ -10,4 +10,4 @@ Subroutine: main
 Requires: Gamma_main_argc == false
 
 Subroutine: zero
-Ensures: R0 == 0bv64  && Gamma_R0
+Ensures: zero_result == 0bv32  && Gamma_R0
diff --git a/src/test/readme.md b/src/test/readme.md
deleted file mode 100644
index 5d86cc94b..000000000
--- a/src/test/readme.md
+++ /dev/null
@@ -1,34 +0,0 @@
-## Writing and Running Tests
-
-See [../../docs/development/readme.md]
-
-## Lifting SystemTest examples
-
-Lifting options specified in make/lift-directories.mk can be overriden using this file, for example to specify the lifting templates:
-
-```
-$ cat correct/test_name/config.mk
-ENABLED_COMPILERS = clang clang_pic gcc gcc_pic
-```
-
-To force recompile and lift all:
-
-```
-make cleanall 
-make
-```
-
-Lift one:
-
-```
-                                # relative to correct/secret_write
-make -C correct/secret_write -f ../../make/lift-directories.mk
-```
-
-or
-
-```
-cd correct/secret_write
-make -f ../../make/lift-directories.mk
-```
-
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index 19b1c0e39..b915e35f3 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -203,11 +203,24 @@ class ExtraSpecTests extends SystemTests {
   }
 }
 
+
+class NoSimplifySystemTests extends SystemTests {
+  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = true, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = true, expectVerify = false, logResults = true))
+  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = false, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = false, expectVerify = false, logResults = true))
+  test("summary-nosimplify") {
+    summary("summary-nosimplify")
+  }
+}
 class SimplifySystemTests extends SystemTests {
-  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = true))
-  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = false))
-  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = true))
-  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = false))
+  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = false, logResults = true))
+  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = false, logResults = true))
+  test("summary-simplify") {
+    summary("summary-simplify")
+  }
 }
 
 

From 8e99918438a8dd399b3a070502273a0c080f019e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 8 Oct 2024 15:21:35 +1000
Subject: [PATCH 073/127] fix dsa, copyprop, cleanup

---
 src/main/scala/Main.scala                     |   5 +-
 src/main/scala/analysis/ExprSSAEval.scala     |   2 +-
 .../scala/analysis/MemoryRegionAnalysis.scala |   3 +-
 src/main/scala/cfg_visualiser/DotTools.scala  |   9 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     |  80 ++
 .../transforms/DynamicSingleAssignment.scala  | 229 ++++++
 .../ir/transforms/ProcedureParameters.scala   |  30 +-
 src/main/scala/ir/transforms/Simp.scala       | 692 +++---------------
 src/main/scala/util/BASILConfig.scala         |   2 +-
 src/main/scala/util/RunUtils.scala            |  60 +-
 src/test/.~lock.full-summary-nosimplify.csv#  |   1 +
 src/test/.~lock.full-summary-simplify.csv#    |   1 +
 src/test/scala/DifferentialAnalysis.scala     |   9 +-
 src/test/scala/SystemTests.scala              |  22 +-
 src/test/scala/test_util/BASILTest.scala      |   9 +-
 15 files changed, 504 insertions(+), 650 deletions(-)
 create mode 100644 src/main/scala/ir/eval/SimplifyExpr.scala
 create mode 100644 src/main/scala/ir/transforms/DynamicSingleAssignment.scala
 create mode 100644 src/test/.~lock.full-summary-nosimplify.csv#
 create mode 100644 src/test/.~lock.full-summary-simplify.csv#

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 1964eb33e..5edebaad5 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -84,9 +84,10 @@ object Main {
     }
 
     val q = BASILConfig(
-      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value),
+      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value || conf.simplify.value),
       runInterpret = conf.interpret.value,
-      staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot, conf.threadSplit.value, conf.summariseProcedures.value, conf.simplify.value)) else None,
+      simplify = conf.simplify.value,
+      staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot, conf.threadSplit.value, conf.summariseProcedures.value)) else None,
       boogieTranslation = BoogieGeneratorConfig(if conf.lambdaStores.value then BoogieMemoryAccessMode.LambdaStoreSelect else BoogieMemoryAccessMode.SuccessiveStoreSelect,
         true, rely, conf.threadSplit.value),
       outputPrefix = conf.outFileName,
diff --git a/src/main/scala/analysis/ExprSSAEval.scala b/src/main/scala/analysis/ExprSSAEval.scala
index 0b7925894..1d8b4a87d 100644
--- a/src/main/scala/analysis/ExprSSAEval.scala
+++ b/src/main/scala/analysis/ExprSSAEval.scala
@@ -91,7 +91,7 @@ def evaluateExpressionWithSSA(exp: Expr, constantPropResult: Map[RegisterWrapper
       Logger.debug("getUse: " + getUse(variable, n, reachingDefs))
       constantPropResult(RegisterWrapperEqualSets(variable, getUse(variable, n, reachingDefs)))
     case b: BitVecLiteral => Set(b)
-    case _ => throw RuntimeException("ERROR: CASE NOT HANDLED: " + exp + "\n")
+    case _ => Logger.error("ERROR: CASE NOT HANDLED: " + exp + "\n"); Set()
   }
 }
 
diff --git a/src/main/scala/analysis/MemoryRegionAnalysis.scala b/src/main/scala/analysis/MemoryRegionAnalysis.scala
index c7d888a43..2d1125b68 100644
--- a/src/main/scala/analysis/MemoryRegionAnalysis.scala
+++ b/src/main/scala/analysis/MemoryRegionAnalysis.scala
@@ -166,7 +166,8 @@ trait MemoryRegionAnalysis(val program: Program,
       // we cannot evaluate this to a concrete value, we need VSA for this
       case _ =>
         Logger.debug(s"type: ${exp.getClass} $exp\n")
-        throw new Exception("Unknown type")
+        Set()
+        // throw new Exception("Unknown type")
     }
   }
 
diff --git a/src/main/scala/cfg_visualiser/DotTools.scala b/src/main/scala/cfg_visualiser/DotTools.scala
index cd7176950..ab754d152 100644
--- a/src/main/scala/cfg_visualiser/DotTools.scala
+++ b/src/main/scala/cfg_visualiser/DotTools.scala
@@ -13,15 +13,20 @@ object IDGenerator {
 
 def wrap(_input: String, width: Integer = 20): String =
   var input = _input.replace("\n", "\\l")
+
+  def cannotSplit(c:Char) = {
+    c.isLetterOrDigit || ("_$".contains(c))
+  }
+
   if (input.length() <= width) {
     input
   } else {
     var splitPoint = width
-    while (input.charAt(splitPoint).isLetterOrDigit && splitPoint > width / 2) {
+    while (cannotSplit(input.charAt(splitPoint)) && splitPoint > width / 2) {
       // search backwards for a non alphanumeric charcter to split on
       splitPoint -= 1
     }
-    if (input.charAt(splitPoint).isLetterOrDigit) {
+    if (cannotSplit(input.charAt(splitPoint))) {
       // didn't find a character to split on
       splitPoint = width
     }
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
new file mode 100644
index 000000000..f53f66d39
--- /dev/null
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -0,0 +1,80 @@
+package ir.eval
+import ir.*
+
+val assocOps: Set[BinOp] =
+  Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
+
+def simplifyExprFixpoint(e: Expr): Expr = {
+  var pe = e
+  var ne = simplifyExpr(pe)
+  while (ne != pe) {
+    pe = ne
+    ne = simplifyExpr(pe)
+  }
+  ne
+}
+
+def simplifyExpr(e: Expr): Expr = {
+  /**
+   * Apply the rewrite rules once. 
+   * Note some rules expect a canonical form produced by other rules, and hence this is more effective 
+   * when applied iteratively until a fixed point.
+   */
+  e match {
+    // normalise
+    case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
+      BinaryExpr(op, y, x)
+    case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) =>
+      BinaryExpr(BVSUB, x, ir.eval.BitVectorEval.smt_bvneg(y))
+
+    // identities
+    case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => simplifyExpr(body)
+    case ZeroExtend(0, body)                                                             => simplifyExpr(body)
+    case SignExtend(0, body)                                                             => simplifyExpr(body)
+    case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => simplifyExpr(body)
+    case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => simplifyExpr(body)
+    case Repeat(1, body)                                                                 => simplifyExpr(body)
+    case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => simplifyExpr(body)
+    case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => simplifyExpr(body)
+    case BinaryExpr(BVXOR, l, r) if l == r =>
+      e.getType match {
+        case BitVecType(sz) => BitVecLiteral(0, sz)
+        case _ => throw Exception("Type error (should be unreachable)")
+      }
+    // double negation
+    case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => simplifyExpr(body)
+    case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => simplifyExpr(body)
+    case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => simplifyExpr(body)
+
+    // compose slices
+    case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 - be2, be1 + be2, simplifyExpr(body))
+
+    // (comp (comp x y) 1) = (comp x y)
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => simplifyExpr(body)
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, simplifyExpr(body))
+    case BinaryExpr(
+          BVEQ,
+          BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
+          BitVecLiteral(1, 1)
+        ) =>
+      BinaryExpr(BVEQ, simplifyExpr(body), BitVecLiteral(0, 1))
+
+    // constant folding
+    // const + (expr + const) -> expr + (const + const)
+    case BinaryExpr(BVADD, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
+    case BinaryExpr(BVSUB, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), simplifyExpr(body))
+    case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), simplifyExpr(body))
+    case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), simplifyExpr(body))
+    case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), simplifyExpr(body))
+    case r => r
+  }
+}
+
+
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
new file mode 100644
index 000000000..05defc0df
--- /dev/null
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -0,0 +1,229 @@
+package ir.transforms
+
+import util.Logger
+import ir.cilvisitor.*
+import ir.*
+import scala.collection.mutable
+import analysis._
+
+object DynamicSingleAssignment {
+
+  def applyTransform(program: Program) = {
+
+    case class DSARes(renames: Map[Variable, Int] = Map().withDefaultValue(-1)) // -1 means no rename
+
+    def addIndex(v: Variable, idx: Int) = {
+      if (idx != -1) {
+        v match {
+          case Register(n, sz) => Register(n + "_" + idx, sz)
+          case LocalVar(n, t)  => LocalVar(n + "_" + idx, t)
+        }
+      } else {
+        v
+      }
+    }
+
+    class StmtRenamer(renamesL: Map[Variable, Int] = Map(), renames: Map[Variable, Int] = Map()) extends CILVisitor {
+      override def vrvar(v: Variable) = v match {
+        case v if renames.contains(v) && renames(v) != -1 => ChangeTo(addIndex(v, renames(v)))
+        case _                                            => DoChildren()
+      }
+
+      override def vlvar(v: Variable) = v match {
+        case v if renamesL.contains(v) && renamesL(v) != -1 => ChangeTo(addIndex(v, renamesL(v)))
+        case _                                              => DoChildren()
+      }
+    }
+
+    def appendAssign(b: Block, s: Assign) = {
+      // maintain call end of lock invariant
+      if (b.statements.size > 0 && b.statements.last.isInstanceOf[Call]) {
+        b.statements.insertBefore(b.statements.last, s)
+      } else {
+        b.statements.append(s)
+      }
+    }
+
+    def njoin(st: Map[Block, DSARes], blocks: Iterable[Block] /* incoming blocks */) = {
+      require(blocks.size >= 2)
+      val rs = blocks.map(st(_))
+      val allRenamedVars = rs.flatMap(_.renames.keySet)
+      val renames = allRenamedVars.map {
+        case v => {
+          // for branches which have different renamings of variables, we know the larger index renaming is so far unused
+          // on the branches with smaller indexes, so we add a copy to these branches renaming to the largest index
+          val maxrename = rs.map(_.renames(v)).foldLeft(-1)(Integer.max)
+          v -> maxrename
+        }
+      }.toMap
+
+      DSARes(renames.withDefaultValue(-1))
+    }
+
+    def fixJoins(
+        st: Map[Block, DSARes],
+        p: Procedure,
+        lhss: Map[Command, Map[Variable, Int]],
+        rhss: Map[Command, Map[Variable, Int]]
+    ): (Map[Command, Map[Variable, Int]], Map[Command, Map[Variable, Int]]) = {
+      /**
+       * Add copies to blocks who have two incoming blocks with different renamings present to unify the renamings into the 
+       * subsequent block. We will expect that one of the incoming branches has a reassignment equal to this blocks entry point
+       * reassignment. All other branches should have a smaller SSA index, and allow an additional copy to be added ot unify them
+       * with the larger assignment.
+       *
+       * some consideration is required when adding copies to keep the call-end-of-block invariant
+       */
+      var lhs = lhss
+      var rhs = rhss
+      for (b <- p.blocks) {
+        val incoming = b.prevBlocks
+        val all = incoming.flatMap(st(_).renames.keySet)
+        val outgoing = rhss(IRWalk.firstInBlock(b))
+
+        // fix when all incoming block renames rhs don't match the expected rename rhs
+        // by adding the appropriate copy
+        for (v <- all) {
+          val outgoingRename = outgoing(v)
+          for (b <- incoming) {
+            if (st(b).renames(v) != outgoingRename && outgoingRename != -1) {
+              b.statements.lastOption match {
+                case Some(d: DirectCall) if d.outParams.toSet.map(_._2).contains(v) => {
+                  // if there is a call on this block assigning the variable, update its outparam's ssa index
+                  lhs = lhs + (d -> (lhs.get(d).getOrElse(Map()) + (v -> st(b).renames(v))))
+                }
+                case c => {
+                  // otherwise add an assignment to the block at the end or immediately before the call, and
+                  // update the ssa index of the in-parameters to the call
+                  val assign = Assign(v, v, Some("appended"))
+                  appendAssign(b, assign)
+
+                  lhs = lhs + (assign -> (lhs.get(assign).getOrElse(Map()) + (v -> outgoingRename)))
+                  rhs = rhs + (assign -> (rhs.get(assign).getOrElse(Map()) + (v -> st(b).renames(v))))
+                  c match {
+                    case Some(call: Call) => {
+                      rhs = rhs + (call -> (rhs.get(call).getOrElse(Map()) + (v -> outgoingRename)))
+                    }
+                    case _ => ()
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+      (lhs, rhs)
+    }
+
+    def processCollect(
+        i: DSARes,
+        b: Block,
+        count: mutable.Map[Variable, Int],
+        lhs: Map[Command, Map[Variable, Int]],
+        rhs: Map[Command, Map[Variable, Int]]
+    ): (DSARes, Map[Command, Map[Variable, Int]], Map[Command, Map[Variable, Int]]) = {
+      var r = i
+      var lh = lhs
+      var rh = rhs
+      // push the renames through a block, incrementing the ssa index when we see a new assignment
+
+      for (s <- b.statements) {
+        rh = rh.updated(s, rh(s) ++ r.renames)
+        val renames: Map[Variable, Int] = s match {
+          case a: Assign => {
+            if ((lh.get(a).flatMap(_.get(a.lhs))).map(_ == -1).getOrElse(true)) {
+              count(a.lhs) = (count(a.lhs) + 1)
+              Map(a.lhs -> count(a.lhs))
+            } else {
+              Map(a.lhs -> lh(a)(a.lhs))
+            }
+          }
+          case a: DirectCall => {
+            (a.outParams
+              .map(_._2))
+              .map(l => {
+                if (lh.get(s).flatMap(_.get(l)).map(_ == -1).getOrElse(true)) {
+                  count(l) = (count(l) + 1)
+                  (l -> count(l))
+                } else {
+                  (l -> lh(s)(l))
+                }
+              })
+              .toMap
+          }
+          case _ => Map()
+        }
+        lh = lh.updated(s, lh(s) ++ renames)
+        r = r.copy(renames = r.renames ++ renames)
+      }
+      rh = rh.updated(b.jump, rh(b.jump) ++ r.renames)
+      r = r.copy(renames = r.renames ++ rh(b.jump))
+
+      (r, lh, rh)
+    }
+
+    def renameAll(b: Block, lhs: Map[Command, Map[Variable, Int]], rhs: Map[Command, Map[Variable, Int]]) = {
+      for (s <- b.statements) {
+        visit_stmt(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
+      }
+      val s = b.jump
+      visit_jump(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
+    }
+
+    def visitProc(p: Procedure) = {
+      /*
+       * visit in weak topological order, collect renames and copies of ssa variables then apply transform
+       * we need to visit loops twice to handle joins
+       */
+
+      val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+      worklist.addAll(p.blocks)
+      var seen = Set[Block]()
+      val count = mutable.Map[Variable, Int]().withDefaultValue(0)
+
+      // ssa index to rename lvars and rvars respectively
+      var lhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
+      var rhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
+
+      // the variable renaming at the end of each block
+      var st = Map[Block, DSARes]().withDefaultValue(DSARes())
+
+      while (worklist.nonEmpty) {
+        val b = worklist.dequeue
+
+        if (b.prevBlocks.forall(st.contains(_)) && !b.prevBlocks.forall(b => seen.contains(b))) {
+          worklist.addAll(b.prevBlocks)
+          worklist.enqueue(b)
+        } else {
+          val prev = if (b.prevBlocks.size > 1 && b.prevBlocks.forall(b => st.contains(b))) {
+            // if we have a (possibly incomplete) entry for the incoming blocks we join them  
+            njoin(st, b.prevBlocks)
+          } else if (b.incomingJumps.size == 1) {
+            st(b.incomingJumps.head.parent)
+          } else {
+            DSARes()
+          }
+          val (processed, nlhs, nrhs) = processCollect(prev, b, count, lhs, rhs)
+          if (st(b) != processed || nlhs != lhs || nrhs != rhs) {
+            lhs = nlhs
+            rhs = nrhs
+            worklist.addAll(b.nextBlocks)
+            st = st.updated(b, processed)
+          }
+        }
+        seen += b
+      }
+      val (lhss, rhss) = fixJoins(st, p, lhs, rhs)
+      lhs = lhss
+      rhs = rhss
+
+      for (b <- p.blocks) {
+        renameAll(b, lhs, rhs)
+      }
+
+    }
+
+    applyRPO(program)
+    program.procedures.foreach(visitProc)
+  }
+}
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index 0318aa964..efc795ecf 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -8,22 +8,14 @@ import specification.Specification
 import analysis.{TwoElement, TwoElementTop, TwoElementBottom}
 import ir.CallGraph
 
-/** Use ANR and RNA to identify procedure parameters.
-  */
-
-// procedure ->
-//  rna at beginning = in params
-//  anr at return = out parms
-
-// call : forall vars in scope if name matches formal inparams of target = actual parameters
-// return : forall vars in scope if name matches formal outparams of proc = actual outparams
-
 def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
-  val p = ctx.program
-  val anr = analysis.ANRAnalysisSolver(p, false).analyze()
-  val rna = analysis.RNAAnalysisSolver(p, false).analyze()
 
-  val liveVars = analysis.InterLiveVarsAnalysis(ctx.program).analyze()
+  val liveVars  =
+  if (ctx.program.mainProcedure.blocks.nonEmpty && ctx.program.mainProcedure.returnBlock.isDefined && ctx.program.mainProcedure.entryBlock.isDefined) {
+    analysis.InterLiveVarsAnalysis(ctx.program).analyze()
+  } else {
+    Map.empty
+  }
 
   val params = inOutParams(ctx.program, liveVars)
 
@@ -32,10 +24,10 @@ def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
     case b: Procedure if b.blocks.isEmpty => b.name
   }
 
-  val formalParams = SetFormalParams(anr, rna, params, external)
-  visit_prog(formalParams, p)
+  val formalParams = SetFormalParams(params, external)
+  visit_prog(formalParams, ctx.program)
   val actualParams = SetActualParams(formalParams.mappingInparam, formalParams.mappingOutparam, external)
-  visit_prog(actualParams, p)
+  visit_prog(actualParams, ctx.program)
 
   ctx.copy(specification = specToProcForm(ctx.specification, formalParams.mappingInparam, formalParams.mappingOutparam))
 }
@@ -94,8 +86,6 @@ def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
 }
 
 class SetFormalParams(
-    val anr: Map[CFGPosition, Set[Variable]],
-    val rna: Map[CFGPosition, Set[Variable]],
     val inoutparams: Map[Procedure, (Set[Variable], Set[Variable])],
     val externalFunctions: Set[String]
 ) extends CILVisitor {
@@ -188,7 +178,7 @@ object ReadWriteAnalysis {
             .map(addReads(s.rhs.variables))
         }
         case s: Return => {
-          ir.map(addWrites(s.outParams.flatMap(_._2.variables)))
+          ir.map(addReads(s.outParams.flatMap(_._2.variables)))
         }
         case s: MemoryAssign => {
           ir.map(addReads(s.index.variables ++ s.value.variables))
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 920a74cbe..9762e2ee7 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -16,9 +16,56 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
-def getRedundantAssignments(v: Procedure): Set[Assign] = {
+def saturateVariableDependencies(procedure: Procedure): Map[Variable, Set[Variable]] = {
+  // assuming dsa single-assigned variables are those which do not depend on themselves; variables which do not depend on themselves
+  //    x1 := y1 + z1
+  //    x2 := x1
+  //    z2 := 21
+  // x1 -> {y1, z1}
+  // x2 -> {x1, y1, z1,x2}
+  var deps = Map[Variable, Set[Variable]]().withDefaultValue(Set())
+
+  // add base facts
+  for (s <- procedure) {
+    s match {
+      case Assign(x, y, _) => {
+        deps = deps.updated(x, deps(x) ++ y.variables)
+      }
+      case d: DirectCall => {
+        val rhs = d.actualParams.toSet.flatMap(_._2.variables)
+        for (o <- d.outParams.map(_._2)) {
+          deps = deps.updated(o, deps(o) ++ rhs)
+        }
+      }
+      case _ => {}
+    }
+  }
 
-  /** Get all assign statements which define a variable never used, assuming ssa form.
+  // saturate
+  var ndeps = deps
+  while ({
+    deps = ndeps
+    for (fact <- deps) {
+      val (lhs, rhs) = fact
+      for (v <- rhs) {
+        ndeps = ndeps.updated(lhs, ndeps(lhs) ++ ndeps(v))
+      }
+    }
+    ndeps != deps
+    }) {;}
+
+  ndeps
+}
+
+def cyclicVariables(p: Procedure) : Set[Variable] = {
+  val deps = saturateVariableDependencies(p)
+  deps.filter(v => v._2.contains(v._1)).map(_._1).toSet
+}
+
+def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
+
+  /** Get all assign statements which define a variable never used, assuming ssa form and proc parameters
+   *  so that interprocedural check is not required.
     */
 
   enum VS:
@@ -38,7 +85,7 @@ def getRedundantAssignments(v: Procedure): Set[Assign] = {
 
   val assignedNotRead = mutable.Map[Variable, VS]().withDefaultValue(VS.Bot)
 
-  for (c <- v) {
+  for (c <- procedure) {
     c match {
       case a: Assign => {
         assignedNotRead(a.lhs) = joinVS(assignedNotRead(a.lhs), VS.Assigned(Set(a)))
@@ -63,9 +110,9 @@ def getRedundantAssignments(v: Procedure): Set[Assign] = {
         })
       }
       case m: Assume => {
-        m.body.variables.foreach(v => {
+        for (v <- m.body.variables) {
           assignedNotRead(v) = VS.Read
-        })
+        }
       }
       case c: DirectCall => {
         c.actualParams
@@ -90,58 +137,60 @@ def getRedundantAssignments(v: Procedure): Set[Assign] = {
     }
   }
 
-  assignedNotRead
+  val r = assignedNotRead
     .collect { case (v, VS.Assigned(d)) =>
       d
     }
     .toSet
     .flatten
+  r
 }
 
-class CleanupAssignments extends CILVisitor {
-  var redundant = Set[Assign]()
+class CleanupAssignments() extends CILVisitor {
+  var redundantAssignments = Set[Assign]()
+
+  def isRedundant(a: Assign) = {
+    redundantAssignments.contains(a)
+  }
 
   override def vproc(p: Procedure) = {
-    redundant = getRedundantAssignments(p).filter(_.rhs.loads.isEmpty)
+    redundantAssignments = getRedundantAssignments(p)
     DoChildren()
   }
 
   override def vstmt(s: Statement) = s match {
-    case a: Assign if redundant.contains(a) => ChangeTo(List())
-    case _                                  => SkipChildren()
+    case a: Assign if isRedundant(a) => ChangeTo(List())
+    case _                           => SkipChildren()
   }
 
 }
 
-def doCopyPropTransform(
-    p: Program,
-    reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
-) = {
-
+def doCopyPropTransform(p: Program) = {
   var runs = 0
   var rerun = true
+  applyRPO(p)
   while (runs < 5) {
-    val rds2 = ReachingDefinitionsAnalysisSolver(p)
-    val reachingDefs = rds2.analyze()
-    val d = ConstCopyProp()
-    applyRPO(p)
+    val nonConstVars = p.procedures.map(p => p -> cyclicVariables(p)).toMap
+    val d = ConstCopyProp(nonConstVars)
 
-    // Logger.info(s"Simp run $runs")
     runs += 1
     val solver = worklistSolver(d)
     val result = solver.solveProg(p, Set(), Set())
 
-    for ((p, xf) <- result) {
-      val vis = Simplify(xf)
-      visit_proc(vis, p)
-      rerun = vis.madeAnyChange
+    while (rerun) {
+      rerun = false
+      for ((p, xf) <- result) {
+        val vis = Simplify(xf.withDefaultValue(CCP(Map(), Map()))) 
+        visit_proc(vis, p)
+        rerun = rerun || vis.madeAnyChange
+      }
     }
   }
 
   // cleanup
-  // visit_prog(CleanupAssignments(), p)
+  visit_prog(CleanupAssignments(), p)
   val toremove = p.collect {
-    case b:Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
+    case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
   }
   for (b <- toremove) {
     val p = b.prevBlocks.head
@@ -183,9 +232,9 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       p: Program,
       widenpoints: Set[Block], // set of loop heads
       narrowpoints: Set[Block] // set of conditions
-  ): Map[Procedure, L] = {
+  ): Map[Procedure, Map[Block, L]] = {
     val initDom = p.procedures.map(p =>
-      (p, p.blocks.filter(x => (x.nextBlocks.size > 1 || x.prevBlocks.size > 1) && x.rpoOrder != -1))
+      (p, p.blocks)
     )
 
     initDom.map(d => (d._1, solve(d._2, Set(), Set()))).toMap
@@ -195,7 +244,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       initial: IterableOnce[Block],
       widenpoints: Set[Block], // set of loop heads
       narrowpoints: Set[Block] // set of conditions
-  ): L = {
+  ):  Map[Block, L] = {
     val saved: mutable.HashMap[Block, L] = mutable.HashMap()
     val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
     worklist.addAll(initial)
@@ -204,10 +253,6 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
     while (worklist.nonEmpty) {
       val b = worklist.dequeue
 
-      if (b.label == "lmain_goto_l00000321") {
-        // println(s"$b\n  prevs : ${b.prevBlocks.map(c => saved.get(c))}")
-      }
-
       while (worklist.nonEmpty && (worklist.head.rpoOrder >= b.rpoOrder)) do {
         // drop rest of blocks with same priority
         val m = worklist.dequeue()
@@ -227,18 +272,25 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       }
 
       x = b.prevBlocks.flatMap(ib => saved.get(ib).toList).foldLeft(x)(domain.join)
+      saved(b) = x
       val todo = bs(b)
       val lastBlock = todo.last
 
-      def xf_block(x: L, b: Block) = b.statements.foldLeft(x)(domain.transfer)
-      var nx = todo.foldLeft(x)(xf_block)
+      def xf_block(x: L, b: Block) = {
+        saved(b) = b.statements.foldLeft(x)(domain.transfer)
+        saved(b)
+      }
+      var nx = todo.foldLeft(x)((x, b) => {
+        saved(b) = xf_block(x, b)
+        saved(b)
+      })
       saved(lastBlock) = nx
       if (nx != x) then {
         worklist.addAll(lastBlock.nextBlocks)
       }
       x = nx
     }
-    x
+    saved.toMap
   }
 }
 
@@ -250,55 +302,55 @@ case class CCP(
     val exprs: Map[Variable, CopyProp]
 )
 
-class ConstCopyProp() extends AbstractDomain[CCP] {
-
+class ConstCopyProp(cyclicVariables: Map[Procedure, Set[Variable]]) extends AbstractDomain[CCP] {
   private final val callClobbers = (0 to 30).map("R" + _).map(c => Register(c, 64))
 
   def top: CCP = CCP(Map(), Map())
   def bot: CCP = CCP(Map(), Map())
 
   override def join(l: CCP, r: CCP): CCP = {
+    val const = l.constants.keySet.intersect(r.constants.keySet)
+    val exprs = l.exprs.keySet.intersect(r.exprs.keySet)
     CCP(
-      (l.constants ++ r.constants)
-        .removedAll(l.constants.keySet.intersect(r.constants.keySet).filterNot(k => l.constants(k) == r.constants(k))),
-      (l.exprs ++ r.exprs).removedAll(l.exprs.keySet.intersect(r.exprs.keySet).filterNot(k => l.exprs(k) == r.exprs(k)))
+      const.collect {
+        case k if (l.constants(k) == r.constants(k)) => k -> l.constants(k)
+      }.toMap,
+      exprs.collect {
+        case k if (l.exprs(k) == r.exprs(k)) => k -> l.exprs(k)
+      }.toMap
     )
   }
 
   override def transfer(c: CCP, s: Statement): CCP = {
     s match {
       case m: MemoryAssign => {
-        c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
+        // c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
+        c
       }
       case Assign(l, r, lb) => {
         var p = c
-        val evaled = exprSimp(
-          eval.partialEvalExpr(
-            exprSimp(r),
+        val evaled = eval.partialEvalExpr(
+            eval.simplifyExprFixpoint(r),
             v => p.constants.get(v)
           )
-        )
         val rhsDeps = evaled.variables
 
         p = evaled match {
-          case lit: Literal => p.copy(constants = p.constants.updated(l, lit))
-          case e: Expr => p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(e, e.variables)))
+          case lit: Literal => p.copy(constants = p.constants.updated(l, lit), exprs = p.exprs.removed(l))
+          case e: Expr if e.loads.isEmpty && !e.variables.contains(l) && !(cyclicVariables(s.parent.parent).contains(l)) =>
+            p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(e, e.variables)))
+          case _ => p.copy(constants = p.constants.removed(l), exprs = p.exprs.removed(l))
         }
 
-        if (r.loads.nonEmpty) {
-          // don't re-order loads
-          p = p.copy(exprs = p.exprs.filter((k, v) => v.expr.loads.isEmpty))
-        }
         // remove candidates whose value changes due to this update
-        // without an SSA form in the output, we can't propagate assignments such that R0_1 := f(R0_0)
-        //  or; only replace such that all uses are copyproped, the dead definition is removed
         p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.name == l.name)))
 
         p
       }
       case x: DirectCall => {
         val lhs = x.outParams.map(_._2)
-        lhs.foldLeft(c)((c, l) => c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
+        lhs.foldLeft(c)((c, l) =>
+          c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
         )
       }
       case x: IndirectCall => {
@@ -313,505 +365,16 @@ class ConstCopyProp() extends AbstractDomain[CCP] {
 }
 
 
-def exprSimp(e: Expr): Expr = {
-
-  val assocOps: Set[BinOp] =
-    Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
-
-  def simpOne(e: Expr): Expr = {
-    e match {
-      // normalise
-      case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) => BinaryExpr(op, y, x)
-      case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) => BinaryExpr(BVSUB, x, ir.eval.BitVectorEval.smt_bvneg(y))
-
-      // identities
-      case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => exprSimp(body)
-      case ZeroExtend(0, body)                                                             => exprSimp(body)
-      case SignExtend(0, body)                                                             => exprSimp(body)
-      case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => exprSimp(body)
-      case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => exprSimp(body)
-      case Repeat(1, body)                                                                 => exprSimp(body)
-      case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => exprSimp(body)
-      case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => exprSimp(body)
-      case BinaryExpr(BVXOR, l, r) if l == r =>
-        e.getType match {
-          case BitVecType(sz) => BitVecLiteral(0, sz)
-        }
-      // double negation
-      case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => exprSimp(body)
-      case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => exprSimp(body)
-      case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => exprSimp(body)
-
-      // compose slices
-      case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 - be2, be1 + be2, exprSimp(body))
-
-      // (comp (comp x y) 1) = (comp x y)
-      case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => exprSimp(body)
-      case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, exprSimp(body))
-      case BinaryExpr(
-            BVEQ,
-            BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
-            BitVecLiteral(1, 1)
-          ) =>
-        BinaryExpr(BVEQ, exprSimp(body), BitVecLiteral(0, 1))
-
-      // constant folding
-      // const + (e + const) -> (const + const) + e
-      case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
-        BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), exprSimp(body))
-      case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
-        BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), exprSimp(body))
-      case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
-        BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), exprSimp(body))
-      case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
-        BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), exprSimp(body))
-      case r => r
-    }
-  }
-
-  var pe = e
-  var ne = simpOne(pe)
-  while (ne != pe) {
-    pe = ne
-    ne = simpOne(pe)
-  }
-  ne
-}
-
-object SSARename:
-
-// TODO: remove assigned and unread variables
-// TODO: Make procedure calls and returns assignments of all registers so they can become global and be ssa,
-//  and returned variables are not unread, and there is a clear modifies set across calls
-
-  def concretiseSSA(
-      p: Program,
-      reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
-  ) = {
-    println("SSA conc ")
-    //  println(reachingDefs)
-    val c = SSACollect(p, reachingDefs)
-    c.initial()
-    visit_prog(c, p)
-    // println(c.names)
-    val rn = SSARename(p, c.names, reachingDefs)
-    visit_prog(rn, p)
-  }
-
-  class SSARename(
-      p: Program,
-      renames: mutable.HashMap[Assign, Int],
-      reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
-  ) extends CILVisitor {
-    var statement: Command = null
-
-    override def vrvar(v: Variable) = {
-      val assigns = statement match {
-        case a: Assign => getUse(v, statement, reachingDefs)
-        case _         => getDefinition(v, statement, reachingDefs)
-      }
-      assigns.headOption.map(doRename(v, _)) match {
-        case Some(nv) => ChangeTo(nv)
-        case None     => SkipChildren()
-      }
-    }
-
-    def doRename(v: Variable, definition: Assign): Variable = {
-      renames.get(definition) match {
-        case Some(idx) => {
-          v match {
-            case Register(n, sz) => Register(n + "_" + idx, sz)
-            case LocalVar(n, t)  => LocalVar(n + "_" + idx, t)
-          }
-        }
-        case None => v
-      }
-    }
-
-    override def vjump(s: Jump) = {
-      statement = s
-      DoChildren()
-    }
-
-    override def vstmt(s: Statement) = {
-      statement = s
-      s match {
-        case a @ Assign(l, r, _) => {
-          a.lhs = doRename(l, a)
-          DoChildren()
-        }
-        case a: DirectCall => {
-          // TODO: not handled
-          // a.outParams = a.outParams.map(p => (p._1, doRename(p._2, a)
-          DoChildren()
-        }
-        case _ => DoChildren()
-      }
-    }
-  }
-
-  def concretiseDSASinglePass(program: Program) = {
-
-    applyRPO(program)
-    case class DSARes(renames: Map[Variable, Int] = Map().withDefaultValue(-1)) // -1 means no rename
-
-    def addIndex(v: Variable, idx: Int) = {
-      if (idx != -1) {
-        v match {
-          case Register(n, sz) => Register(n + "_" + idx, sz)
-          case LocalVar(n, t)  => LocalVar(n + "_" + idx, t)
-        }
-      } else {
-        v
-      }
-    }
-
-    class StmtRenamer(renamesL: Map[Variable, Int] = Map(), renames: Map[Variable, Int] = Map()) extends CILVisitor {
-      override def vrvar(v: Variable) = v match {
-        case v if renames.contains(v) && renames(v) != -1 => ChangeTo(addIndex(v, renames(v)))
-        case _                                            => DoChildren()
-      }
-
-      override def vlvar(v: Variable) = v match {
-        case v if renamesL.contains(v) && renamesL(v) != -1 => ChangeTo(addIndex(v, renamesL(v)))
-        case _                                              => DoChildren()
-      }
-    }
-
-    def appendAssign(b: Block, s: Assign) = {
-      // maintain call end of lock invariant
-      if (b.statements.size > 0 && b.statements.last.isInstanceOf[Call]) {
-        b.statements.insertBefore(b.statements.last, s)
-      } else {
-        b.statements.append(s)
-      }
-    }
-
-    def njoin(
-        st: Map[Block, DSARes],
-        blocks: Iterable[Block],
-        assignsAdd: mutable.Map[Block, Map[Int, Int]],
-        count: mutable.Map[Variable, Int],
-        lhss: Map[Command, Map[Variable, Int]],
-        rhss: Map[Command, Map[Variable, Int]]
-    ) = {
-      var lhs = lhss
-      var rhs = rhss
-      var assignsappended: Map[Block, Map[Variable, Assign]] = Map().withDefaultValue(Map())
-      require(blocks.size >= 2)
-      val rs = blocks.map(st(_))
-      val all = rs.flatMap(_.renames.keySet)
-      val renames = all.collect {
-        case v if rs.forall(rl => rs.foldLeft(true)((b, rr) => b && (rl.renames(v) == rr.renames(v)))) => {
-          // all renames equal for this variable v
-          v -> rs.head.renames(v)
-        }
-        case v => {
-          // for branches which have different renamings of variables, we know the larger index renaming is so far unused
-          // on the branches with smaller indexes, so we add a copy to these branches renaming to the largest index
-          val maxrename = rs.map(_.renames(v)).foldLeft(-1)(Integer.max)
-          for (b <- blocks) {
-            if (st(b).renames(v) != maxrename && st(b).renames(v) != -1 && maxrename != -1) {
-              // if there is a call on this block assigning the variable, update its outparam's ssa index
-              // otherwise add an assignment to the block at the end or immediately before the call, and
-              // update the ssa index of the in-parameters to the call
-              b.statements.lastOption match {
-                case Some(d: DirectCall) if d.outParams.toSet.map(_._2).contains(v) => {
-                  rhs = rhs + (d -> (rhs.get(d).getOrElse(Map()) + (v -> st(b).renames(v))))
-                }
-                case c => {
-                  val assign = assignsappended(b).get(v).getOrElse(Assign(v, v))
-                  assignsappended = assignsappended + (b -> (assignsappended(b) + (v -> assign)))
-                  lhs = lhs + (assign -> (lhs.get(assign).getOrElse(Map()) + (v -> maxrename)))
-                  rhs = rhs + (assign -> (rhs.get(assign).getOrElse(Map()) + (v -> st(b).renames(v))))
-                  c match {
-                    case Some(call) => {
-                      rhs = rhs + (call -> (rhs.get(call).getOrElse(Map()) + (v -> maxrename)))
-                    }
-                    case _ => ()
-                  }
-                }
-              }
-            }
-          }
-          v -> maxrename
-        }
-      }.toMap
-
-      (DSARes(renames.withDefaultValue(-1)), lhs, rhs, assignsappended)
-    }
-
-    def join(
-        st: Map[Block, DSARes],
-        a: Block,
-        b: Block,
-        assignsAdd: mutable.Map[Block, Map[Int, Int]],
-        count: mutable.Map[Variable, Int]
-    ) = {
-      val l = st(a)
-      val r = st(b)
-
-      val all = l.renames.keySet ++ r.renames.keySet
-      val renames = all.collect {
-        case v if (l.renames(v) != r.renames(v)) => {
-          assignsAdd(a) = assignsAdd(a) + (l.renames(v) -> (count(v) + 1))
-          assignsAdd(b) = assignsAdd(b) + (r.renames(v) -> (count(v) + 1))
-          count(v) += 1
-          v -> count(v)
-        }
-        case v /* if (l.renames(v) == r.renames(v)) */ => v -> l.renames(v)
-      }.toMap
-
-      DSARes(renames)
-    }
-
-    def processCollect(
-        i: DSARes,
-        b: Block,
-        count: mutable.Map[Variable, Int],
-        lhs: Map[Command, Map[Variable, Int]],
-        rhs: Map[Command, Map[Variable, Int]]
-    ): (DSARes, Map[Command, Map[Variable, Int]], Map[Command, Map[Variable, Int]]) = {
-      var r = i
-      var lh = lhs
-      var rh = rhs
-
-      for (s <- b.statements) {
-        rh = rh.updated(s, rh(s) ++ r.renames)
-        val renames: Map[Variable, Int] = s match {
-          case a: Assign if (lh.get(a).flatMap(_.get(a.lhs))).map(_ == -1).getOrElse(true) => {
-            count(a.lhs) = count(a.lhs) + 1
-            Map(a.lhs -> count(a.lhs))
-          }
-          case a: DirectCall => {
-            var nnr = mutable.Map[Variable, Int]()
-            for (l <- a.outParams.map(_._2)) {
-              if (lh.get(s).flatMap(_.get(l)).map(_ == -1).getOrElse(true)) {
-                count(l) = count(l) + 1
-                nnr += (l -> count(l))
-              }
-            }
-            nnr.toMap
-          }
-          case _ => Map()
-        }
-        lh = lh.updated(s, lh(s) ++ renames)
-        r = r.copy(renames = r.renames ++ rh(s) ++ lh(s) ++ renames)
-      }
-      r = r.copy(renames = r.renames ++ rh(b.jump))
-
-      (r, lh, rh + (b.jump -> r.renames))
-    }
-
-    def renameAll(b: Block, lhs: Map[Command, Map[Variable, Int]], rhs: Map[Command, Map[Variable, Int]]) = {
-      //println(s"${b.label}")
-      for (s <- b.statements) {
-        s match {
-          case d: DirectCall => {
-            //println(s"$s --- ${lhs.get(s)} ${rhs.get(s)}")
-          }
-          case _ => ()
-        }
-        visit_stmt(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
-      }
-      val s = b.jump
-      visit_jump(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
-    }
-
-    def process(
-        i: DSARes,
-        b: Block,
-        count: mutable.Map[Variable, Int]
-    ): DSARes = {
-      var r = i
-      for (s <- b.statements) {
-        val renames: Map[Variable, Int] = s match {
-          case a: Assign => {
-            count(a.lhs) = count(a.lhs) + 1
-            Map(a.lhs -> count(a.lhs))
-          }
-          case a: DirectCall => {
-            var nnr = mutable.Map[Variable, Int]()
-            for (l <- a.outParams.map(_._2)) {
-              count(l) = count(l) + 1
-              nnr += (l -> count(l))
-              // nnr.copy(renames = nnr.renames + (l -> count(l)))
-            }
-            nnr.toMap
-          }
-          case _ => Map()
-        }
-        visit_stmt(StmtRenamer(renames, r.renames), s)
-        r = r.copy(renames = r.renames ++ renames)
-      }
-      visit_jump(StmtRenamer(Map(), r.renames), b.jump)
-      r
-    }
-
-    def visitProc(p: Procedure) = {
-      /*
-       * visit once in weak topological order, collect renames and copies of ssa variables
-       * we need to visit loops twice
-       */
-
-      // val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
-      val worklist = mutable.Stack[Block]()
-      worklist.pushAll(p.entryBlock)
-      var seen = Set[Block]()
-      val assignsAdd = mutable.Map[Block, Map[Int, Int]]()
-      val count = mutable.Map[Variable, Int]().withDefaultValue(0)
-      var lhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
-      var rhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
-
-      // val stmtRenames = mutable.Map[Command, Map[Variable, Int]]()
-
-      var st = Map[Block, DSARes]().withDefaultValue(DSARes())
-      val bprocessed = mutable.Set[Block]()
-      var assignsappended: Map[Block, Map[Variable, Assign]] = Map().withDefaultValue(Map())
-
-      while (worklist.nonEmpty) {
-        val b = worklist.pop
-
-        //println(b)
-
-        if (b.prevBlocks.forall(st.contains(_)) && !seen(b)) {
-          worklist.pushAll(b.prevBlocks)
-          worklist.push(b)
-        } else {
-          val prev = if (b.incomingJumps.size > 1 && b.prevBlocks.forall(b => st.contains(b))) {
-            val (n, llhs, rrhs, assigns) = njoin(st, b.prevBlocks, assignsAdd, count, lhs, rhs)
-            assignsappended = assignsappended ++ assigns
-            lhs = llhs
-            rhs = rrhs
-            n
-          } else if (b.incomingJumps.size == 1) {
-            st(b.incomingJumps.head.parent)
-          } else {
-            DSARes()
-          }
-          val (processed, nlhs, nrhs) = processCollect(prev, b, count, lhs, rhs)
-          if (st(b) != processed || lhs != lhs || rhs != rhs) {
-            lhs = nlhs
-            rhs = nrhs
-            //println(processed)
-            //println()
-            worklist.pushAll(b.nextBlocks)
-            st = st.updated(b, processed)
-          }
-        }
-        //println(worklist.size)
-        seen += b
-      }
-      for (b <- assignsappended) {
-        for (v <- b._2) {
-          appendAssign(b._1, v._2)
-        }
-      }
-
-      for (b <- p.blocks) {
-        renameAll(b, lhs, rhs)
-      }
-      //println(s"done ${p.name}")
-
-    }
-
-    program.procedures.foreach(visitProc)
-    //println(s"done dsa}")
-  }
-
-  class SSASimp(p: Program) extends CILVisitor {
-
-    val names = mutable.HashMap[Command, Map[Variable, Int]]()
-    val copies = mutable.Map[Block, List[Statement]]()
-
-    var count = mutable.HashMap[Variable, Int]().withDefaultValue(0)
-    var statement: Statement = null
-
-    def rename(rv: Variable, oldIndex: Int, newIndex: Int) = {
-      names.foreach(n => {
-        names(n._1) = {
-          n._2.map(v =>
-            v match {
-              case (v, i) if v == rv && i == oldIndex => (v, newIndex)
-              case o                                  => o
-            }
-          )
-        }
-      })
-    }
-
-    def initial() = {
-      // give each definition a unique index
-      for (c <- p) {
-        c match {
-          case b: Block if (b.incomingJumps.size > 1) => {}
-          case c: Command =>
-            c match {
-              case a: Assign => {
-                count(a.lhs) = count(a.lhs) + 1
-                names(a) = names(a) + (a.lhs -> count(a.lhs))
-              }
-              case a: DirectCall => {
-                for (l <- a.outParams.map(_._2)) {
-                  count(l) = count(l) + 1
-                  names(a) = names(a) + (l -> count(l))
-                }
-              }
-              case _ => ()
-            }
-          case _ => ()
-        }
-      }
-    }
-
-  }
-
-  class SSACollect(p: Program, reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])])
-      extends CILVisitor {
-    val names = mutable.HashMap[Assign, Int]()
-    var count = mutable.HashMap[Variable, Int]().withDefaultValue(0)
-    var statement: Statement = null
-
-    override def vrvar(v: Variable) = {
-      val assigns = getUse(v, statement, reachingDefs)
-      if (assigns.size > 1) {
-        count(v) = count(v) + 1
-        for (a <- assigns) {
-          names(a) = count(v)
-        }
-      }
-      DoChildren()
-    }
-
-    def initial() = {
-      // give each definition a unique index
-      for (c <- p) {
-        c match {
-          case a: Assign => {
-            count(a.lhs) = count(a.lhs) + 1
-            names(a) = count(a.lhs)
-          }
-          case _ => ()
-        }
-      }
-    }
-
-    override def vstmt(s: Statement) = {
-      statement = s
-      DoChildren()
-    }
-
-  }
-
 class Simplify(
-    val res: CCP
+    val res: Map[Block, CCP],
+    val initialBlock: Block = null,
 ) extends CILVisitor {
 
   var madeAnyChange = false
-  var statement: Statement = null
+  var block : Block =  initialBlock
 
   def simp(pe: Expr)(ne: Expr) = {
-    val simped = eval.partialEvalExpr(exprSimp(ne), x => None)
+    val simped = eval.partialEvalExpr(ir.eval.simplifyExprFixpoint(ne), x => None)
     if (pe != simped) {
       madeAnyChange = true
     }
@@ -821,18 +384,18 @@ class Simplify(
 
   override def vexpr(e: Expr) = {
     e match {
-      case v: Variable if res.constants.contains(v) => {
+      case v: Variable if res(block).constants.contains(v) => {
         madeAnyChange = true
         ChangeDoChildrenPost(
-          res.constants(v),
+          res(block).constants(v),
           simp(e)
         )
       }
-      case v: Variable if res.exprs.contains(v) => {
-        val repl = res.exprs(v)
+      case v: Variable if res(block).exprs.contains(v) => {
+        val repl = res(block).exprs(v).expr
         madeAnyChange = true
         ChangeDoChildrenPost(
-          repl.expr,
+          repl,
           simp(e)
         )
       }
@@ -840,23 +403,8 @@ class Simplify(
     }
   }
 
-  override def vstmt(s: Statement) = {
-    statement = s
-
-    s match {
-      case a @ Assign(l, r, lb) => {
-        val state = res
-        val nr = eval.partialEvalExpr(
-          r,
-          v => state.constants.get(v)
-        )
-        if (nr != r) {
-          madeAnyChange = true
-        }
-        a.rhs = nr
-        DoChildren()
-      }
-      case _ => DoChildren()
-    }
+  override def vblock(b: Block) = {
+    block = b
+    DoChildren()
   }
 }
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index 288ebbcf5..f5ee7ca1d 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -22,13 +22,13 @@ case class StaticAnalysisConfig(dumpILToPath: Option[String] = None,
                                 analysisDotPath: Option[String] = None,
                                 threadSplit: Boolean = false,
                                 summariseProcedures: Boolean = false,
-                                simplify: Boolean = false
                                )
 enum BoogieMemoryAccessMode:
   case SuccessiveStoreSelect, LambdaStoreSelect
 
 case class BASILConfig(loading: ILLoadingConfig,
                        runInterpret: Boolean = false,
+                       simplify: Boolean = false,
                        staticAnalysis: Option[StaticAnalysisConfig] = None,
                        boogieTranslation: BoogieGeneratorConfig = BoogieGeneratorConfig(),
                        outputPrefix: String
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index cabd2d3e9..a7994d678 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -300,38 +300,6 @@ object StaticAnalysis {
     Logger.debug("Subroutine Addresses:")
     Logger.debug(subroutines)
 
-    if (config.simplify && iteration == 1) {
-      Logger.info("[!] Running simplification")
-      writeToFile(serialiseIL(IRProgram), s"il-after-params.il")
-
-      Logger.info("Reachingdefs")
-      val rd = ReachingDefinitionsAnalysisSolver(IRProgram).analyze()
-
-      config.analysisResultsPath.foreach(s =>
-        writeToFile(printAnalysisResults(IRProgram, rd), s"${s}-reachingdefs-result$iteration.txt")
-      )
-
-      Logger.info("DSA X")
-      // transforms.SSARename.concretiseSSA(ctx.program, rd)
-      transforms.SSARename.concretiseDSASinglePass(ctx.program)
-      writeToFile(serialiseIL(IRProgram), s"il-after-ssa.il")
-
-      Logger.info("reaching defs ")
-      val rds2 = ReachingDefinitionsAnalysisSolver(IRProgram)
-      val rdr2 = rds2.analyze()
-
-      config.analysisDotPath.foreach { s =>
-        writeToFile(dotBlockGraph(IRProgram, IRProgram.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa-$iteration.dot")
-      }
-      Logger.info("copyprop ")
-      transforms.doCopyPropTransform(ctx.program, rdr2)
-      writeToFile(serialiseIL(IRProgram), s"il-after-copyprop.il")
-      Logger.info("done copyprop")
-      config.analysisDotPath.foreach { s =>
-        writeToFile(dotBlockGraph(IRProgram, IRProgram.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp-$iteration.dot")
-      }
-    }
-
 
     Logger.info("reducible loops")
     // reducible loops
@@ -548,12 +516,28 @@ object RunUtils {
     }
   }
 
+  def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
+    Logger.info("[!] Running simplification")
+    Logger.info("[!] DynamicSingleAssignment")
+    transforms.DynamicSingleAssignment.applyTransform(ctx.program)
+
+    config.foreach(_.analysisDotPath.foreach { s =>
+      writeToFile(dotBlockGraph(ctx.program, ctx.program.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa.dot")
+    })
+    writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
+
+    Logger.info("[!] CopyProp")
+    transforms.doCopyPropTransform(ctx.program)
+    writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
+
+    config.foreach(_.analysisDotPath.foreach { s =>
+      writeToFile(dotBlockGraph(ctx.program, ctx.program.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
+    })
+  }
+
   def loadAndTranslate(conf: BASILConfig): BASILResult = {
     Logger.debug("[!] Loading Program")
     var q = conf
-    if (q.staticAnalysis.map(_.simplify).getOrElse(false)) {
-      q = q.copy(loading=q.loading.copy(parameterForm=true))
-    }
 
     var ctx = IRLoading.load(q.loading)
 
@@ -567,6 +551,12 @@ object RunUtils {
     }
     assert(invariant.correctCalls(ctx.program))
 
+    if (conf.simplify) {
+      doSimplify(ctx, conf.staticAnalysis)
+    }
+
+    assert(invariant.correctCalls(ctx.program))
+
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
     val analysis = q.staticAnalysis.map(conf => staticAnalysis(conf, ctx))
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-all-analysis.il"))
diff --git a/src/test/.~lock.full-summary-nosimplify.csv# b/src/test/.~lock.full-summary-nosimplify.csv#
new file mode 100644
index 000000000..b5478a8ff
--- /dev/null
+++ b/src/test/.~lock.full-summary-nosimplify.csv#
@@ -0,0 +1 @@
+,am,ampacdell,09.10.2024 16:57,file:///home/am/.config/libreoffice/4;
\ No newline at end of file
diff --git a/src/test/.~lock.full-summary-simplify.csv# b/src/test/.~lock.full-summary-simplify.csv#
new file mode 100644
index 000000000..b5478a8ff
--- /dev/null
+++ b/src/test/.~lock.full-summary-simplify.csv#
@@ -0,0 +1 @@
+,am,ampacdell,09.10.2024 16:57,file:///home/am/.config/libreoffice/4;
\ No newline at end of file
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysis.scala
index a464d942d..f26e268b3 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysis.scala
@@ -61,7 +61,7 @@ class DifferentialTest extends AnyFunSuite {
     assert(filterEvents(traceInit.t).mkString("\n") == filterEvents(traceRes.t).mkString("\n"))
   }
 
-  def testProgram(testName: String, examplePath: String, suffix: String =".adt", staticAnalysisConfig : StaticAnalysisConfig = StaticAnalysisConfig(None, None, None)) = {
+  def testProgram(testName: String, examplePath: String, suffix: String =".adt", staticAnalysisConfig : StaticAnalysisConfig = StaticAnalysisConfig(None, None, None), simplify: Boolean = true) = {
 
     val loading = ILLoadingConfig(inputFile = examplePath + testName + suffix,
       relfFile = examplePath + testName + ".relf",
@@ -75,6 +75,11 @@ class DifferentialTest extends AnyFunSuite {
     comparectx = IRTransform.doCleanup(ictx)
     val analysisres = RunUtils.staticAnalysis(staticAnalysisConfig, comparectx)
 
+    if (simplify) {
+      RunUtils.doSimplify(ictx, Some(staticAnalysisConfig))
+    }
+
+
     diffTest(ictx, comparectx)
   }
 }
@@ -155,7 +160,7 @@ class DifferentialTestSimplification extends DifferentialTest {
       val variations = getSubdirectories(programPath)
       variations.foreach(variation => {
         test("analysis_differential:" + p + "/" + variation + ":BAP") {
-          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt", staticAnalysisConfig=StaticAnalysisConfig(simplify=true))
+          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt", simplify=true)
         }
         //test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
         //  testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index b915e35f3..49d971541 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -137,7 +137,7 @@ trait SystemTests extends AnyFunSuite, BASILTest {
 
     Logger.info(s"$name/$variation$testSuffix")
     val timer = PerformanceTimer(s"test $name/$variation$testSuffix")
-    runBASIL(inputPath, RELFPath, Some(specPath), BPLPath, conf.staticAnalysisConfig)
+    runBASIL(inputPath, RELFPath, Some(specPath), BPLPath, conf.staticAnalysisConfig, conf.simplify)
     val translateTime = timer.checkPoint("translate-boogie")
     Logger.info(s"$name/$variation$testSuffix DONE")
 
@@ -205,21 +205,21 @@ class ExtraSpecTests extends SystemTests {
 
 
 class NoSimplifySystemTests extends SystemTests {
-  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = true, expectVerify = true, logResults = true))
-  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = true, expectVerify = false, logResults = true))
-  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = false, expectVerify = true, logResults = true))
-  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=false)), useBAPFrontend = false, expectVerify = false, logResults = true))
+  runTests("correct", TestConfig(simplify=false, useBAPFrontend = true, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(simplify=false, useBAPFrontend = true, expectVerify = false, logResults = true))
+  runTests("correct", TestConfig(simplify=false, useBAPFrontend = false, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(simplify=false, useBAPFrontend = false, expectVerify = false, logResults = true))
   test("summary-nosimplify") {
-    summary("summary-nosimplify")
+    summary("nosimplify")
   }
 }
 class SimplifySystemTests extends SystemTests {
-  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = true, logResults = true))
-  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = true, expectVerify = false, logResults = true))
-  runTests("correct", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = true, logResults = true))
-  runTests("incorrect", TestConfig(staticAnalysisConfig = Some(StaticAnalysisConfig(simplify=true)), useBAPFrontend = false, expectVerify = false, logResults = true))
+  runTests("correct", TestConfig(simplify=true, useBAPFrontend = true, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(simplify=true, useBAPFrontend = true, expectVerify = false, logResults = true))
+  runTests("correct", TestConfig(simplify=true, useBAPFrontend = false, expectVerify = true, logResults = true))
+  runTests("incorrect", TestConfig(simplify=true, useBAPFrontend = false, expectVerify = false, logResults = true))
   test("summary-simplify") {
-    summary("summary-simplify")
+    summary("simplify")
   }
 }
 
diff --git a/src/test/scala/test_util/BASILTest.scala b/src/test/scala/test_util/BASILTest.scala
index b9003ade4..240d9a661 100644
--- a/src/test/scala/test_util/BASILTest.scala
+++ b/src/test/scala/test_util/BASILTest.scala
@@ -13,11 +13,12 @@ case class TestConfig(boogieFlags: Seq[String] = Seq("/timeLimit:10", "/useArray
                       useBAPFrontend: Boolean,
                       expectVerify: Boolean,
                       checkExpected: Boolean = false,
-                      logResults: Boolean = false
+                      logResults: Boolean = false,
+                      simplify: Boolean = false,
                      )
 
 trait BASILTest {
-  def runBASIL(inputPath: String, RELFPath: String, specPath: Option[String], BPLPath: String, staticAnalysisConf: Option[StaticAnalysisConfig]): BASILResult = {
+  def runBASIL(inputPath: String, RELFPath: String, specPath: Option[String], BPLPath: String, staticAnalysisConf: Option[StaticAnalysisConfig], simplify: Boolean=false): BASILResult = {
     val specFile = if (specPath.isDefined && File(specPath.get).exists) {
       specPath
     } else {
@@ -27,8 +28,10 @@ trait BASILTest {
       loading = ILLoadingConfig(
         inputFile = inputPath,
         relfFile = RELFPath,
-        specFile = specFile
+        specFile = specFile,
+        parameterForm = simplify,
       ),
+      simplify = simplify,
       staticAnalysis = staticAnalysisConf,
       outputPrefix = BPLPath
     )

From 495e4f2e8051e9b446b463c63b585a454199e38f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 10 Oct 2024 10:54:17 +1000
Subject: [PATCH 074/127] small fix

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 2 ++
 src/main/scala/util/RunUtils.scala        | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index f53f66d39..240648386 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -65,6 +65,8 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
     case BinaryExpr(BVSUB, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
+    case BinaryExpr(BVSUB, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVSUB, simplifyExpr(body), BinaryExpr(BVADD, l, r))
     case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), simplifyExpr(body))
     case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index a7994d678..492dc1f05 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -522,7 +522,7 @@ object RunUtils {
     transforms.DynamicSingleAssignment.applyTransform(ctx.program)
 
     config.foreach(_.analysisDotPath.foreach { s =>
-      writeToFile(dotBlockGraph(ctx.program, ctx.program.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa.dot")
+      writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa.dot")
     })
     writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
@@ -531,7 +531,7 @@ object RunUtils {
     writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
     config.foreach(_.analysisDotPath.foreach { s =>
-      writeToFile(dotBlockGraph(ctx.program, ctx.program.mainProcedure.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
+      writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
     })
   }
 

From e567f77ce1fabbfdde057a7a0836a3e712646061 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 15 Oct 2024 18:27:42 +1000
Subject: [PATCH 075/127] rewrites

---
 src/main/scala/ir/eval/ExprEval.scala     |   2 +-
 src/main/scala/ir/eval/SimplifyExpr.scala | 278 +++++++++++++++++++---
 src/main/scala/ir/transforms/Simp.scala   |   2 +-
 3 files changed, 251 insertions(+), 31 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 34b9e3b40..0ad0a55ca 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -259,6 +259,6 @@ def partialEvalExpr(
   val l = StatelessLoader[InterpreterError](variableAssignment, memory)
   State.evaluate((), statePartialEvalExpr(l)(exp)) match {
     case Right(e) => e
-    case Left(e)  => throw Exception("Unable to evaluate expr : " + e.toString)
+    case Left(e)  => throw Exception(s"Unable to evaluate expr  $exp :" + e.toString)
   }
 }
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 240648386..eda9b8488 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -14,19 +14,241 @@ def simplifyExprFixpoint(e: Expr): Expr = {
   ne
 }
 
+def conditionSimplify(e: Expr): Expr = {
+  val s = simplifyExpr(e)
+  s match {
+    case r => r
+  }
+}
+
 def simplifyExpr(e: Expr): Expr = {
-  /**
-   * Apply the rewrite rules once. 
-   * Note some rules expect a canonical form produced by other rules, and hence this is more effective 
-   * when applied iteratively until a fixed point.
-   */
-  e match {
+  // println((0 until indent).map(" ").mkString("") + e)
+
+  def bool2bv1(e: Expr) = {
+    e.getType match {
+      case BitVecType(1) => e
+      case BoolType      => UninterpretedFunction("bool2bv1", Seq(e), BitVecType(1))
+      case _             => ???
+    }
+
+  }
+
+  def isNegBV(e: Expr) = {
+    simplifyExpr(e).getType match {
+      case BitVecType(sz) => {
+        BinaryExpr(BVSLT, e, BitVecLiteral(0, sz))
+      }
+      case _ => ???
+    }
+  }
+
+  def getDisjuncts(e: Expr): List[Expr] = {
+    e match {
+      case BinaryExpr(BoolOR, l, r) => getDisjuncts(l) ++ getDisjuncts(r)
+      case e                        => List(e)
+    }
+  }
+
+  def isFalse(e: Expr): Boolean = {
+    e match {
+      case FalseLiteral                                                                                      => true
+      case BinaryExpr(BoolAND, e1, UnaryExpr(BoolNOT, e2)) if e1 == e2                                       => true
+      case BinaryExpr(BoolOR, e1, e2) if isFalse(e1) && isFalse(e2)                                          => true
+      case BinaryExpr(BoolAND, e1, e2) if isFalse(e1) || isFalse(e2)                                         => true
+      case BinaryExpr(BoolAND, BinaryExpr(BVSLT, e1, e2), BinaryExpr(BVSLT, e3, e4)) if e1 == e4 && e2 == e3 => true
+      case _                                                                                                 => false
+    }
+
+  }
+
+  def resolveAND(e1: Expr, e2: Expr): Expr = {
+    require((e1.loads.size == 0) && (e2.loads.size == 0))
+
+    (e1, e2) match {
+      case (e, UnaryExpr(BoolNOT, ep)) if e == ep => FalseLiteral
+      //case (left, right) => {
+
+      //  val ld = getDisjuncts(left)
+      //  val rd = getDisjuncts(right)
+      //  val prod = ld.flatMap(l => rd.map(r => (l, r)))
+
+      //  val rs = prod.map( p => p -> resolveAND(p._1, p._2)).filter(c => c._2 != FalseLiteral)
+      //    .map(_._1).map(c => Set(c._1, c._2)).flatten
+
+      //  if (rs.size == 0) {
+      //    FalseLiteral
+      //  } else {
+      //    rs.tail.foldLeft(rs.head)((l, r) => BinaryExpr(BoolOR, l , r))
+      //  }
+      //}
+      case (BinaryExpr(BoolOR, a, b), e) => {
+        BinaryExpr(BoolOR, resolveAND(a, e), resolveAND(b, e))
+      }
+      case (e1, e2) => BinaryExpr(BoolAND, e1, e2)
+      //case (BinaryExpr(BoolOR, a, b), BinaryExpr(BoolOR, c, d)) if (resolveAND(a, d) != FalseLiteral) && (resolveAND(b, c) == FalseLiteral) => BinaryExpr
+      //case (BinaryExpr(BoolOR, a, b), BinaryExpr(BoolOR, c, d)) if (resolveAND(a, c) != FalseLiteral) && (resolveAND(c, d) == FalseLiteral) => BinaryExpr(BoolOR, a, c)
+    }
+  }
+
+  val e2 = ir.eval.partialEvalExpr(e, (v) => None)
+
+  /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
+    * more effective when applied iteratively until a fixed point.
+    */
+  val simped = e2 match {
+    // constant folding
+    // const + (expr + const) -> expr + (const + const)
+    case BinaryExpr(BVADD, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
+    case BinaryExpr(BVSUB, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
+    case BinaryExpr(BVSUB, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVSUB, simplifyExpr(body), BinaryExpr(BVADD, l, r))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), simplifyExpr(body))
+    case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), simplifyExpr(body))
+    case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), simplifyExpr(body))
+    case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), simplifyExpr(body))
     // normalise
+    // make all comparisons positive so double negatives can be cleaned up
+    case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, simplifyExpr(x), simplifyExpr(y)), BitVecLiteral(1, 1)))
+    case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(l), BitVecLiteral(1, 1)))
+    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
+      BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2))
+    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2)))
+    case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2)))
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
-      BinaryExpr(op, y, x)
-    case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) =>
-      BinaryExpr(BVSUB, x, ir.eval.BitVectorEval.smt_bvneg(y))
+      BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
+
+    case BinaryExpr(
+          BVAND,
+          UninterpretedFunction("bool2bvan1", Seq(l), _),
+          UninterpretedFunction("bool2bvan1", Seq(r), _)
+        ) => {
+      BinaryExpr(BoolAND, l, r)
+    }
+    //case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) =>
+    //  BinaryExpr(BVSUB, simplifyExpr(x), ir.eval.BitVectorEval.smt_bvneg(y))
+
+    case BinaryExpr(BoolAND, x, TrueLiteral)  => x
+    case BinaryExpr(BoolAND, x, FalseLiteral) => FalseLiteral
+    case BinaryExpr(BoolOR, x, FalseLiteral)  => x
+    case BinaryExpr(BoolOR, x, TrueLiteral)   => TrueLiteral
+
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s))
+        if ir.eval.BitVectorEval.isNegative(y) =>
+      BinaryExpr(BVEQ, x, y)
 
+    // lift comparison
+    // bvsub32(R8_9[32:0], 2bv32) == 0bv32
+    // ZF check
+    case BinaryExpr(BVEQ, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
+       BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2))
+    case BinaryExpr(BVCOMP, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
+      BinaryExpr(BVCOMP, simplifyExpr(e1), simplifyExpr(e2))
+    // NF check on expr
+    case Extract(upper, lower, b)
+        if (b.getType.isInstanceOf[BitVecType]) && (upper == (lower + 1)) && (upper == b.getType
+          .asInstanceOf[BitVecType]
+          .size) => {
+      bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, b.getType.asInstanceOf[BitVecType].size)))
+    }
+    case BinaryExpr(BVSLT, BinaryExpr(BVSUB, a, b), BitVecLiteral(0, sz)) => BinaryExpr(BVSLT, a, b)
+    case BinaryExpr(BVSLT, BinaryExpr(BVADD, a, b: BitVecLiteral), BitVecLiteral(0, sz)) =>
+      BinaryExpr(BVSLT, a, UnaryExpr(BVNEG, b))
+    case BinaryExpr(BVULT, BinaryExpr(BVSUB, a, b), BitVecLiteral(0, sz)) => BinaryExpr(BVULT, a, b)
+
+    case BinaryExpr(BVULT, BinaryExpr(BVADD, a, b: BitVecLiteral), c: BitVecLiteral) =>
+      BinaryExpr(BVULT, a, BinaryExpr(BVADD, c, UnaryExpr(BVNEG, b)))
+    case BinaryExpr(BVSLT, BinaryExpr(BVADD, a, b: BitVecLiteral), c: BitVecLiteral) =>
+      BinaryExpr(BVSLT, a, BinaryExpr(BVADD, c, UnaryExpr(BVNEG, b)))
+
+    //  VF check
+    // (bvcomp33(sign_extend1_32(bvsub32(R0_45[32:0], 1000bv32)), bvsub33(sign_extend1_32(R0_45[32:0]), 1000bv33)))
+    case UnaryExpr(
+          BoolNOT,
+          BinaryExpr(
+            BVEQ,
+            SignExtend(1, orig @ BinaryExpr(BVADD, x1, y1)),
+            compar @ BinaryExpr(BVADD, xx, yy)
+          )
+        ) if (simplifyExpr(SignExtend(1, x1)) == xx) && (simplifyExpr(SignExtend(1, y1)) == yy) => {
+      val osz = orig.getType match {
+        case BitVecType(sz) => sz
+        case _              => ???
+      }
+      UninterpretedFunction("overflow", Seq(orig), BoolType)
+      // BinaryExpr(
+      //BoolOR,
+      //  UnaryExpr(BoolNOT, BinaryExpr(BVULT, compar, BitVecLiteral(BigInt(2).pow(osz / 2 - 1), osz + 1))),
+      //  BinaryExpr(BVULT, compar, UnaryExpr(BVNEG, BitVecLiteral(BigInt(2).pow(osz / 2 - 1), osz + 1)))
+      // )
+    }
+
+    // VF check
+    //(bvcomp33(sign_extend1_32(bvsub32(R0_45[32:0], 1000bv32)), bvsub33(sign_extend1_32(R0_45[32:0]), 1000bv33)))
+    //case UnaryExpr(
+    //      BoolNOT,
+    //      BinaryExpr(
+    //        BVEQ,
+    //        SignExtend(1, BinaryExpr(BVADD, x1, y1)),
+    //        BinaryExpr(BVADD, xx, yy)
+    //      )
+    //    ) if (simplifyExpr(SignExtend(1, x1)) == xx) && (simplifyExpr(SignExtend(1, y1)) == yy) => {
+    //  val r = BinaryExpr(
+    //      BoolOR,
+    //      BinaryExpr(BoolAND, isNegBV(BinaryExpr(BVADD, x1, y1)), BinaryExpr(BoolAND, isNegBV(x1), isNegBV(y1))),
+    //      BinaryExpr(
+    //        BoolAND,
+    //        UnaryExpr(BoolNOT, isNegBV(BinaryExpr(BVADD, x1, y1))),
+    //        BinaryExpr(BoolAND, UnaryExpr(BoolNOT, isNegBV(x1)), UnaryExpr(BoolNOT, isNegBV(y1)))
+    //      )
+    //    )
+    //  r
+    //}
+    case BinaryExpr(
+          BVAND,
+          UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
+          UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
+        ) =>
+      bool2bv1(BinaryExpr(BoolAND, l, r))
+    case BinaryExpr(
+          BVCOMP,
+          UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
+          UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
+        ) =>
+      bool2bv1(BinaryExpr(BoolEQ, l, r))
+    case BinaryExpr(BVSLT, BinaryExpr(BVADD, x, const: BitVecLiteral), y) => {
+      BinaryExpr(BVSLT, x, BinaryExpr(BVSUB, y, const))
+    }
+
+    // tighten bounds
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, z, y2))) if y == y2 => {
+      BinaryExpr(BVSLT, x, z)
+    }
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y), (BinaryExpr(BVULT, z, y2))) if y == y2 => {
+      BinaryExpr(BVULT, x, z)
+    }
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y), (BinaryExpr(BVULT, x2, z))) if x == x2 => {
+      simplifyExpr(BinaryExpr(BVULT, y, z)) match {
+        case TrueLiteral  => BinaryExpr(BVULT, x, y)
+        case FalseLiteral => BinaryExpr(BVULT, x, z)
+        case _            => e
+      }
+    }
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, x2, z))) if x == x2 => {
+      simplifyExpr(BinaryExpr(BVSLT, y, z)) match {
+        case TrueLiteral  => BinaryExpr(BVSLT, x, y)
+        case FalseLiteral => BinaryExpr(BVSLT, x, z)
+        case _            => e
+      }
+    }
     // identities
     case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => simplifyExpr(body)
     case ZeroExtend(0, body)                                                             => simplifyExpr(body)
@@ -39,19 +261,23 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(BVXOR, l, r) if l == r =>
       e.getType match {
         case BitVecType(sz) => BitVecLiteral(0, sz)
-        case _ => throw Exception("Type error (should be unreachable)")
+        case _              => throw Exception("Type error (should be unreachable)")
       }
     // double negation
     case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => simplifyExpr(body)
     case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => simplifyExpr(body)
     case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => simplifyExpr(body)
 
+    // syntactic equality
+    case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => a
+
     // compose slices
     case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 - be2, be1 + be2, simplifyExpr(body))
 
     // (comp (comp x y) 1) = (comp x y)
     case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => simplifyExpr(body)
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, simplifyExpr(body))
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
+      UnaryExpr(BVNOT, simplifyExpr(body))
     case BinaryExpr(
           BVEQ,
           BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
@@ -59,24 +285,18 @@ def simplifyExpr(e: Expr): Expr = {
         ) =>
       BinaryExpr(BVEQ, simplifyExpr(body), BitVecLiteral(0, 1))
 
-    // constant folding
-    // const + (expr + const) -> expr + (const + const)
-    case BinaryExpr(BVADD, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
-    case BinaryExpr(BVSUB, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
-    case BinaryExpr(BVSUB, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVSUB, simplifyExpr(body), BinaryExpr(BVADD, l, r))
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), simplifyExpr(body))
-    case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), simplifyExpr(body))
-    case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), simplifyExpr(body))
-    case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), simplifyExpr(body))
+    case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral)         => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
+    case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => simplifyExpr(l)
+    case BinaryExpr(BVCOMP, l, r)                             => bool2bv1(BinaryExpr(BVEQ, l, r))
+    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)), BitVecLiteral(1, 1)) => l
+    case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1))) => bool2bv1(UnaryExpr(BoolNOT, l))
+
     case r => r
   }
-}
-
 
+  if (simped != e) {
+    //println(s"old $e -> ")
+    //println(s"    $simped")
+  }
+  simped
+}
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 9762e2ee7..1cb846a5d 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -188,7 +188,7 @@ def doCopyPropTransform(p: Program) = {
   }
 
   // cleanup
-  visit_prog(CleanupAssignments(), p)
+//  visit_prog(CleanupAssignments(), p)
   val toremove = p.collect {
     case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
   }

From 5c42e92f2ac15724916f9369ee6a5b66ca60e668 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 16 Oct 2024 17:21:13 +1000
Subject: [PATCH 076/127] remove slices

---
 src/main/scala/ir/transforms/Simp.scala | 174 +++++++++++++++++++++---
 src/main/scala/util/RunUtils.scala      |   3 +
 2 files changed, 160 insertions(+), 17 deletions(-)

diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 1cb846a5d..6de45000c 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -16,6 +16,148 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
+def removeSlices(p: Program): Unit = {
+  p.procedures.foreach(removeSlices)
+}
+
+def removeSlices(p: Procedure): Unit = {
+
+  /** if for each variable v there is some i:int such that (i) all its assignments have a ZeroExtend(i, x) and (ii) all
+    * its uses have Extract(size(v) - i, 0, v) Then we replace v by a variable of bitvector size (size(v) - i)
+    *
+    * We check this flow-insensitively and recover precision using DSA form.
+    */
+
+  val assignments: Map[LocalVar, Iterable[Assign]] = p
+    .collect { case a: Assign =>
+      a
+    }
+    .groupBy(_.lhs)
+    .collect { case (k: LocalVar, v) =>
+      (k, v)
+    }
+
+  enum HighZeroBits:
+    case Bits(n: Int) // (i) and (ii) hold; the n highest bits are redundant
+    case False // property is false
+    case Bot // don't know anything
+
+  def size(e: Expr) = {
+    e.getType match {
+      case BitVecType(s) => Some(s)
+      case _             => None
+    }
+  }
+
+  case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
+
+  // unify variable uses across direct assignments
+  val ufsolver = analysis.solvers.UnionFindSolver[LVTerm]()
+  val unioned = assignments.foreach {
+    case (lv, Assign(lhs: LocalVar, rhs: LocalVar, _)) => ufsolver.unify(LVTerm(lhs), LVTerm(rhs))
+    case _                                             => ()
+  }
+
+  val unifiedAssignments = ufsolver
+    .unifications()
+    .map { case (v: LVTerm, rvs) =>
+      v.v -> (rvs.map { case LVTerm(rv) =>
+        rv
+      }).toSet
+    }
+    .map((repr: LocalVar, elems: Set[LocalVar]) =>
+      repr -> elems.flatMap(assignments(_).filter(_ match {
+        // filter out the direct assignments we used to build the unif class
+        case Assign(lhs: LocalVar, rhs: LocalVar, _) if elems.contains(lhs) && elems.contains(rhs) => false
+        case _                                                                                     => true
+      }))
+    )
+
+  // try and find a single extension size for all rhs of assignments to all variables in the assigned equality class
+  val varHighZeroBits: Map[LocalVar, HighZeroBits] = assignments.map((v, assigns) =>
+    // note: this overapproximates on x := y when x and y may both be smaller than their declared size
+    val allRHSExtended = assigns.foldLeft(HighZeroBits.Bot: HighZeroBits)((e, assign) =>
+      (e, assign.rhs) match {
+        case (HighZeroBits.Bot, ZeroExtend(i, lhs))                   => HighZeroBits.Bits(i)
+        case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i == ei => b
+        case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i != ei => HighZeroBits.False
+        case (HighZeroBits.False, _)                                  => HighZeroBits.False
+        case (_, other)                                               => HighZeroBits.False
+      }
+    )
+    (v, allRHSExtended)
+  )
+
+  val varsWithExtend: Map[LocalVar, HighZeroBits] = assignments
+    .map((lhs, _) => {
+      // map all lhs to the result for their representative
+      val rep = ufsolver.find(LVTerm(lhs)) match {
+        case LVTerm(r) => r
+      }
+      lhs -> varHighZeroBits.get(rep)
+    })
+    .collect { case (l, Some(x)) /* remove anything we have no information on */ =>
+      (l, x)
+    }
+
+  class CheckUsesHaveExtend() extends CILVisitor {
+    val result: mutable.HashMap[LocalVar, HighZeroBits] =
+      mutable.HashMap[LocalVar, HighZeroBits]()
+
+    override def vexpr(v: Expr) = {
+      v match {
+        case Extract(i, 0, v: LocalVar)
+            if size(v).isDefined && result.get(v).contains(HighZeroBits.Bits(size(v).get - i)) =>
+          SkipChildren()
+        case v: LocalVar => {
+          result.remove(v)
+          SkipChildren()
+        }
+        case _ => DoChildren()
+      }
+    }
+
+    def apply(assignHighZeroBits: Map[LocalVar, HighZeroBits])(p: Procedure): Map[LocalVar, HighZeroBits] = {
+      result.clear()
+      result.addAll(assignHighZeroBits)
+      visit_proc(this, p)
+      result.toMap
+    }
+  }
+
+  val toSmallen = CheckUsesHaveExtend()(varsWithExtend)(p).collect { case (v, HighZeroBits.Bits(x)) =>
+    v -> x
+  }.toMap
+
+  class ReplaceAlwaysSlicedVars(varHighZeroBits: Map[LocalVar, Int]) extends CILVisitor {
+
+    override def vexpr(v: Expr) = {
+      v match {
+        case Extract(i, 0, v: LocalVar) if size(v).isDefined && varHighZeroBits.contains(v) => {
+          ChangeTo(LocalVar(v.name, BitVecType(size(v).get - varHighZeroBits(v))))
+        }
+        case _ => DoChildren()
+      }
+    }
+
+    override def vstmt(s: Statement) = {
+      s match {
+        case a @ Assign(lhs: LocalVar, ZeroExtend(sz, rhs), _)
+            if size(lhs).isDefined && varHighZeroBits.contains(lhs) => {
+          assert(varHighZeroBits(lhs) == sz)
+          a.lhs = LocalVar(lhs.name, BitVecType(size(lhs).get - varHighZeroBits(lhs)))
+          a.rhs = rhs
+          DoChildren()
+        }
+        case _ => DoChildren()
+      }
+    }
+  }
+
+  visit_proc(ReplaceAlwaysSlicedVars(toSmallen), p)
+
+}
+
 def saturateVariableDependencies(procedure: Procedure): Map[Variable, Set[Variable]] = {
   // assuming dsa single-assigned variables are those which do not depend on themselves; variables which do not depend on themselves
   //    x1 := y1 + z1
@@ -52,20 +194,20 @@ def saturateVariableDependencies(procedure: Procedure): Map[Variable, Set[Variab
       }
     }
     ndeps != deps
-    }) {;}
+  }) { ; }
 
   ndeps
 }
 
-def cyclicVariables(p: Procedure) : Set[Variable] = {
+def cyclicVariables(p: Procedure): Set[Variable] = {
   val deps = saturateVariableDependencies(p)
   deps.filter(v => v._2.contains(v._1)).map(_._1).toSet
 }
 
 def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
 
-  /** Get all assign statements which define a variable never used, assuming ssa form and proc parameters
-   *  so that interprocedural check is not required.
+  /** Get all assign statements which define a variable never used, assuming ssa form and proc parameters so that
+    * interprocedural check is not required.
     */
 
   enum VS:
@@ -180,7 +322,7 @@ def doCopyPropTransform(p: Program) = {
     while (rerun) {
       rerun = false
       for ((p, xf) <- result) {
-        val vis = Simplify(xf.withDefaultValue(CCP(Map(), Map()))) 
+        val vis = Simplify(xf.withDefaultValue(CCP(Map(), Map())))
         visit_proc(vis, p)
         rerun = rerun || vis.madeAnyChange
       }
@@ -188,7 +330,7 @@ def doCopyPropTransform(p: Program) = {
   }
 
   // cleanup
-//  visit_prog(CleanupAssignments(), p)
+  visit_prog(CleanupAssignments(), p)
   val toremove = p.collect {
     case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
   }
@@ -233,9 +375,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       widenpoints: Set[Block], // set of loop heads
       narrowpoints: Set[Block] // set of conditions
   ): Map[Procedure, Map[Block, L]] = {
-    val initDom = p.procedures.map(p =>
-      (p, p.blocks)
-    )
+    val initDom = p.procedures.map(p => (p, p.blocks))
 
     initDom.map(d => (d._1, solve(d._2, Set(), Set()))).toMap
   }
@@ -244,7 +384,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       initial: IterableOnce[Block],
       widenpoints: Set[Block], // set of loop heads
       narrowpoints: Set[Block] // set of conditions
-  ):  Map[Block, L] = {
+  ): Map[Block, L] = {
     val saved: mutable.HashMap[Block, L] = mutable.HashMap()
     val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
     worklist.addAll(initial)
@@ -330,14 +470,15 @@ class ConstCopyProp(cyclicVariables: Map[Procedure, Set[Variable]]) extends Abst
       case Assign(l, r, lb) => {
         var p = c
         val evaled = eval.partialEvalExpr(
-            eval.simplifyExprFixpoint(r),
-            v => p.constants.get(v)
-          )
+          eval.simplifyExprFixpoint(r),
+          v => p.constants.get(v)
+        )
         val rhsDeps = evaled.variables
 
         p = evaled match {
           case lit: Literal => p.copy(constants = p.constants.updated(l, lit), exprs = p.exprs.removed(l))
-          case e: Expr if e.loads.isEmpty && !e.variables.contains(l) && !(cyclicVariables(s.parent.parent).contains(l)) =>
+          case e: Expr
+              if e.loads.isEmpty && !e.variables.contains(l) && !(cyclicVariables(s.parent.parent).contains(l)) =>
             p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(e, e.variables)))
           case _ => p.copy(constants = p.constants.removed(l), exprs = p.exprs.removed(l))
         }
@@ -364,14 +505,13 @@ class ConstCopyProp(cyclicVariables: Map[Procedure, Set[Variable]]) extends Abst
   }
 }
 
-
 class Simplify(
     val res: Map[Block, CCP],
-    val initialBlock: Block = null,
+    val initialBlock: Block = null
 ) extends CILVisitor {
 
   var madeAnyChange = false
-  var block : Block =  initialBlock
+  var block: Block = initialBlock
 
   def simp(pe: Expr)(ne: Expr) = {
     val simped = eval.partialEvalExpr(ir.eval.simplifyExprFixpoint(ne), x => None)
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 492dc1f05..1f452cd39 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -530,6 +530,9 @@ object RunUtils {
     transforms.doCopyPropTransform(ctx.program)
     writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
+    transforms.removeSlices(ctx.program)
+    writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
+
     config.foreach(_.analysisDotPath.foreach { s =>
       writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
     })

From 41aa3d754972b5089775375215e72573d40ca516 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 16 Oct 2024 18:22:38 +1000
Subject: [PATCH 077/127] disable bad

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 62 +++++++++++------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index eda9b8488..1884356c7 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -126,13 +126,13 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
       BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
 
-    case BinaryExpr(
-          BVAND,
-          UninterpretedFunction("bool2bvan1", Seq(l), _),
-          UninterpretedFunction("bool2bvan1", Seq(r), _)
-        ) => {
-      BinaryExpr(BoolAND, l, r)
-    }
+    //case BinaryExpr(
+    //      BVAND,
+    //      UninterpretedFunction("bool2bv1", Seq(l), _),
+    //      UninterpretedFunction("bool2bv1", Seq(r), _)
+    //    ) => {
+    //  bool2bv1(BinaryExpr(BoolAND, l, r))
+    //}
     //case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) =>
     //  BinaryExpr(BVSUB, simplifyExpr(x), ir.eval.BitVectorEval.smt_bvneg(y))
 
@@ -153,12 +153,12 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(BVCOMP, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
       BinaryExpr(BVCOMP, simplifyExpr(e1), simplifyExpr(e2))
     // NF check on expr
-    case Extract(upper, lower, b)
-        if (b.getType.isInstanceOf[BitVecType]) && (upper == (lower + 1)) && (upper == b.getType
-          .asInstanceOf[BitVecType]
-          .size) => {
-      bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, b.getType.asInstanceOf[BitVecType].size)))
-    }
+    //case Extract(upper, lower, b)
+    //    if (b.getType.isInstanceOf[BitVecType]) && (upper == (lower + 1)) && (upper == b.getType
+    //      .asInstanceOf[BitVecType]
+    //      .size) => {
+    //  bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, b.getType.asInstanceOf[BitVecType].size)))
+    //}
     case BinaryExpr(BVSLT, BinaryExpr(BVSUB, a, b), BitVecLiteral(0, sz)) => BinaryExpr(BVSLT, a, b)
     case BinaryExpr(BVSLT, BinaryExpr(BVADD, a, b: BitVecLiteral), BitVecLiteral(0, sz)) =>
       BinaryExpr(BVSLT, a, UnaryExpr(BVNEG, b))
@@ -212,21 +212,21 @@ def simplifyExpr(e: Expr): Expr = {
     //    )
     //  r
     //}
-    case BinaryExpr(
-          BVAND,
-          UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
-          UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
-        ) =>
-      bool2bv1(BinaryExpr(BoolAND, l, r))
-    case BinaryExpr(
-          BVCOMP,
-          UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
-          UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
-        ) =>
-      bool2bv1(BinaryExpr(BoolEQ, l, r))
-    case BinaryExpr(BVSLT, BinaryExpr(BVADD, x, const: BitVecLiteral), y) => {
-      BinaryExpr(BVSLT, x, BinaryExpr(BVSUB, y, const))
-    }
+    //case BinaryExpr(
+    //      BVAND,
+    //      UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
+    //      UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
+    //    ) =>
+    //  bool2bv1(BinaryExpr(BoolAND, l, r))
+    //case BinaryExpr(
+    //      BVCOMP,
+    //      UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
+    //      UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
+    //    ) =>
+    //  bool2bv1(BinaryExpr(BoolEQ, l, r))
+    //case BinaryExpr(BVSLT, BinaryExpr(BVADD, x, const: BitVecLiteral), y) => {
+    //  BinaryExpr(BVSLT, x, BinaryExpr(BVSUB, y, const))
+    //}
 
     // tighten bounds
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, z, y2))) if y == y2 => {
@@ -287,9 +287,9 @@ def simplifyExpr(e: Expr): Expr = {
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral)         => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
     case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => simplifyExpr(l)
-    case BinaryExpr(BVCOMP, l, r)                             => bool2bv1(BinaryExpr(BVEQ, l, r))
-    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)), BitVecLiteral(1, 1)) => l
-    case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1))) => bool2bv1(UnaryExpr(BoolNOT, l))
+    // case BinaryExpr(BVCOMP, l, r)                             => bool2bv1(BinaryExpr(BVEQ, l, r))
+    //case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)), BitVecLiteral(1, 1)) => l
+    //case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1))) => bool2bv1(UnaryExpr(BoolNOT, l))
 
     case r => r
   }

From 24a12e3d8fca034db5b59b231cf6f11a8acdbfa1 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 17 Oct 2024 17:42:46 +1000
Subject: [PATCH 078/127] attempt at condition lifting

---
 src/main/scala/ir/Expr.scala              |   8 +
 src/main/scala/ir/eval/SimplifyExpr.scala | 263 +++++++++++++++-------
 src/main/scala/ir/transforms/Simp.scala   |   7 -
 src/main/scala/util/RunUtils.scala        |   9 +-
 4 files changed, 191 insertions(+), 96 deletions(-)

diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index f8e541f64..c0a687a08 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -25,6 +25,14 @@ sealed trait Expr {
   def acceptVisit(visitor: Visitor): Expr = throw new Exception("visitor " + visitor + " unimplemented for: " + this)
 }
 
+
+def size(e: Expr) = {
+  e.getType match {
+    case BitVecType(s) => Some(s)
+    case _             => None
+  }
+}
+
 sealed trait Literal extends Expr {
   override def acceptVisit(visitor: Visitor): Literal = visitor.visitLiteral(this)
 }
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 1884356c7..358e58867 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -92,12 +92,37 @@ def simplifyExpr(e: Expr): Expr = {
 
   val e2 = ir.eval.partialEvalExpr(e, (v) => None)
 
+  def pushExtend(e: Expr, extend: Expr => Expr): Expr = {
+    e match {
+      case BinaryExpr(op, lhs, rhs) if size(e).isDefined =>
+        BinaryExpr(op, pushExtend(lhs, extend), pushExtend(rhs, extend))
+      case UnaryExpr(op, v) if size(e).isDefined => UnaryExpr(op, pushExtend(v, extend))
+      case l: Literal if size(l).isDefined       => extend(l)
+      case v: Variable if size(v).isDefined      => extend(v)
+      case e: Extract                            => extend(e)
+      case e: SignExtend                         => extend(e)
+      case e: ZeroExtend                         => extend(e)
+      case o                                     => o
+    }
+  }
+
+  def bvLogOpToBoolOp = Map[BinOp, BinOp](
+    // logical ops when bv1
+    BVAND -> BoolAND,
+    BVOR -> BoolOR
+    //BVCOMP -> BoolEQ
+  )
+
   /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
     * more effective when applied iteratively until a fixed point.
     */
   val simped = e2 match {
     // constant folding
     // const + (expr + const) -> expr + (const + const)
+
+    //case UnaryExpr(BVNOT, l) if size(l).isDefined && !size(l).contains(1) =>
+    //  BinaryExpr(BVSUB, UnaryExpr(BVNEG, simplifyExpr(l)), BitVecLiteral(1, size(l).get))
+
     case BinaryExpr(BVADD, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
     case BinaryExpr(BVSUB, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
@@ -112,6 +137,11 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), simplifyExpr(body))
     case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), simplifyExpr(body))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVADD, BinaryExpr(BVADD, r, l), simplifyExpr(body))
+
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral)) =>
+      BinaryExpr(BVADD, simplifyExpr(BinaryExpr(BVADD, l, r)), simplifyExpr(BinaryExpr(BVADD, lc, rc)))
     // normalise
     // make all comparisons positive so double negatives can be cleaned up
     case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
@@ -123,16 +153,49 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
       UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2)))
     case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2)))
+
+    case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
+        if !a.isInstanceOf[Literal] && !c.isInstanceOf[Literal]
+          && assocOps.contains(op) && op == op1 && op == op2 =>
+      BinaryExpr(op, BinaryExpr(op, a, c), BinaryExpr(op, b, d))
+
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
       BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
 
-    //case BinaryExpr(
-    //      BVAND,
-    //      UninterpretedFunction("bool2bv1", Seq(l), _),
-    //      UninterpretedFunction("bool2bv1", Seq(r), _)
-    //    ) => {
-    //  bool2bv1(BinaryExpr(BoolAND, l, r))
-    //}
+    /* intro bool2bv */
+    case BinaryExpr(
+          BVCOMP,
+          l,
+          r
+        ) => {
+      bool2bv1(BinaryExpr(BVEQ, l, r))
+    }
+    /* push bool2bv upwards */
+    case BinaryExpr(
+          bop,
+          UninterpretedFunction("bool2bv1", Seq(l), _),
+          UninterpretedFunction("bool2bv1", Seq(r), _)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), simplifyExpr(l), simplifyExpr(r)))
+    }
+    case BinaryExpr(
+          bop,
+          UninterpretedFunction("bool2bv1", Seq(l), _),
+          UninterpretedFunction("bool2bv1", Seq(r), _)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), simplifyExpr(l), simplifyExpr(r)))
+    }
+
+    case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(arg), BitVecType(1))) =>
+      bool2bv1(UnaryExpr(BoolNOT, simplifyExpr(arg)))
+
+    /* remove bool2bv in boolean context */
+    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(body), _), BitVecLiteral(1, 1)) => simplifyExpr(body)
+    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), _), UninterpretedFunction("bool2bv1", Seq(r), _)) =>
+      BinaryExpr(BoolEQ, simplifyExpr(l), simplifyExpr(r))
+    case UninterpretedFunction("bool2bv1", Seq(FalseLiteral), _) => BitVecLiteral(0, 1)
+    case UninterpretedFunction("bool2bv1", Seq(TrueLiteral), _)  => BitVecLiteral(1, 1)
+
     //case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) =>
     //  BinaryExpr(BVSUB, simplifyExpr(x), ir.eval.BitVectorEval.smt_bvneg(y))
 
@@ -146,89 +209,119 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(BVEQ, x, y)
 
     // lift comparison
-    // bvsub32(R8_9[32:0], 2bv32) == 0bv32
-    // ZF check
+
     case BinaryExpr(BVEQ, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
-       BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2))
+      BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2))
     case BinaryExpr(BVCOMP, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
       BinaryExpr(BVCOMP, simplifyExpr(e1), simplifyExpr(e2))
     // NF check on expr
-    //case Extract(upper, lower, b)
-    //    if (b.getType.isInstanceOf[BitVecType]) && (upper == (lower + 1)) && (upper == b.getType
-    //      .asInstanceOf[BitVecType]
-    //      .size) => {
-    //  bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, b.getType.asInstanceOf[BitVecType].size)))
-    //}
-    case BinaryExpr(BVSLT, BinaryExpr(BVSUB, a, b), BitVecLiteral(0, sz)) => BinaryExpr(BVSLT, a, b)
-    case BinaryExpr(BVSLT, BinaryExpr(BVADD, a, b: BitVecLiteral), BitVecLiteral(0, sz)) =>
-      BinaryExpr(BVSLT, a, UnaryExpr(BVNEG, b))
-    case BinaryExpr(BVULT, BinaryExpr(BVSUB, a, b), BitVecLiteral(0, sz)) => BinaryExpr(BVULT, a, b)
-
-    case BinaryExpr(BVULT, BinaryExpr(BVADD, a, b: BitVecLiteral), c: BitVecLiteral) =>
-      BinaryExpr(BVULT, a, BinaryExpr(BVADD, c, UnaryExpr(BVNEG, b)))
-    case BinaryExpr(BVSLT, BinaryExpr(BVADD, a, b: BitVecLiteral), c: BitVecLiteral) =>
-      BinaryExpr(BVSLT, a, BinaryExpr(BVADD, c, UnaryExpr(BVNEG, b)))
-
-    //  VF check
-    // (bvcomp33(sign_extend1_32(bvsub32(R0_45[32:0], 1000bv32)), bvsub33(sign_extend1_32(R0_45[32:0]), 1000bv33)))
+    case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) => {
+      bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, size(b).get)))
+    }
+
+    /** COMP FLAG HANDLING **/
+    /*
+     * We quite precisely pattern match ASLp's output for C and V, 
+     * these are computed by comparing the test to a higher-precision calculation of the test.
+     */
+    case UnaryExpr(
+          BoolNOT,
+          BinaryExpr(
+            BVEQ,
+            SignExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
+            compar @ BinaryExpr(o2, x2, y2)
+          ) // high precision op
+        )
+        if (o1 == o2) && o1 == BVADD
+          && simplifyExpr(x2) == simplifyExpr(SignExtend(exts, x1))
+          && simplifyExpr(y2) == simplifyExpr(SignExtend(exts, y1)) => {
+      // V set
+      UninterpretedFunction("SignedOverflow", Seq(orig), BoolType)
+    }
+
     case UnaryExpr(
           BoolNOT,
           BinaryExpr(
             BVEQ,
-            SignExtend(1, orig @ BinaryExpr(BVADD, x1, y1)),
-            compar @ BinaryExpr(BVADD, xx, yy)
+            SignExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
+            BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
           )
-        ) if (simplifyExpr(SignExtend(1, x1)) == xx) && (simplifyExpr(SignExtend(1, y1)) == yy) => {
-      val osz = orig.getType match {
-        case BitVecType(sz) => sz
-        case _              => ???
-      }
-      UninterpretedFunction("overflow", Seq(orig), BoolType)
-      // BinaryExpr(
-      //BoolOR,
-      //  UnaryExpr(BoolNOT, BinaryExpr(BVULT, compar, BitVecLiteral(BigInt(2).pow(osz / 2 - 1), osz + 1))),
-      //  BinaryExpr(BVULT, compar, UnaryExpr(BVNEG, BitVecLiteral(BigInt(2).pow(osz / 2 - 1), osz + 1)))
-      // )
+        )
+        if (o1 == o2) && o2 == o4 && o1 == BVADD
+          && simplifyExpr(x2) == simplifyExpr(SignExtend(exts, x1))
+          && simplifyExpr(y2) == simplifyExpr(SignExtend(exts, y1))
+          && simplifyExpr(z2) == simplifyExpr(SignExtend(exts, z1)) => {
+      // V set
+      UninterpretedFunction("SignedOverflow", Seq(orig), BoolType)
     }
 
-    // VF check
-    //(bvcomp33(sign_extend1_32(bvsub32(R0_45[32:0], 1000bv32)), bvsub33(sign_extend1_32(R0_45[32:0]), 1000bv33)))
-    //case UnaryExpr(
-    //      BoolNOT,
-    //      BinaryExpr(
-    //        BVEQ,
-    //        SignExtend(1, BinaryExpr(BVADD, x1, y1)),
-    //        BinaryExpr(BVADD, xx, yy)
-    //      )
-    //    ) if (simplifyExpr(SignExtend(1, x1)) == xx) && (simplifyExpr(SignExtend(1, y1)) == yy) => {
-    //  val r = BinaryExpr(
-    //      BoolOR,
-    //      BinaryExpr(BoolAND, isNegBV(BinaryExpr(BVADD, x1, y1)), BinaryExpr(BoolAND, isNegBV(x1), isNegBV(y1))),
-    //      BinaryExpr(
-    //        BoolAND,
-    //        UnaryExpr(BoolNOT, isNegBV(BinaryExpr(BVADD, x1, y1))),
-    //        BinaryExpr(BoolAND, UnaryExpr(BoolNOT, isNegBV(x1)), UnaryExpr(BoolNOT, isNegBV(y1)))
-    //      )
-    //    )
-    //  r
-    //}
-    //case BinaryExpr(
-    //      BVAND,
-    //      UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
-    //      UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
-    //    ) =>
-    //  bool2bv1(BinaryExpr(BoolAND, l, r))
-    //case BinaryExpr(
-    //      BVCOMP,
-    //      UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)),
-    //      UninterpretedFunction("bool2bv1", Seq(r), BitVecType(1))
-    //    ) =>
-    //  bool2bv1(BinaryExpr(BoolEQ, l, r))
-    //case BinaryExpr(BVSLT, BinaryExpr(BVADD, x, const: BitVecLiteral), y) => {
-    //  BinaryExpr(BVSLT, x, BinaryExpr(BVSUB, y, const))
-    //}
-
-    // tighten bounds
+    case UnaryExpr(
+          BoolNOT,
+          BinaryExpr(
+            BVEQ,
+            ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
+            compar @ BinaryExpr(o2, x2, y2)
+          )
+        )
+        if (o1 == o2) && o1 == BVADD
+          && simplifyExpr(x2) == simplifyExpr(ZeroExtend(exts, x1))
+          && simplifyExpr(y2) == simplifyExpr(ZeroExtend(exts, y1)) => {
+      // C Set
+      BinaryExpr(BVUGE, orig, BitVecLiteral(0, size(orig).get))
+    }
+
+    case UnaryExpr(
+          BoolNOT,
+          BinaryExpr(
+            BVEQ,
+            ZeroExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
+            BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
+          )
+        )
+        if (o1 == o2) && o2 == o4 && o1 == BVADD
+          && simplifyExpr(x2) == simplifyExpr(ZeroExtend(exts, x1))
+          && simplifyExpr(y2) == simplifyExpr(ZeroExtend(exts, y1))
+          && simplifyExpr(z2) == simplifyExpr(ZeroExtend(exts, z1)) => {
+      // C Set
+      BinaryExpr(BVUGE, orig, BitVecLiteral(0, size(orig).get))
+    }
+
+    /**
+     * https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
+     */
+    case BinaryExpr(
+          BoolEQ,
+          (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
+          UninterpretedFunction("SignedOverflow", Seq(rhs), BoolType)
+        ) if simplifyExpr(lhs) == simplifyExpr(rhs) => {
+      BinaryExpr(BVSGE, lhs, BitVecLiteral(0, size(lhs).get))
+    }
+
+    // x >= 0 && x != 0 ===> x > 0
+    case BinaryExpr(BoolAND, BinaryExpr(BVSGE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
+        if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) => {
+      BinaryExpr(BVSGT, lhs, BitVecLiteral(0, size(lhs).get))
+    }
+
+    // x <= 0 && x != 0 ===> x < 0
+    case BinaryExpr(BoolAND, BinaryExpr(BVSLE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
+        if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) => {
+      BinaryExpr(BVSLT, lhs, BitVecLiteral(0, size(lhs).get))
+    }
+
+    // x >= 0 && x != 0 ===> x > 0
+    case BinaryExpr(BoolAND, BinaryExpr(BVUGE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
+        if simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs => {
+      BinaryExpr(BVUGT, lhs, BitVecLiteral(0, sz))
+    }
+
+    // x <= 0 && x != 0 ===> x < 0
+    case BinaryExpr(BoolAND, BinaryExpr(BVULE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
+        if simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs => {
+      BinaryExpr(BVULT, lhs, BitVecLiteral(0, sz))
+    }
+
+    // tighten inequality bounds
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, z, y2))) if y == y2 => {
       BinaryExpr(BVSLT, x, z)
     }
@@ -249,6 +342,7 @@ def simplifyExpr(e: Expr): Expr = {
         case _            => e
       }
     }
+
     // identities
     case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => simplifyExpr(body)
     case ZeroExtend(0, body)                                                             => simplifyExpr(body)
@@ -263,13 +357,14 @@ def simplifyExpr(e: Expr): Expr = {
         case BitVecType(sz) => BitVecLiteral(0, sz)
         case _              => throw Exception("Type error (should be unreachable)")
       }
+    case BinaryExpr(BoolEQ, x, FalseLiteral) => UnaryExpr(BoolNOT, x)
     // double negation
     case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => simplifyExpr(body)
     case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => simplifyExpr(body)
     case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => simplifyExpr(body)
 
     // syntactic equality
-    case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => a
+    case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => TrueLiteral
 
     // compose slices
     case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 - be2, be1 + be2, simplifyExpr(body))
@@ -287,16 +382,12 @@ def simplifyExpr(e: Expr): Expr = {
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral)         => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
     case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => simplifyExpr(l)
-    // case BinaryExpr(BVCOMP, l, r)                             => bool2bv1(BinaryExpr(BVEQ, l, r))
-    //case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1)), BitVecLiteral(1, 1)) => l
-    //case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(l), BitVecType(1))) => bool2bv1(UnaryExpr(BoolNOT, l))
-
     case r => r
   }
 
   if (simped != e) {
-    //println(s"old $e -> ")
-    //println(s"    $simped")
+    // println(s"old $e -> ")
+    // println(s"    $simped")
   }
   simped
 }
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 6de45000c..b59a67f5b 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -42,13 +42,6 @@ def removeSlices(p: Procedure): Unit = {
     case False // property is false
     case Bot // don't know anything
 
-  def size(e: Expr) = {
-    e.getType match {
-      case BitVecType(s) => Some(s)
-      case _             => None
-    }
-  }
-
   case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
 
   // unify variable uses across direct assignments
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 1f452cd39..242d781a6 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -519,6 +519,7 @@ object RunUtils {
   def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
     Logger.info("[!] Running simplification")
     Logger.info("[!] DynamicSingleAssignment")
+
     transforms.DynamicSingleAssignment.applyTransform(ctx.program)
 
     config.foreach(_.analysisDotPath.foreach { s =>
@@ -526,12 +527,13 @@ object RunUtils {
     })
     writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
+    transforms.removeSlices(ctx.program)
+    writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
+
     Logger.info("[!] CopyProp")
     transforms.doCopyPropTransform(ctx.program)
     writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
-    transforms.removeSlices(ctx.program)
-    writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
 
     config.foreach(_.analysisDotPath.foreach { s =>
       writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
@@ -546,8 +548,9 @@ object RunUtils {
 
     ctx = IRTransform.doCleanup(ctx)
 
-    assert(invariant.correctCalls(ctx.program))
+    //assert(invariant.correctCalls(ctx.program))
     if (q.loading.parameterForm) {
+      ir.transforms.clearParams(ctx.program)
       ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
     } else {
       ir.transforms.clearParams(ctx.program)

From 8bf3e4d51ec3ab29b25fff98b245403a921f9a2b Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 17 Oct 2024 18:06:34 +1000
Subject: [PATCH 079/127] cleanup

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 35 ++++++++++++++++-------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 358e58867..788aed9a8 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -162,6 +162,10 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
       BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
 
+    /* 
+     * Simplify BVop to Bool ops in a boolean context. 
+     */
+
     /* intro bool2bv */
     case BinaryExpr(
           BVCOMP,
@@ -208,22 +212,19 @@ def simplifyExpr(e: Expr): Expr = {
         if ir.eval.BitVectorEval.isNegative(y) =>
       BinaryExpr(BVEQ, x, y)
 
-    // lift comparison
 
-    case BinaryExpr(BVEQ, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
-      BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2))
-    case BinaryExpr(BVCOMP, BinaryExpr(BVSUB, e1, e2), BitVecLiteral(0, sz)) =>
-      BinaryExpr(BVCOMP, simplifyExpr(e1), simplifyExpr(e2))
+    /*  COMPARISON FLAG HANDLING 
+     *
+     * We quite precisely pattern match ASLp's output for C and V, 
+     * these are computed by comparing the test to a higher-precision calculation of the test.
+     */
+
     // NF check on expr
     case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) => {
       bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, size(b).get)))
     }
 
-    /** COMP FLAG HANDLING **/
-    /*
-     * We quite precisely pattern match ASLp's output for C and V, 
-     * these are computed by comparing the test to a higher-precision calculation of the test.
-     */
+    // Signed Overflow
     case UnaryExpr(
           BoolNOT,
           BinaryExpr(
@@ -255,6 +256,7 @@ def simplifyExpr(e: Expr): Expr = {
       UninterpretedFunction("SignedOverflow", Seq(orig), BoolType)
     }
 
+    // Unsigned OVerflow
     case UnaryExpr(
           BoolNOT,
           BinaryExpr(
@@ -297,6 +299,8 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(BVSGE, lhs, BitVecLiteral(0, size(lhs).get))
     }
 
+    /* generic comparison simplification */
+
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(BVSGE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
         if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) => {
@@ -321,6 +325,17 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(BVULT, lhs, BitVecLiteral(0, sz))
     }
 
+    // inequality negation
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSLT, lhs, rhs)) => BinaryExpr(BVSGE, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSGT, lhs, rhs)) => BinaryExpr(BVSLE, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVULT, lhs, rhs)) => BinaryExpr(BVUGE, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVUGT, lhs, rhs)) => BinaryExpr(BVULE, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSLE, lhs, rhs)) => BinaryExpr(BVSGT, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSGE, lhs, rhs)) => BinaryExpr(BVSLT, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => BinaryExpr(BVUGT, lhs, rhs)
+    case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => BinaryExpr(BVULT, lhs, rhs)
+
+
     // tighten inequality bounds
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, z, y2))) if y == y2 => {
       BinaryExpr(BVSLT, x, z)

From f75086e2f2acc3c9716c0d0ef10698a3cdb40aa5 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 17 Oct 2024 18:07:31 +1000
Subject: [PATCH 080/127] add example

---
 examples/conds/Makefile   |   15 +
 examples/conds/conds.adt  | 1651 +++++++++++++++++++++++++++++++++++++
 examples/conds/conds.c    |   86 ++
 examples/conds/conds.gts  |  Bin 0 -> 150780 bytes
 examples/conds/conds.relf |  119 +++
 5 files changed, 1871 insertions(+)
 create mode 100644 examples/conds/Makefile
 create mode 100644 examples/conds/conds.adt
 create mode 100644 examples/conds/conds.c
 create mode 100644 examples/conds/conds.gts
 create mode 100644 examples/conds/conds.relf

diff --git a/examples/conds/Makefile b/examples/conds/Makefile
new file mode 100644
index 000000000..fecb0afbf
--- /dev/null
+++ b/examples/conds/Makefile
@@ -0,0 +1,15 @@
+
+
+.PHONY=all
+all: conds.out conds.adt conds.relf
+
+conds.out : conds.c
+	aarch64-unknown-linux-gnu-gcc conds.c -o conds.out 
+
+conds.adt : conds.out
+	bap conds.out -d adt:conds.adt
+
+conds.relf : conds.out
+	readelf -s -r -W conds.out > conds.relf
+
+
diff --git a/examples/conds/conds.adt b/examples/conds/conds.adt
new file mode 100644
index 000000000..1b84fd97c
--- /dev/null
+++ b/examples/conds/conds.adt
@@ -0,0 +1,1651 @@
+Project(Attrs([Attr("filename","\"conds.out\""),
+Attr("image-specification","(declare abi (name str))\n(declare arch (name str))\n(declare base-address (addr int))\n(declare bias (off int))\n(declare bits (size int))\n(declare code-region (addr int) (size int) (off int))\n(declare code-start (addr int))\n(declare entry-point (addr int))\n(declare external-reference (addr int) (name str))\n(declare format (name str))\n(declare is-executable (flag bool))\n(declare is-little-endian (flag bool))\n(declare llvm:base-address (addr int))\n(declare llvm:code-entry (name str) (off int) (size int))\n(declare llvm:coff-import-library (name str))\n(declare llvm:coff-virtual-section-header (name str) (addr int) (size int))\n(declare llvm:elf-program-header (name str) (off int) (size int))\n(declare llvm:elf-program-header-flags (name str) (ld bool) (r bool) \n (w bool) (x bool))\n(declare llvm:elf-virtual-program-header (name str) (addr int) (size int))\n(declare llvm:entry-point (addr int))\n(declare llvm:macho-symbol (name str) (value int))\n(declare llvm:name-reference (at int) (name str))\n(declare llvm:relocation (at int) (addr int))\n(declare llvm:section-entry (name str) (addr int) (size int) (off int))\n(declare llvm:section-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:segment-command (name str) (off int) (size int))\n(declare llvm:segment-command-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:symbol-entry (name str) (addr int) (size int) (off int)\n (value int))\n(declare llvm:virtual-segment-command (name str) (addr int) (size int))\n(declare mapped (addr int) (size int) (off int))\n(declare named-region (addr int) (size int) (name str))\n(declare named-symbol (addr int) (name str))\n(declare require (name str))\n(declare section (addr int) (size int))\n(declare segment (addr int) (size int) (r bool) (w bool) (x bool))\n(declare subarch (name str))\n(declare symbol-chunk (addr int) (size int) (root int))\n(declare symbol-value (addr int) (value int))\n(declare system (name str))\n(declare vendor (name str))\n\n(abi unknown)\n(arch aarch64)\n(base-address 4194304)\n(bias 0)\n(bits 64)\n(code-region 4197380 20 3076)\n(code-region 4195904 1476 1600)\n(code-region 4195808 80 1504)\n(code-region 4195776 24 1472)\n(code-start 4195972)\n(code-start 4195968)\n(code-start 4195904)\n(code-start 4196164)\n(entry-point 4195904)\n(external-reference 4325328 _ITM_deregisterTMCloneTable)\n(external-reference 4325336 __gmon_start__)\n(external-reference 4325344 _ITM_registerTMCloneTable)\n(external-reference 4325376 __libc_start_main)\n(external-reference 4325384 __gmon_start__)\n(external-reference 4325392 abort)\n(format elf)\n(is-executable true)\n(is-little-endian true)\n(llvm:base-address 4194304)\n(llvm:code-entry abort 0 0)\n(llvm:code-entry __libc_start_main 0 0)\n(llvm:code-entry _init 1472 0)\n(llvm:code-entry main 1860 1216)\n(llvm:code-entry _start 1600 60)\n(llvm:code-entry _dl_relocate_static_pie 1664 4)\n(llvm:code-entry abort@GLIBC_2.17 0 0)\n(llvm:code-entry _fini 3076 0)\n(llvm:code-entry __libc_start_main@GLIBC_2.34 0 0)\n(llvm:code-entry frame_dummy 1856 0)\n(llvm:code-entry __do_global_dtors_aux 1808 0)\n(llvm:code-entry register_tm_clones 1744 0)\n(llvm:code-entry deregister_tm_clones 1696 0)\n(llvm:code-entry call_weak_fn 1668 20)\n(llvm:code-entry .fini 3076 20)\n(llvm:code-entry .text 1600 1476)\n(llvm:code-entry .plt 1504 80)\n(llvm:code-entry .init 1472 24)\n(llvm:elf-program-header 08 64968 568)\n(llvm:elf-program-header 07 0 0)\n(llvm:elf-program-header 06 3100 68)\n(llvm:elf-program-header 05 680 32)\n(llvm:elf-program-header 04 64984 496)\n(llvm:elf-program-header 03 64968 608)\n(llvm:elf-program-header 02 0 3360)\n(llvm:elf-program-header 01 568 110)\n(llvm:elf-program-header 00 64 504)\n(llvm:elf-program-header-flags 08 false true false false)\n(llvm:elf-program-header-flags 07 false true true false)\n(llvm:elf-program-header-flags 06 false true false false)\n(llvm:elf-program-header-flags 05 false true false false)\n(llvm:elf-program-header-flags 04 false true true false)\n(llvm:elf-program-header-flags 03 true true true false)\n(llvm:elf-program-header-flags 02 true true false true)\n(llvm:elf-program-header-flags 01 false true false false)\n(llvm:elf-program-header-flags 00 false true false false)\n(llvm:elf-virtual-program-header 08 4324808 568)\n(llvm:elf-virtual-program-header 07 0 0)\n(llvm:elf-virtual-program-header 06 4197404 68)\n(llvm:elf-virtual-program-header 05 4194984 32)\n(llvm:elf-virtual-program-header 04 4324824 496)\n(llvm:elf-virtual-program-header 03 4324808 632)\n(llvm:elf-virtual-program-header 02 4194304 3360)\n(llvm:elf-virtual-program-header 01 4194872 110)\n(llvm:elf-virtual-program-header 00 4194368 504)\n(llvm:entry-point 4195904)\n(llvm:name-reference 4325392 abort)\n(llvm:name-reference 4325384 __gmon_start__)\n(llvm:name-reference 4325376 __libc_start_main)\n(llvm:name-reference 4325344 _ITM_registerTMCloneTable)\n(llvm:name-reference 4325336 __gmon_start__)\n(llvm:name-reference 4325328 _ITM_deregisterTMCloneTable)\n(llvm:section-entry .shstrtab 0 240 68438)\n(llvm:section-entry .strtab 0 558 67880)\n(llvm:section-entry .symtab 0 2280 65600)\n(llvm:section-entry .comment 0 18 65576)\n(llvm:section-entry .bss 4325416 24 65576)\n(llvm:section-entry .data 4325400 16 65560)\n(llvm:section-entry .got.plt 4325352 48 65512)\n(llvm:section-entry .got 4325320 32 65480)\n(llvm:section-entry .dynamic 4324824 496 64984)\n(llvm:section-entry .fini_array 4324816 8 64976)\n(llvm:section-entry .init_array 4324808 8 64968)\n(llvm:section-entry .eh_frame 4197472 192 3168)\n(llvm:section-entry .eh_frame_hdr 4197404 68 3100)\n(llvm:section-entry .rodata 4197400 4 3096)\n(llvm:section-entry .fini 4197380 20 3076)\n(llvm:section-entry .text 4195904 1476 1600)\n(llvm:section-entry .plt 4195808 80 1504)\n(llvm:section-entry .init 4195776 24 1472)\n(llvm:section-entry .rela.plt 4195704 72 1400)\n(llvm:section-entry .rela.dyn 4195632 72 1328)\n(llvm:section-entry .gnu.version_r 4195584 48 1280)\n(llvm:section-entry .gnu.version 4195570 12 1266)\n(llvm:section-entry .dynstr 4195240 329 936)\n(llvm:section-entry .dynsym 4195096 144 792)\n(llvm:section-entry .gnu.hash 4195064 28 760)\n(llvm:section-entry .hash 4195016 44 712)\n(llvm:section-entry .note.ABI-tag 4194984 32 680)\n(llvm:section-entry .interp 4194872 110 568)\n(llvm:section-flags .shstrtab true false false)\n(llvm:section-flags .strtab true false false)\n(llvm:section-flags .symtab true false false)\n(llvm:section-flags .comment true false false)\n(llvm:section-flags .bss true true false)\n(llvm:section-flags .data true true false)\n(llvm:section-flags .got.plt true true false)\n(llvm:section-flags .got true true false)\n(llvm:section-flags .dynamic true true false)\n(llvm:section-flags .fini_array true true false)\n(llvm:section-flags .init_array true true false)\n(llvm:section-flags .eh_frame true false false)\n(llvm:section-flags .eh_frame_hdr true false false)\n(llvm:section-flags .rodata true false false)\n(llvm:section-flags .fini true false true)\n(llvm:section-flags .text true false true)\n(llvm:section-flags .plt true false true)\n(llvm:section-flags .init true false true)\n(llvm:section-flags .rela.plt true false false)\n(llvm:section-flags .rela.dyn true false false)\n(llvm:section-flags .gnu.version_r true false false)\n(llvm:section-flags .gnu.version true false false)\n(llvm:section-flags .dynstr true false false)\n(llvm:section-flags .dynsym true false false)\n(llvm:section-flags .gnu.hash true false false)\n(llvm:section-flags .hash true false false)\n(llvm:section-flags .note.ABI-tag true false false)\n(llvm:section-flags .interp true false false)\n(llvm:symbol-entry abort 0 0 0 0)\n(llvm:symbol-entry __libc_start_main 0 0 0 0)\n(llvm:symbol-entry _init 4195776 0 1472 4195776)\n(llvm:symbol-entry main 4196164 1216 1860 4196164)\n(llvm:symbol-entry _start 4195904 60 1600 4195904)\n(llvm:symbol-entry _dl_relocate_static_pie 4195968 4 1664 4195968)\n(llvm:symbol-entry abort@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry _fini 4197380 0 3076 4197380)\n(llvm:symbol-entry __libc_start_main@GLIBC_2.34 0 0 0 0)\n(llvm:symbol-entry frame_dummy 4196160 0 1856 4196160)\n(llvm:symbol-entry __do_global_dtors_aux 4196112 0 1808 4196112)\n(llvm:symbol-entry register_tm_clones 4196048 0 1744 4196048)\n(llvm:symbol-entry deregister_tm_clones 4196000 0 1696 4196000)\n(llvm:symbol-entry call_weak_fn 4195972 20 1668 4195972)\n(mapped 4194304 3360 0)\n(mapped 4324808 608 64968)\n(named-region 4194304 3360 02)\n(named-region 4324808 632 03)\n(named-region 4194872 110 .interp)\n(named-region 4194984 32 .note.ABI-tag)\n(named-region 4195016 44 .hash)\n(named-region 4195064 28 .gnu.hash)\n(named-region 4195096 144 .dynsym)\n(named-region 4195240 329 .dynstr)\n(named-region 4195570 12 .gnu.version)\n(named-region 4195584 48 .gnu.version_r)\n(named-region 4195632 72 .rela.dyn)\n(named-region 4195704 72 .rela.plt)\n(named-region 4195776 24 .init)\n(named-region 4195808 80 .plt)\n(named-region 4195904 1476 .text)\n(named-region 4197380 20 .fini)\n(named-region 4197400 4 .rodata)\n(named-region 4197404 68 .eh_frame_hdr)\n(named-region 4197472 192 .eh_frame)\n(named-region 4324808 8 .init_array)\n(named-region 4324816 8 .fini_array)\n(named-region 4324824 496 .dynamic)\n(named-region 4325320 32 .got)\n(named-region 4325352 48 .got.plt)\n(named-region 4325400 16 .data)\n(named-region 4325416 24 .bss)\n(named-region 0 18 .comment)\n(named-region 0 2280 .symtab)\n(named-region 0 558 .strtab)\n(named-region 0 240 .shstrtab)\n(named-symbol 4195972 call_weak_fn)\n(named-symbol 4196000 deregister_tm_clones)\n(named-symbol 4196048 register_tm_clones)\n(named-symbol 4196112 __do_global_dtors_aux)\n(named-symbol 4196160 frame_dummy)\n(named-symbol 0 __libc_start_main@GLIBC_2.34)\n(named-symbol 4197380 _fini)\n(named-symbol 0 abort@GLIBC_2.17)\n(named-symbol 4195968 _dl_relocate_static_pie)\n(named-symbol 4195904 _start)\n(named-symbol 4196164 main)\n(named-symbol 4195776 _init)\n(named-symbol 0 __libc_start_main)\n(named-symbol 0 abort)\n(require libc.so.6)\n(section 4194872 110)\n(section 4194984 32)\n(section 4195016 44)\n(section 4195064 28)\n(section 4195096 144)\n(section 4195240 329)\n(section 4195570 12)\n(section 4195584 48)\n(section 4195632 72)\n(section 4195704 72)\n(section 4195776 24)\n(section 4195808 80)\n(section 4195904 1476)\n(section 4197380 20)\n(section 4197400 4)\n(section 4197404 68)\n(section 4197472 192)\n(section 4324808 8)\n(section 4324816 8)\n(section 4324824 496)\n(section 4325320 32)\n(section 4325352 48)\n(section 4325400 16)\n(section 4325416 24)\n(section 0 18)\n(section 0 2280)\n(section 0 558)\n(section 0 240)\n(segment 4194304 3360 true false true)\n(segment 4324808 632 true true false)\n(subarch v8)\n(symbol-chunk 4195972 20 4195972)\n(symbol-chunk 4195968 4 4195968)\n(symbol-chunk 4195904 60 4195904)\n(symbol-chunk 4196164 1216 4196164)\n(symbol-value 4195972 4195972)\n(symbol-value 4196000 4196000)\n(symbol-value 4196048 4196048)\n(symbol-value 4196112 4196112)\n(symbol-value 4196160 4196160)\n(symbol-value 4197380 4197380)\n(symbol-value 4195968 4195968)\n(symbol-value 4195904 4195904)\n(symbol-value 4196164 4196164)\n(symbol-value 4195776 4195776)\n(symbol-value 0 0)\n(system \"\")\n(vendor \"\")\n"),
+Attr("abi-name","\"aarch64-linux-gnu-elf\"")]),
+Sections([Section(".interp", 0x400238, "\x2f\x6e\x69\x78\x2f\x73\x74\x6f\x72\x65\x2f\x61\x31\x33\x61\x31\x71\x69\x32\x6b\x6e\x71\x61\x30\x73\x64\x31\x67\x76\x6d\x35\x78\x33\x34\x70\x72\x35\x33\x77\x67\x30\x69\x6c\x2d\x67\x6c\x69\x62\x63\x2d\x61\x61\x72\x63\x68\x36\x34\x2d\x75\x6e\x6b\x6e\x6f\x77\x6e\x2d\x6c\x69\x6e\x75\x78\x2d\x67\x6e\x75\x2d\x32\x2e\x33\x38\x2d\x34\x34\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00"),
+Section(".note.ABI-tag", 0x4002A8, "\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00"),
+Section(".hash", 0x4002C8, "\x03\x00\x00\x00\x06\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00"),
+Section(".gnu.hash", 0x4002F8, "\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".dynsym", 0x400318, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x01\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x01\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2f\x01\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".dynstr", 0x4003A8, "\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x2f\x6e\x69\x78\x2f\x73\x74\x6f\x72\x65\x2f\x61\x31\x33\x61\x31\x71\x69\x32\x6b\x6e\x71\x61\x30\x73\x64\x31\x67\x76\x6d\x35\x78\x33\x34\x70\x72\x35\x33\x77\x67\x30\x69\x6c\x2d\x67\x6c\x69\x62\x63\x2d\x61\x61\x72\x63\x68\x36\x34\x2d\x75\x6e\x6b\x6e\x6f\x77\x6e\x2d\x6c\x69\x6e\x75\x78\x2d\x67\x6e\x75\x2d\x32\x2e\x33\x38\x2d\x34\x34\x2f\x6c\x69\x62\x3a\x2f\x6e\x69\x78\x2f\x73\x74\x6f\x72\x65\x2f\x70\x70\x39\x31\x35\x70\x35\x6d\x68\x62\x62\x36\x31\x37\x30\x63\x63\x67\x66\x30\x69\x35\x39\x32\x70\x35\x30\x76\x79\x39\x39\x32\x2d\x61\x61\x72\x63\x68\x36\x34\x2d\x75\x6e\x6b\x6e\x6f\x77\x6e\x2d\x6c\x69\x6e\x75\x78\x2d\x67\x6e\x75\x2d\x67\x63\x63\x2d\x31\x33\x2e\x32\x2e\x30\x2d\x6c\x69\x62\x2f\x61\x61\x72\x63\x68\x36\x34\x2d\x75\x6e\x6b\x6e\x6f\x77\x6e\x2d\x6c\x69\x6e\x75\x78\x2d\x67\x6e\x75\x2f\x6c\x69\x62\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00"),
+Section(".gnu.version", 0x4004F2, "\x00\x00\x02\x00\x01\x00\x01\x00\x03\x00\x01\x00"),
+Section(".gnu.version_r", 0x400500, "\x01\x00\x02\x00\x19\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x97\x91\x96\x06\x00\x00\x03\x00\x23\x00\x00\x00\x10\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x02\x00\x2e\x00\x00\x00\x00\x00\x00\x00"),
+Section(".rela.dyn", 0x400530, "\xd0\xff\x41\x00\x00\x00\x00\x00\x01\x04\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\xff\x41\x00\x00\x00\x00\x00\x01\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x41\x00\x00\x00\x00\x00\x01\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".rela.plt", 0x400578, "\x00\x00\x42\x00\x00\x00\x00\x00\x02\x04\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x42\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x42\x00\x00\x00\x00\x00\x02\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".init", 0x4005C0, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x2e\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"),
+Section(".plt", 0x4005E0, "\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xfe\x47\xf9\x10\xe2\x3f\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x10\x01\x00\x90\x11\x02\x40\xf9\x10\x02\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x06\x40\xf9\x10\x22\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0a\x40\xf9\x10\x42\x00\x91\x20\x02\x1f\xd6"),
+Section(".text", 0x400640, "\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\x00\x00\x00\x90\x00\xd0\x19\x91\x03\x00\x80\xd2\x04\x00\x80\xd2\xe5\xff\xff\x97\xec\xff\xff\x97\x1f\x20\x03\xd5\x33\x00\x00\x14\x1f\x20\x03\xd5\xc0\x03\x5f\xd6\xe0\x00\x00\xf0\x00\xec\x47\xf9\x40\x00\x00\xb4\xe0\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\xa0\x00\x91\x01\x01\x00\x90\x21\xa0\x00\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xe8\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\xa0\x00\x91\x01\x01\x00\x90\x21\xa0\x00\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xf0\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\xa2\x40\x39\x80\x00\x00\x37\xde\xff\xff\x97\x20\x00\x80\x52\x60\xa2\x00\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\xe4\xff\xff\x17\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe1\x03\x00\xf9\x00\x01\x00\x90\x00\xb0\x00\x91\xe1\x0f\x40\xb9\x01\x00\x00\xb9\xe1\x0f\x40\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\xe1\x0f\x40\xb9\x00\x01\x00\x90\x00\xd0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x1f\x00\x00\x71\xea\x00\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x1f\x00\x00\x71\xed\x00\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x1f\x10\x00\x71\x6c\x01\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x1f\x20\x00\x71\x6c\x01\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x1f\x8c\x01\x71\x6d\x01\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x1f\xa0\x0f\x71\x6d\x01\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\x0a\x02\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\xe0\x03\x01\x2a\x00\x74\x1e\x53\x00\x00\x01\x0b\x00\x78\x1f\x53\xe1\x03\x00\x2a\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x01\x90\x01\x11\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\xeb\x01\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x21\x7c\x00\x1b\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x01\xa0\x0f\x11\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\x0a\x02\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x01\x78\x1f\x53\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x01\x3c\x1f\x11\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\xea\x01\x00\x54\x00\x01\x00\x90\x00\xc0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xc0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xb0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x1f\x00\x00\x71\x01\x01\x00\x54\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x01\x08\x00\x11\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x1f\xa0\x0f\x71\x08\x01\x00\x54\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x01\x04\x00\x11\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x1f\x04\x00\x31\x01\x01\x00\x54\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x01\x04\x00\x11\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xd0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\x63\x01\x00\x54\x00\x01\x00\x90\x00\xd0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xd0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\x68\x01\x00\x54\x00\x01\x00\x90\x00\xd0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xd0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\x62\x01\x00\x54\x00\x01\x00\x90\x00\xd0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xd0\x00\x91\x00\x00\x40\xb9\x3f\x00\x00\x6b\x69\x01\x00\x54\x00\x01\x00\x90\x00\xd0\x00\x91\x01\x00\x40\xb9\x00\x01\x00\x90\x00\xe0\x00\x91\x00\x00\x40\xb9\x21\x00\x00\x0b\x00\x01\x00\x90\x00\xe0\x00\x91\x01\x00\x00\xb9\x00\x00\x80\x52\xff\x43\x00\x91\xc0\x03\x5f\xd6"),
+Section(".fini", 0x400C04, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"),
+Section(".rodata", 0x400C18, "\x01\x00\x02\x00"),
+Section(".eh_frame_hdr", 0x400C1C, "\x01\x1b\x03\x3b\x40\x00\x00\x00\x07\x00\x00\x00\x24\xfa\xff\xff\x58\x00\x00\x00\x64\xfa\xff\xff\x6c\x00\x00\x00\x84\xfa\xff\xff\x84\x00\x00\x00\xb4\xfa\xff\xff\x98\x00\x00\x00\xf4\xfa\xff\xff\xac\x00\x00\x00\x24\xfb\xff\xff\xd0\x00\x00\x00\x28\xfb\xff\xff\xe4\x00\x00\x00"),
+Section(".eh_frame", 0x400C60, "\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00\x18\x00\x00\x00\xc4\xf9\xff\xff\x3c\x00\x00\x00\x00\x41\x07\x1e\x14\x00\x00\x00\x2c\x00\x00\x00\xf0\xf9\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x44\x00\x00\x00\xf8\xf9\xff\xff\x30\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x58\x00\x00\x00\x14\xfa\xff\xff\x3c\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x6c\x00\x00\x00\x40\xfa\xff\xff\x30\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x42\x93\x02\x48\xde\xdd\xd3\x0e\x00\x00\x00\x00\x10\x00\x00\x00\x90\x00\x00\x00\x4c\xfa\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\xa4\x00\x00\x00\x3c\xfa\xff\xff\xc0\x04\x00\x00\x00\x41\x0e\x10\x03\x2e\x01\x0e\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".fini_array", 0x41FDD0, "\x10\x07\x40\x00\x00\x00\x00\x00"),
+Section(".dynamic", 0x41FDD8, "\x01\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\xc0\x05\x40\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x04\x0c\x40\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\xc8\xfd\x41\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\xd0\xfd\x41\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xc8\x02\x40\x00\x00\x00\x00\x00\xf5\xfe\xff\x6f\x00\x00\x00\x00\xf8\x02\x40\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x40\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x18\x03\x40\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x49\x01\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xe8\xff\x41\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\x78\x05\x40\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x30\x05\x40\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\x6f\x00\x00\x00\x00\x00\x05\x40\x00\x00\x00\x00\x00\xff\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x6f\x00\x00\x00\x00\xf2\x04\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".init_array", 0x41FDC8, "\x40\x07\x40\x00\x00\x00\x00\x00"),
+Section(".got", 0x41FFC8, "\xd8\xfd\x41\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
+Section(".got.plt", 0x41FFE8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x05\x40\x00\x00\x00\x00\x00\xe0\x05\x40\x00\x00\x00\x00\x00\xe0\x05\x40\x00\x00\x00\x00\x00"),
+Section(".data", 0x420018, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")]),
+Memmap([Annotation(Region(0x400000,0x400D1F),
+Attr("segment","02 0x400000 3360")), Annotation(Region(0x400238,0x4002A5),
+Attr("section","\".interp\"")), Annotation(Region(0x4002A8,0x4002C7),
+Attr("section","\".note.ABI-tag\"")), Annotation(Region(0x4002C8,0x4002F3),
+Attr("section","\".hash\"")), Annotation(Region(0x4002F8,0x400313),
+Attr("section","\".gnu.hash\"")), Annotation(Region(0x400318,0x4003A7),
+Attr("section","\".dynsym\"")), Annotation(Region(0x4003A8,0x4004F0),
+Attr("section","\".dynstr\"")), Annotation(Region(0x4004F2,0x4004FD),
+Attr("section","\".gnu.version\"")), Annotation(Region(0x400500,0x40052F),
+Attr("section","\".gnu.version_r\"")), Annotation(Region(0x400530,0x400577),
+Attr("section","\".rela.dyn\"")), Annotation(Region(0x400578,0x4005BF),
+Attr("section","\".rela.plt\"")), Annotation(Region(0x4005C0,0x4005D7),
+Attr("section","\".init\"")), Annotation(Region(0x4005C0,0x4005D7),
+Attr("code-region","()")), Annotation(Region(0x4005E0,0x40062F),
+Attr("section","\".plt\"")), Annotation(Region(0x400640,0x40067B),
+Attr("symbol","\"_start\"")), Annotation(Region(0x400640,0x40067B),
+Attr("symbol-info","_start 0x400640 60")),
+Annotation(Region(0x400680,0x400683),
+Attr("symbol","\"_dl_relocate_static_pie\"")),
+Annotation(Region(0x4005E0,0x40062F), Attr("code-region","()")),
+Annotation(Region(0x400640,0x400C03), Attr("code-region","()")),
+Annotation(Region(0x400680,0x400683),
+Attr("symbol-info","_dl_relocate_static_pie 0x400680 4")),
+Annotation(Region(0x400684,0x400697), Attr("symbol","\"call_weak_fn\"")),
+Annotation(Region(0x400684,0x400697),
+Attr("symbol-info","call_weak_fn 0x400684 20")),
+Annotation(Region(0x400640,0x400C03), Attr("section","\".text\"")),
+Annotation(Region(0x400744,0x400C03), Attr("symbol","\"main\"")),
+Annotation(Region(0x400744,0x400C03),
+Attr("symbol-info","main 0x400744 1216")),
+Annotation(Region(0x400C04,0x400C17), Attr("section","\".fini\"")),
+Annotation(Region(0x400C04,0x400C17), Attr("code-region","()")),
+Annotation(Region(0x400C18,0x400C1B), Attr("section","\".rodata\"")),
+Annotation(Region(0x400C1C,0x400C5F), Attr("section","\".eh_frame_hdr\"")),
+Annotation(Region(0x400C60,0x400D1F), Attr("section","\".eh_frame\"")),
+Annotation(Region(0x41FDC8,0x420027), Attr("segment","03 0x41FDC8 632")),
+Annotation(Region(0x41FDD0,0x41FDD7), Attr("section","\".fini_array\"")),
+Annotation(Region(0x41FDD8,0x41FFC7), Attr("section","\".dynamic\"")),
+Annotation(Region(0x41FDC8,0x41FDCF), Attr("section","\".init_array\"")),
+Annotation(Region(0x41FFC8,0x41FFE7), Attr("section","\".got\"")),
+Annotation(Region(0x41FFE8,0x420017), Attr("section","\".got.plt\"")),
+Annotation(Region(0x420018,0x420027), Attr("section","\".data\""))]),
+Program(Tid(4_959, "%0000135f"), Attrs([]), Subs([Sub(Tid(4_901, "@.plt"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x4005E0"),
+Attr("stub","()")]), ".plt", Args([Arg(Tid(4_960, "%00001360"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("\.plt_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(4_325, "@.plt"),
+ Attrs([Attr("address","0x4005E0")]), Phis([]),
+Defs([Def(Tid(4_329, "%000010e9"), Attrs([Attr("address","0x4005E0"),
+Attr("insn","stp x16, x30, [sp, #-0x10]!")]), Var("#29",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))),
+Def(Tid(4_335, "%000010ef"), Attrs([Attr("address","0x4005E0"),
+Attr("insn","stp x16, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("#29",Imm(64)),Var("R16",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_341, "%000010f5"), Attrs([Attr("address","0x4005E0"),
+Attr("insn","stp x16, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("#29",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_345, "%000010f9"), Attrs([Attr("address","0x4005E0"),
+Attr("insn","stp x16, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)),
+Var("#29",Imm(64))), Def(Tid(4_350, "%000010fe"),
+ Attrs([Attr("address","0x4005E4"), Attr("insn","adrp x16, #0x1f000")]),
+ Var("R16",Imm(64)), Int(4321280,64)), Def(Tid(4_357, "%00001105"),
+ Attrs([Attr("address","0x4005E8"), Attr("insn","ldr x17, [x16, #0xff8]")]),
+ Var("R17",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4088,64)),LittleEndian(),64)),
+Def(Tid(4_363, "%0000110b"), Attrs([Attr("address","0x4005EC"),
+Attr("insn","add x16, x16, #0xff8")]), Var("R16",Imm(64)),
+PLUS(Var("R16",Imm(64)),Int(4088,64)))]), Jmps([Call(Tid(4_368, "%00001110"),
+ Attrs([Attr("address","0x4005F0"), Attr("insn","br x17")]), Int(1,1),
+(Indirect(Var("R17",Imm(64))),))]))])),
+Sub(Tid(4_902, "@__do_global_dtors_aux"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x400710")]),
+ "__do_global_dtors_aux", Args([Arg(Tid(4_961, "%00001361"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("__do_global_dtors_aux_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]),
+Blks([Blk(Tid(4_065, "@__do_global_dtors_aux"),
+ Attrs([Attr("address","0x400710")]), Phis([]),
+Defs([Def(Tid(4_069, "%00000fe5"), Attrs([Attr("address","0x400710"),
+Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#28",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))),
+Def(Tid(4_075, "%00000feb"), Attrs([Attr("address","0x400710"),
+Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("#28",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_081, "%00000ff1"), Attrs([Attr("address","0x400710"),
+Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("#28",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_085, "%00000ff5"), Attrs([Attr("address","0x400710"),
+Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)),
+Var("#28",Imm(64))), Def(Tid(4_091, "%00000ffb"),
+ Attrs([Attr("address","0x400714"), Attr("insn","mov x29, sp")]),
+ Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(4_099, "%00001003"),
+ Attrs([Attr("address","0x400718"), Attr("insn","str x19, [sp, #0x10]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_104, "%00001008"), Attrs([Attr("address","0x40071C"),
+Attr("insn","adrp x19, #0x20000")]), Var("R19",Imm(64)), Int(4325376,64)),
+Def(Tid(4_111, "%0000100f"), Attrs([Attr("address","0x400720"),
+Attr("insn","ldrb w0, [x19, #0x28]")]), Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(40,64)),LittleEndian(),8)))]),
+Jmps([Goto(Tid(4_117, "%00001015"), Attrs([Attr("address","0x400724"),
+Attr("insn","tbnz w0, #0x0, #0x10")]),
+ EQ(Extract(0,0,Var("R0",Imm(64))),Int(1,1)),
+Direct(Tid(4_115, "%00001013"))), Goto(Tid(4_903, "%00001327"), Attrs([]),
+ Int(1,1), Direct(Tid(4_152, "%00001038")))])), Blk(Tid(4_152, "%00001038"),
+ Attrs([Attr("address","0x400728")]), Phis([]),
+Defs([Def(Tid(4_155, "%0000103b"), Attrs([Attr("address","0x400728"),
+Attr("insn","bl #-0x88")]), Var("R30",Imm(64)), Int(4196140,64))]),
+Jmps([Call(Tid(4_157, "%0000103d"), Attrs([Attr("address","0x400728"),
+Attr("insn","bl #-0x88")]), Int(1,1),
+(Direct(Tid(4_917, "@deregister_tm_clones")),Direct(Tid(4_159, "%0000103f"))))])),
+Blk(Tid(4_159, "%0000103f"), Attrs([Attr("address","0x40072C")]), Phis([]),
+Defs([Def(Tid(4_162, "%00001042"), Attrs([Attr("address","0x40072C"),
+Attr("insn","mov w0, #0x1")]), Var("R0",Imm(64)), Int(1,64)),
+Def(Tid(4_170, "%0000104a"), Attrs([Attr("address","0x400730"),
+Attr("insn","strb w0, [x19, #0x28]")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(40,64)),Extract(7,0,Var("R0",Imm(64))),LittleEndian(),8))]),
+Jmps([Goto(Tid(4_904, "%00001328"), Attrs([]), Int(1,1),
+Direct(Tid(4_115, "%00001013")))])), Blk(Tid(4_115, "%00001013"),
+ Attrs([Attr("address","0x400734")]), Phis([]),
+Defs([Def(Tid(4_125, "%0000101d"), Attrs([Attr("address","0x400734"),
+Attr("insn","ldr x19, [sp, #0x10]")]), Var("R19",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)),
+Def(Tid(4_132, "%00001024"), Attrs([Attr("address","0x400738"),
+Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R29",Imm(64)),
+Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_137, "%00001029"), Attrs([Attr("address","0x400738"),
+Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)),
+Def(Tid(4_141, "%0000102d"), Attrs([Attr("address","0x400738"),
+Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(4_146, "%00001032"),
+ Attrs([Attr("address","0x40073C"), Attr("insn","ret")]), Int(1,1),
+(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(4_905, "@__gmon_start__"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x400610"),
+Attr("stub","()")]), "__gmon_start__", Args([Arg(Tid(4_962, "%00001362"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("__gmon_start___result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(4_233, "@__gmon_start__"),
+ Attrs([Attr("address","0x400610")]), Phis([]),
+Defs([Def(Tid(4_400, "%00001130"), Attrs([Attr("address","0x400610"),
+Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(4325376,64)),
+Def(Tid(4_407, "%00001137"), Attrs([Attr("address","0x400614"),
+Attr("insn","ldr x17, [x16, #0x8]")]), Var("R17",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(8,64)),LittleEndian(),64)),
+Def(Tid(4_413, "%0000113d"), Attrs([Attr("address","0x400618"),
+Attr("insn","add x16, x16, #0x8")]), Var("R16",Imm(64)),
+PLUS(Var("R16",Imm(64)),Int(8,64)))]), Jmps([Call(Tid(4_418, "%00001142"),
+ Attrs([Attr("address","0x40061C"), Attr("insn","br x17")]), Int(1,1),
+(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(4_906, "@__libc_start_main"),
+ Attrs([Attr("c.proto","signed (*)(signed (*)(signed , char** , char** );* main, signed , char** , \nvoid* auxv)"),
+Attr("address","0x400600"), Attr("stub","()")]), "__libc_start_main",
+ Args([Arg(Tid(4_963, "%00001363"),
+ Attrs([Attr("c.layout","**[<undef> : 64]"),
+Attr("c.data","Top:u64 ptr ptr"),
+Attr("c.type","signed (*)(signed , char** , char** );*")]),
+ Var("__libc_start_main_main",Imm(64)), Var("R0",Imm(64)), In()),
+Arg(Tid(4_964, "%00001364"), Attrs([Attr("c.layout","[signed : 32]"),
+Attr("c.data","Top:u32"), Attr("c.type","signed")]),
+ Var("__libc_start_main_arg2",Imm(32)), LOW(32,Var("R1",Imm(64))), In()),
+Arg(Tid(4_965, "%00001365"), Attrs([Attr("c.layout","**[char : 8]"),
+Attr("c.data","Top:u8 ptr ptr"), Attr("c.type","char**")]),
+ Var("__libc_start_main_arg3",Imm(64)), Var("R2",Imm(64)), Both()),
+Arg(Tid(4_966, "%00001366"), Attrs([Attr("c.layout","*[<undef> : 8]"),
+Attr("c.data","{} ptr"), Attr("c.type","void*")]),
+ Var("__libc_start_main_auxv",Imm(64)), Var("R3",Imm(64)), Both()),
+Arg(Tid(4_967, "%00001367"), Attrs([Attr("c.layout","[signed : 32]"),
+Attr("c.data","Top:u32"), Attr("c.type","signed")]),
+ Var("__libc_start_main_result",Imm(32)), LOW(32,Var("R0",Imm(64))),
+Out())]), Blks([Blk(Tid(1_623, "@__libc_start_main"),
+ Attrs([Attr("address","0x400600")]), Phis([]),
+Defs([Def(Tid(4_378, "%0000111a"), Attrs([Attr("address","0x400600"),
+Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(4325376,64)),
+Def(Tid(4_385, "%00001121"), Attrs([Attr("address","0x400604"),
+Attr("insn","ldr x17, [x16]")]), Var("R17",Imm(64)),
+Load(Var("mem",Mem(64,8)),Var("R16",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_391, "%00001127"), Attrs([Attr("address","0x400608"),
+Attr("insn","add x16, x16, #0x0")]), Var("R16",Imm(64)),
+Var("R16",Imm(64)))]), Jmps([Call(Tid(4_396, "%0000112c"),
+ Attrs([Attr("address","0x40060C"), Attr("insn","br x17")]), Int(1,1),
+(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(4_907, "@__wrap_main"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x400674")]),
+ "__wrap_main", Args([Arg(Tid(4_968, "%00001368"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("__wrap_main_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_635, "@__wrap_main"),
+ Attrs([Attr("address","0x400674")]), Phis([]), Defs([]),
+Jmps([Call(Tid(1_640, "%00000668"), Attrs([Attr("address","0x400678"),
+Attr("insn","b #0xcc")]), Int(1,1), (Direct(Tid(4_921, "@main")),))]))])),
+Sub(Tid(4_908, "@_dl_relocate_static_pie"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x400680")]),
+ "_dl_relocate_static_pie", Args([Arg(Tid(4_969, "%00001369"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("_dl_relocate_static_pie_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]),
+Blks([Blk(Tid(3_905, "@_dl_relocate_static_pie"),
+ Attrs([Attr("address","0x400680")]), Phis([]), Defs([]),
+Jmps([Call(Tid(3_908, "%00000f44"), Attrs([Attr("address","0x400680"),
+Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))]))])),
+Sub(Tid(4_909, "@_fini"), Attrs([Attr("c.proto","signed (*)(void)"),
+Attr("address","0x400C04")]), "_fini", Args([Arg(Tid(4_970, "%0000136a"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("_fini_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(32, "@_fini"),
+ Attrs([Attr("address","0x400C04")]), Phis([]),
+Defs([Def(Tid(38, "%00000026"), Attrs([Attr("address","0x400C08"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#0",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))),
+Def(Tid(44, "%0000002c"), Attrs([Attr("address","0x400C08"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("#0",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)),
+Def(Tid(50, "%00000032"), Attrs([Attr("address","0x400C08"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("#0",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)),
+Def(Tid(54, "%00000036"), Attrs([Attr("address","0x400C08"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)),
+Var("#0",Imm(64))), Def(Tid(60, "%0000003c"),
+ Attrs([Attr("address","0x400C0C"), Attr("insn","mov x29, sp")]),
+ Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(67, "%00000043"),
+ Attrs([Attr("address","0x400C10"),
+Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)),
+Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)),
+Def(Tid(72, "%00000048"), Attrs([Attr("address","0x400C10"),
+Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)),
+Def(Tid(76, "%0000004c"), Attrs([Attr("address","0x400C10"),
+Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(81, "%00000051"),
+ Attrs([Attr("address","0x400C14"), Attr("insn","ret")]), Int(1,1),
+(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(4_910, "@_init"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x4005C0")]),
+ "_init", Args([Arg(Tid(4_971, "%0000136b"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("_init_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(4_468, "@_init"),
+ Attrs([Attr("address","0x4005C0")]), Phis([]),
+Defs([Def(Tid(4_474, "%0000117a"), Attrs([Attr("address","0x4005C4"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#30",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))),
+Def(Tid(4_480, "%00001180"), Attrs([Attr("address","0x4005C4"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("#30",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_486, "%00001186"), Attrs([Attr("address","0x4005C4"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("#30",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_490, "%0000118a"), Attrs([Attr("address","0x4005C4"),
+Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)),
+Var("#30",Imm(64))), Def(Tid(4_496, "%00001190"),
+ Attrs([Attr("address","0x4005C8"), Attr("insn","mov x29, sp")]),
+ Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(4_501, "%00001195"),
+ Attrs([Attr("address","0x4005CC"), Attr("insn","bl #0xb8")]),
+ Var("R30",Imm(64)), Int(4195792,64))]), Jmps([Call(Tid(4_503, "%00001197"),
+ Attrs([Attr("address","0x4005CC"), Attr("insn","bl #0xb8")]), Int(1,1),
+(Direct(Tid(4_915, "@call_weak_fn")),Direct(Tid(4_505, "%00001199"))))])),
+Blk(Tid(4_505, "%00001199"), Attrs([Attr("address","0x4005D0")]), Phis([]),
+Defs([Def(Tid(4_510, "%0000119e"), Attrs([Attr("address","0x4005D0"),
+Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)),
+Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)),
+Def(Tid(4_515, "%000011a3"), Attrs([Attr("address","0x4005D0"),
+Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)),
+Def(Tid(4_519, "%000011a7"), Attrs([Attr("address","0x4005D0"),
+Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(4_524, "%000011ac"),
+ Attrs([Attr("address","0x4005D4"), Attr("insn","ret")]), Int(1,1),
+(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(4_911, "@_start"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x400640"),
+Attr("entry-point","()")]), "_start", Args([Arg(Tid(4_972, "%0000136c"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("_start_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_561, "@_start"),
+ Attrs([Attr("address","0x400640")]), Phis([]),
+Defs([Def(Tid(1_566, "%0000061e"), Attrs([Attr("address","0x400644"),
+Attr("insn","mov x29, #0x0")]), Var("R29",Imm(64)), Int(0,64)),
+Def(Tid(1_571, "%00000623"), Attrs([Attr("address","0x400648"),
+Attr("insn","mov x30, #0x0")]), Var("R30",Imm(64)), Int(0,64)),
+Def(Tid(1_577, "%00000629"), Attrs([Attr("address","0x40064C"),
+Attr("insn","mov x5, x0")]), Var("R5",Imm(64)), Var("R0",Imm(64))),
+Def(Tid(1_584, "%00000630"), Attrs([Attr("address","0x400650"),
+Attr("insn","ldr x1, [sp]")]), Var("R1",Imm(64)),
+Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)),
+Def(Tid(1_590, "%00000636"), Attrs([Attr("address","0x400654"),
+Attr("insn","add x2, sp, #0x8")]), Var("R2",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(8,64))), Def(Tid(1_596, "%0000063c"),
+ Attrs([Attr("address","0x400658"), Attr("insn","mov x6, sp")]),
+ Var("R6",Imm(64)), Var("R31",Imm(64))), Def(Tid(1_601, "%00000641"),
+ Attrs([Attr("address","0x40065C"), Attr("insn","adrp x0, #0x0")]),
+ Var("R0",Imm(64)), Int(4194304,64)), Def(Tid(1_607, "%00000647"),
+ Attrs([Attr("address","0x400660"), Attr("insn","add x0, x0, #0x674")]),
+ Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(1652,64))),
+Def(Tid(1_612, "%0000064c"), Attrs([Attr("address","0x400664"),
+Attr("insn","mov x3, #0x0")]), Var("R3",Imm(64)), Int(0,64)),
+Def(Tid(1_617, "%00000651"), Attrs([Attr("address","0x400668"),
+Attr("insn","mov x4, #0x0")]), Var("R4",Imm(64)), Int(0,64)),
+Def(Tid(1_622, "%00000656"), Attrs([Attr("address","0x40066C"),
+Attr("insn","bl #-0x6c")]), Var("R30",Imm(64)), Int(4195952,64))]),
+Jmps([Call(Tid(1_625, "%00000659"), Attrs([Attr("address","0x40066C"),
+Attr("insn","bl #-0x6c")]), Int(1,1),
+(Direct(Tid(4_906, "@__libc_start_main")),Direct(Tid(1_627, "%0000065b"))))])),
+Blk(Tid(1_627, "%0000065b"), Attrs([Attr("address","0x400670")]), Phis([]),
+Defs([Def(Tid(1_630, "%0000065e"), Attrs([Attr("address","0x400670"),
+Attr("insn","bl #-0x50")]), Var("R30",Imm(64)), Int(4195956,64))]),
+Jmps([Call(Tid(1_633, "%00000661"), Attrs([Attr("address","0x400670"),
+Attr("insn","bl #-0x50")]), Int(1,1),
+(Direct(Tid(4_914, "@abort")),Direct(Tid(4_912, "%00001330"))))])),
+Blk(Tid(4_912, "%00001330"), Attrs([]), Phis([]), Defs([]),
+Jmps([Call(Tid(4_913, "%00001331"), Attrs([]), Int(1,1),
+(Direct(Tid(4_907, "@__wrap_main")),))]))])), Sub(Tid(4_914, "@abort"),
+ Attrs([Attr("noreturn","()"), Attr("c.proto","void (*)(void)"),
+Attr("address","0x400620"), Attr("stub","()")]), "abort", Args([]),
+Blks([Blk(Tid(1_631, "@abort"), Attrs([Attr("address","0x400620")]),
+ Phis([]), Defs([Def(Tid(4_422, "%00001146"),
+ Attrs([Attr("address","0x400620"), Attr("insn","adrp x16, #0x20000")]),
+ Var("R16",Imm(64)), Int(4325376,64)), Def(Tid(4_429, "%0000114d"),
+ Attrs([Attr("address","0x400624"), Attr("insn","ldr x17, [x16, #0x10]")]),
+ Var("R17",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(16,64)),LittleEndian(),64)),
+Def(Tid(4_435, "%00001153"), Attrs([Attr("address","0x400628"),
+Attr("insn","add x16, x16, #0x10")]), Var("R16",Imm(64)),
+PLUS(Var("R16",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(4_440, "%00001158"),
+ Attrs([Attr("address","0x40062C"), Attr("insn","br x17")]), Int(1,1),
+(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(4_915, "@call_weak_fn"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x400684")]),
+ "call_weak_fn", Args([Arg(Tid(4_973, "%0000136d"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("call_weak_fn_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(3_910, "@call_weak_fn"),
+ Attrs([Attr("address","0x400684")]), Phis([]),
+Defs([Def(Tid(3_913, "%00000f49"), Attrs([Attr("address","0x400684"),
+Attr("insn","adrp x0, #0x1f000")]), Var("R0",Imm(64)), Int(4321280,64)),
+Def(Tid(3_920, "%00000f50"), Attrs([Attr("address","0x400688"),
+Attr("insn","ldr x0, [x0, #0xfd8]")]), Var("R0",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4056,64)),LittleEndian(),64))]),
+Jmps([Goto(Tid(3_926, "%00000f56"), Attrs([Attr("address","0x40068C"),
+Attr("insn","cbz x0, #0x8")]), EQ(Var("R0",Imm(64)),Int(0,64)),
+Direct(Tid(3_924, "%00000f54"))), Goto(Tid(4_916, "%00001334"), Attrs([]),
+ Int(1,1), Direct(Tid(4_232, "%00001088")))])), Blk(Tid(3_924, "%00000f54"),
+ Attrs([Attr("address","0x400694")]), Phis([]), Defs([]),
+Jmps([Call(Tid(3_932, "%00000f5c"), Attrs([Attr("address","0x400694"),
+Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])),
+Blk(Tid(4_232, "%00001088"), Attrs([Attr("address","0x400690")]), Phis([]),
+Defs([]), Jmps([Call(Tid(4_235, "%0000108b"),
+ Attrs([Attr("address","0x400690"), Attr("insn","b #-0x80")]), Int(1,1),
+(Direct(Tid(4_905, "@__gmon_start__")),))]))])),
+Sub(Tid(4_917, "@deregister_tm_clones"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x4006A0")]),
+ "deregister_tm_clones", Args([Arg(Tid(4_974, "%0000136e"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("deregister_tm_clones_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]),
+Blks([Blk(Tid(3_938, "@deregister_tm_clones"),
+ Attrs([Attr("address","0x4006A0")]), Phis([]),
+Defs([Def(Tid(3_941, "%00000f65"), Attrs([Attr("address","0x4006A0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_947, "%00000f6b"), Attrs([Attr("address","0x4006A4"),
+Attr("insn","add x0, x0, #0x28")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(40,64))), Def(Tid(3_952, "%00000f70"),
+ Attrs([Attr("address","0x4006A8"), Attr("insn","adrp x1, #0x20000")]),
+ Var("R1",Imm(64)), Int(4325376,64)), Def(Tid(3_958, "%00000f76"),
+ Attrs([Attr("address","0x4006AC"), Attr("insn","add x1, x1, #0x28")]),
+ Var("R1",Imm(64)), PLUS(Var("R1",Imm(64)),Int(40,64))),
+Def(Tid(3_964, "%00000f7c"), Attrs([Attr("address","0x4006B0"),
+Attr("insn","cmp x1, x0")]), Var("#26",Imm(64)), NOT(Var("R0",Imm(64)))),
+Def(Tid(3_969, "%00000f81"), Attrs([Attr("address","0x4006B0"),
+Attr("insn","cmp x1, x0")]), Var("#27",Imm(64)),
+PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64))))), Def(Tid(3_975, "%00000f87"),
+ Attrs([Attr("address","0x4006B0"), Attr("insn","cmp x1, x0")]),
+ Var("VF",Imm(1)),
+NEQ(SIGNED(65,PLUS(Var("#27",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R1",Imm(64))),SIGNED(65,Var("#26",Imm(64)))),Int(1,65)))),
+Def(Tid(3_981, "%00000f8d"), Attrs([Attr("address","0x4006B0"),
+Attr("insn","cmp x1, x0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(65,PLUS(Var("#27",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R1",Imm(64))),UNSIGNED(65,Var("#26",Imm(64)))),Int(1,65)))),
+Def(Tid(3_985, "%00000f91"), Attrs([Attr("address","0x4006B0"),
+Attr("insn","cmp x1, x0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#27",Imm(64)),Int(1,64)),Int(0,64))),
+Def(Tid(3_989, "%00000f95"), Attrs([Attr("address","0x4006B0"),
+Attr("insn","cmp x1, x0")]), Var("NF",Imm(1)),
+Extract(63,63,PLUS(Var("#27",Imm(64)),Int(1,64))))]),
+Jmps([Goto(Tid(3_995, "%00000f9b"), Attrs([Attr("address","0x4006B4"),
+Attr("insn","b.eq #0x18")]), EQ(Var("ZF",Imm(1)),Int(1,1)),
+Direct(Tid(3_993, "%00000f99"))), Goto(Tid(4_918, "%00001336"), Attrs([]),
+ Int(1,1), Direct(Tid(4_202, "%0000106a")))])), Blk(Tid(4_202, "%0000106a"),
+ Attrs([Attr("address","0x4006B8")]), Phis([]),
+Defs([Def(Tid(4_205, "%0000106d"), Attrs([Attr("address","0x4006B8"),
+Attr("insn","adrp x1, #0x1f000")]), Var("R1",Imm(64)), Int(4321280,64)),
+Def(Tid(4_212, "%00001074"), Attrs([Attr("address","0x4006BC"),
+Attr("insn","ldr x1, [x1, #0xfd0]")]), Var("R1",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R1",Imm(64)),Int(4048,64)),LittleEndian(),64))]),
+Jmps([Goto(Tid(4_217, "%00001079"), Attrs([Attr("address","0x4006C0"),
+Attr("insn","cbz x1, #0xc")]), EQ(Var("R1",Imm(64)),Int(0,64)),
+Direct(Tid(3_993, "%00000f99"))), Goto(Tid(4_919, "%00001337"), Attrs([]),
+ Int(1,1), Direct(Tid(4_221, "%0000107d")))])), Blk(Tid(3_993, "%00000f99"),
+ Attrs([Attr("address","0x4006CC")]), Phis([]), Defs([]),
+Jmps([Call(Tid(4_001, "%00000fa1"), Attrs([Attr("address","0x4006CC"),
+Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])),
+Blk(Tid(4_221, "%0000107d"), Attrs([Attr("address","0x4006C4")]), Phis([]),
+Defs([Def(Tid(4_225, "%00001081"), Attrs([Attr("address","0x4006C4"),
+Attr("insn","mov x16, x1")]), Var("R16",Imm(64)), Var("R1",Imm(64)))]),
+Jmps([Call(Tid(4_230, "%00001086"), Attrs([Attr("address","0x4006C8"),
+Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])),
+Sub(Tid(4_920, "@frame_dummy"), Attrs([Attr("c.proto","signed (*)(void)"),
+Attr("address","0x400740")]), "frame_dummy",
+ Args([Arg(Tid(4_975, "%0000136f"), Attrs([Attr("c.layout","[signed : 32]"),
+Attr("c.data","Top:u32"), Attr("c.type","signed")]),
+ Var("frame_dummy_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]),
+Blks([Blk(Tid(4_148, "@frame_dummy"), Attrs([Attr("address","0x400740")]),
+ Phis([]), Defs([]), Jmps([Call(Tid(4_150, "%00001036"),
+ Attrs([Attr("address","0x400740"), Attr("insn","b #-0x70")]), Int(1,1),
+(Direct(Tid(4_956, "@register_tm_clones")),))]))])), Sub(Tid(4_921, "@main"),
+ Attrs([Attr("c.proto","signed (*)(signed argc,  const char** argv)"),
+Attr("address","0x400744")]), "main", Args([Arg(Tid(4_976, "%00001370"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("main_argc",Imm(32)),
+LOW(32,Var("R0",Imm(64))), In()), Arg(Tid(4_977, "%00001371"),
+ Attrs([Attr("c.layout","**[char : 8]"), Attr("c.data","Top:u8 ptr ptr"),
+Attr("c.type"," const char**")]), Var("main_argv",Imm(64)),
+Var("R1",Imm(64)), Both()), Arg(Tid(4_978, "%00001372"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("main_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_638, "@main"),
+ Attrs([Attr("address","0x400744")]), Phis([]),
+Defs([Def(Tid(1_645, "%0000066d"), Attrs([Attr("address","0x400744"),
+Attr("insn","sub sp, sp, #0x10")]), Var("R31",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))),
+Def(Tid(1_653, "%00000675"), Attrs([Attr("address","0x400748"),
+Attr("insn","str w0, [sp, #0xc]")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),Extract(31,0,Var("R0",Imm(64))),LittleEndian(),32)),
+Def(Tid(1_661, "%0000067d"), Attrs([Attr("address","0x40074C"),
+Attr("insn","str x1, [sp]")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R31",Imm(64)),Var("R1",Imm(64)),LittleEndian(),64)),
+Def(Tid(1_666, "%00000682"), Attrs([Attr("address","0x400750"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_672, "%00000688"), Attrs([Attr("address","0x400754"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(1_679, "%0000068f"),
+ Attrs([Attr("address","0x400758"), Attr("insn","ldr w1, [sp, #0xc]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),LittleEndian(),32))),
+Def(Tid(1_687, "%00000697"), Attrs([Attr("address","0x40075C"),
+Attr("insn","str w1, [x0]")]), Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32)),
+Def(Tid(1_694, "%0000069e"), Attrs([Attr("address","0x400760"),
+Attr("insn","ldr w1, [sp, #0xc]")]), Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),LittleEndian(),32))),
+Def(Tid(1_699, "%000006a3"), Attrs([Attr("address","0x400764"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_705, "%000006a9"), Attrs([Attr("address","0x400768"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(1_713, "%000006b1"),
+ Attrs([Attr("address","0x40076C"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32)),
+Def(Tid(1_720, "%000006b8"), Attrs([Attr("address","0x400770"),
+Attr("insn","ldr w1, [sp, #0xc]")]), Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),LittleEndian(),32))),
+Def(Tid(1_725, "%000006bd"), Attrs([Attr("address","0x400774"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_731, "%000006c3"), Attrs([Attr("address","0x400778"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(1_739, "%000006cb"),
+ Attrs([Attr("address","0x40077C"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32)),
+Def(Tid(1_744, "%000006d0"), Attrs([Attr("address","0x400780"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_750, "%000006d6"), Attrs([Attr("address","0x400784"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(1_757, "%000006dd"),
+ Attrs([Attr("address","0x400788"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(1_763, "%000006e3"), Attrs([Attr("address","0x40078C"),
+Attr("insn","cmp w0, #0x0")]), Var("#1",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294967295,32))),
+Def(Tid(1_768, "%000006e8"), Attrs([Attr("address","0x40078C"),
+Attr("insn","cmp w0, #0x0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#1",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(0,33)))),
+Def(Tid(1_773, "%000006ed"), Attrs([Attr("address","0x40078C"),
+Attr("insn","cmp w0, #0x0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#1",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294967296,33)))),
+Def(Tid(1_777, "%000006f1"), Attrs([Attr("address","0x40078C"),
+Attr("insn","cmp w0, #0x0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#1",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(1_781, "%000006f5"), Attrs([Attr("address","0x40078C"),
+Attr("insn","cmp w0, #0x0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#1",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(1_788, "%000006fc"), Attrs([Attr("address","0x400790"),
+Attr("insn","b.ge #0x1c")]), EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),
+Direct(Tid(1_786, "%000006fa"))), Goto(Tid(4_922, "%0000133a"), Attrs([]),
+ Int(1,1), Direct(Tid(3_866, "%00000f1a")))])), Blk(Tid(3_866, "%00000f1a"),
+ Attrs([Attr("address","0x400794")]), Phis([]),
+Defs([Def(Tid(3_869, "%00000f1d"), Attrs([Attr("address","0x400794"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_875, "%00000f23"), Attrs([Attr("address","0x400798"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_882, "%00000f2a"),
+ Attrs([Attr("address","0x40079C"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_887, "%00000f2f"), Attrs([Attr("address","0x4007A0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_893, "%00000f35"), Attrs([Attr("address","0x4007A4"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_901, "%00000f3d"),
+ Attrs([Attr("address","0x4007A8"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_923, "%0000133b"), Attrs([]), Int(1,1),
+Direct(Tid(1_786, "%000006fa")))])), Blk(Tid(1_786, "%000006fa"),
+ Attrs([Attr("address","0x4007AC")]), Phis([]),
+Defs([Def(Tid(1_794, "%00000702"), Attrs([Attr("address","0x4007AC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_800, "%00000708"), Attrs([Attr("address","0x4007B0"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(1_807, "%0000070f"),
+ Attrs([Attr("address","0x4007B4"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(1_813, "%00000715"), Attrs([Attr("address","0x4007B8"),
+Attr("insn","cmp w0, #0x0")]), Var("#2",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294967295,32))),
+Def(Tid(1_818, "%0000071a"), Attrs([Attr("address","0x4007B8"),
+Attr("insn","cmp w0, #0x0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#2",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(0,33)))),
+Def(Tid(1_823, "%0000071f"), Attrs([Attr("address","0x4007B8"),
+Attr("insn","cmp w0, #0x0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#2",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294967296,33)))),
+Def(Tid(1_827, "%00000723"), Attrs([Attr("address","0x4007B8"),
+Attr("insn","cmp w0, #0x0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#2",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(1_831, "%00000727"), Attrs([Attr("address","0x4007B8"),
+Attr("insn","cmp w0, #0x0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#2",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(1_839, "%0000072f"), Attrs([Attr("address","0x4007BC"),
+Attr("insn","b.le #0x1c")]),
+ NOT(AND(EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),EQ(Var("ZF",Imm(1)),Int(0,1)))),
+Direct(Tid(1_837, "%0000072d"))), Goto(Tid(4_924, "%0000133c"), Attrs([]),
+ Int(1,1), Direct(Tid(3_829, "%00000ef5")))])), Blk(Tid(3_829, "%00000ef5"),
+ Attrs([Attr("address","0x4007C0")]), Phis([]),
+Defs([Def(Tid(3_832, "%00000ef8"), Attrs([Attr("address","0x4007C0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_838, "%00000efe"), Attrs([Attr("address","0x4007C4"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_845, "%00000f05"),
+ Attrs([Attr("address","0x4007C8"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_850, "%00000f0a"), Attrs([Attr("address","0x4007CC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_856, "%00000f10"), Attrs([Attr("address","0x4007D0"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_864, "%00000f18"),
+ Attrs([Attr("address","0x4007D4"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_925, "%0000133d"), Attrs([]), Int(1,1),
+Direct(Tid(1_837, "%0000072d")))])), Blk(Tid(1_837, "%0000072d"),
+ Attrs([Attr("address","0x4007D8")]), Phis([]),
+Defs([Def(Tid(1_845, "%00000735"), Attrs([Attr("address","0x4007D8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_851, "%0000073b"), Attrs([Attr("address","0x4007DC"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(1_858, "%00000742"),
+ Attrs([Attr("address","0x4007E0"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(1_864, "%00000748"), Attrs([Attr("address","0x4007E4"),
+Attr("insn","cmp w0, #0x4")]), Var("#3",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294967291,32))),
+Def(Tid(1_869, "%0000074d"), Attrs([Attr("address","0x4007E4"),
+Attr("insn","cmp w0, #0x4")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#3",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(8589934588,33)))),
+Def(Tid(1_874, "%00000752"), Attrs([Attr("address","0x4007E4"),
+Attr("insn","cmp w0, #0x4")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#3",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294967292,33)))),
+Def(Tid(1_878, "%00000756"), Attrs([Attr("address","0x4007E4"),
+Attr("insn","cmp w0, #0x4")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#3",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(1_882, "%0000075a"), Attrs([Attr("address","0x4007E4"),
+Attr("insn","cmp w0, #0x4")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#3",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(1_890, "%00000762"), Attrs([Attr("address","0x4007E8"),
+Attr("insn","b.gt #0x2c")]),
+ AND(EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),EQ(Var("ZF",Imm(1)),Int(0,1))),
+Direct(Tid(1_888, "%00000760"))), Goto(Tid(4_926, "%0000133e"), Attrs([]),
+ Int(1,1), Direct(Tid(3_767, "%00000eb7")))])), Blk(Tid(3_767, "%00000eb7"),
+ Attrs([Attr("address","0x4007EC")]), Phis([]),
+Defs([Def(Tid(3_770, "%00000eba"), Attrs([Attr("address","0x4007EC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_776, "%00000ec0"), Attrs([Attr("address","0x4007F0"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_783, "%00000ec7"),
+ Attrs([Attr("address","0x4007F4"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_788, "%00000ecc"), Attrs([Attr("address","0x4007F8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_794, "%00000ed2"), Attrs([Attr("address","0x4007FC"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_801, "%00000ed9"),
+ Attrs([Attr("address","0x400800"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_808, "%00000ee0"), Attrs([Attr("address","0x400804"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_813, "%00000ee5"), Attrs([Attr("address","0x400808"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_819, "%00000eeb"), Attrs([Attr("address","0x40080C"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_827, "%00000ef3"),
+ Attrs([Attr("address","0x400810"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_927, "%0000133f"), Attrs([]), Int(1,1),
+Direct(Tid(1_888, "%00000760")))])), Blk(Tid(1_888, "%00000760"),
+ Attrs([Attr("address","0x400814")]), Phis([]),
+Defs([Def(Tid(1_896, "%00000768"), Attrs([Attr("address","0x400814"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_902, "%0000076e"), Attrs([Attr("address","0x400818"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(1_909, "%00000775"),
+ Attrs([Attr("address","0x40081C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(1_915, "%0000077b"), Attrs([Attr("address","0x400820"),
+Attr("insn","cmp w0, #0x8")]), Var("#4",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294967287,32))),
+Def(Tid(1_920, "%00000780"), Attrs([Attr("address","0x400820"),
+Attr("insn","cmp w0, #0x8")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#4",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(8589934584,33)))),
+Def(Tid(1_925, "%00000785"), Attrs([Attr("address","0x400820"),
+Attr("insn","cmp w0, #0x8")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#4",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294967288,33)))),
+Def(Tid(1_929, "%00000789"), Attrs([Attr("address","0x400820"),
+Attr("insn","cmp w0, #0x8")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#4",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(1_933, "%0000078d"), Attrs([Attr("address","0x400820"),
+Attr("insn","cmp w0, #0x8")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#4",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(1_941, "%00000795"), Attrs([Attr("address","0x400824"),
+Attr("insn","b.gt #0x2c")]),
+ AND(EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),EQ(Var("ZF",Imm(1)),Int(0,1))),
+Direct(Tid(1_939, "%00000793"))), Goto(Tid(4_928, "%00001340"), Attrs([]),
+ Int(1,1), Direct(Tid(3_705, "%00000e79")))])), Blk(Tid(3_705, "%00000e79"),
+ Attrs([Attr("address","0x400828")]), Phis([]),
+Defs([Def(Tid(3_708, "%00000e7c"), Attrs([Attr("address","0x400828"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_714, "%00000e82"), Attrs([Attr("address","0x40082C"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_721, "%00000e89"),
+ Attrs([Attr("address","0x400830"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_726, "%00000e8e"), Attrs([Attr("address","0x400834"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_732, "%00000e94"), Attrs([Attr("address","0x400838"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_739, "%00000e9b"),
+ Attrs([Attr("address","0x40083C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_746, "%00000ea2"), Attrs([Attr("address","0x400840"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_751, "%00000ea7"), Attrs([Attr("address","0x400844"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_757, "%00000ead"), Attrs([Attr("address","0x400848"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_765, "%00000eb5"),
+ Attrs([Attr("address","0x40084C"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_929, "%00001341"), Attrs([]), Int(1,1),
+Direct(Tid(1_939, "%00000793")))])), Blk(Tid(1_939, "%00000793"),
+ Attrs([Attr("address","0x400850")]), Phis([]),
+Defs([Def(Tid(1_947, "%0000079b"), Attrs([Attr("address","0x400850"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(1_953, "%000007a1"), Attrs([Attr("address","0x400854"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(1_960, "%000007a8"),
+ Attrs([Attr("address","0x400858"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(1_966, "%000007ae"), Attrs([Attr("address","0x40085C"),
+Attr("insn","cmp w0, #0x63")]), Var("#5",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294967196,32))),
+Def(Tid(1_971, "%000007b3"), Attrs([Attr("address","0x40085C"),
+Attr("insn","cmp w0, #0x63")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#5",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(8589934493,33)))),
+Def(Tid(1_976, "%000007b8"), Attrs([Attr("address","0x40085C"),
+Attr("insn","cmp w0, #0x63")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#5",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294967197,33)))),
+Def(Tid(1_980, "%000007bc"), Attrs([Attr("address","0x40085C"),
+Attr("insn","cmp w0, #0x63")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#5",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(1_984, "%000007c0"), Attrs([Attr("address","0x40085C"),
+Attr("insn","cmp w0, #0x63")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#5",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(1_992, "%000007c8"), Attrs([Attr("address","0x400860"),
+Attr("insn","b.le #0x2c")]),
+ NOT(AND(EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),EQ(Var("ZF",Imm(1)),Int(0,1)))),
+Direct(Tid(1_990, "%000007c6"))), Goto(Tid(4_930, "%00001342"), Attrs([]),
+ Int(1,1), Direct(Tid(3_643, "%00000e3b")))])), Blk(Tid(3_643, "%00000e3b"),
+ Attrs([Attr("address","0x400864")]), Phis([]),
+Defs([Def(Tid(3_646, "%00000e3e"), Attrs([Attr("address","0x400864"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_652, "%00000e44"), Attrs([Attr("address","0x400868"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_659, "%00000e4b"),
+ Attrs([Attr("address","0x40086C"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_664, "%00000e50"), Attrs([Attr("address","0x400870"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_670, "%00000e56"), Attrs([Attr("address","0x400874"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_677, "%00000e5d"),
+ Attrs([Attr("address","0x400878"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_684, "%00000e64"), Attrs([Attr("address","0x40087C"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_689, "%00000e69"), Attrs([Attr("address","0x400880"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_695, "%00000e6f"), Attrs([Attr("address","0x400884"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_703, "%00000e77"),
+ Attrs([Attr("address","0x400888"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_931, "%00001343"), Attrs([]), Int(1,1),
+Direct(Tid(1_990, "%000007c6")))])), Blk(Tid(1_990, "%000007c6"),
+ Attrs([Attr("address","0x40088C")]), Phis([]),
+Defs([Def(Tid(1_998, "%000007ce"), Attrs([Attr("address","0x40088C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_004, "%000007d4"), Attrs([Attr("address","0x400890"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(2_011, "%000007db"),
+ Attrs([Attr("address","0x400894"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_017, "%000007e1"), Attrs([Attr("address","0x400898"),
+Attr("insn","cmp w0, #0x3e8")]), Var("#6",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294966295,32))),
+Def(Tid(2_022, "%000007e6"), Attrs([Attr("address","0x400898"),
+Attr("insn","cmp w0, #0x3e8")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#6",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(8589933592,33)))),
+Def(Tid(2_027, "%000007eb"), Attrs([Attr("address","0x400898"),
+Attr("insn","cmp w0, #0x3e8")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#6",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294966296,33)))),
+Def(Tid(2_031, "%000007ef"), Attrs([Attr("address","0x400898"),
+Attr("insn","cmp w0, #0x3e8")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#6",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_035, "%000007f3"), Attrs([Attr("address","0x400898"),
+Attr("insn","cmp w0, #0x3e8")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#6",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_043, "%000007fb"), Attrs([Attr("address","0x40089C"),
+Attr("insn","b.le #0x2c")]),
+ NOT(AND(EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),EQ(Var("ZF",Imm(1)),Int(0,1)))),
+Direct(Tid(2_041, "%000007f9"))), Goto(Tid(4_932, "%00001344"), Attrs([]),
+ Int(1,1), Direct(Tid(3_581, "%00000dfd")))])), Blk(Tid(3_581, "%00000dfd"),
+ Attrs([Attr("address","0x4008A0")]), Phis([]),
+Defs([Def(Tid(3_584, "%00000e00"), Attrs([Attr("address","0x4008A0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_590, "%00000e06"), Attrs([Attr("address","0x4008A4"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_597, "%00000e0d"),
+ Attrs([Attr("address","0x4008A8"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_602, "%00000e12"), Attrs([Attr("address","0x4008AC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_608, "%00000e18"), Attrs([Attr("address","0x4008B0"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_615, "%00000e1f"),
+ Attrs([Attr("address","0x4008B4"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_622, "%00000e26"), Attrs([Attr("address","0x4008B8"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_627, "%00000e2b"), Attrs([Attr("address","0x4008BC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_633, "%00000e31"), Attrs([Attr("address","0x4008C0"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_641, "%00000e39"),
+ Attrs([Attr("address","0x4008C4"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_933, "%00001345"), Attrs([]), Int(1,1),
+Direct(Tid(2_041, "%000007f9")))])), Blk(Tid(2_041, "%000007f9"),
+ Attrs([Attr("address","0x4008C8")]), Phis([]),
+Defs([Def(Tid(2_049, "%00000801"), Attrs([Attr("address","0x4008C8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_055, "%00000807"), Attrs([Attr("address","0x4008CC"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(2_062, "%0000080e"),
+ Attrs([Attr("address","0x4008D0"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_067, "%00000813"), Attrs([Attr("address","0x4008D4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_073, "%00000819"), Attrs([Attr("address","0x4008D8"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(2_080, "%00000820"),
+ Attrs([Attr("address","0x4008DC"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_086, "%00000826"), Attrs([Attr("address","0x4008E0"),
+Attr("insn","cmp w1, w0")]), Var("#7",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_091, "%0000082b"),
+ Attrs([Attr("address","0x4008E0"), Attr("insn","cmp w1, w0")]),
+ Var("#8",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_097, "%00000831"), Attrs([Attr("address","0x4008E0"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#8",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#7",Imm(32)))),Int(1,33)))),
+Def(Tid(2_103, "%00000837"), Attrs([Attr("address","0x4008E0"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#8",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#7",Imm(32)))),Int(1,33)))),
+Def(Tid(2_107, "%0000083b"), Attrs([Attr("address","0x4008E0"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#8",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_111, "%0000083f"), Attrs([Attr("address","0x4008E0"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#8",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_118, "%00000846"), Attrs([Attr("address","0x4008E4"),
+Attr("insn","b.ge #0x40")]), EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),
+Direct(Tid(2_116, "%00000844"))), Goto(Tid(4_934, "%00001346"), Attrs([]),
+ Int(1,1), Direct(Tid(3_488, "%00000da0")))])), Blk(Tid(3_488, "%00000da0"),
+ Attrs([Attr("address","0x4008E8")]), Phis([]),
+Defs([Def(Tid(3_491, "%00000da3"), Attrs([Attr("address","0x4008E8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_497, "%00000da9"), Attrs([Attr("address","0x4008EC"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_504, "%00000db0"),
+ Attrs([Attr("address","0x4008F0"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_510, "%00000db6"), Attrs([Attr("address","0x4008F4"),
+Attr("insn","mov w0, w1")]), Var("R0",Imm(64)),
+UNSIGNED(64,Extract(31,0,Var("R1",Imm(64))))), Def(Tid(3_516, "%00000dbc"),
+ Attrs([Attr("address","0x4008F8"), Attr("insn","lsl w0, w0, #2")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Concat(Extract(29,0,Var("R0",Imm(64))),Int(0,2)))),
+Def(Tid(3_523, "%00000dc3"), Attrs([Attr("address","0x4008FC"),
+Attr("insn","add w0, w0, w1")]), Var("R0",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Extract(31,0,Var("R1",Imm(64)))))),
+Def(Tid(3_529, "%00000dc9"), Attrs([Attr("address","0x400900"),
+Attr("insn","lsl w0, w0, #1")]), Var("R0",Imm(64)),
+UNSIGNED(64,Concat(Extract(30,0,Var("R0",Imm(64))),Int(0,1)))),
+Def(Tid(3_535, "%00000dcf"), Attrs([Attr("address","0x400904"),
+Attr("insn","mov w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,Extract(31,0,Var("R0",Imm(64))))), Def(Tid(3_540, "%00000dd4"),
+ Attrs([Attr("address","0x400908"), Attr("insn","adrp x0, #0x20000")]),
+ Var("R0",Imm(64)), Int(4325376,64)), Def(Tid(3_546, "%00000dda"),
+ Attrs([Attr("address","0x40090C"), Attr("insn","add x0, x0, #0x2c")]),
+ Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(44,64))),
+Def(Tid(3_553, "%00000de1"), Attrs([Attr("address","0x400910"),
+Attr("insn","ldr w0, [x0]")]), Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_560, "%00000de8"), Attrs([Attr("address","0x400914"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_565, "%00000ded"), Attrs([Attr("address","0x400918"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_571, "%00000df3"), Attrs([Attr("address","0x40091C"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_579, "%00000dfb"),
+ Attrs([Attr("address","0x400920"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_935, "%00001347"), Attrs([]), Int(1,1),
+Direct(Tid(2_116, "%00000844")))])), Blk(Tid(2_116, "%00000844"),
+ Attrs([Attr("address","0x400924")]), Phis([]),
+Defs([Def(Tid(2_124, "%0000084c"), Attrs([Attr("address","0x400924"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_130, "%00000852"), Attrs([Attr("address","0x400928"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(2_137, "%00000859"),
+ Attrs([Attr("address","0x40092C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_143, "%0000085f"), Attrs([Attr("address","0x400930"),
+Attr("insn","add w1, w0, #0x64")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(100,32)))),
+Def(Tid(2_148, "%00000864"), Attrs([Attr("address","0x400934"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_154, "%0000086a"), Attrs([Attr("address","0x400938"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(2_161, "%00000871"),
+ Attrs([Attr("address","0x40093C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_167, "%00000877"), Attrs([Attr("address","0x400940"),
+Attr("insn","cmp w1, w0")]), Var("#9",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_172, "%0000087c"),
+ Attrs([Attr("address","0x400940"), Attr("insn","cmp w1, w0")]),
+ Var("#10",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_178, "%00000882"), Attrs([Attr("address","0x400940"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#10",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#9",Imm(32)))),Int(1,33)))),
+Def(Tid(2_184, "%00000888"), Attrs([Attr("address","0x400940"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#10",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#9",Imm(32)))),Int(1,33)))),
+Def(Tid(2_188, "%0000088c"), Attrs([Attr("address","0x400940"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#10",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_192, "%00000890"), Attrs([Attr("address","0x400940"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#10",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_199, "%00000897"), Attrs([Attr("address","0x400944"),
+Attr("insn","b.lt #0x3c")]), NEQ(Var("NF",Imm(1)),Var("VF",Imm(1))),
+Direct(Tid(2_197, "%00000895"))), Goto(Tid(4_936, "%00001348"), Attrs([]),
+ Int(1,1), Direct(Tid(3_401, "%00000d49")))])), Blk(Tid(3_401, "%00000d49"),
+ Attrs([Attr("address","0x400948")]), Phis([]),
+Defs([Def(Tid(3_404, "%00000d4c"), Attrs([Attr("address","0x400948"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_410, "%00000d52"), Attrs([Attr("address","0x40094C"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_417, "%00000d59"),
+ Attrs([Attr("address","0x400950"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_422, "%00000d5e"), Attrs([Attr("address","0x400954"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_428, "%00000d64"), Attrs([Attr("address","0x400958"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_435, "%00000d6b"),
+ Attrs([Attr("address","0x40095C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_442, "%00000d72"), Attrs([Attr("address","0x400960"),
+Attr("insn","mul w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,Extract(31,0,TIMES(UNSIGNED(64,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(64,Extract(31,0,Var("R0",Imm(64)))))))),
+Def(Tid(3_447, "%00000d77"), Attrs([Attr("address","0x400964"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_453, "%00000d7d"), Attrs([Attr("address","0x400968"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_460, "%00000d84"),
+ Attrs([Attr("address","0x40096C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_467, "%00000d8b"), Attrs([Attr("address","0x400970"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_472, "%00000d90"), Attrs([Attr("address","0x400974"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_478, "%00000d96"), Attrs([Attr("address","0x400978"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_486, "%00000d9e"),
+ Attrs([Attr("address","0x40097C"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_937, "%00001349"), Attrs([]), Int(1,1),
+Direct(Tid(2_197, "%00000895")))])), Blk(Tid(2_197, "%00000895"),
+ Attrs([Attr("address","0x400980")]), Phis([]),
+Defs([Def(Tid(2_205, "%0000089d"), Attrs([Attr("address","0x400980"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_211, "%000008a3"), Attrs([Attr("address","0x400984"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(2_218, "%000008aa"),
+ Attrs([Attr("address","0x400988"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_224, "%000008b0"), Attrs([Attr("address","0x40098C"),
+Attr("insn","add w1, w0, #0x3e8")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1000,32)))),
+Def(Tid(2_229, "%000008b5"), Attrs([Attr("address","0x400990"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_235, "%000008bb"), Attrs([Attr("address","0x400994"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(2_242, "%000008c2"),
+ Attrs([Attr("address","0x400998"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_248, "%000008c8"), Attrs([Attr("address","0x40099C"),
+Attr("insn","cmp w1, w0")]), Var("#11",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_253, "%000008cd"),
+ Attrs([Attr("address","0x40099C"), Attr("insn","cmp w1, w0")]),
+ Var("#12",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_259, "%000008d3"), Attrs([Attr("address","0x40099C"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#12",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#11",Imm(32)))),Int(1,33)))),
+Def(Tid(2_265, "%000008d9"), Attrs([Attr("address","0x40099C"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#12",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#11",Imm(32)))),Int(1,33)))),
+Def(Tid(2_269, "%000008dd"), Attrs([Attr("address","0x40099C"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#12",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_273, "%000008e1"), Attrs([Attr("address","0x40099C"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#12",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_280, "%000008e8"), Attrs([Attr("address","0x4009A0"),
+Attr("insn","b.ge #0x40")]), EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),
+Direct(Tid(2_278, "%000008e6"))), Goto(Tid(4_938, "%0000134a"), Attrs([]),
+ Int(1,1), Direct(Tid(3_308, "%00000cec")))])), Blk(Tid(3_308, "%00000cec"),
+ Attrs([Attr("address","0x4009A4")]), Phis([]),
+Defs([Def(Tid(3_311, "%00000cef"), Attrs([Attr("address","0x4009A4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_317, "%00000cf5"), Attrs([Attr("address","0x4009A8"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_324, "%00000cfc"),
+ Attrs([Attr("address","0x4009AC"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_330, "%00000d02"), Attrs([Attr("address","0x4009B0"),
+Attr("insn","lsl w1, w0, #1")]), Var("R1",Imm(64)),
+UNSIGNED(64,Concat(Extract(30,0,Var("R0",Imm(64))),Int(0,1)))),
+Def(Tid(3_335, "%00000d07"), Attrs([Attr("address","0x4009B4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_341, "%00000d0d"), Attrs([Attr("address","0x4009B8"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_348, "%00000d14"),
+ Attrs([Attr("address","0x4009BC"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_355, "%00000d1b"), Attrs([Attr("address","0x4009C0"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_360, "%00000d20"), Attrs([Attr("address","0x4009C4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_366, "%00000d26"), Attrs([Attr("address","0x4009C8"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_373, "%00000d2d"),
+ Attrs([Attr("address","0x4009CC"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_380, "%00000d34"), Attrs([Attr("address","0x4009D0"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_385, "%00000d39"), Attrs([Attr("address","0x4009D4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_391, "%00000d3f"), Attrs([Attr("address","0x4009D8"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_399, "%00000d47"),
+ Attrs([Attr("address","0x4009DC"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_939, "%0000134b"), Attrs([]), Int(1,1),
+Direct(Tid(2_278, "%000008e6")))])), Blk(Tid(2_278, "%000008e6"),
+ Attrs([Attr("address","0x4009E0")]), Phis([]),
+Defs([Def(Tid(2_286, "%000008ee"), Attrs([Attr("address","0x4009E0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_292, "%000008f4"), Attrs([Attr("address","0x4009E4"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(2_299, "%000008fb"),
+ Attrs([Attr("address","0x4009E8"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_305, "%00000901"), Attrs([Attr("address","0x4009EC"),
+Attr("insn","add w1, w0, #0x7cf")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1999,32)))),
+Def(Tid(2_310, "%00000906"), Attrs([Attr("address","0x4009F0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_316, "%0000090c"), Attrs([Attr("address","0x4009F4"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(2_323, "%00000913"),
+ Attrs([Attr("address","0x4009F8"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_329, "%00000919"), Attrs([Attr("address","0x4009FC"),
+Attr("insn","cmp w1, w0")]), Var("#13",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_334, "%0000091e"),
+ Attrs([Attr("address","0x4009FC"), Attr("insn","cmp w1, w0")]),
+ Var("#14",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_340, "%00000924"), Attrs([Attr("address","0x4009FC"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#14",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#13",Imm(32)))),Int(1,33)))),
+Def(Tid(2_346, "%0000092a"), Attrs([Attr("address","0x4009FC"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#14",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#13",Imm(32)))),Int(1,33)))),
+Def(Tid(2_350, "%0000092e"), Attrs([Attr("address","0x4009FC"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#14",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_354, "%00000932"), Attrs([Attr("address","0x4009FC"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#14",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_361, "%00000939"), Attrs([Attr("address","0x400A00"),
+Attr("insn","b.ge #0x3c")]), EQ(Var("NF",Imm(1)),Var("VF",Imm(1))),
+Direct(Tid(2_359, "%00000937"))), Goto(Tid(4_940, "%0000134c"), Attrs([]),
+ Int(1,1), Direct(Tid(3_221, "%00000c95")))])), Blk(Tid(3_221, "%00000c95"),
+ Attrs([Attr("address","0x400A04")]), Phis([]),
+Defs([Def(Tid(3_224, "%00000c98"), Attrs([Attr("address","0x400A04"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_230, "%00000c9e"), Attrs([Attr("address","0x400A08"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_237, "%00000ca5"),
+ Attrs([Attr("address","0x400A0C"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_242, "%00000caa"), Attrs([Attr("address","0x400A10"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_248, "%00000cb0"), Attrs([Attr("address","0x400A14"),
+Attr("insn","add x0, x0, #0x30")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(48,64))), Def(Tid(3_255, "%00000cb7"),
+ Attrs([Attr("address","0x400A18"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_262, "%00000cbe"), Attrs([Attr("address","0x400A1C"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_267, "%00000cc3"), Attrs([Attr("address","0x400A20"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_273, "%00000cc9"), Attrs([Attr("address","0x400A24"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_280, "%00000cd0"),
+ Attrs([Attr("address","0x400A28"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_287, "%00000cd7"), Attrs([Attr("address","0x400A2C"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_292, "%00000cdc"), Attrs([Attr("address","0x400A30"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_298, "%00000ce2"), Attrs([Attr("address","0x400A34"),
+Attr("insn","add x0, x0, #0x2c")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(44,64))), Def(Tid(3_306, "%00000cea"),
+ Attrs([Attr("address","0x400A38"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_941, "%0000134d"), Attrs([]), Int(1,1),
+Direct(Tid(2_359, "%00000937")))])), Blk(Tid(2_359, "%00000937"),
+ Attrs([Attr("address","0x400A3C")]), Phis([]),
+Defs([Def(Tid(2_367, "%0000093f"), Attrs([Attr("address","0x400A3C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_373, "%00000945"), Attrs([Attr("address","0x400A40"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_380, "%0000094c"),
+ Attrs([Attr("address","0x400A44"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_385, "%00000951"), Attrs([Attr("address","0x400A48"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_391, "%00000957"), Attrs([Attr("address","0x400A4C"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_398, "%0000095e"),
+ Attrs([Attr("address","0x400A50"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_404, "%00000964"), Attrs([Attr("address","0x400A54"),
+Attr("insn","cmp w0, #0x0")]), Var("#15",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294967295,32))),
+Def(Tid(2_409, "%00000969"), Attrs([Attr("address","0x400A54"),
+Attr("insn","cmp w0, #0x0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#15",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(0,33)))),
+Def(Tid(2_414, "%0000096e"), Attrs([Attr("address","0x400A54"),
+Attr("insn","cmp w0, #0x0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#15",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294967296,33)))),
+Def(Tid(2_418, "%00000972"), Attrs([Attr("address","0x400A54"),
+Attr("insn","cmp w0, #0x0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#15",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_422, "%00000976"), Attrs([Attr("address","0x400A54"),
+Attr("insn","cmp w0, #0x0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#15",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_428, "%0000097c"), Attrs([Attr("address","0x400A58"),
+Attr("insn","b.ne #0x20")]), NEQ(Var("ZF",Imm(1)),Int(1,1)),
+Direct(Tid(2_426, "%0000097a"))), Goto(Tid(4_942, "%0000134e"), Attrs([]),
+ Int(1,1), Direct(Tid(3_178, "%00000c6a")))])), Blk(Tid(3_178, "%00000c6a"),
+ Attrs([Attr("address","0x400A5C")]), Phis([]),
+Defs([Def(Tid(3_181, "%00000c6d"), Attrs([Attr("address","0x400A5C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_187, "%00000c73"), Attrs([Attr("address","0x400A60"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_194, "%00000c7a"),
+ Attrs([Attr("address","0x400A64"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_200, "%00000c80"), Attrs([Attr("address","0x400A68"),
+Attr("insn","add w1, w0, #0x2")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(2,32)))),
+Def(Tid(3_205, "%00000c85"), Attrs([Attr("address","0x400A6C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_211, "%00000c8b"), Attrs([Attr("address","0x400A70"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_219, "%00000c93"),
+ Attrs([Attr("address","0x400A74"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_943, "%0000134f"), Attrs([]), Int(1,1),
+Direct(Tid(2_426, "%0000097a")))])), Blk(Tid(2_426, "%0000097a"),
+ Attrs([Attr("address","0x400A78")]), Phis([]),
+Defs([Def(Tid(2_434, "%00000982"), Attrs([Attr("address","0x400A78"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_440, "%00000988"), Attrs([Attr("address","0x400A7C"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_447, "%0000098f"),
+ Attrs([Attr("address","0x400A80"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_453, "%00000995"), Attrs([Attr("address","0x400A84"),
+Attr("insn","cmp w0, #0x3e8")]), Var("#16",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(4294966295,32))),
+Def(Tid(2_458, "%0000099a"), Attrs([Attr("address","0x400A84"),
+Attr("insn","cmp w0, #0x3e8")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#16",Imm(32)),Int(1,32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(8589933592,33)))),
+Def(Tid(2_463, "%0000099f"), Attrs([Attr("address","0x400A84"),
+Attr("insn","cmp w0, #0x3e8")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#16",Imm(32)),Int(1,32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(4294966296,33)))),
+Def(Tid(2_467, "%000009a3"), Attrs([Attr("address","0x400A84"),
+Attr("insn","cmp w0, #0x3e8")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#16",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_471, "%000009a7"), Attrs([Attr("address","0x400A84"),
+Attr("insn","cmp w0, #0x3e8")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#16",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_478, "%000009ae"), Attrs([Attr("address","0x400A88"),
+Attr("insn","b.hi #0x20")]),
+ AND(EQ(Var("CF",Imm(1)),Int(1,1)),EQ(Var("ZF",Imm(1)),Int(0,1))),
+Direct(Tid(2_476, "%000009ac"))), Goto(Tid(4_944, "%00001350"), Attrs([]),
+ Int(1,1), Direct(Tid(3_135, "%00000c3f")))])), Blk(Tid(3_135, "%00000c3f"),
+ Attrs([Attr("address","0x400A8C")]), Phis([]),
+Defs([Def(Tid(3_138, "%00000c42"), Attrs([Attr("address","0x400A8C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_144, "%00000c48"), Attrs([Attr("address","0x400A90"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_151, "%00000c4f"),
+ Attrs([Attr("address","0x400A94"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_157, "%00000c55"), Attrs([Attr("address","0x400A98"),
+Attr("insn","add w1, w0, #0x1")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1,32)))),
+Def(Tid(3_162, "%00000c5a"), Attrs([Attr("address","0x400A9C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_168, "%00000c60"), Attrs([Attr("address","0x400AA0"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_176, "%00000c68"),
+ Attrs([Attr("address","0x400AA4"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_945, "%00001351"), Attrs([]), Int(1,1),
+Direct(Tid(2_476, "%000009ac")))])), Blk(Tid(2_476, "%000009ac"),
+ Attrs([Attr("address","0x400AA8")]), Phis([]),
+Defs([Def(Tid(2_484, "%000009b4"), Attrs([Attr("address","0x400AA8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_490, "%000009ba"), Attrs([Attr("address","0x400AAC"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_497, "%000009c1"),
+ Attrs([Attr("address","0x400AB0"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_503, "%000009c7"), Attrs([Attr("address","0x400AB4"),
+Attr("insn","cmn w0, #0x1")]), Var("#17",Imm(32)),
+PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1,32))),
+Def(Tid(2_508, "%000009cc"), Attrs([Attr("address","0x400AB4"),
+Attr("insn","cmn w0, #0x1")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,Var("#17",Imm(32))),PLUS(SIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(1,33)))),
+Def(Tid(2_513, "%000009d1"), Attrs([Attr("address","0x400AB4"),
+Attr("insn","cmn w0, #0x1")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,Var("#17",Imm(32))),PLUS(UNSIGNED(33,Extract(31,0,Var("R0",Imm(64)))),Int(1,33)))),
+Def(Tid(2_517, "%000009d5"), Attrs([Attr("address","0x400AB4"),
+Attr("insn","cmn w0, #0x1")]), Var("ZF",Imm(1)),
+EQ(Var("#17",Imm(32)),Int(0,32))), Def(Tid(2_521, "%000009d9"),
+ Attrs([Attr("address","0x400AB4"), Attr("insn","cmn w0, #0x1")]),
+ Var("NF",Imm(1)), Extract(31,31,Var("#17",Imm(32))))]),
+Jmps([Goto(Tid(2_527, "%000009df"), Attrs([Attr("address","0x400AB8"),
+Attr("insn","b.ne #0x20")]), NEQ(Var("ZF",Imm(1)),Int(1,1)),
+Direct(Tid(2_525, "%000009dd"))), Goto(Tid(4_946, "%00001352"), Attrs([]),
+ Int(1,1), Direct(Tid(3_092, "%00000c14")))])), Blk(Tid(3_092, "%00000c14"),
+ Attrs([Attr("address","0x400ABC")]), Phis([]),
+Defs([Def(Tid(3_095, "%00000c17"), Attrs([Attr("address","0x400ABC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_101, "%00000c1d"), Attrs([Attr("address","0x400AC0"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_108, "%00000c24"),
+ Attrs([Attr("address","0x400AC4"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_114, "%00000c2a"), Attrs([Attr("address","0x400AC8"),
+Attr("insn","add w1, w0, #0x1")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1,32)))),
+Def(Tid(3_119, "%00000c2f"), Attrs([Attr("address","0x400ACC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_125, "%00000c35"), Attrs([Attr("address","0x400AD0"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_133, "%00000c3d"),
+ Attrs([Attr("address","0x400AD4"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_947, "%00001353"), Attrs([]), Int(1,1),
+Direct(Tid(2_525, "%000009dd")))])), Blk(Tid(2_525, "%000009dd"),
+ Attrs([Attr("address","0x400AD8")]), Phis([]),
+Defs([Def(Tid(2_533, "%000009e5"), Attrs([Attr("address","0x400AD8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_539, "%000009eb"), Attrs([Attr("address","0x400ADC"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_546, "%000009f2"),
+ Attrs([Attr("address","0x400AE0"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_551, "%000009f7"), Attrs([Attr("address","0x400AE4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_557, "%000009fd"), Attrs([Attr("address","0x400AE8"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_564, "%00000a04"),
+ Attrs([Attr("address","0x400AEC"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_570, "%00000a0a"), Attrs([Attr("address","0x400AF0"),
+Attr("insn","cmp w1, w0")]), Var("#18",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_575, "%00000a0f"),
+ Attrs([Attr("address","0x400AF0"), Attr("insn","cmp w1, w0")]),
+ Var("#19",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_581, "%00000a15"), Attrs([Attr("address","0x400AF0"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#19",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#18",Imm(32)))),Int(1,33)))),
+Def(Tid(2_587, "%00000a1b"), Attrs([Attr("address","0x400AF0"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#19",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#18",Imm(32)))),Int(1,33)))),
+Def(Tid(2_591, "%00000a1f"), Attrs([Attr("address","0x400AF0"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#19",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_595, "%00000a23"), Attrs([Attr("address","0x400AF0"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#19",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_601, "%00000a29"), Attrs([Attr("address","0x400AF4"),
+Attr("insn","b.lo #0x2c")]), NEQ(Var("CF",Imm(1)),Int(1,1)),
+Direct(Tid(2_599, "%00000a27"))), Goto(Tid(4_948, "%00001354"), Attrs([]),
+ Int(1,1), Direct(Tid(3_030, "%00000bd6")))])), Blk(Tid(3_030, "%00000bd6"),
+ Attrs([Attr("address","0x400AF8")]), Phis([]),
+Defs([Def(Tid(3_033, "%00000bd9"), Attrs([Attr("address","0x400AF8"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_039, "%00000bdf"), Attrs([Attr("address","0x400AFC"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(3_046, "%00000be6"),
+ Attrs([Attr("address","0x400B00"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_051, "%00000beb"), Attrs([Attr("address","0x400B04"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_057, "%00000bf1"), Attrs([Attr("address","0x400B08"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_064, "%00000bf8"),
+ Attrs([Attr("address","0x400B0C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_071, "%00000bff"), Attrs([Attr("address","0x400B10"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_076, "%00000c04"), Attrs([Attr("address","0x400B14"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_082, "%00000c0a"), Attrs([Attr("address","0x400B18"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_090, "%00000c12"),
+ Attrs([Attr("address","0x400B1C"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_949, "%00001355"), Attrs([]), Int(1,1),
+Direct(Tid(2_599, "%00000a27")))])), Blk(Tid(2_599, "%00000a27"),
+ Attrs([Attr("address","0x400B20")]), Phis([]),
+Defs([Def(Tid(2_607, "%00000a2f"), Attrs([Attr("address","0x400B20"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_613, "%00000a35"), Attrs([Attr("address","0x400B24"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_620, "%00000a3c"),
+ Attrs([Attr("address","0x400B28"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_625, "%00000a41"), Attrs([Attr("address","0x400B2C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_631, "%00000a47"), Attrs([Attr("address","0x400B30"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_638, "%00000a4e"),
+ Attrs([Attr("address","0x400B34"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_644, "%00000a54"), Attrs([Attr("address","0x400B38"),
+Attr("insn","cmp w1, w0")]), Var("#20",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_649, "%00000a59"),
+ Attrs([Attr("address","0x400B38"), Attr("insn","cmp w1, w0")]),
+ Var("#21",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_655, "%00000a5f"), Attrs([Attr("address","0x400B38"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#21",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#20",Imm(32)))),Int(1,33)))),
+Def(Tid(2_661, "%00000a65"), Attrs([Attr("address","0x400B38"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#21",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#20",Imm(32)))),Int(1,33)))),
+Def(Tid(2_665, "%00000a69"), Attrs([Attr("address","0x400B38"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#21",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_669, "%00000a6d"), Attrs([Attr("address","0x400B38"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#21",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_676, "%00000a74"), Attrs([Attr("address","0x400B3C"),
+Attr("insn","b.hi #0x2c")]),
+ AND(EQ(Var("CF",Imm(1)),Int(1,1)),EQ(Var("ZF",Imm(1)),Int(0,1))),
+Direct(Tid(2_674, "%00000a72"))), Goto(Tid(4_950, "%00001356"), Attrs([]),
+ Int(1,1), Direct(Tid(2_968, "%00000b98")))])), Blk(Tid(2_968, "%00000b98"),
+ Attrs([Attr("address","0x400B40")]), Phis([]),
+Defs([Def(Tid(2_971, "%00000b9b"), Attrs([Attr("address","0x400B40"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_977, "%00000ba1"), Attrs([Attr("address","0x400B44"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_984, "%00000ba8"),
+ Attrs([Attr("address","0x400B48"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_989, "%00000bad"), Attrs([Attr("address","0x400B4C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_995, "%00000bb3"), Attrs([Attr("address","0x400B50"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_002, "%00000bba"),
+ Attrs([Attr("address","0x400B54"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(3_009, "%00000bc1"), Attrs([Attr("address","0x400B58"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(3_014, "%00000bc6"), Attrs([Attr("address","0x400B5C"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(3_020, "%00000bcc"), Attrs([Attr("address","0x400B60"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(3_028, "%00000bd4"),
+ Attrs([Attr("address","0x400B64"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_951, "%00001357"), Attrs([]), Int(1,1),
+Direct(Tid(2_674, "%00000a72")))])), Blk(Tid(2_674, "%00000a72"),
+ Attrs([Attr("address","0x400B68")]), Phis([]),
+Defs([Def(Tid(2_682, "%00000a7a"), Attrs([Attr("address","0x400B68"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_688, "%00000a80"), Attrs([Attr("address","0x400B6C"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_695, "%00000a87"),
+ Attrs([Attr("address","0x400B70"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_700, "%00000a8c"), Attrs([Attr("address","0x400B74"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_706, "%00000a92"), Attrs([Attr("address","0x400B78"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_713, "%00000a99"),
+ Attrs([Attr("address","0x400B7C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_719, "%00000a9f"), Attrs([Attr("address","0x400B80"),
+Attr("insn","cmp w1, w0")]), Var("#22",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_724, "%00000aa4"),
+ Attrs([Attr("address","0x400B80"), Attr("insn","cmp w1, w0")]),
+ Var("#23",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_730, "%00000aaa"), Attrs([Attr("address","0x400B80"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#23",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#22",Imm(32)))),Int(1,33)))),
+Def(Tid(2_736, "%00000ab0"), Attrs([Attr("address","0x400B80"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#23",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#22",Imm(32)))),Int(1,33)))),
+Def(Tid(2_740, "%00000ab4"), Attrs([Attr("address","0x400B80"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#23",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_744, "%00000ab8"), Attrs([Attr("address","0x400B80"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#23",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_750, "%00000abe"), Attrs([Attr("address","0x400B84"),
+Attr("insn","b.hs #0x2c")]), EQ(Var("CF",Imm(1)),Int(1,1)),
+Direct(Tid(2_748, "%00000abc"))), Goto(Tid(4_952, "%00001358"), Attrs([]),
+ Int(1,1), Direct(Tid(2_906, "%00000b5a")))])), Blk(Tid(2_906, "%00000b5a"),
+ Attrs([Attr("address","0x400B88")]), Phis([]),
+Defs([Def(Tid(2_909, "%00000b5d"), Attrs([Attr("address","0x400B88"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_915, "%00000b63"), Attrs([Attr("address","0x400B8C"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_922, "%00000b6a"),
+ Attrs([Attr("address","0x400B90"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_927, "%00000b6f"), Attrs([Attr("address","0x400B94"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_933, "%00000b75"), Attrs([Attr("address","0x400B98"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_940, "%00000b7c"),
+ Attrs([Attr("address","0x400B9C"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_947, "%00000b83"), Attrs([Attr("address","0x400BA0"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_952, "%00000b88"), Attrs([Attr("address","0x400BA4"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_958, "%00000b8e"), Attrs([Attr("address","0x400BA8"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_966, "%00000b96"),
+ Attrs([Attr("address","0x400BAC"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_953, "%00001359"), Attrs([]), Int(1,1),
+Direct(Tid(2_748, "%00000abc")))])), Blk(Tid(2_748, "%00000abc"),
+ Attrs([Attr("address","0x400BB0")]), Phis([]),
+Defs([Def(Tid(2_756, "%00000ac4"), Attrs([Attr("address","0x400BB0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_762, "%00000aca"), Attrs([Attr("address","0x400BB4"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_769, "%00000ad1"),
+ Attrs([Attr("address","0x400BB8"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_774, "%00000ad6"), Attrs([Attr("address","0x400BBC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_780, "%00000adc"), Attrs([Attr("address","0x400BC0"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_787, "%00000ae3"),
+ Attrs([Attr("address","0x400BC4"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_793, "%00000ae9"), Attrs([Attr("address","0x400BC8"),
+Attr("insn","cmp w1, w0")]), Var("#24",Imm(32)),
+NOT(Extract(31,0,Var("R0",Imm(64))))), Def(Tid(2_798, "%00000aee"),
+ Attrs([Attr("address","0x400BC8"), Attr("insn","cmp w1, w0")]),
+ Var("#25",Imm(32)),
+PLUS(Extract(31,0,Var("R1",Imm(64))),NOT(Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_804, "%00000af4"), Attrs([Attr("address","0x400BC8"),
+Attr("insn","cmp w1, w0")]), Var("VF",Imm(1)),
+NEQ(SIGNED(33,PLUS(Var("#25",Imm(32)),Int(1,32))),PLUS(PLUS(SIGNED(33,Extract(31,0,Var("R1",Imm(64)))),SIGNED(33,Var("#24",Imm(32)))),Int(1,33)))),
+Def(Tid(2_810, "%00000afa"), Attrs([Attr("address","0x400BC8"),
+Attr("insn","cmp w1, w0")]), Var("CF",Imm(1)),
+NEQ(UNSIGNED(33,PLUS(Var("#25",Imm(32)),Int(1,32))),PLUS(PLUS(UNSIGNED(33,Extract(31,0,Var("R1",Imm(64)))),UNSIGNED(33,Var("#24",Imm(32)))),Int(1,33)))),
+Def(Tid(2_814, "%00000afe"), Attrs([Attr("address","0x400BC8"),
+Attr("insn","cmp w1, w0")]), Var("ZF",Imm(1)),
+EQ(PLUS(Var("#25",Imm(32)),Int(1,32)),Int(0,32))),
+Def(Tid(2_818, "%00000b02"), Attrs([Attr("address","0x400BC8"),
+Attr("insn","cmp w1, w0")]), Var("NF",Imm(1)),
+Extract(31,31,PLUS(Var("#25",Imm(32)),Int(1,32))))]),
+Jmps([Goto(Tid(2_825, "%00000b09"), Attrs([Attr("address","0x400BCC"),
+Attr("insn","b.ls #0x2c")]),
+ NOT(AND(EQ(Var("CF",Imm(1)),Int(1,1)),EQ(Var("ZF",Imm(1)),Int(0,1)))),
+Direct(Tid(2_823, "%00000b07"))), Goto(Tid(4_954, "%0000135a"), Attrs([]),
+ Int(1,1), Direct(Tid(2_844, "%00000b1c")))])), Blk(Tid(2_844, "%00000b1c"),
+ Attrs([Attr("address","0x400BD0")]), Phis([]),
+Defs([Def(Tid(2_847, "%00000b1f"), Attrs([Attr("address","0x400BD0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_853, "%00000b25"), Attrs([Attr("address","0x400BD4"),
+Attr("insn","add x0, x0, #0x34")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(52,64))), Def(Tid(2_860, "%00000b2c"),
+ Attrs([Attr("address","0x400BD8"), Attr("insn","ldr w1, [x0]")]),
+ Var("R1",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_865, "%00000b31"), Attrs([Attr("address","0x400BDC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_871, "%00000b37"), Attrs([Attr("address","0x400BE0"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_878, "%00000b3e"),
+ Attrs([Attr("address","0x400BE4"), Attr("insn","ldr w0, [x0]")]),
+ Var("R0",Imm(64)),
+UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))),
+Def(Tid(2_885, "%00000b45"), Attrs([Attr("address","0x400BE8"),
+Attr("insn","add w1, w1, w0")]), Var("R1",Imm(64)),
+UNSIGNED(64,PLUS(Extract(31,0,Var("R1",Imm(64))),Extract(31,0,Var("R0",Imm(64)))))),
+Def(Tid(2_890, "%00000b4a"), Attrs([Attr("address","0x400BEC"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(2_896, "%00000b50"), Attrs([Attr("address","0x400BF0"),
+Attr("insn","add x0, x0, #0x38")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(56,64))), Def(Tid(2_904, "%00000b58"),
+ Attrs([Attr("address","0x400BF4"), Attr("insn","str w1, [x0]")]),
+ Var("mem",Mem(64,8)),
+Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32))]),
+Jmps([Goto(Tid(4_955, "%0000135b"), Attrs([]), Int(1,1),
+Direct(Tid(2_823, "%00000b07")))])), Blk(Tid(2_823, "%00000b07"),
+ Attrs([Attr("address","0x400BF8")]), Phis([]),
+Defs([Def(Tid(2_831, "%00000b0f"), Attrs([Attr("address","0x400BF8"),
+Attr("insn","mov w0, #0x0")]), Var("R0",Imm(64)), Int(0,64)),
+Def(Tid(2_837, "%00000b15"), Attrs([Attr("address","0x400BFC"),
+Attr("insn","add sp, sp, #0x10")]), Var("R31",Imm(64)),
+PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(2_842, "%00000b1a"),
+ Attrs([Attr("address","0x400C00"), Attr("insn","ret")]), Int(1,1),
+(Indirect(Var("R30",Imm(64))),))]))])),
+Sub(Tid(4_956, "@register_tm_clones"),
+ Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x4006D0")]),
+ "register_tm_clones", Args([Arg(Tid(4_979, "%00001373"),
+ Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"),
+Attr("c.type","signed")]), Var("register_tm_clones_result",Imm(32)),
+LOW(32,Var("R0",Imm(64))), Out())]),
+Blks([Blk(Tid(4_003, "@register_tm_clones"),
+ Attrs([Attr("address","0x4006D0")]), Phis([]),
+Defs([Def(Tid(4_006, "%00000fa6"), Attrs([Attr("address","0x4006D0"),
+Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(4325376,64)),
+Def(Tid(4_012, "%00000fac"), Attrs([Attr("address","0x4006D4"),
+Attr("insn","add x0, x0, #0x28")]), Var("R0",Imm(64)),
+PLUS(Var("R0",Imm(64)),Int(40,64))), Def(Tid(4_017, "%00000fb1"),
+ Attrs([Attr("address","0x4006D8"), Attr("insn","adrp x1, #0x20000")]),
+ Var("R1",Imm(64)), Int(4325376,64)), Def(Tid(4_023, "%00000fb7"),
+ Attrs([Attr("address","0x4006DC"), Attr("insn","add x1, x1, #0x28")]),
+ Var("R1",Imm(64)), PLUS(Var("R1",Imm(64)),Int(40,64))),
+Def(Tid(4_030, "%00000fbe"), Attrs([Attr("address","0x4006E0"),
+Attr("insn","sub x1, x1, x0")]), Var("R1",Imm(64)),
+PLUS(PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64)))),Int(1,64))),
+Def(Tid(4_036, "%00000fc4"), Attrs([Attr("address","0x4006E4"),
+Attr("insn","lsr x2, x1, #63")]), Var("R2",Imm(64)),
+Concat(Int(0,63),Extract(63,63,Var("R1",Imm(64))))),
+Def(Tid(4_043, "%00000fcb"), Attrs([Attr("address","0x4006E8"),
+Attr("insn","add x1, x2, x1, asr #3")]), Var("R1",Imm(64)),
+PLUS(Var("R2",Imm(64)),ARSHIFT(Var("R1",Imm(64)),Int(3,3)))),
+Def(Tid(4_049, "%00000fd1"), Attrs([Attr("address","0x4006EC"),
+Attr("insn","asr x1, x1, #1")]), Var("R1",Imm(64)),
+SIGNED(64,Extract(63,1,Var("R1",Imm(64)))))]),
+Jmps([Goto(Tid(4_055, "%00000fd7"), Attrs([Attr("address","0x4006F0"),
+Attr("insn","cbz x1, #0x18")]), EQ(Var("R1",Imm(64)),Int(0,64)),
+Direct(Tid(4_053, "%00000fd5"))), Goto(Tid(4_957, "%0000135d"), Attrs([]),
+ Int(1,1), Direct(Tid(4_172, "%0000104c")))])), Blk(Tid(4_172, "%0000104c"),
+ Attrs([Attr("address","0x4006F4")]), Phis([]),
+Defs([Def(Tid(4_175, "%0000104f"), Attrs([Attr("address","0x4006F4"),
+Attr("insn","adrp x2, #0x1f000")]), Var("R2",Imm(64)), Int(4321280,64)),
+Def(Tid(4_182, "%00001056"), Attrs([Attr("address","0x4006F8"),
+Attr("insn","ldr x2, [x2, #0xfe0]")]), Var("R2",Imm(64)),
+Load(Var("mem",Mem(64,8)),PLUS(Var("R2",Imm(64)),Int(4064,64)),LittleEndian(),64))]),
+Jmps([Goto(Tid(4_187, "%0000105b"), Attrs([Attr("address","0x4006FC"),
+Attr("insn","cbz x2, #0xc")]), EQ(Var("R2",Imm(64)),Int(0,64)),
+Direct(Tid(4_053, "%00000fd5"))), Goto(Tid(4_958, "%0000135e"), Attrs([]),
+ Int(1,1), Direct(Tid(4_191, "%0000105f")))])), Blk(Tid(4_053, "%00000fd5"),
+ Attrs([Attr("address","0x400708")]), Phis([]), Defs([]),
+Jmps([Call(Tid(4_061, "%00000fdd"), Attrs([Attr("address","0x400708"),
+Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])),
+Blk(Tid(4_191, "%0000105f"), Attrs([Attr("address","0x400700")]), Phis([]),
+Defs([Def(Tid(4_195, "%00001063"), Attrs([Attr("address","0x400700"),
+Attr("insn","mov x16, x2")]), Var("R16",Imm(64)), Var("R2",Imm(64)))]),
+Jmps([Call(Tid(4_200, "%00001068"), Attrs([Attr("address","0x400704"),
+Attr("insn","br x16")]), Int(1,1),
+(Indirect(Var("R16",Imm(64))),))]))]))])))
\ No newline at end of file
diff --git a/examples/conds/conds.c b/examples/conds/conds.c
new file mode 100644
index 000000000..faf221829
--- /dev/null
+++ b/examples/conds/conds.c
@@ -0,0 +1,86 @@
+
+
+#include <stdio.h>
+int x = 0;
+volatile int r = 0;
+volatile unsigned z;
+volatile unsigned y;
+
+int main(int argc, char **argv)  {
+  x = argc;
+  y = argc;
+  z = argc;
+
+  if (x < 0) {
+    x = r;
+  }
+
+  if (x > 0) {
+    x = r;
+  }
+
+  if (x < 5) {
+    x += r;
+  }
+
+  if (x <= 8) {
+    x += r;
+  }
+
+
+  if (x >= 100) {
+    x += r;
+  }
+
+
+  if (x > 1000) {
+    x += r;
+  }
+
+
+  if (x < r) {
+    x += r * 10;
+  }
+  if (x <= r + 100) {
+    x += r * r;
+  }
+  if (x > r + 1000) {
+    x += 2 * r + r;
+  }
+  if (x >= r + 2000) {
+    x += r + r;
+  }
+
+  if (y < 0) {
+    y += 1;
+  }
+
+  if (y <= 0) {
+    y += 2;
+  }
+
+  if (y <= 1000) {
+    y += 1;
+  }
+
+  if (y >= -1) {
+    y += 1;
+  }
+
+  if (y >= z) {
+    y += z;
+  }
+
+  if (y <= z) {
+    y += z;
+  }
+  if (y < z) {
+    y += z;
+  }
+  if (y > z) {
+    y += z;
+  }
+
+
+}
+
diff --git a/examples/conds/conds.gts b/examples/conds/conds.gts
new file mode 100644
index 0000000000000000000000000000000000000000..39e8ad2a51d339bf4fc834ae4ef65eb0c9543a8a
GIT binary patch
literal 150780
zcmeEP2S8I-7Y<8fa708!6h&MZ5fk=sB!oZ+VFwv%V+dg=gcYXR;@%2Qa3F3}R8Ude
zw6%_^RqL#KRjIW~)eh_6zi)-)B`*(fwtv!Ml6&qv_uO;O`R=(dG<utys?=q}d47}c
zU#gh)wBK&ag}+m2bb0aB-J2c=qy;Yn?W50?UNdVYO_9fD*r#MFYz>($JsQ3W%xLtd
z;RXBaOa;dlZ+Eq)B<$NJ=t`s0TP~YhJcF&6_-K0DaEYC>WlN+6slbv(4>GT4LqF}K
zm}&Ry%qn@9xn&D!x`Jh&BIr(|d%nq`_`l{PE_V`+>UZz<LQ5K;#mM3l<$&IeM&FfQ
z^vLkLAYSE#R|oq2omXK=1$3D_7EnRW;T_M6C_EQbKkL^oj^w+4mj>6Ih|nUYURg77
zF88PP8zM|<rBAxTG^kcr8vW9kUrdX|0f&~>md{KHVh>}`y}AdUJJdGdaQVD1Icr}y
zm{_(Ki<1&#q~Z*PBwZm+mL$pr18DSN?R-YQx+XZf`$_cp#rJPHGw8qGzH@ov1@B#J
z(_>ro*f6`lrHLdaC0zkAYWjJ`4_%H1#IOBxT6xF2MwJ2%jeaMeb#Ql#Pu#|SyI%9Y
zxVMNw_dFf`?N=3oGc)H-+S2ltglXAT>?aBk$I8+H7cvyGbWs2|DMc<5Nn(;@f?+iJ
z?JkmsNlOHwMRm&y%VWP?%%IzHbHYzm``(&rUs%<)WLBDG7q|+o6*$r8=gqq3wLK}Q
z*fXo(E2r#svl#U2=lrNX`M%<L*ROVuulkl^*;Xu$Pfn4eqZbSMfKnzg(%VwM@ulfT
zJCklt34}P5E=!V#6H}8ENJc>~8hyNz-IfjW0)uyqPTFyC72}*`JJoDp=Ae0dA-pkY
zugGuf(l+ZZN6zoQgHEwDwik+-f<ZKT*`5I|>=xb?TYg{oWZA$(Dud2_Qysj`&Ts1C
z#Ql|y?)|bYTZzSzm_)Hc5-(uU=>J?^<q{ar-7+m9(dqTxZN}OPfXbbiOb4kO(*SBC
z_rQoXbLaDHx0Ljd96ne%l0mP|?${}6FkiIo;nX^ZuC{E;R!9+NN2XvfjsAsqzf~S{
zygk<@Z|y+)om$19A3pfRc==Vqij}nNy1jiI_gi*S9Va3+(v;L(NNRp-e`LM23omu;
zP^Z|NC&F0_dWF@BsDP{Nt(%T-$UC#J+ZIa`aiTm?A@HElcZ5Fdn&#x=v3}qx)5@X#
z8Co)%t2PB#Dux>Z<2oGvMeT)&-kigmVm+U+nSKoV)s~#DW;cXYhpcM*NmpJID907c
z6fkLY^OW#YH|B8a4(>3G+7QUgVbCq7opH(c;)Is<U;Rf1-}#FyX+GhB5c8a6aEVy|
zuSQ>y`rKJXEioN?ET;{FPJK0p8NS}nVdCY>J4L4-Z&a3WVZsyY_g7Axq^Hn%_x=;V
zbHCg=n?au<*dK7{ji2i(#x3D^yEZ>!opNEpO_(um2fe(?8C19`QDFL8MKXgPu<=D_
z$K^g%d*}5qZ0o(czM%;RrofIyuNd0F_;G}9%{IlVtSA0_(8NEMnThlF@s3rd&^8S$
zc^+@s0u@mpFu4T}q`e#jZ>O6n`uaJX>%*WwT37yv`znyNe#ZH&qq3%ESelB(+3Av0
zWZe&;(Z$_NTMnx9?>zHHd{Vo!k}w86yXysyVePrW1+&L_wR*ecpk-%qY!b8}Qlt`v
z3~Ee~C>5tB$^;HHdaK%v;~%$S3)gtOb=@9!;{k)7nl-IgYWu($`#JJ;j3dlrmaV0d
zq$F{+Ofps+Cx>J-GsVl~l87%}(yf;uB6;~g4En>&Cq_jkUY14U2Txy=v-Gu+ZSGEx
z;9P#%FCzGKK>PxSUZtHq*RmP(?y>ZXCKr4<?akm04jS?1M@#btts+(=i=~iW$$%Q0
zA}?g}(t{W?^DZ*;L#u8u=;el^{}|mj=$A!@4_=!T`ZG(}m{cloqtS2ue*8esJ%Y}&
zZC~FWUb?I`gT7%&k8j_M=Ki&V`>?Z5?d5b!Gfe-eH+9G_?_ql?drMJ=zwW+_bP+M=
zf4rJleW7>Imf0um0xz9tKM!llmFXt%q|q5uCT%Oe5m2<q@a4E~=!NwR`n($xR!-W+
z`(a{MwQt8`^M+e?6pLe1#PLZfF_I*4tRf{nLoCV6fd*#GGOIQW^sQZJ9$%gk^OXUE
zz9aq2>-{xBzpQv!RWsRrh^ewQM<+;|bnhYy3SP+;&Tapt(A9tDOa^^@SNaRfD_)At
z-I=pH&8u2tX&RR<NtTIYGn12Z1q>R!{J_!+u|orl*XFMraL{Ue2L`=sje@)Wi6DFO
zq|E`H4km?I8p9h1=ud1pecLw-|LMDotzVp&6JXAu)3>)-Fsa1HwfbVwl!9YlexvM<
zL<$WcYz%c}L2F*G#Z_DWoRQPABZGeA*DDvsd3%kYIcADzie$u3$^x-&P=U*|&Am3>
z5%yTHc?c{1=yyvQ^fpI_IZsJs=WU$o@a4$mqA#%mZY(FL0RQOsb6fW2ez&f!#F`eo
zya$6G7rSEfx_R6U)khDU<@`K&t+IeKyr9R;^N>7f8?a%~cBg-;9V2dn4QO~jRz1)6
zm+k9b&YRcr>JViCH+T#kWIrVD<Z-6&aZ}8B7SMh@gYIza*hI!@?>kj1#mo37e(kI*
zAce;uS$n_uOt#?J!86x;%9qb^XVA^hy{NTV=eKkIc>1GD>pOSF3b;GKW7tkve!sXI
z_tjpjHW}GRic1*u*;|~;Y-afgre%y<mbgeVU0J{l9>e6>kNlZ#0V6hUY=5V%>8P^|
z`Ve2YbuEjzH#geczHK7BIZ;^v=sm!t9Xp2CPx#aC`m$MrecV^Nwr9{;eJay8)cW~X
z#=D2D-nv4$Wk?+1L7PrEQPsJJFn#)y%8s$TzS9`=A7Ur7<=nubm7Pc3phm3_VJ%2p
z;X(g?@9~hxQ+&?K(z|^hJDe~9^YBlG;a5ez2dAawO-MK#9HcBDfeX-oJX?J$n)}_v
z?1f%~*A|0aY+A(iNiC|qBgzYoEn8sU`>wJ8A{q`WTeK;x_8K;GzGHs3B|Gf_mzKB;
zlV-8S3qwyEOSYvdS9uK3t6<P4Rv+qc{+8dA$+VU~_i_pb*2>1vA0Av9?PYlAi;Ak&
zizQiD3o$Nmm-ubGp5Gb}L@%{DI@&r(3``4`x6TPR>_D?g#i#aUm2adf3&g-J6wNGJ
z_O_hgZGG~li#Pw_W-{pa`(36y=di6xo>mzQTT}kCvOt_0w3qr6t$R4*V!-S|J167%
zv7T-WdQYFl8;ZO5y38&%4cgnoBp>XhabPor`rmUX_2%se-t%S8Vpdy7@~<-JVM~8x
zrS4~cRh&F0K55gbOssY(*m{6zv|z?izt&;A-{&nod1hKU-wqfCCYSOowsPy1|2D(I
z@MWv>z%=p;0_r_BQ7+ERki|mH<Q=~u*<r!{^}y1?g?&~%2TDex6lzXLS#FT_d?WvB
zcE&0H#HD9`YjvaKVhaYnz{qvtnY;dps~`N9w&3lM&X#6kv2S3wn8z3UgmMCSV!n4M
z)YNJDz~z=hc>m0Pc+=(PlHpw$^iB4M7G3i5{$s(Z(|ecBTN$7nkt@71THLXypDbhd
zpLW!Q&+6m1n?c|CsH6283*U|#{~m2{^Q>h{WdS#M3NyMF3K>@32R7|@oVKY&oiBqf
z^E$KO<ZJe-&A(aLZE9=vtFnLup29xY=gcjs;RLSp%FNgj?=_!6zy0X$Pf0iZFYS#K
zpNh!!IEfXA1qOj5jUMB?aFifB;Q98>N4v~h8+x5V?|1*m?RnRDE_;Vqr&!$CbHcKX
z7#%h*&|54Pc+=?FqjD_5&kJ^MZu=%A*g=}hpx;>^aU!|IxBH@zljK=_6MnJmE*7h3
zX4s$-OVZONxnh}Ik)A6M(&!EjbKh2s_px65JfQz9zs;dw+d5e5P}$9U|3q0=*;wbo
zD$BlF_Yzp7)M^9P6FYkR-q=|GM<s2eXQn(0iPcgYRqP!V$O-V{0>cyRWfRU)(mO`^
zY}>PakLcdLbKf!OQ-eldF(}|nU1$>C^~SQeeqb;26$W{6gyJ9{pD><CEaG?xd17ep
zC#<NLBHF;duwYE`@#%^)z-uwyd&c9et$$eczV&5~2DWxU7|n`{1J)fVaC2x>meUG;
zL4Kc;;fK#%7|)<b7&}eMdCdQQ(xtx~7M>b*v7rDw_Xi*SG-1nJ|HCW%M=v?}+Zic?
zzRY)D$CN-nw~0@^QZhOZ9HuOQXvKksBM$c(=4V_cI`oZ$c+@}!{jqG~uT^_Fzm+U=
zF6Ez0c-v3_ZsAz<fZ;Dz`t8_w)V+AOXegKfZt1=H`SrX>RnLwutEkK@QWgN~9gM-e
zr%lzRVLYP+ljnCTy<@qLL1%o~qDy}3fQn5;ZTI}1|5}O^aA1NLRN(3c=8br3Zt9|k
zZ~fC1q5=lpH#~a?r7o~#MNQ<D*4v(1G!%ea5VmVQvgRi5`P891Hzoyj1NOzlsq7~O
z-Pk9~i%%v^7|`v!vH(yLz?!p{`d?Td9CT@Ar!@y#kA9lPpvRm(LYdq`cxls;p^p8h
z&EI0#8VHd@Awg|UAS!qKX8hBe;s4{VEzYG2`=zn8l%c7V0IhH`7qbp84PZ`Z7;WC%
zNAi?GHywPrlha(^Gy8r_x;N0m!whaEBSoAbk;ekp5RBa_YU4kq_WbZ^R-PdS?Yn=k
zr3|cy0JDICx2Ms6{`zp)n)-lC1^gA<lSzl@S_-rf%b<<{`32UIYb}GCdz0ODpGVok
z8rLmgQ){s{`nQO#e!Tf}r)^j^vd22ebdJf$Kt~Q%`?=^D7K(dpm(_08tsOeHGu2WA
ztafD)u-ZW(oBn0|ig7*}ld3pvGNyk6TmX&1gLZ&tEQS>X(z)z*Bj?7L2i}-7^N;TK
z^5bDzS~8WUB&R0H6tY-*rl22<Zk_YD(aKf4PWyIN<vfV$-Je0fmf}5U!*HMAg?+x3
z3y0r7Vrh^AWi*{%F!g+if5@KX!PO-}XBZ6n=>@~mTu-u3FEf0)U_^_y4=fGRp^V)7
z-2V0_`MDF{mU60$<-ov8@GI)sE>bXO$NmLF%^lVzTN>m+85g)#zY3Y^J8Amd+WJS|
zr&loO?XK+}=V9(!x1{5v*Iq%A8I}gQ5YPK>7?;ZK;7^-Y{astTzV;F=8L>$PZkhqa
zzVd<VTW=^0+FAN2FYsEyO0Y|4)QwIP<UNW(As{@I7ya&C+9)XA5HK&??^?n$ErnW&
zfht7`010KLi3UxY?zgB6>^lXe+fHgJK!Yb1D+4^WVbLk$mVPO`zH(ey{1R^3F)d|`
zp*ENXlMKuN*6~-?joFt1PjB#?eD~%&nIoKthdbazJd6S-;!zzq5f662iFg<%=BNRU
z9+@?G>4M*dl5MT3gTEfRt-D!E`$RcFWKtPx0d?K$4MOg5-<ic}y;dHHta)wL$<mxg
zU)*A%kNBpbcj<uQ6U@0+cUs7;4Q#8Y<Qp>O9`Zr*#GFAHz(0`<lCT^lth7XjvGOzt
zGb5H2pOx&K<LH!{?(CQy&rD1j7!Scu10|AlX@ZN>z)bmAc}li?U{azyGiPADJaeFf
zy`$SeC#OLm+n}Ualz?Wp&q%RnQ5=j6j7?%DfK@y5z{R;?ocVK~BupN(-eIR%8+&<*
zLT1nL@*4<16h=5uvo2S^@aygUYU!;<-}&w-vqc7jM_w$f!C=a!g27mOSQ}F)6gv1b
z0Dr(#0sm4cM&OSIf1;qxCj#9k@V{Q%Iq>TCHEX}|+PH46nTdUZBqM?0N2Axyzqcl}
zh1Y|<6|1j#xePA{)gOndxAU-rs%n8&X#(D%=CBvkB=#}{ACQrbqS0q9KJ4jb!aiSp
z?x?e)bYqEGD|^5zq&asQUDmVv-lZwNbBkA>{mr;n*e{^DzoF*3d31xS#Qw0Vv3I2U
zAHkgObDl0gy((zr)C;RlMtmVN2NDsRE6>PHW^4!4Te%m$sQyi0Gf{AI+=5__=b-wc
zX`uQ71CIjLE@Sn=?-0REEd}{v3<%a*(ya;7JAk~}>KR0k9~snaBO3i)Ty@)_1N}#A
zA7n9TUC;FM=%5toj9Nn)-RqL~vmtGKkMFM!z7$h)?-3*c)4`xl7<!yAq-da|6d3-b
zK*9@2p$o-V=;y^1JJ_>al^-3QC?9Agc&OByn(EGSPIXRBh>3AwxiY2F_&8>wv%5p8
zGczmK-Q7XQ+KQJ-2eKUP9qgH4UBwI{T!hf#qv(KZ0ee(oR3s|~i>Ttds00Vo=rzR)
zo<|r5PAwFyNgr|H9L=mXEWuf_^o+z5Iio*t%68u$ljh{Lwwyg@oZRB27);2snP5U%
zd$gud41o|EfMsZa)|f@3&!BLE6HWcMt%>RE_xw;)uvuHx8pY|102-b4{jxPhPQuQ+
z!W1`>7hIkN>dc=7>STH_4M3e;fNVia9eOP-TmqJ*5v3RS45jUYzZ+8QAtHDoa#aT;
zCp791e`AgR@`L7keyCjYhZ$Im5MT_g7{*CJpE&JB%LlgH9t+yt-<%Y+Y(AoM@JOr$
z)y#rQg;eX!EwyV}Z1g!_WP5r`!J!|XTF?Q-0-}r`f3Rrx8h&}%jEX@=|LpTST*exr
z)P?Z-?~LN#SVpVcy?|dg9xlU#DA%mMatoQni`~}B@rH5v>GN<IH;6KBW@uE+KEdFk
z=}RBFEI%4%LAM0$n3<cInQ55RfWky5c-z^s6OxX%+5u}TAlC9d_-E@mFv|>pZiCbq
z_PU~y4yi%xbz3DJQi<5Bf#q$sew}B2iOrmx8rLpAI_eh2asbi8EO*`_c=cj3e^yCZ
z#oiwitnCn%<FV`pme;T^Z?zon&)66--@|PKZFU38=U<*|QnN?M++1*_<Ac$yBN|v<
z^8Hb+Bj4wj{ntl@9o%P>*}!tk)^e}Qj_fsyUwq9LUUi(?!1B~B6|p~5v7a57)F(Up
z?8Ru9<tStE_BqB_yl2obNq83ku>5b7<rIn+%r!&6a-bNMFRDtqD$D6A>8d*r!g9zA
z7~!&WOunx$uks~j>sNmJ0>JJDLHUe{fEN9Ix+%}W`^~=lfom@qWOK}bOaQbR2mZqh
zqC*rsT5mxGgKCY)5gtPZgQ}Sg<jBIqqKCE7#W&*)Z+c@yDFn-K(VKB!m(>`FFF6<+
z7y%35fiZwhP7X7E+{q`WbkvCD^Nr0)%#7_JnfMNnCOsCVxaV+l4sM;itNWzu6Om5h
z&jBpV!D2IqmWRog!lkc0dGg9WtF{Kz&m3&g8c?jE?&D7akeP=lc*Gy3uptT_+6Ob=
zjoRDH0$ObN8MZOJ+zwDddk_`xN}^OZgo>8|m})@<Z9-)=WU3q0R!5r_RAZzZzD>{@
zZ=@W)MzlRthVi`t<(zc(6Yx_T2S7Q#j`q4yfwCmx4G@^ykiZ0c1lIv!siRQp+Q0RE
zNxwU+(Au!aB}j;{Ke_>>puHjcCEbt$)8Owdz;_#!?=<k;3;B);+Mhfc{rWO*#{QI`
z{c{GU&U9LLX+BsE3R#YVaRJbN?`ivEiPU?~mYV*ppRP2nLL?1;RAa#e@&x!sqX#~G
ze)aGKo+RJ&Zu_Zr&VO4N1Bw$w!5`Sbnq)9UvEe?sx&9Y6@4&gv4~q-hFyS(=q~T9&
zV2U?X27ed>OLQ<qIeF+t-y6U37v+bFgAFGuCc$My5Cwl215+ZQ^)X|n$<Fv^{HQs$
zPK+7mF4N(@jfTqL&tohsz<6>X%8pfz!!AA*MlE<PP1v+>R~OKOF4QRo5Xs_|EsfJ5
zu;q%Xo`1x@9y<k8*M&L<CgIO$Kp(nL3t$rdG{&MgAnk%lL9JfjI&mPtc}vNkCwvcD
zwT0WNfk{t)d+_s{hkVwe^Cpb;?G9Xl+d2-D@P{;TTc=>s;wwvgFi!fUmQhDsi?{JQ
z1C!3eB>YJY7;zVBElj%HnG$M#L-?@pgh%P>gkgqosmCy>e{!9n#ZAHdvS`;6UmMfn
z;BLHtN%+$nxbyjj5To$tG;oDeU=sd3#v&MW;{r?yN&jNCT^rw<mAxwWWlTTAgM0WG
zCgD$JfC}tF%{PMDniB3*nbgV4V)L)x{(b(W@f)~Q5lq4#&%mY1VbT(>u1{7w1`Vvd
z^-~s=f1$?07U~8}!k^K=rD|c)LApT17|RaaR3Ql&(Zc!^T&e&lB$~!S4P0s+Oxibk
z@3Q$pLD%Lyt?0YrRMZi;)G3&RKdpgF-G)iO{K4UF>*v*f*{!cETCJMi1}-(j1ZoR^
zWMg3sI$s8pPDE`jD!=B%C|8(QQmX3KSPTZF`!ETAZUf8Vj22LZH?8`|hC2D5IdFkh
z63Jdevv32YYG4xn@CGh*A0|Z^9ym2j!p+<o*s0akQK8{*Tcs_b3h^g6aH%6O>1BT9
zUxVv{#w^)=OL+XjWh=O?*Dwixj02Br1r@4r<k_j4PcHS^KIf{_tsaj$Ub5&0dRPsU
z@Mk$N4^P3Q!pCLP|D5FaU|;#L+`^?p)8JCIFbRL41DARYldcZFb?nEH-u%f)&U-A|
zS@nZU6}5u8fj`xOdsq#VtiJ#9`p>6$h1;jpU$pGe;UGL;w_y_gXa_EpPlGDlHNkV=
zwavVB2Tb?5eq-!p1D7g;N%->}xYTi&)Z*?cT4Axzntczha>ibZ`Wh}(2b1uJJaDN3
zQ>d-+eGiTOW_-Zu!olL=%{EIX!=<WW68@yeqP3+JbxsRp2g3ty@P3L&6|}+O$(CKH
z*MWk7NO%|!km|rpLnJ)h2S{aLjX@;*u_@@vV{|jcBXy{uk%V*<-yBS}q8<Tzm9{2P
z@&R3SccGpIvaYQ(=rA<95DDKa(BVb8+q`X{v&W~5bo96j^$J+e1YKGIrc-N|x=<_7
zNx`4`gWj%diL{5GN|Zw@ba&?k${~DdP;og8sTj{8xMHxaq9yTX#(=jMh<RITs-sdX
z>T%tJnPZ}px6mrm%D`^aSfn6<log@P;sqP!VV$AQX0HRC4>gNFp9efFLzkh}ioq_3
zb{LO#10F(~F;po&LIjdel!y3I=)^!<5L8lQO1n_kp_SsN6tq`?mcsWGkf8mOpu!i#
z(p-Zo3;c;csIVHXP)l2o7Khr>=%E#Lyjd5Bf(HU@j3~gJ=|Y9HD@4b01u$%mE-hh2
zt!sr$FTNx;`?}ZreO<DHZ0%Z^XGP6N+r^I+oyUB1&EtcLz<_q?ZWFS*pf)x5YehY)
zixn1BV68(1@v&y0$s@Wp6f5csT{^Q1brG?eIi-6|uS0bSesVyUDs=0T3RLsq*8$94
z3#tMcsuu3n>KZDrt%$i>t!uekQ44fy)B@s)kLwl{$OMDt4KGPxSwMENR$1smh0G#?
zQum28DJVr`A6QZE>(Y~8o#~d5T|^5Qcw8uFG=!iF^)a!0{H<&2v!Wi*wd}i44-jp+
zz^p*ojh8IIZpd~e;OQb%S89~9pbC*f_*g|y-)(f^-~+9I_+QZ_O@NF}2EI8|yFl&@
z)KNScv<X@5TE}2P?S@eBp`V~PwdgX&*M~M&PGs9yQD5j*W{}UPwWDA?k*o@0fr7ky
zs8YN=07gHB*vNg2iXlFj5DdRmmtO4#a6Q<H#q$kjjurKSF0}zr3ZlgbR-A4Q+((Cr
z58nhGzOGyC?n0LpKGqGC%-3apbc4{5&Jb(yK)#Iu1#lPg`?by{Sjj{dNLK(3!d2n}
zaiA)#sDJBL*Jsg5!-tH5&Oi>d*3N*{qnoji9}1P!P`E&xbuCK^Y64PFi{RA|jUREA
zwKiu#bwldI2hRe&OhG$>SDNUGe2va9J~$EZ1wuuj<}~aFU}X_+Cv%9m69`z)%4o2i
z5LbAen929it%N|^Ku)+;egTUdRg3tULzm(%U3(PpWp&vUKooT^DhNc;$_B6*>DsG+
zq!QWLR@B?NG>-)pAf`~0TI6jJk)pGrp3)^c!0^)DBnsB!?;ilcT8Az;ErPXzc*@Fk
zZ!Hi&0u2!_=U@pG=;rEcA~^^8T-PcF_z5bt_@HmlW|1y+1msVb)d7^NZVCDuT@v`1
zWy`Jr0Ecy?hI<67-6JS>@qxvlzejW%ZD(~Y2q2imYjlyWih*TAEPhvXPun_lG2p}7
z!C+SCQro~t(KV}}v@TB%xX463?m{gmVuJ<M4v|j$g&(jQAdr?o9aQUHfYm5#@gk3^
z_9;Yi4fHpWA^~Owx{mO%<bbUgP!o+n-OeG>;b1lBUb_$&O~8UOT`C?d6kR$9cnrjv
z<_OU~1&|e80sx#`-InTYBL5Az1;jG~9pgYOz~4Ip0`h{0ufQTe2Z5IW%kI=_0|Y41
zFu-7-1lR?-_AnqJs3_y_Q2;UEBNc0yVJHG~fk=fTheTTExeK)vWexs13>beA+7<jA
z5a`T)4mg56V(M|k6gq6RqU8VB9sK=lMA>}Di2d?zFG}G9aEcG&5(+41yA&D$nlVJL
zuV4BY{6S?LDHL<)9XjE^4GwWBk9}XVK^)HQ`ufgL8g_^a;u{JmrIbPg@ZJ-=52H|i
zt)WmvcR-n*wZ1PUpiG^S!Db3L{DsQl^Y^4sPTIWw>O80Q#MwPxa~6IL^4|qzz3O~l
z#=vC_m1Ute-;6s1M<6^mrM&C_+8n)x?VeAexZVW)wx;BVj$T7?e{RZt`DWZVaCE|b
z(BFD4<=pLdl)ZP1C@<mmD=39`+OhW<P(T`ZhtqC@F{pk&i+soOQz-1cJt&m4M__Dl
zS`9=;%Yyo#viQ8eH8wAul9ptky<Vu@o)n5HR<}kw*6&bujzL;-bK5O#*Q~Nio&o+r
zV*~OsmS(6v_S;4V42q(A7zmy*rR4Mo1M|kf#!tu(v_69ZgZ8R<q56N-Hbyjm&+(M5
zs`<6@8mqgsokrcNeTVvH0Qw8pht;n#ccgtE+(V=ON4omnn7VHxe1`jkeum^2tXD*i
z(KG`p1!)_6SIQWcAIvospWj$Veq#ztqke+?N_hb54U-2c))u@58`h^9|8V`(R!_ov
zswd_>)sxtidVnqidaF<+!fFbL_42-ccg)^e;iE(JNeMMO#vKEJFVHnKhLlD>wA$rG
zbRX~B%BR2m^yY_H1rqmyzqbZQoq%93aOV?uNezTo8Q4xK0vm_92dw(BU@u&t*9h<+
zhE~xzj<ta^O9GFjM_W8i0<pa5DbW251_*yXmvuH}^*#S%yW)Fp=#=&BCp6#^cf-xX
z7_?RdwPx%Af{+c-h|bkuj8PtR-k$sH>$|p2NE)*w<SYmzmnEQ=t`cI?8Mz>$d)>9&
z&wKM7=f(b2GX4CXGe{fw>una^pp6w!8{Qt?23?Ij!3IWY3I2NjQ(qqm-ebXg5_q2i
z-lu@~UEsY4yuSeN<>0;dtNQx0;N2Fy-v{qVJYFe?X6|stXvk?#cG#Y0dES)^OzJ=g
zB-Tg9D-d;ht+3+H69ImdgD2KlE}L543F+V^<J0ZCEePzpqr3I`R|(6)z{xxs?uNf#
z2UBdJKp*@?Iyjt%4N>qn<}5~oz=2W&h=jiz2cPpFfJyjUaPUOjhL}`i;8A0M1>hRw
zg;I=jx*K$D-2)E5wE)9E^0K~uFnFhMT6Q-FZ+76X4y37uEJEeI!QbB?oeAEd7nBCE
z+Z?bJE)PCigFlG%Y>)=$<FvJ2X<TCDwa}1%^TzqMfCQH-0PjMO2WtcB$2#yg7^Kxe
ziJZ1{BYOilKlp}D(RlFmjWu`b;&|+s1q&`&#K{ZynVG^7lgRBl=rTgz=_5){&gNQ8
zkv<<=drtTOnIimsKM)*=hS=ioYy;Uk{%X1*lj=cbw`4<YQ$U28Aqa&8t#_%C4EnKH
z$lj4>D;ZL4Oa-k&>$IVDqenwF@P6V&PpmFHlX~L57-=1UPq3kN2JU`3X#FhOI$gc>
zT_D=>^ho}RTU_tna|Ou@Y$hGtWk!YKp(V+QQpS8hX1GlHbK1bb$8)WY%cg~%g)T%~
zfhwyr@&L9PJQNBXjtzaZLchDC@2%1I8WT4BsSWzwxHa+}3gd=e$KP<^_pb226bco6
zw?yC1qV#S!IyTeC4cRc|kGJ(H(1*Vb+0Yxs1pb#oDKlcjpP=g-(8~h-j@=CLLkD7t
zkSUPlK(CI-oAO^Q5VsbMd&Xj<`DhME(xDfmIG|T&<c*Spjvq^BqTjJ`V&z+*`LXuj
z)+6Jgp!w_3?`U@^b?EnJ#%#3YhkZkZb~DggHUg(T)AsvQR;Tyv^V9N&-9Y?qe2RiG
z6Og#)mUUg;*2k$>@x7hg%ylp#ulReVAchVNqsLzwg(-AMH{oxG!W1~b9)ArK4opTv
z;_=U;0U^t%`-6Yj4WQ5wpAr8E8f+!wZ`497xgLl=xNdX>6-pwOqs*!S9C4=a>hyRq
z$3B0_inoa!Pxl6E3@{50cwP?3iC?<55ry+k7n%(7-8$Y6RWJC9t4LHf#1{Mw)dsfU
zucE>f_}&5j&M8cRcMbgIQka#t2wU)v7itJ;$3L+MP|y%zJSzdqY9W?^s~beDx{b;=
z{vBmuKG^Bkef!5w`B9(w2PgZCTPmBk8(1^26(Oe4x74_s%^MY%uxBRiz{EM_3lVw4
zUx9@O3}4&8-`s?)nWFp|hD^E#wEw8R&@Su;T{zR})^EFd@SQ5WE5oCHn>`qaJh&yw
zSPn>Tv9A@Ad;6MI1#Vt6e@j0fqzm|~s2~6o1a3n!h`-bcQ{c|wZ*jtu)=(MzwN01;
zFBAM-N_aqJ(10v}8DeNW%b@a46Pl4ELt$2ieOUFU$vB$~F9&HvxT7S*-yt>EKiVbF
zIY640J!FWD$A}T5>_*sxDUuapZi+lZ;VqLU*@|*gWn!;HMTV`5Q-8aWHrxyuQ!I8K
zX=BIBNlgbA!&6g}a&1T2NMd8fF(8{g6Ocx@IDx9*48tYqfEpGo<_Q6%zh^(zJG`Ll
z)%`~G?{8y=bW_9y&#M8|2gs7`Gh_;+Z8!C%l^yQy>E_AwggeE7F67&)^iLcL`ex_g
z-hWgh>u%(@RT}RHb-uYT7AOb?PC5cdrpgF785xQ3a$BLwIF<8&%pNj14V~<7qm%%(
z!U(@qD^fB{wIXHhO|1uX+ph8aftZ24SWF;JOgN>Va_ZFjj*L+(_DYw?r3oU*SeYD}
zYZa!5Lc@6=NoVn3E>x(QeMCD5dI|bCYLuOgLwu~4Z;milB#aoqm&MDYoE>Ar;*m9o
zNVeJ#NZGHHMra|V%Ov1pIkXCKD?vFukQk|~qDHj^O%cp9vbL1;Mr#CYE}QeNvM`87
zgwsH{QGASEBH{`4Py6yhdgukI+CXqk1(mdqAkXlG5-3A3;fS#Mro;pXrg(8fhWn@Z
zOZY4vQx=@WQ5Dwz&)tIMqM~bc??jDU6Ag;kv+<fn%c@aX6gv02kGxv|hBaA(!p4H?
z5FrhUSt*TDTrAi3rML(d3K&-Nrb}rEf$^c6JF$)++5;e_s_SJUjrM`NPc$!Dl^g35
zD>on%h;riwX9fiLL?nfY{JmK2vb^B|jv1+_HQa=qxEZ1iZwjiC4I2j^MznQIJ!%Rx
zaZO=DM_lp0Qyda_X|AFeSNAZHEY4ry9uUXP4rDgnF#F8Kfpj|}p4R4RI!w$}Hl}}*
zro(mr-znN6NgUHBFDNE7J;HfRf*aR+Y*@me|D2}#RHBWU_?T<eOnv&PyZ`SL?Ewj?
zEJ@S=mr$uJCnh^BRT%A>7mbIs8f7d31gHrnDyA23?@cyQn+AX2TEo6Jxm9P>a3oOn
zu>03Ea|CaRHVutv+LCd=H%4Uk;@toDvVjpT6NHsQ6>JH?$uM&X*O#VN(`=LslM(RV
zWHHgeeTW!MC`Zj?Il%QWa1X|On<gKQpJE{cg#4WxcW9oPJV8y<9;$8!#$lvY6jN8z
zlZe26V(=8=3iN_F1He;JW?Y^_y1RR5gfE9Xz%Mi*ESohz4UbYA0@0d$ceVjmf-Zf=
zY(wT6Wt&S{Scc2kU{}!?-=xIAAVp-P#7C-gll&YeAA!yhPD7LLH#RuaF)cDRgcsq)
z42_c~M{@!L(8-7Bu{l}cL1WxPLs;C9L`Mae8|M;{6`~4OstE@&#LpFZmGULNevX__
zQA(m~NQBE+|BR6AoTi)X&Db{H9d^^$HVBM?=32bWcLLqO#sVo6<U~!)74?fl&IOhI
zlBH=q*L>f*9jxJye?YhFMvRoh2eDeDwK3Y*Q%CW4Kgxm^WxxI-<zP#O{zvq3uB&UT
zK;f7kCJ5t%C%K1kQUG*9jGcTA+6Ce_tRzt#>FgMp$#IVN2}wwciu2CpC-D;_2N7>A
zpSSklCx?WvLL$RM6C}=3W`LWBmF3<HEUW3-1KD;|1iI-qjfVF4SVkw@Yh=@DhSAAt
ziv0((={@iYH2Q7_0L|2-$OLQSmCo}(2W`<K;7QO;)3T7xMlCO$tu-lDg+QmX`Xi@k
z$}OQ8y;bS2no9RclqJQgg=hqai8vxC9svZ~42Ry-Cs(~~7Er(HbZHjgWJ*esI3^1T
z0?^2zzM(m5(8EB`2rmczeLFOk$J0eK7tw-5bmIFu$%OPXv`d2y;3oms0n#37X3#lM
zVp-7A7o9aJIf6(&G8izNclHz^&LICO*FqCy3l3;emz@tUThX%gl>ZCa(mBv3$(GKV
zK2zC>*3?@~)l13%LZ#NlEqG-HB@Yl?|LzM5);RCHI^o6HoP`;vWL{WOqEwcF^G7}^
z8|+5FeGm&%B4TY_9PL;@;i#aNx}7EE=7el=u&zNSOLdQfWCcWp0(O1QP7kotAeT|Y
z>B&fS%L{go%o6z|hYj)#Oi7ClV)_!}4amyZ1c;k%I6}}U?8GYVY{-ZCAb36L3MAHN
z&00n9$Pl~oL%8U`oNHFMl#B)+{-x6D8=R5C9m^Am;$>1r7@rkAC?`FE*uN!|R_r{3
zaN>zX5n28?yzP?*1G%8VK<OMoyn6&ESu`LyJj>NFCO%1+6hOR~wGQTEK*F#lCEz`P
zwGlWbH8m<Odk`x=WRNU3WPmg>G;>U(lo*a7nrprLuZhDE@v7-s{6Fdbt2rS$c%|-q
z5ZN{Fu=}Vtpzhr?+)yD{NYG7+_u!>Lh7FN6B;t+c*>-9w^z&sZ_iG$IA?xa0_pyEm
zu%T*a5^w{EwiZ*c=|g*0u*yLL2FOTP<%^T2BL-*?js$G~EW~$i>cnXDUc>Qs^lT8U
zrn8l0=i&$n9jHT9Xmp#|4GroVv8wgbjL)C7!2@ei=pPO9T$C+$b975~6Nw_y<ykR;
zP*-NGchfgPupk@1)DWHi?&i6M7I@DmXkaNdeo!hRgP7;YD1lgLM7+JDv^KX}Dn0zX
z&2wUDbsgZC>>TGP5A*g7XJ&_|@j?c;IlO=K+(A{hsBP9-E!xk<Ja>=F^vVnj87p$h
z6z1mU1hF#4hK?a#%vuNY*_h`^v5ArV+;m~6oSVY+$%={26>#&ga10R0Fh;?0mq+<$
zhDu$$V$&1&K2llGaJ9j{zjF_SQw`Sx-{p=jybNKRM}J3G`z>SOp*7qx*0TJR^MIWE
zAd}N@pwd*E1qx|Zf!>t0tJL#eF0UyoZr-kfs&801qPvRDyK5}?u67dvuO>zJD)qGL
z&H~vOO@!Gr&a&}{zN3SR(WrEH@VVSP9UU;!R+&lNBv1mbN;;8KMPw<uH`69SSfo4)
z_GCd9jG+!U(Uw(?pb@q+;H#=j!i2%;&mBnyLIqG;@UMoc%F2;)!V^TXq99plt|%=&
zB_e(hM@`|Y=?Y{9HId|Z32THphr-<0;ksIzh$?DK{E@EW?;L*wFHCqHf_>6I!ZDkZ
zFh&-ZG9V>lOq?J)B*Z_u>1=Bf%%!dnuy2r^q|`@RRjN|DKZo_%XxCq3ow>ot2po%>
zAr}S@5@vA#Vk#XF6Um9s8|%((dW0fS=ExqUWQ@9EQ$EN*NheZl8m0_3JI#29<xHE0
zqqZoB7NT<BRrZ-+O!zMAAI_lU*hiRURGFyZEo$?NOb_nJ;<IrhQbRLB+`ZDHLgZm-
z{4rdiPl^jGg;@Q49vU1w+XMO%XmDRQFJ_2KWM-IL<{h7w8t9YG$_OVrbx~TIIK9zm
zi9u0}X1zhW1a@(Bt9xaH!pD?n^qd+PUQXE4j+$djIXa+99y?Lix}hocvKAet+j@sw
zASL(I)*F#NZPE@6uWDpzt15og9lEiNsvjZ{$rph^-P|a3q|>M|My#8Nc%^|;<DCiZ
zE{FOC_36b|(|gb=h02Z+PeN1H0`91TX{WIk8YMda**R#`=>H#AD|V+uMYHMUl}KUY
zcZ_BoMPRxe4$VTgJWZXUmsgBU>hCBHp|-pHi{$nHQNtkMjM|JfR=U;An0K-VbZ)bn
z>rdM`1=vy>{VdT2*t6M&EIA~tdSao*(ocOsqha)j#%wqUKn!er>gRkRz)=~Sq4bEf
z2x3Dn{MbAJNhAJ4?YXlJWgFK*^Cb%IN<U2(LtV#0ZesIi<lV#Qbx05Ch6{K7{ROb&
zCsPf)cVvBt&~hk}9$6(iBhaB+R-be9IlNKBCJz3}ZFr<WmJ*g780zkl<LBz@B6W%j
z4kd<8h}^~h$E_4zx#}Q}n%*bk)%$hpnz)rVs)zrNv#G@}`n0Ajz%_aPZh>P{{AHnI
zWKOK;MBdnd*a6wZ&@7R_>8G>t0oZ_7dOH_qfvA7g+qpI${^Dy>tx&vaq_=Zzns{CG
zKV;{^*A&17euCTk66hWPF<I?$zcSuHr}^6?D;Y7TmCjW&nnUh;Vvf=0d*>6J48m50
zW~5GnPdGCpB0C}^Au-LxE!c_amcbjOx4P9g8m-?TCkB6X+9;b=Z*_y;tI-Vh(y(`k
z&~{=!gA@kPI+1Xqw&Tf9ZguAbWks?03SNjjS0G6V4Nvg(iE+>`PU2ZqQnXEHqZX%z
z6lwwW8ZId*_YQ*7W@1qVhq#|9x~w~j1l4%j9u)b>(Pd3U7JsD;gbFm+v+u=H)!D*3
zBeIQ{i{>M;df!3o52pbQpdN}1hfE-D40PF2*9%@9&7ToHMy~oJeE%iq;4^g%&?6tP
zTLQ_&1M*2@{bF3xczL2+ha5-uBnK{UOn7$FZ}5Tj)OfoL?hx85<z^1`t?2=F>fqVO
zH74N^=mGiv$ZTo><UfB~vQa&3rYowxm>Te^M%X)`MQyt)yjUAiT>Iv%X-PL~^#6~V
zNsBChayQpo8Z{^|Dl|2OpC(Tb2?j(86yb6D!zGpdkLaV`&24z7Afd0VRpIEq77qCR
z`5rF)pSiinTr}UQ(!06u+s%E~8PU7BdN&t)7B~XJVZU1bfqv=%bttvFxmlrJ{=>Pc
z=^;Fq)C^yr(1`4)_&mLvOJs7Wr0Y+>5N7DzTy?DFV;-3_%F)xixhktx_s9RPEPrx0
zH##{?nwAz86yhRr%1O@)36X`nr8NEd5_;4^A47>eMjx@AkYDB04vc{(2ob%YyY;{z
z(!05-D#rLHI?ZjE3%#2=g4C91IKgi=U`%?N`#xqw@8+tkEPW(sx){~hVy|?GT$&(~
zjFriiKacX!{9wqygB&-F<KE0<u5)sVd$7noGr-lAlPnL&iO$jc!Me?5n5y@K5hne2
zeTPPQnZN`i-Mc<m=wPFIsP}^#v6}zuvi!;YV1J(|c|e@IPw0T;tkmG-pfT}rl3;yQ
zb0b7kf86_?k9%RB!`rvs5B}7Cu-aVc{ov2Q4}MQGqW6RKez2N(`g!}oE^))XLR_5W
zA&JQnM@P3PZu9`Yx86KyjCle(fcmg!y&tUigMl@rdOV{Kd&Yw!>M`UExCmhwC;4;l
zh*gv}$LW*%!2yav{P?i+z|bIHmVEdCNmzh9-A8{OOgxK9ini%gvoH`L(!68dOaSct
z-0p2u5C0!e_nT`rd{V$w=aWDk#A4@>HaIv~{Wn{ibZbWY=|1%ARP-XY&fYM!^+sL)
zHmNtdHZ$do_zy5zmGP>rrGMMSb0v?6<^ZuARGyAXc7YNK<7n1{mT*02;?;sioWB#u
z3jD-Tbt_S4?1hpe$jU+n3&u>w7&yS?zXT@zn`B2z9B7kbHySTHI$QcgvhzM+uMafq
zq^k$0mF6j3=s8@-_NS^NKFl!G?sw@QzN@s7p%1WWg`|Lw%KtTjKXQjBE0X>5VnPzr
zGGe{LayY`sY#l$nL}Xv<t=GoKrv58@5%n!vi<)h4+*KDkffG-l&_Nx9zv8Sz(wfk>
z2E~(_DubRYlBmc)o=ND)^i=*5X(L9UX^2BVfD4%+kOlTJ2crI{_;(uv^!r%I!w?(6
z0_~Idkw>pFjVw>)10owS2F+<?A=B90S!~*3ZdMQBNouBqk#6+LO#|LARCW!N@Natn
zi<ZY6sJV>qS*?6TfT(Gb)}Z*BuP?MO_(tms&9#R79A9&_rCyd5;!loU`vmftE?$Xa
z!(xJh<Gj4nSZU#rzIyChsYZ!EG&@)rtfS^wJpXCcq+Pe@K!qUgga4bm&4c#z>PI2|
z{I^n_c(@*&x6z~Xyc`Aa1W_kY^|7#|CX*6RM9x*nL1;ZXPqZCEoYAB6MBIVWKb-7n
z0dw@|JoIZ6;+QOg->Xpjg@}eD(+{LENG%O`@hFdg)i!0_N1~rII!|&@RBZ~Bkk9-3
zO_0y_xAP#w6~kpT;CsgeW@@yLA2ZBtfE&x(R~EtJCUW&pP}HSZQChRzv1Z~hAJHBA
ze{@#h6$13)J3lX4%kJ24)S*=PA8|IDCU2?;v$D6znP6{Io_uH-j?O`=R@wCP9Rw~^
zcI91LB5?d6cpTE;a9_p3l!#bcrXBM9em!#D2yF;~BalYauOP8fRB<6vO*v`PBj<R`
zQk|I%Du_U#Fv*>39a61LmOnXip6HUnO5^(bhmKA2l{#ihB+;P>33}vQ$24N3W}9kY
zv(O{wxC<!+8z_O#2|q*(4kiLSgZ|(SlStj~+SHGllm1yALhF%psZ8B+RM#DP<Xn%O
zgV<IA(@r1Pj>Xk!UM0}t^ECj@q~`W#bn2pWAkBA^waAXnmXsX%xOXD-aqaMipgPYV
zMtId=41HX?nz4l;;UE!wRQ|64j7Nm{yXASiCxkdgC`1WS0*544*l_*B9MpKJ{fpk)
zvco-sNAkG^9qR%9#^1KkV*r}Z3@5N*HMTcGa87N9LV<QYKA>HnYNq}>@qtDm7)?8@
zA~l~>Z7l*})XOp+<kUm$!QoP;RE{h<#N9>im+2kv6`m)H*BgJDnn)u>Z~SQ(f6c!?
z(<G=JLE6C~EDMhO)1O*v$fmZ0f9F=JhuZZ}J270U^LZ$wCX*5z)CZ}fs$9vDj|-Q6
zem_6^Z;~CI0C@A=0zK5OeExwlo=LernxruZ0tOm3>HlPq`iG7}w;M51u8D0SGbH|$
zzaIqQ?vQP&<@bXIL~(Q6^YXGq4rvhzg?m75P)sCW?`<`#1j0|v_O_Y{vwXy;Wj#c#
zxr{%{upd3F7caLJ!qB&l`61oylxrMPlyJbDG6nvie~wDSmD`5sU!_I*5j9gYb*DP2
z+HeQ3`L?M3xCQlr8{~li<Npsvg9n5~<Ve$EQo_PBbE5N-L@5#nX^8$u7uA)f)^D&8
z`ro{$@_%VGK^x}3?b?w}0QY@Ab-PK&2r5ekW-9uaa5XDW_Z{)!$|txgcW3p`XXWK<
zC0&}O5I5@ry$19E?}_--|I&jZ@MCM%!@J)V93zk@7#!;d8?Y*3r1233cAz<F&JzgU
zXAr3dFG;QR_l!y5JD?U8(}=*$_y5QPh`pZukf*DB&R7xxC29T^bz~sdCoLm0G9+z4
zfWsJ39DhK{aF+gg1{!NnGvPmM7JYn=jX*(?=ogm$@p77SNtB{ZUO)LA-Mr*5?+{;S
zZ_yZ+93PfrEY~MlI$ZCS5zV1Wy0+<5GdgvEYp~I$G$yqeHw^%RGS~Y7j6MrH9@+~v
zUodas1A@=jj@P{Er89N`Z!R^<_SM-!BfvNU)sEV}n)3jqsLh4m8^K+V(6V3wH__mW
zcbyUV&{1<%-qVcey%CjPD3(CKj{qKn*O+JEDKP+@4`72rU=VKv_Y|OJ9HS$i4P;?`
z#!qSk;fU~mT29Hw%5qZ@21&SKGKovNx4ZM$Xz2i{{*+wBgdqBeC}4OO1X{&Lf39lt
z4rfsW+aHN%gFKB?ACpWZqH5{d<n@z#HqlwBc^vtGs8Cl2Uuk5jyF}<7BGNy7NNwV@
zf6+Fbde27fN3P#NsWb;e{s<=&O8ZsmaO(6sK7Y?fyKFb4{?{JJ{a$9|!+JIi%-8zq
z-DX7Z*{FCn`g4~4Bjvz$hW-Z+$Q@;8<1i*KF2`LU4do?z$9P9L`o_D(3iRfH)`h5^
z`0q3a8fCEjTh3YZ-iW$L>ininUO%}vl8_W9jgOZ&h5E=c#s<hFV-uamI_ZyjbxtHg
z)Ha<Ta&f<(bCyQ+5O@(}Fhm1`{v%=55M21*ihk4o#+Lp!w&eOJh3cOaY6JTl>Sz0E
z=ROUGgi4S_r^BtxMFf9q`21ws3H+oD_~ci;o45uv!64EMItS8-Gf`lQYx^w=Eq&G5
zl9D4I_v-um1Rp-otdofba?scubn^e}H?|s%ct7W3Szu%#K^z*-3FS*u2RH^r282fY
zW+em<8t$9mCd$$u%QhI=gr7iIO!I8lX2J}5PXrCA`7oE{8bZzVhwMqYwj<x=key)n
zhK-CyZ2sDh)AY~RBveH>f;NoglS5vK&QT7*4uK9KJ_AJI8BAW3#5p@aztP~PPTN;)
z)7dCMNx#uZa?wW{AdY}I6uR37)Qc{6ry<z-18p?TG#fO!t;O?c=)2Nwct2)?&OmWJ
z<fVta^pF>%S_ljuEwDx7!f8G(Y@vT*pYq{wddN$WtPrbN8M<%H>me@<??$-=<IvJ~
zd+?wdF4~AY*7{owz?T&V!@7+W^i-PP2wDbz1uzftKlr8rpDFlE*GxrbTBsz<jq94?
zm>nO&^wS^YEBQ$LK@XoHyn!W6Mch!1{o9_GriagPw*rZjek1TN0xMEugCX=!)%FPe
z&(jbqA*~c`c*`e;&r(^!AZJB%d`P_ifXH+%%Udu!Ay&W9Xq`ayL~YZlX4n$l%-6$b
zdicyn51)O&vmm91r2c@lCOuq~=&-1HkLUXQu2v~|L}XAXV_cf__<Ajn6t010Kp;9n
zt>zm(TKcN9B_&7n@L6iA&a+%4r#`*xXgSRQ^WONUXb>39T4YCOOG=J>T-njXXBytk
zhf#cLu2Cc4Gqs4#ratxK^L+v#0%-w5Sp(7X%Jh%prus&Qrun-#D^k5A?uzJa{W-n5
zPoedj9??SBqDQpU!wa<RHy`Yr{zE#pIQvj}jM03<PDAJG5iLRvcsBm<LPI-ggFrqx
zq7|6s#FB6Y98rQlH(8qN7@L+W=jxv|sWEw)3EHOfLoWRHgMl=vhrpX}yqy16HX40E
zm@LB<-U|q|pPJdOJkd~IPth5k_P&3QfWXsK-}Lo}mi`W;J|Ikg2Qo(?lQ;bGmmbk-
z*3YDT7$}I`qJGamm+@hSp|&+P0?{IQ7}UQfUhK2Ja0zU5BqRp^<f%BWWPrp?;3kqf
zga-Qzh)zrNkBrwpc}mmE(MZwbYY0pJD{c=o4*gS&#iYA}9$!mr%um#+`(Nr{Wdq(y
z=wXsu0~!iRnV=1j`Q-STGdC`h6CCIj;^iQ7bq)6lcJa?}{=f%0N{*<1APi<jPFur*
z#XKPsx<AvnImDHEmzhHzi=aabA#Hhya#Ll2vK$4}NdQoR0crbTK_qiyey3hnaU@n<
z7aros1iw88J;u^6Trxa0b!>EKo<x`&q6p3mb@PcwF;wL>c5UE@i&KBQkv7~6StG!a
zhQ*`7c-YEm=0A{#z>G&Zsdd4)VG#gG)5;F__jL1QB0s7?u%aE@!4D;1Y}Q>jfd<Bp
zTcz>FW0dL(0se;Wd!!=(v)nKOHS`oW56H5?a|lRClYT7#Fif=~<)TC+E!;USEFhBW
z8p0nC9TSx!kMWlW#5P@<C>v4oTpe7-&9|}>5VMFPx)1>n!V3mr0&>q6@DHa@2-;Hi
zg=o{j@%x<=4y<v2-0K<<u07l+K1MHL8}nbP7AMRy@Taws$)zc=iSqaiv!OKeWJzi&
z_&hi~+|S!CLy-<X4>jv+KtW!MTTJv3-xTyN9Z-CNIrr+$7HB$>ahAbSQ(D`&Ou1B%
zm?HN|N|BDuFq>jZ>#Sa>Oaa$Ebf{S^tu0zXhrDyIYv%YJFX245zvNf^7uH~Q*9#uQ
z+H->oW{>k~^>)cY>!b4yJ)Oo0nI1Sd=$pGI`Nn8@i&wTZPKUsjE2?__5&wGZl<u+g
zizXL*I_=Hi4h|ae=Eriw(SMBY8}!Sf!w0WT3jLY2W0m8ui%*473tmeTHZ9!M#ro|)
z<IJCYN3Zzi^@G?`*{w{_dV^ZMzIEb2fb*7;KTr4`v}(Kf%F-T;lRl|s)DhR>ZM@EG
zSkmL$H>0_K?chG_>{EL={poKHetz?i&sucegwej;fh&K!npl0IchHvEC+z|+ooGLA
zpzmKBJ52BrFZ=m&@QcL1Y_M@o5$q2*^v2J172}q0yj`0gzgRN-*o%Jb=vnu>d~+u@
z;e;XDpPoL8HxzgAb(vjk8nm~ENq*SUA6cpU*<TeW&xudkbSg8Uqu`<C0m0fSCCki@
zl^J!z_+!I;a&!GJY~F!$ogWq#v|$E5e17%t1fC?{^ltm9cFuo4T37yv`znyNe#ZH&
zqq3%E{9~D!IDa4SSY--r)4-DF@rm=+cBHQiJTz_2o4(;QZu;~>`_tm?Dq3N&&zgM?
zu5!j+i~73F(P7S064`khr#gH&a=GYB`t~*pCYAWOR$nZdQgH0cZ_LlVsI^$<w{!k@
z`lCzhJ9q6`qu{Q8BFLURX>&lQgGnJ)-+y`i=Tp4G?NjP6TK4F0&~|t~Rz1)6m+k9b
z&YRcr>JV0+%JdDje*Ts5?qRF9u3$UdIyRAU+WSt`O7SxOiC;Urymd~nVF#K`Dn7L*
zt9&DMh_Bnamc`tg8*OgiHWA*O7?S?QYP&YRH!FKp?#q~dh8Jac;M6b)H*;%Xr&d=-
zg@%tjJ9YEPrC!_TTy?tD<59;;aj`2lubao+P<`~kS<cUc*T(&mVfa;%@4;zlc@q*2
z2M3MsduZ%8;{#3?4i*=0wpluPO1M*HQYSBq&A)#8_xY2?Z>B|DpVXq-JEFYc*s=xo
zz3<Lm;xbH{#TG9NJ#8%6mdcvF#ktI8mXBas#<*pPizL$vAD2!4bCTbKedWV)3zrT}
zTjJIA$!f=-ft9y@%A)cw)NBm>;lZWRUWSLhsHkeaSdz7Cg6F<#n|bRFnC^4^#@NYb
z-{`%|<_85`oAb1y?}}4VM-I{jBF0#D;HC;m$cPr!r;hx3<-#~`ukka-Oc70yjQHt9
z)YhW%YhH|Ug?S~Vs&35>v6I<yZs5?$&ZBNnqgIHn4!(8l$C2Lr$w|(8EZbT2yJ^)w
zHq^=g%z+E6l1TO%+Wmf)DbG1<tCFWx2E*2r|NP4z9PYM$Uj3Kd`pTl!s_AWB=2!kT
zxGreSlHIq2#~)m_n&o+I!PR=-n&RT{r_#RXCt>oxzAOEO<rOc*=I+edo#s`oS^n#d
z(X<D?v#MuCIefQmzkv}dZ>d?+dZo4xoUxxHU&lDYJa+QXjlMU2<uA$)6$cwmR!n-B
z`NXKm#LKd1{NU+}a+bdS_Ey3(!Fb<<;;gM}maK078e2ydRx6?cuCljoI=&(A%))M4
zuD0ZKHM=3KI%HMbPrCA&;K(HBg=Gvs#{8U)YllBbbHe&beKm&}zTVGa;^oUbMW-Kc
zJeE@Sx{C{cWGU70cZ<lK##lbfX=hyWy*Qy|{a63d!FT?mi&xzqY?HDbcbvS}+5OjH
z7qE5NKe^7(;-+AJS+whkuZ?MO^KML7IcXd3hlyF$z8#Ov8@?m`%<KI%LBFhcSyeOH
zeTeDh&XiE|8^VW$Cp=15Ck!)u*+o1lW4cdy!NS~>g`6+0W9<iQe9_r)xlh&Jc|8o<
zdatgZWw6SS)?Str7nYkGlae%CmYxArbcWeXL)ugWMP_P}Y%r#zGZW<smWx<nha_jn
z(lWsgAsdWt26h;I=ukVX2trbR#d2W#M?*$<S3&AkW`c0;p<pxk3Y}sKHilMcLQ-Ok
z)IKA{-UXXHLkbNg`3n8KxMBx;M<*kVG?pute^@)8k*}@^j_!UEJ$~{1Th2h3E{*xc
zv{)Q)XlZTv%#<MZFpzbY!QyVT4oVh@Br$%mIezlE6tg#7Y4+Gqk$n;43CbdPn}iwT
z;v`l;gZaLz7#q%ue)leI6cld=m>2GME#Vn9x|S&2J|j0-A&H4ZzZ$d5stp5uYZscw
zm#4&hh2^HSxMNX2S;p=^?WhT#)yHo)R(q@3jpHA;VGGxIymj3kcjEz809Sn<G{5PD
z6IGpi2-BxOsq7fb>pKmr#&mwc)bl0&A$yVsSC<5xVGvX!K=adEE}L6CgRPkOXnNal
ziJdb+c6TiMk7uiIMRUKKn7z<z@Y>>$SgU4?+d(g{at0NyN)(v>R*{UQcaZ&%ypzY7
zzQ;{5=UG7e^;o)jPn)Vs!+1suCeQCwddG5~GCd{y)Qvfux`R7Rqc#Nca<Fu(sEz-a
z+VjJwS$T#SwD0~smfpRKEGT#-TR6A<mqJ(nnKKEx?}X;J&iUJD<tkpMeLJgi9z^x-
zPmnzT&E9h;_2%se-t%S8Vpdy7@~>j8+Vn5uSB&$?m{i4SlQI39WP)li?)14nXKqOi
zCvcrtX2zCyulZOt{WpwDWq0tWO{@N{tzBPx36{>7GHF}!jew#>hA+o`Loci+sGf=D
zA80t@aIay0#$}>I-#Caz4aBOkm-=5=9~^XPWv4X<TaSL4MNmyJnxB~_8Z>FT-=ea;
zOXn4oZaYbk-4D&~;4t@X#dsg<#m@u!&+^+GN|4<V%f7Njo5E_ZVKe7D=674N(;n-j
zYb}GCdz0ODpGVok8rLn;2&#!j^LxI@q4>Y%BrbOnj_P;s_CkW}1JLYveSzr_<(i7k
zm4j7_>2PH-vXaBFTB1|NE&Wn>edV~a_$A!5V+4(cquJTf<M+nK`addZ8$C1SSx78F
zb`F}Ilew66cxeE0I>Tu5=01|A1ldE;?A-g@{`M#Nxf9=(a;l8w<^<V=Xm+2Xbq{A;
z447SL=VV+z*3*q3dmx&f-^T0ttpP#wQk$crt&_yF&}0h#==XD5_U3-KuCBzI7QDO%
zmhSggPMxHu(0TX%6Tfr6+&UXe7q)9XvgRi5`P891HzoyjtH;uV%q!Z^Px~ll+C4k7
zN*+ekdrLHb*cj@{g4VoVi>tQ$IU}cKN35Fgj%P*`o(rm<_3IZ$^4-5nBN!EC+eS>i
zvS#93?oaDCM3~e{pL8Y2Zi`m`g?GPI9&@}s*Cuc6K>M9qg|#Z~X4-O4rGMv{H{z4p
zot1<UR5KjSFIjuP_)NCo*}*f{d&-y3!Bi+E#(Ci=L3Y6N?VXQynYT7nxzppMZx~ul
ztp8V|uSk9FtfH2fjy;ys2J201IeptV4FBo7jICdsm=j=*rDt?66f&&54{X}+IBipl
zI$tb3GsVl~l87%}(yf;uB6;~gSbBE5k#l3r18>Zk`A2tq`EjCAvC#b4qjD_5&kJ^M
zZu=%A*g=|0zyudGdv3u4X)g!C+v#SCzJ3np`VeIAj%7bEV$Iz7JlicLJtT(@R$>~I
zl6U-uWQPU&*8@un7xr289IJ&gZk~taLEC^0i?%!cQ|%aW6C2co6%|uN8`u{Xj7dH|
zU2z8EC1t`{N_xjApKW`#?-AX*ckVl^A{_6zXg!l>Kk{d~1&r9ZvHhL4rlZbc)lZQZ
zGI{AijG1{CnfakrH?Z{S=NUhAIT{eZ_RneM9q$@d66hN&JFZnMd4X&7tB|R_lcvwD
zt$*}=dIdozqtN^dW(@Uf9me~8-qMq2rj_&U2(pXN>_sz+mc1?KcUzyl>Eg|QxS3e1
zWqSs=uv>UnZ25iRlVt-FsRY$@L-UspT;F;_Y0%EnM|pwQ3RV)WsUR%-fu$E>hXxq0
z&0jg-pw;*e1htPqvu~#?zhB&q`)aRMn~dxu#U)rLD~5J3ejMRjvrVxo>xn;qHbFHJ
zX#O3c54)y0`FN}!xXQG0sDB1l&5j+z>nHr_cYWEc!9MOQUE5>nyV8pu8GaYUtGw{)
zK)=89h&Vq4&42LGPZPGx^*_AAfAo@rznzg{)g1E6d)S`J-cr=zue&cJT`<m54u^kH
zdtstC=kTUj&u45Vwv|$jRSy{cVx`}XjYr*!cZ-H%s-ALU^`Q>uZ~0A`Ol$dbFQ?!|
zSpBEv1D9J4;r%oF;Z2vDONMvF($7WDuu$A%yR3GzZtc*qohbo#_-Ov~X5I7Jo)lE<
znN{$WQ+B&q1kwtOZ1{zf)(|vVivg~l9ob_E`ocqNxlG&KYvUbZj|H2Du;Pz?w-imL
zTz=XwBKUMb`~rtwrJX(3vI(lejGn6-m^b3Bxv7gDzV%O6hzhW3ZVrvga$3PJ$nSG9
z{P4L8<FWKxzaKx)bC00&Y}?njhnFsEO;9~%uH5b-d6=|B5L#5Xys$j>+r<PN!!Rct
z$3~&8-tn99Pj80*kGr-wmoDs=#v*9c7t5Z{I=DN=CvIcEU9Wjx+*?G@s75kk#Q31K
z{QULdvNiPqmkRhRxF?ei(Fq#$N3;Ld{>XZ37hdYxp-!<kPlOZo@e4Hj)9`}*b*6%2
zi?_SlQxf)VBdDE?X8--(;~|l!_?(rccl$neIDzqt@<MoH&|Z<>)}?LMU5=dJeFvJI
z^3UZ}E`jmfEz=SbonG(VhS_VBH}bz`XPoj+TzclWRyRs6wjgNM3$16C!TB~c<1j8a
z!|eMuw2o??An=u8m(Q%C4aRspB-ReC1`i!z-N!>_m_31q&g{^7@DQ3cnvRD+ozZkW
z6oD;FJoJW1D;|RDfYyVDRNc^YJS6FjrsE+;%<-`0=7gWB_PsULzObro$*eR?)bLPW
zZ?qmfM1t+gcqkCF{_v2X4O$N#8f=TEd!7#e_NxlPnVEAZZE1N+!o+k79y-LfFt6@`
z=MJ?EI9xvOOU~LC4knmb;UO0czQ9AR7<Pe&mOat_;2}y(N#UVh%-X<1m{w>#cqp?A
znvRDw`(o)hXtNWVj)&Zw&~!XBkC}RSNE9<Y@entr=J1dy=7r&*Q**RkJcMe7rQ@Jf
z%s9kDY8*5_9%}83rsE-gY}>{|vHj8fc<2&S8~CGv!DxOwgiA-$@kbPxEsTdMF>Qs1
z28W{c;Ey(3(R4gijF~TZ$hZ%h9}gY(L(}mPG6PM=L&-hSbUZ}sfTrW2W(zbO4{@^5
zbUZ|hCR6YbHRkSJKj%mF$@dk{yMDEMeATy<7H9!Hgxv#8zx`L%joFt1PjB#?eD~%&
znIpC{;vw$VXns7@jA0gd2)q}XAAiI$2u=U>_MOWUFL>`-n;zSu$A;Pcsc1U>C<*ff
z@kdG?Xns7@j@ftkqa0H-|11L+8Z9PKE=kXYVm8cdX>>f+Yo_$HF(t=~<Z)*i^rp3j
za8iXtIyNjZPiAILqe5^lv=f?P-3NH;bVFKe0N$p97J?;;gbcGk4Yagz#{lCrW`7To
zC*};wP^6^G21!_s5>{HG!&rHmgqab`iqA@R&T(`~O?L(l5M(AM4UC7-;eirKx-`MX
zX<(*&tUM)KJ}@a!o|!W+UY<D+V8d<$oty?i{Xhq<QhjQwJIguMIXNLF#)aj|luF~{
zn2FBr4yn$}tXy|@2OSm1OQi!@j`j}rOwd})Ai^F%EzdGw(AolydFRR{$%#@wd7{G1
zf@Tb1$!2u?`krMl%Y@bzn7>d~o*ZDyvJA7ojA>mnz`-d2;B0o;7~B3Zv%;I_6^@xC
z6m0r@`~v-qTeD$CVEYi1Cgy~Oa-z<@L3AS~;SH3qXlz=sci+HpF`pC0|Jx9$4Ql~P
zJB~{O4Tx$?kbGFHP#V(eaa^knl!jKZwJQh+4&@1R(7LeHKpxMV=Z)=eSWg1Og&3Tr
zT>HU7k#CTwwjLQLRvx5+T3b?(7dAp9H7uHsrepPjtQ;oV1FQ^`#tRf-Dh#U_N^Yn?
znK?W#m?Pq2>lvG{Fi~h&v>&S7u^K?4h~rgegfLH;8Wo_WwXmoFkk<mui?ueK7Ygx*
zg7z5WKbjmE9)Px}<Po5Nnw}XWP2xn?CsCf*Ai8+dZ<fK=9<<KDg8)ZNKz4Id(`6aZ
zITNHLGR)R{&@3?HIVdg;h;ze{iP;Q~T9nU5kA`gE{ltr&SY3D~^~8NKnoPmwrSJ3+
zr6*@|t)@tykF7l?e1NArZxOtDF_}NBq^x4^j|tY8*{m#&r(=_b)sLrRb}L5bo?F&+
zd0QW+V#W7%ax+(KTUXYPr(@-?cRU^2|B2}M{zZSEZpw4;ezWg>;MxlY*&J-OV)B{z
zrE42eIPY|!$uQro<NY4s%j4<RC<C$f@pM}ped4qiEg#r&dn{;oe{)jQGUd4hRvu5s
zw~wde`8(;cD8)U8n{#mM<Xzn-U7v`J3wy`Yv37~*c>dtaW8)_(-y0o25gp?X5gi*J
z5goIqiRf-5?XyYf-XwHBj{bX3+aF7$-g~yx^l$xirEwMJ_h9|Q)2&I$V+)X|Jf1)J
z`tjq()A8fO)5*psB<X)J34JsPJ(h%?KtfL<p({w}IVAM)B=md|dI1T25edDBgua4=
zUO__NMMAG8p&uZjUnim8CZXRaq1Teo>qzKWJO$DE!!SJ}I_3iq(R-r?1QFeqgziK_
z#||Hf>c_xcBDyz8{lO%35eYq#gg%;tj-B)p^*@QEd@2cjJPAFYgg%9YK8J)}KteAf
zp|2pJmyyuRN$3?M^lB3N0TTLg68b3;`UMjD6%zV=5_&BO{V@ss1quCc61p+!{u9YR
zm4r?wp_`M?tx4#;N$9pDbS4SiiG<E3p?j0ig(UP~68cCI`e+h*ED1e{gq})5A5TKh
zC!x<Eq0b?qV<&4w@>@hwejN$DjD%iJLO)JIKSe^nLPEbzLcdQ!uO*?sAff+FLN`Va
zyolz9N<wc<LN_O&TaeIulhAER=pghJei4n&jfBo7p?j0igGuNj68dNodMpV&frPFg
zq34j$r;yNRkkA*A(2Gdur6lxqB=iar`YsZB4GH}S3H>+;{VWOn0tx*#3H?3^y^e(b
zf`tB>gpPslMC+4^5{T%nN$3_NbnFfgQT^5=<?Tr5OcJ^q34JgL9lPU&W~1Qo9U)2i
zU=sRB68dNodIAYOiG-d*LLW~;&nKbJA)yzL(2GduD@f?;Na$rG^j#$MY7+VZ68aGm
z`f(CEc9#durXinKNXp+Pq2DK=KPI8qk<ee0&?)Ev6`D<Be8wd7)+BT~3B4N$-I|1M
zOG39Jp*xY#-AL%(By>IrT}VO~k<cSa=&>a91QL2G30*-#A5TKhC!x<Fp%;+Q7m?6c
zkkCs>=;b8z3LJfw!39GQCIKI!`lO_1OVXjs*=C0gX=d2zDSQbH`e&$FnIRTuhQCaO
zzr}*Tbb*iK#ou2zZxSQDE%h5;nr^f+>GqUB{EY&91TQ{#{thkx6(2;8zwm;Ox*qRj
zw`Ie;z~CLDlXhHO#W;r#o5n}g;)8YZ<C|qrX+Ue43Z4l7v2(qFuES^pOxfWN3(Zlm
z9XnLS8zX~B!1zd%PDS7G<xk<t&ocPknAS>?1fJ`YER!qD?itfMsYwAAcQe%NxUmIV
zxXsqD^UN=?nUhoF+T}+_-NG89w~EejtPPx55_l{<+Ttl@m{2;LF&c8(lO49_S)O<0
z0+Tu{f0ruBpdX8c>>YWwk|EW`R4m;_;IwDjet*j9^uB$5TK=#bmhMd7)#>qKj(z@;
z6>k$ep6-pMyUsjtac&rA{@f=ClLxJL*oiUM`}*B6duxS{4$&ti)a)2{3`_SpIn4NR
zC!d_sQ6rYmH#RGwqvHyVI>g^t<G=i%`JNvt*ZiRjHHyp{ymZ0uLdmvP)xlqn+}0fh
z94S#Abl#r(?CZO>PDmQFB;+hs{|J|zWAc54d6h3ITfg$#7l5VDpm2f{P5rm6iRtY3
z{7_Ud*8f?H4|{r<u+LYYJL>Ex-B^O9ulx3oo${kT^AAq;8Mjn6Z#R~{&w0B1^s1nd
zQ!lJK8S#b8980e${$F`#5Moz##_{(uL(m6lzaEN?XH%6T<zciGNx_zAl9@CnVaA0)
z#6p;k83>q}Fp1J`3xbZ7;;dSiX`may7F|e1kV2tZw53$CXoV=<xDg_SE}NeF=KkNk
z@AuvF-o4{4na$(P{qFyL=ey_pzjN;W?*Huk=h^w?SKd5%W$XEm|2`;hT=f3(;}h3z
z99#VM8z(R9Joxhu-;@2{?z!>Bd*3?o*zXp9f9AO_UjL!|ynf}go9jzY{$yw8`oj9g
zn}3k~CvPndKiFLP;1>rkzV_JF>%V-mjN4}?Pkr+1dzb(D&XwQ%@#t@_z9IX6ufPAb
z!v{}2|IVWek6wLX>mQ2ScK=Tcg9B^p=NHd!ol9B{FQ?*-cNYeS)$z*Wjd8WuL{ZZC
zzbcJ>ctlj`o!FcAYV@%5xb(B92C6jok>tbKOP5!-E??Z*T$2?)MSvsg7cafAs&?F>
zW%*tGX>`KH^eXh`MjBz4$1f%2&eNbDo%h1I^|Nd1tGb4&BFy|`k4;un<*TZ!>)2;E
zM^!R1k=y(U7G~?Xe&RNaCToxHz$WYJs&`Cu&ZML}ZN#u7`VI&mo2>AaH*b0^#^3!4
z6FyZ?I~uyXLsqPyTKrFM?f&7+-jq{SzW#aUR5nQ0U;SYUwAy+z1I>zdd99e;hJ?Z<
ztEq~nqC2|AGe#E+|L=hCy$yM#uM$4K*Pz*oFeffWDljeT#C4f8XcTgNPCG|qRJQt@
zc8*4nZ1t)CPs!pk<tLl1pI6iLy-g3~D+>ytu)czugqB-^*7r7U@{I_(*#(PlMX0yz
z#V@`wp-Uyq+mQd*WHnXcn`rV&8)@=;e&d`fmwLHjx848Op}~Q%q|Qi8=h~sc544aN
z-N&fpfQt7=O3fgAj90mb!)u4e72#0U(PdJV{PM~(&po}QZ$CP{a`ec!$bWI^_>nWG
z#|8U2)g6Uld1ZO2yiL<Py>iUqjDI?#($f`(sy<pc3Fr8k<zv(Q(K~lJxgX)QZ5QQ%
zbiRVSa`fcVv1jycYN#n4q|gcS_*18+hWg8Lb!Hh&A>p)b8gH99e`bVQ_BqX>uKwgS
zjymIHG?9ces|%@JISnP@w2d=0mxM2zS^lU?Q;bRHtMhf}iaDVsLAGrgg`L#2X)fv5
ziKiA9mzMSJX-@O0t4BGFsIEBFlv2xt)Apj}#HNJPHqsQQl0S-O3(8lhDO|M&DBW+R
zs1>1hyW}*!)`aYP8NI8nar!>=vFK5YIH_^e&JvVdYRlJr9N};h&+0NZCJ>$Q1a!6Z
zf1TW+ZF~elsM!}ziJ5X-%}8=_w|)9HNdZ*qQk-Sof#0a&C8q>gj9$Suxui*7PTos6
zZAWiT4y-E<pJcIJZT-o~jdk^h@?`X<?GVZ7mUZ=qI%j+JhXQDO#o?1h;uP0wvLEW@
z)pDAy6DXyo!02;Uht?b-r?DoSwjGF?Z1Pi$nav*(Vc^46A<3gziB|SGc{ky-ZCOqZ
zt}9MXKCUZHPHwJ!q?OO8M5oBLN0Q(OMe2yOn~0{Ref7tmW%TR1Mk%Lv*A*wHkJlB4
zB>{?1XB_D738(!vlPE||ny;%zIVr!cIF$Zl%Vzf>ok96Oc`_LzeQTUyX^2o7a1T%t
zy~@c33bHL9QD*S|ve|0SY^K#C87dGeenRRneS910gddfyQsaC&LSEDO&*>HlsBM&}
zbI59x)(){2M?tDPq<}ScC7qCyOsoS<V@TmpVp0DWPTMIKi-?HRHqtq*M)}hgC#UV$
z6(^?!*%c?J9oZEpr#0CXhuW07Ug~@uMl0*VnxW+2vr9)#VYKQ57QX5KI(6nK(+N5C
zN&&U)L{z&JzHnwu9z{br8BF1{^@o*s^rtNjWj2Y^wq2|g6wYKPQY)uic}j402GY$Z
z)<$*)(h1b()c+@&rf-c@EuW~}DJaFocWc4!-oQ}70YyC>PRkqoIkivu)3z7o)Iq!A
z<kUpF;!u55@liBqPx({`w%vbxaCaeWwmQ-XJJ=wucAp;LsYouF?{22C-M_C=aa;Q7
zxwUZjV7}OkBlMGW+m~~L1KP-GdG$gn0K75RSbzNIIo&1V7EWBObL%Fu7PnyH=;zi+
zybHuFlX&-wTO)C@#4V0EyW`e1e4xQCYxoS0ThVa5amyLr65v)d-^2qRZZX4q_uMLm
z55Bhh*Y*#-aj7Wy+}wD2Ycmx_UM{5P-rYZVXxanY+OyeL_iG8k5@ZdMqh)VrDYCk$
z*48XZ)^W|^S(>c%hRV5EqO9|EoTbV<&XQ$K1@!wYUDo*;#4KUvah5VGKEltHH0wA^
zn}x6AEOFLx`NvY{|J}N^SzH>O&ywf=;y6p6g|GOs1X{^K_$-A^m1q;c&yr~QEqs<n
zt8_%iSt2cx(s7nb%YXe2OQy9(k^d~67OswO_dlN>d|eDG6~~X~^LydFKQA9ir1FhL
zuOw92u^yPjDm&Jxkzi#<;a(E0?5GAv!j&CsO-Q`5W63lLSaz)4BN5AvLdGOy*-?;_
z#4I}sdXu1KM*(gUwd`2YNy3&Lg{HUrj|}cw+q_V`AaW@@SiK;kI{k7NM~#u*PTzP9
ze%0Ui-TBA=`km<HNTX4BHyT?Mjj@QvUK5ReN9RQ}ie*P*kytbei$~+gh{kIjjWWd1
zDBv57BPSZgl%r8*JsOK2qj6+Kqu6&e%KJuR30pKuQAcARiAK5PXcSCOt-vmF(Ku$J
zakNFF5P398(x<D8{SKp19y%I@v!hY+J{rZQqfw?j8ilH(Q8GRn#h0T|4n7)%s-sa-
zKN>}%qj9IkXcS(LM#=bS6lIR)Wb2JW?a?TW9gSk;DL#;EPvaDOHAbU^dNhjrr*>gS
z%4ie{k4DMzXx!u=8s+t)Q3yU7i$|j|XGEjSeKZPWN29cNG>Y;^qpW}GE!cP<8YREO
zaNzhaIQ|>XTYq6+VM`Vbj=xIVhX;<4f@7rN{=51k<YY}I3XX~D)?}&RSgLMKb_$N2
z>eghg;Fzm!O@0cFpT^cHe&nv;xT}gaSuI5btX9REToxRc)x99k1;=w0G8r&92CO5K
z9fM=X3Yoka9B<Z<$*I9{YK2U;4UTQ=$YkQ+n7BeFM+e8zb!75)aQs~%li7n~_Bt|I
zKRDK}keLsH%LjF2=8E8QMTN{P5?mIkBQwJUmtiVo=APhkPaT<gDY(2;Av0qIm$B-|
z%x1x5vkIAcF1S2bM`jKTE(cb~%#Oij$2u}IXX?+$oE0*UB<@E}tt0bTaQU`EW+o0U
z6W5WMrBmNPmadR_B)I%tM`mshF1J_6%=*D){W>yd1i{S+DrC+Tf}1PUkvWeDZXQu0
zr;Nh+L~!$o(l+gO!IedDbKv1V>lb;RtBK&&4#W8(cNcqTaGjAd1on0ps?YIUNtCF`
z1E1mZwm!deWl`b!?4Gyvx!q@AMS<&!;MPQng3r~=v6Z(x(v(j}9;Ar*e9Amn;qpjR
z&J(WBdCXN6E{`<jCE@zK#C%fW@<>ze5U$T1<opVkN1FIuxSrq1%M~t<G;y$SJqMFJ
zD_kCF;z{9po+Q6jxIEItWy1Ab##K&*%R5WKG0TXZMx5i<7QDw&+48PQaQ9j&TR-O}
z4^_6jLy}nw%@rI;KFZAH=L(MG9i`w_V#9q4bK#+ZyVKNQ*((rv2dKfWMCARO2FqUY
z%e+6+XqSGOeA!@E{Bp7+Tjnj<gYuSKEoUrKd)Rw|TQd(w?Pj(LZneE@$GdsKt<#6S
F{{v#(k!Jt^

literal 0
HcmV?d00001

diff --git a/examples/conds/conds.relf b/examples/conds/conds.relf
new file mode 100644
index 000000000..ee6b37db4
--- /dev/null
+++ b/examples/conds/conds.relf
@@ -0,0 +1,119 @@
+
+Relocation section '.rela.dyn' at offset 0x530 contains 3 entries:
+    Offset             Info             Type               Symbol's Value  Symbol's Name + Addend
+000000000041ffd0  0000000200000401 R_AARCH64_GLOB_DAT     0000000000000000 _ITM_deregisterTMCloneTable + 0
+000000000041ffd8  0000000300000401 R_AARCH64_GLOB_DAT     0000000000000000 __gmon_start__ + 0
+000000000041ffe0  0000000500000401 R_AARCH64_GLOB_DAT     0000000000000000 _ITM_registerTMCloneTable + 0
+
+Relocation section '.rela.plt' at offset 0x578 contains 3 entries:
+    Offset             Info             Type               Symbol's Value  Symbol's Name + Addend
+0000000000420000  0000000100000402 R_AARCH64_JUMP_SLOT    0000000000000000 __libc_start_main@GLIBC_2.34 + 0
+0000000000420008  0000000300000402 R_AARCH64_JUMP_SLOT    0000000000000000 __gmon_start__ + 0
+0000000000420010  0000000400000402 R_AARCH64_JUMP_SLOT    0000000000000000 abort@GLIBC_2.17 + 0
+
+Symbol table '.dynsym' contains 6 entries:
+   Num:    Value          Size Type    Bind   Vis      Ndx Name
+     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
+     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.34 (2)
+     2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTable
+     3: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
+     4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND abort@GLIBC_2.17 (3)
+     5: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
+
+Symbol table '.symtab' contains 95 entries:
+   Num:    Value          Size Type    Bind   Vis      Ndx Name
+     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
+     1: 0000000000400238     0 SECTION LOCAL  DEFAULT    1 .interp
+     2: 00000000004002a8     0 SECTION LOCAL  DEFAULT    2 .note.ABI-tag
+     3: 00000000004002c8     0 SECTION LOCAL  DEFAULT    3 .hash
+     4: 00000000004002f8     0 SECTION LOCAL  DEFAULT    4 .gnu.hash
+     5: 0000000000400318     0 SECTION LOCAL  DEFAULT    5 .dynsym
+     6: 00000000004003a8     0 SECTION LOCAL  DEFAULT    6 .dynstr
+     7: 00000000004004f2     0 SECTION LOCAL  DEFAULT    7 .gnu.version
+     8: 0000000000400500     0 SECTION LOCAL  DEFAULT    8 .gnu.version_r
+     9: 0000000000400530     0 SECTION LOCAL  DEFAULT    9 .rela.dyn
+    10: 0000000000400578     0 SECTION LOCAL  DEFAULT   10 .rela.plt
+    11: 00000000004005c0     0 SECTION LOCAL  DEFAULT   11 .init
+    12: 00000000004005e0     0 SECTION LOCAL  DEFAULT   12 .plt
+    13: 0000000000400640     0 SECTION LOCAL  DEFAULT   13 .text
+    14: 0000000000400c04     0 SECTION LOCAL  DEFAULT   14 .fini
+    15: 0000000000400c18     0 SECTION LOCAL  DEFAULT   15 .rodata
+    16: 0000000000400c1c     0 SECTION LOCAL  DEFAULT   16 .eh_frame_hdr
+    17: 0000000000400c60     0 SECTION LOCAL  DEFAULT   17 .eh_frame
+    18: 000000000041fdc8     0 SECTION LOCAL  DEFAULT   18 .init_array
+    19: 000000000041fdd0     0 SECTION LOCAL  DEFAULT   19 .fini_array
+    20: 000000000041fdd8     0 SECTION LOCAL  DEFAULT   20 .dynamic
+    21: 000000000041ffc8     0 SECTION LOCAL  DEFAULT   21 .got
+    22: 000000000041ffe8     0 SECTION LOCAL  DEFAULT   22 .got.plt
+    23: 0000000000420018     0 SECTION LOCAL  DEFAULT   23 .data
+    24: 0000000000420028     0 SECTION LOCAL  DEFAULT   24 .bss
+    25: 0000000000000000     0 SECTION LOCAL  DEFAULT   25 .comment
+    26: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crt1.o
+    27: 00000000004002a8     0 NOTYPE  LOCAL  DEFAULT    2 $d
+    28: 00000000004002a8    32 OBJECT  LOCAL  DEFAULT    2 __abi_tag
+    29: 0000000000400640     0 NOTYPE  LOCAL  DEFAULT   13 $x
+    30: 0000000000400674     0 NOTYPE  LOCAL  DEFAULT   13 __wrap_main
+    31: 0000000000400c74     0 NOTYPE  LOCAL  DEFAULT   17 $d
+    32: 0000000000400c18     0 NOTYPE  LOCAL  DEFAULT   15 $d
+    33: 0000000000400680     0 NOTYPE  LOCAL  DEFAULT   13 $x
+    34: 0000000000400c88     0 NOTYPE  LOCAL  DEFAULT   17 $d
+    35: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crti.o
+    36: 0000000000400684     0 NOTYPE  LOCAL  DEFAULT   13 $x
+    37: 0000000000400684    20 FUNC    LOCAL  DEFAULT   13 call_weak_fn
+    38: 00000000004005c0     0 NOTYPE  LOCAL  DEFAULT   11 $x
+    39: 0000000000400c04     0 NOTYPE  LOCAL  DEFAULT   14 $x
+    40: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtn.o
+    41: 00000000004005d0     0 NOTYPE  LOCAL  DEFAULT   11 $x
+    42: 0000000000400c10     0 NOTYPE  LOCAL  DEFAULT   14 $x
+    43: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtbegin.o
+    44: 00000000004006a0     0 NOTYPE  LOCAL  DEFAULT   13 $x
+    45: 00000000004006a0     0 FUNC    LOCAL  DEFAULT   13 deregister_tm_clones
+    46: 00000000004006d0     0 FUNC    LOCAL  DEFAULT   13 register_tm_clones
+    47: 0000000000420020     0 NOTYPE  LOCAL  DEFAULT   23 $d
+    48: 0000000000400710     0 FUNC    LOCAL  DEFAULT   13 __do_global_dtors_aux
+    49: 0000000000420028     1 OBJECT  LOCAL  DEFAULT   24 completed.0
+    50: 000000000041fdd0     0 NOTYPE  LOCAL  DEFAULT   19 $d
+    51: 000000000041fdd0     0 OBJECT  LOCAL  DEFAULT   19 __do_global_dtors_aux_fini_array_entry
+    52: 0000000000400740     0 FUNC    LOCAL  DEFAULT   13 frame_dummy
+    53: 000000000041fdc8     0 NOTYPE  LOCAL  DEFAULT   18 $d
+    54: 000000000041fdc8     0 OBJECT  LOCAL  DEFAULT   18 __frame_dummy_init_array_entry
+    55: 0000000000400ca0     0 NOTYPE  LOCAL  DEFAULT   17 $d
+    56: 0000000000420028     0 NOTYPE  LOCAL  DEFAULT   24 $d
+    57: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS conds.c
+    58: 000000000042002c     0 NOTYPE  LOCAL  DEFAULT   24 $d
+    59: 0000000000400744     0 NOTYPE  LOCAL  DEFAULT   13 $x
+    60: 0000000000400d00     0 NOTYPE  LOCAL  DEFAULT   17 $d
+    61: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtend.o
+    62: 0000000000400d1c     0 NOTYPE  LOCAL  DEFAULT   17 $d
+    63: 0000000000400d1c     0 OBJECT  LOCAL  DEFAULT   17 __FRAME_END__
+    64: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS 
+    65: 000000000041fdd8     0 OBJECT  LOCAL  DEFAULT   20 _DYNAMIC
+    66: 0000000000400c1c     0 NOTYPE  LOCAL  DEFAULT   16 __GNU_EH_FRAME_HDR
+    67: 000000000041ffc8     0 OBJECT  LOCAL  DEFAULT   21 _GLOBAL_OFFSET_TABLE_
+    68: 00000000004005e0     0 NOTYPE  LOCAL  DEFAULT   12 $x
+    69: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.34
+    70: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTable
+    71: 0000000000420018     0 NOTYPE  WEAK   DEFAULT   23 data_start
+    72: 0000000000420028     0 NOTYPE  GLOBAL DEFAULT   24 __bss_start__
+    73: 0000000000420040     0 NOTYPE  GLOBAL DEFAULT   24 _bss_end__
+    74: 0000000000420030     4 OBJECT  GLOBAL DEFAULT   24 r
+    75: 0000000000420028     0 NOTYPE  GLOBAL DEFAULT   23 _edata
+    76: 0000000000420034     4 OBJECT  GLOBAL DEFAULT   24 z
+    77: 000000000042002c     4 OBJECT  GLOBAL DEFAULT   24 x
+    78: 0000000000400c04     0 FUNC    GLOBAL HIDDEN    14 _fini
+    79: 0000000000420040     0 NOTYPE  GLOBAL DEFAULT   24 __bss_end__
+    80: 0000000000420018     0 NOTYPE  GLOBAL DEFAULT   23 __data_start
+    81: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
+    82: 0000000000420020     0 OBJECT  GLOBAL HIDDEN    23 __dso_handle
+    83: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND abort@GLIBC_2.17
+    84: 0000000000400c18     4 OBJECT  GLOBAL DEFAULT   15 _IO_stdin_used
+    85: 0000000000420040     0 NOTYPE  GLOBAL DEFAULT   24 _end
+    86: 0000000000400680     4 FUNC    GLOBAL HIDDEN    13 _dl_relocate_static_pie
+    87: 0000000000400640    60 FUNC    GLOBAL DEFAULT   13 _start
+    88: 0000000000420040     0 NOTYPE  GLOBAL DEFAULT   24 __end__
+    89: 0000000000420038     4 OBJECT  GLOBAL DEFAULT   24 y
+    90: 0000000000420028     0 NOTYPE  GLOBAL DEFAULT   24 __bss_start
+    91: 0000000000400744  1216 FUNC    GLOBAL DEFAULT   13 main
+    92: 0000000000420028     0 OBJECT  GLOBAL HIDDEN    23 __TMC_END__
+    93: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
+    94: 00000000004005c0     0 FUNC    GLOBAL HIDDEN    11 _init

From c26028e2e616a030567545a2bc648f8c9adef785 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 18 Oct 2024 12:08:51 +1000
Subject: [PATCH 081/127] add expr2smt

---
 src/main/scala/ir/Expr.scala                  |   9 +-
 src/main/scala/ir/cilvisitor/CILVisitor.scala |   4 -
 src/main/scala/translating/IRExpToSMT2.scala  | 176 ++++++++++++++++++
 3 files changed, 182 insertions(+), 7 deletions(-)
 create mode 100644 src/main/scala/translating/IRExpToSMT2.scala

diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index c0a687a08..9b4507355 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -1,6 +1,4 @@
 package ir
-
-
 import boogie._
 import scala.collection.mutable
 
@@ -236,10 +234,13 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
 
 }
 
-trait BinOp
+trait BinOp {
+  def opName : String  
+}
 
 sealed trait BoolBinOp(op: String) extends BinOp {
   override def toString: String = op
+  def opName = op
 }
 
 case object BoolEQ extends BoolBinOp("==")
@@ -251,6 +252,7 @@ case object BoolEQUIV extends BoolBinOp("<==>")
 
 sealed trait BVBinOp(op: String) extends BinOp {
   override def toString: String = op
+  def opName = op
 }
 
 case object BVAND extends BVBinOp("and")
@@ -285,6 +287,7 @@ case object BVCONCAT extends BVBinOp("++")
 
 sealed trait IntBinOp(op: String) extends BinOp {
   override def toString: String = op
+  def opName = op
   def toBV: BVBinOp = this match {
     case IntADD => BVADD
     case IntMUL => BVMUL
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 871316c50..b6997b986 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -23,7 +23,6 @@ trait CILVisitor:
 
   def vstmt(e: Statement): VisitAction[List[Statement]] = DoChildren()
   def vjump(j: Jump): VisitAction[Jump] = DoChildren()
-  def vfallthrough(j: Option[GoTo]): VisitAction[Option[GoTo]] = DoChildren()
 
   def vexpr(e: Expr): VisitAction[Expr] = DoChildren()
   def vrvar(e: Variable): VisitAction[Variable] = DoChildren()
@@ -80,9 +79,6 @@ class CILVisitorImpl(val v: CILVisitor) {
     doVisit(v, v.vjump(j), j, continue)
   }
 
-  def visit_fallthrough(j: Option[GoTo]): Option[GoTo] = {
-    doVisit(v, v.vfallthrough(j), j, (j) => j)
-  }
 
   def visit_expr(n: Expr): Expr = {
     def continue(n: Expr): Expr = n match {
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
new file mode 100644
index 000000000..3ff00b4ee
--- /dev/null
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -0,0 +1,176 @@
+package translating
+import ir.*
+import boogie.*
+import specification.*
+import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion}
+import ir.cilvisitor.*
+
+trait BasilIRExp[Repr[_]] {
+
+  def vexpr(e: Expr): Repr[Expr] = {
+    e match {
+      case n: Literal                               => vliteral(n)
+      case m @ MemoryLoad(mem, index, endian, size) => vload(m)
+      case Extract(ed, start, arg)                  => vextract(ed, start, vexpr(arg))
+      case Repeat(repeats, arg)  => vexpr((0 until repeats).foldLeft(arg)((acc, n) => BinaryExpr(BVCONCAT, acc, arg)))
+      case ZeroExtend(bits, arg) => vexpr(BinaryExpr(BVCONCAT, BitVecLiteral(0, bits), arg))
+      case SignExtend(bits, arg) =>
+        vexpr(BinaryExpr(BVCONCAT, Repeat(bits, Extract(size(arg).get, size(arg).get - 1, arg)), arg))
+      case BinaryExpr(op, arg, arg2) =>
+        op match {
+          case BVNEQ   => vunary_expr(BoolNOT, vbinary_expr(BVEQ, vexpr(arg), vexpr(arg2)))
+          case IntNEQ  => vunary_expr(BoolNOT, vbinary_expr(IntEQ, vexpr(arg), vexpr(arg2)))
+          case BoolNEQ => vunary_expr(BoolNOT, vbinary_expr(BoolEQ, vexpr(arg), vexpr(arg2)))
+          case _       => vbinary_expr(op, vexpr(arg), vexpr(arg2))
+        }
+      case UnaryExpr(op, arg)                       => vunary_expr(op, vexpr(arg))
+      case v: Variable                              => vrvar(v)
+      case f @ UninterpretedFunction(n, params, rt) => vuninterp_function(n, params.map(vexpr))
+    }
+  }
+
+  def vextract(ed: Int, start: Int, a: Repr[Expr]): Repr[Expr]
+  def vbinary_expr(e: BinOp, l: Repr[Expr], r: Repr[Expr]): Repr[Expr]
+  def vunary_expr(e: UnOp, arg: Repr[Expr]): Repr[Expr]
+  def vliteral(arg: Literal): Repr[Expr]
+  def vuninterp_function(name: String, args: Seq[Repr[Expr]]): Repr[Expr]
+
+  def vrvar(e: Variable): Repr[Expr]
+  def vload(arg: MemoryLoad): Repr[Expr]
+}
+
+enum Sexp[+T] {
+  case Symb(v: String)
+  case Slist(v: List[Sexp[T]])
+
+}
+
+object Sexp {
+
+  def print[T](s: Sexp[T]): String = s match {
+    case Sexp.Symb(a)  => a
+    case Sexp.Slist(v) => "(" + v.map(print).mkString(" ") + ")"
+  }
+}
+
+def sym[T](l: String): Sexp[T] = Sexp.Symb[T](l)
+def list[T](l: Sexp[T]*): Sexp[T] = Sexp.Slist(l.toList)
+
+object BasilIRToSMT2 extends BasilIRExp[Sexp] {
+
+  def unaryOpnameToFun(b: UnOp) = {
+    b match {
+      case BoolNOT => "not"
+      case BVNOT   => "bvnot"
+      case BVNEG   => "bvneg"
+      case IntNEG  => "-"
+    }
+  }
+
+  def opnameToFun(b: BinOp) = {
+    b match {
+      case IntEQ        => "="
+      case BoolEQ       => "="
+      case BVEQ         => "="
+      case BVNEQ        => ???
+      case IntNEQ       => ???
+      case BoolNEQ      => ???
+      case BVCONCAT     => "concat"
+      case b: BVBinOp   => "bv" + b.opName
+      case b: BoolBinOp => b.opName
+      case b: IntBinOp  => b.opName
+    }
+  }
+
+  def int2smt(i: Int) = sym(i.toString)
+  def bv2smt(i: BitVecLiteral) = sym(i.toString)
+
+  override def vextract(ed: Int, start: Int, a: Sexp[Expr]): Sexp[Expr] =
+    list(list(sym("_"), sym("extract"), int2smt(ed - 1), int2smt(start)), a)
+  override def vbinary_expr(e: BinOp, l: Sexp[Expr], r: Sexp[Expr]): Sexp[Expr] = list(sym(opnameToFun(e)), l, r)
+  override def vunary_expr(e: UnOp, arg: Sexp[Expr]): Sexp[Expr] = list(sym(unaryOpnameToFun(e)), arg)
+  override def vliteral(arg: Literal): Sexp[Expr] = arg match {
+    case BitVecLiteral(value, size) => list(sym("_"), sym(s"bv${value}"), sym(size.toString))
+    case IntLiteral(i)              => sym(i.toString)
+    case TrueLiteral                => sym("true")
+    case FalseLiteral               => sym("false")
+  }
+
+  def endianToBool(endian: Endian): Sexp[Expr] = {
+    if endian == Endian.LittleEndian then vexpr(FalseLiteral) else vexpr(TrueLiteral)
+  }
+  override def vuninterp_function(name: String, args: Seq[Sexp[Expr]]): Sexp[Expr] =
+    list(sym(name), Sexp.Slist(args.toList))
+  override def vrvar(e: Variable): Sexp[Expr] = sym(e.name)
+  override def vload(l: MemoryLoad): Sexp[Expr] =
+    list(sym("memoryload"), sym(l.mem.name), vexpr(l.index), endianToBool(l.endian), int2smt(l.size))
+
+  def basilTypeToSMTType(v: IRType): Sexp[Expr] = {
+    v match {
+      case BoolType        => sym("Bool")
+      case IntType         => sym("Int")
+      case BitVecType(sz)  => list(sym("_"), sym("BitVec"), int2smt(sz))
+      case MapType(pt, rt) => list(sym("Array"), basilTypeToSMTType(pt), basilTypeToSMTType(rt))
+    }
+  }
+
+  def extractDecls(e: Expr): List[Sexp[Expr]] = {
+
+    class ToDecl extends CILVisitor {
+      var decled = Set[Sexp[Expr]]()
+
+      override def vexpr(e: Expr) = e match {
+        case UninterpretedFunction(name, args, rt) => {
+          val decl = list(
+            sym("declare-fun"),
+            Sexp.Slist(args.toList.map(a => basilTypeToSMTType(a.getType))),
+            basilTypeToSMTType(rt)
+          )
+          decled = decled + decl
+          DoChildren() // get variables out of args
+        }
+        case v: Variable => {
+          val decl = list(sym("declare-const"), sym(v.name), basilTypeToSMTType(v.getType))
+          decled = decled + decl
+          SkipChildren()
+        }
+        case l: MemoryLoad => {
+          val decl = list(
+            sym("declare-fun"),
+            sym("memoryload"),
+            list(
+              basilTypeToSMTType(l.mem.getType),
+              basilTypeToSMTType(BitVecType(l.mem.addressSize)),
+              basilTypeToSMTType(BoolType),
+              basilTypeToSMTType(IntType)
+            ),
+            basilTypeToSMTType(BitVecType(l.size))
+          )
+          val mem = list(sym("declare-const"), sym(l.mem.name), basilTypeToSMTType(l.mem.getType))
+          decled = decled + mem
+          decled = decled + decl
+          DoChildren()
+        }
+        case _ => DoChildren()
+      }
+
+      def getDecls(e: Expr): Set[Sexp[Expr]] = {
+        decled = Set()
+        visit_expr(this, e)
+        decled
+      }
+    }
+
+    ToDecl().getDecls(e).toList
+  }
+
+}
+
+def expToSmt2(e: Expr): String = {
+
+  val decls = BasilIRToSMT2.extractDecls(e).map(Sexp.print)
+  val s = Sexp.print(BasilIRToSMT2.vexpr(e))
+
+  (decls ++ List(s)).mkString("\n")
+
+}

From 09eb1afbc2e38b7cea33c9061968d8c3a5bb8b40 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 18 Oct 2024 17:46:33 +1000
Subject: [PATCH 082/127] validate and improve expr lifting

---
 src/main/scala/ir/Expr.scala                 |   1 +
 src/main/scala/ir/eval/SimplifyExpr.scala    | 302 ++++++++++---------
 src/main/scala/translating/IRExpToSMT2.scala |  96 ++++--
 src/main/scala/util/RunUtils.scala           |   3 +
 4 files changed, 233 insertions(+), 169 deletions(-)

diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 9b4507355..2ca58ca75 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -342,6 +342,7 @@ case class UninterpretedFunction(name: String, params: Seq[Expr], returnType: IR
   override def acceptVisit(visitor: Visitor): Expr = visitor.visitUninterpretedFunction(this)
   override def gammas: Set[Expr] = params.flatMap(_.gammas).toSet
   override def variables: Set[Variable] = params.flatMap(_.variables).toSet
+  override def toString = s"$name(${params.mkString(", ")})"
 }
 
 // Means something has a global scope from the perspective of the IR and Boogie
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 788aed9a8..02fee773d 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -4,21 +4,42 @@ import ir.*
 val assocOps: Set[BinOp] =
   Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
 
+var traceLog = List[(Expr, Expr)]()
+
 def simplifyExprFixpoint(e: Expr): Expr = {
+  val begin = e
   var pe = e
   var ne = simplifyExpr(pe)
   while (ne != pe) {
     pe = ne
     ne = simplifyExpr(pe)
   }
+  if (begin != ne) {
+    traceLog = (begin, ne) :: traceLog
+  }
   ne
 }
 
-def conditionSimplify(e: Expr): Expr = {
-  val s = simplifyExpr(e)
-  s match {
-    case r => r
+def makeValidation() = {
+  def makeEQ(a: Expr, b: Expr) = {
+    require(a.getType == b.getType)
+    a.getType match {
+      case BitVecType(sz) => BinaryExpr(BVEQ, a, b)
+      case IntType        => BinaryExpr(IntEQ, a, b)
+      case BoolType       => BinaryExpr(BoolEQ, a, b)
+      case m: MapType        => ???
+    }
   }
+
+  var ind = 0
+  traceLog
+    .map((o, n) => {
+      ind += 1
+      val equal = UnaryExpr(BoolNOT, makeEQ(o, n))
+      val expr = translating.BasilIRToSMT2.exprUnsat(equal, Some(s"simp$ind"))
+      expr
+    })
+    .mkString("\n\n")
 }
 
 def simplifyExpr(e: Expr): Expr = {
@@ -33,6 +54,14 @@ def simplifyExpr(e: Expr): Expr = {
 
   }
 
+  val ineqToStrict = Map[BinOp, BinOp](
+    BVSGE -> BVSGT,
+    BVUGE -> BVUGT,
+    BVSLE -> BVSLT,
+    BVULE -> BVULT
+    )
+
+
   def isNegBV(e: Expr) = {
     simplifyExpr(e).getType match {
       case BitVecType(sz) => {
@@ -42,54 +71,6 @@ def simplifyExpr(e: Expr): Expr = {
     }
   }
 
-  def getDisjuncts(e: Expr): List[Expr] = {
-    e match {
-      case BinaryExpr(BoolOR, l, r) => getDisjuncts(l) ++ getDisjuncts(r)
-      case e                        => List(e)
-    }
-  }
-
-  def isFalse(e: Expr): Boolean = {
-    e match {
-      case FalseLiteral                                                                                      => true
-      case BinaryExpr(BoolAND, e1, UnaryExpr(BoolNOT, e2)) if e1 == e2                                       => true
-      case BinaryExpr(BoolOR, e1, e2) if isFalse(e1) && isFalse(e2)                                          => true
-      case BinaryExpr(BoolAND, e1, e2) if isFalse(e1) || isFalse(e2)                                         => true
-      case BinaryExpr(BoolAND, BinaryExpr(BVSLT, e1, e2), BinaryExpr(BVSLT, e3, e4)) if e1 == e4 && e2 == e3 => true
-      case _                                                                                                 => false
-    }
-
-  }
-
-  def resolveAND(e1: Expr, e2: Expr): Expr = {
-    require((e1.loads.size == 0) && (e2.loads.size == 0))
-
-    (e1, e2) match {
-      case (e, UnaryExpr(BoolNOT, ep)) if e == ep => FalseLiteral
-      //case (left, right) => {
-
-      //  val ld = getDisjuncts(left)
-      //  val rd = getDisjuncts(right)
-      //  val prod = ld.flatMap(l => rd.map(r => (l, r)))
-
-      //  val rs = prod.map( p => p -> resolveAND(p._1, p._2)).filter(c => c._2 != FalseLiteral)
-      //    .map(_._1).map(c => Set(c._1, c._2)).flatten
-
-      //  if (rs.size == 0) {
-      //    FalseLiteral
-      //  } else {
-      //    rs.tail.foldLeft(rs.head)((l, r) => BinaryExpr(BoolOR, l , r))
-      //  }
-      //}
-      case (BinaryExpr(BoolOR, a, b), e) => {
-        BinaryExpr(BoolOR, resolveAND(a, e), resolveAND(b, e))
-      }
-      case (e1, e2) => BinaryExpr(BoolAND, e1, e2)
-      //case (BinaryExpr(BoolOR, a, b), BinaryExpr(BoolOR, c, d)) if (resolveAND(a, d) != FalseLiteral) && (resolveAND(b, c) == FalseLiteral) => BinaryExpr
-      //case (BinaryExpr(BoolOR, a, b), BinaryExpr(BoolOR, c, d)) if (resolveAND(a, c) != FalseLiteral) && (resolveAND(c, d) == FalseLiteral) => BinaryExpr(BoolOR, a, c)
-    }
-  }
-
   val e2 = ir.eval.partialEvalExpr(e, (v) => None)
 
   def pushExtend(e: Expr, extend: Expr => Expr): Expr = {
@@ -110,7 +91,6 @@ def simplifyExpr(e: Expr): Expr = {
     // logical ops when bv1
     BVAND -> BoolAND,
     BVOR -> BoolOR
-    //BVCOMP -> BoolEQ
   )
 
   /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
@@ -120,25 +100,21 @@ def simplifyExpr(e: Expr): Expr = {
     // constant folding
     // const + (expr + const) -> expr + (const + const)
 
-    //case UnaryExpr(BVNOT, l) if size(l).isDefined && !size(l).contains(1) =>
-    //  BinaryExpr(BVSUB, UnaryExpr(BVNEG, simplifyExpr(l)), BitVecLiteral(1, size(l).get))
-
-    case BinaryExpr(BVADD, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
-    case BinaryExpr(BVSUB, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVSUB, r, l), simplifyExpr(body))
-    case BinaryExpr(BVSUB, BinaryExpr(BVSUB, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVSUB, simplifyExpr(body), BinaryExpr(BVADD, l, r))
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVADD, l, r), simplifyExpr(body))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral)
+        if !body.isInstanceOf[Literal] =>
+      BinaryExpr(BVADD, simplifyExpr(body), simplifyExpr(BinaryExpr(BVADD, r, l)))
+
+    //case BinaryExpr(BVADD, BinaryExpr(BVADD, body1, r1: BitVecLiteral), BinaryExpr(BVADD, body2, r2)) => {
+    //  BinaryExpr(BVADD, BinaryExpr(BVADD, body1, body2), BinaryExpr(BVADD, r1, r2))
+    //}
+
     case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), simplifyExpr(body))
+
     case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), simplifyExpr(body))
     case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), simplifyExpr(body))
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVADD, BinaryExpr(BVADD, r, l), simplifyExpr(body))
 
     case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral)) =>
       BinaryExpr(BVADD, simplifyExpr(BinaryExpr(BVADD, l, r)), simplifyExpr(BinaryExpr(BVADD, lc, rc)))
@@ -162,8 +138,20 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
       BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
 
-    /* 
-     * Simplify BVop to Bool ops in a boolean context. 
+    // def of bvneg
+    //case UnaryExpr(BVNOT, x) if (!size(x).contains(1)) => BinaryExpr(BVSUB, UnaryExpr(BVNEG, x), BitVecLiteral(1, size(x).get))
+    case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _))
+        if !(y.isInstanceOf[BitVecLiteral]) =>
+      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, ed @ SignExtend(sz, UnaryExpr(BVNOT, x))), BitVecLiteral(1, sz2))
+        if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) =>
+      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x)))
+
+    //case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _)) if !(y.isInstanceOf[BitVecLiteral]) => BinaryExpr(BVADD, UnaryExpr(BVNEG, x), y)
+
+    /*
+     * Simplify BVop to Bool ops in a boolean context.
      */
 
     /* intro bool2bv */
@@ -200,9 +188,6 @@ def simplifyExpr(e: Expr): Expr = {
     case UninterpretedFunction("bool2bv1", Seq(FalseLiteral), _) => BitVecLiteral(0, 1)
     case UninterpretedFunction("bool2bv1", Seq(TrueLiteral), _)  => BitVecLiteral(1, 1)
 
-    //case BinaryExpr(BVADD, x: Expr, y: BitVecLiteral) if ir.eval.BitVectorEval.isNegative(y) =>
-    //  BinaryExpr(BVSUB, simplifyExpr(x), ir.eval.BitVectorEval.smt_bvneg(y))
-
     case BinaryExpr(BoolAND, x, TrueLiteral)  => x
     case BinaryExpr(BoolAND, x, FalseLiteral) => FalseLiteral
     case BinaryExpr(BoolOR, x, FalseLiteral)  => x
@@ -210,12 +195,11 @@ def simplifyExpr(e: Expr): Expr = {
 
     case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s))
         if ir.eval.BitVectorEval.isNegative(y) =>
-      BinaryExpr(BVEQ, x, y)
+      BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y))
 
-
-    /*  COMPARISON FLAG HANDLING 
+    /*  COMPARISON FLAG HANDLING
      *
-     * We quite precisely pattern match ASLp's output for C and V, 
+     * We quite precisely pattern match ASLp's output for C and V,
      * these are computed by comparing the test to a higher-precision calculation of the test.
      */
 
@@ -224,105 +208,135 @@ def simplifyExpr(e: Expr): Expr = {
       bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, size(b).get)))
     }
 
-    // Signed Overflow
-    case UnaryExpr(
-          BoolNOT,
-          BinaryExpr(
-            BVEQ,
-            SignExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
-            compar @ BinaryExpr(o2, x2, y2)
-          ) // high precision op
+    /** https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
+      *
+      * match NF == VF
+      *
+      */
+    case BinaryExpr(
+     // add case
+          BoolEQ,
+          // N set
+          (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
+          // V set
+          UnaryExpr(
+            BoolNOT,
+            BinaryExpr(
+              BVEQ,
+              SignExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
+              compar @ BinaryExpr(o2, x2, y2)
+            ) // high precision op
+          )
         )
-        if (o1 == o2) && o1 == BVADD
-          && simplifyExpr(x2) == simplifyExpr(SignExtend(exts, x1))
-          && simplifyExpr(y2) == simplifyExpr(SignExtend(exts, y1)) => {
-      // V set
-      UninterpretedFunction("SignedOverflow", Seq(orig), BoolType)
+        if (o1 == o2) && o1 == BVADD && simplifyExpr(lhs) == simplifyExpr(orig)
+          && simplifyExpr(SignExtend(exts, x1)) == simplifyExpr(x2)
+          && simplifyExpr(SignExtend(exts, y1)) == simplifyExpr(y2)=> {
+      BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
     }
 
-    case UnaryExpr(
-          BoolNOT,
-          BinaryExpr(
-            BVEQ,
-            SignExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
-            BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
+    case BinaryExpr(
+        // sub case (with two args)
+          BoolEQ,
+          // N set
+          (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
+          // V set
+          UnaryExpr(
+            BoolNOT,
+            BinaryExpr(
+              BVEQ,
+              SignExtend(exts, orig @ BinaryExpr(o1, x1, UnaryExpr(BVNEG, y1))),
+              compar @ BinaryExpr(o2, SignExtend(ext1, x2), UnaryExpr(BVNEG, SignExtend(ext2, y2)))
+            ) // high precision op
           )
         )
-        if (o1 == o2) && o2 == o4 && o1 == BVADD
+        if (o1 == o2) && o1 == BVADD && simplifyExpr(lhs) == simplifyExpr(orig)
+          && exts == ext1 && exts == ext2
+          && x2 == x1
+          && y2 == y1 => {
+
+      BinaryExpr(BVSGE, x1, y1)
+    }
+
+    // NF == VF
+    case BinaryExpr(
+          // this matches sub case a - b ===> (x1 + (bvneg y1)) + 1
+          BoolEQ,
+          // N set
+          (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
+          // V set
+          UnaryExpr(
+            BoolNOT,
+            BinaryExpr(
+              BVEQ,
+              SignExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
+              BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
+            )
+          )
+        )
+        if (o1 == o2) && o2 == o4 && o1 == BVADD && simplifyExpr(lhs) == simplifyExpr(orig)
           && simplifyExpr(x2) == simplifyExpr(SignExtend(exts, x1))
           && simplifyExpr(y2) == simplifyExpr(SignExtend(exts, y1))
           && simplifyExpr(z2) == simplifyExpr(SignExtend(exts, z1)) => {
-      // V set
-      UninterpretedFunction("SignedOverflow", Seq(orig), BoolType)
+      BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1)))
     }
 
-    // Unsigned OVerflow
-    case UnaryExpr(
-          BoolNOT,
-          BinaryExpr(
-            BVEQ,
-            ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
-            compar @ BinaryExpr(o2, x2, y2)
-          )
+    // CF Unsigned Overflow
+    case BinaryExpr(
+          BVEQ,
+          ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
+          compar @ BinaryExpr(o2, x2, y2)
         )
         if (o1 == o2) && o1 == BVADD
           && simplifyExpr(x2) == simplifyExpr(ZeroExtend(exts, x1))
           && simplifyExpr(y2) == simplifyExpr(ZeroExtend(exts, y1)) => {
-      // C Set
-      BinaryExpr(BVUGE, orig, BitVecLiteral(0, size(orig).get))
+      // C not Set
+      simplifyExpr(UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y1))))
     }
 
-    case UnaryExpr(
-          BoolNOT,
-          BinaryExpr(
-            BVEQ,
-            ZeroExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
-            BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
-          )
+    case BinaryExpr(
+          BVEQ,
+          ZeroExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
+          BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
         )
         if (o1 == o2) && o2 == o4 && o1 == BVADD
           && simplifyExpr(x2) == simplifyExpr(ZeroExtend(exts, x1))
           && simplifyExpr(y2) == simplifyExpr(ZeroExtend(exts, y1))
           && simplifyExpr(z2) == simplifyExpr(ZeroExtend(exts, z1)) => {
-      // C Set
-      BinaryExpr(BVUGE, orig, BitVecLiteral(0, size(orig).get))
+      // C not Set
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1))))
     }
 
-    /**
-     * https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
-     */
     case BinaryExpr(
-          BoolEQ,
-          (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
-          UninterpretedFunction("SignedOverflow", Seq(rhs), BoolType)
-        ) if simplifyExpr(lhs) == simplifyExpr(rhs) => {
-      BinaryExpr(BVSGE, lhs, BitVecLiteral(0, size(lhs).get))
+          BVEQ,
+          ZeroExtend(exts, orig @ BinaryExpr(o1, x1, UnaryExpr(BVNEG, y1))),
+          BinaryExpr(o2, compar @ BinaryExpr(o4, ZeroExtend(ext1, x2), ZeroExtend(ext2, UnaryExpr(BVNOT, y2))), BitVecLiteral(1, _)) // high precision op
+        )
+        if (o1 == o2) && o2 == o4 && o1 == BVADD
+          && exts == ext1 && exts == ext2
+          && x1 == x2 && y1 == y2 => {
+      // C not Set
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, y1))
     }
 
     /* generic comparison simplification */
 
+    // weak to strict inequality 
     // x >= 0 && x != 0 ===> x > 0
-    case BinaryExpr(BoolAND, BinaryExpr(BVSGE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
-        if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) => {
-      BinaryExpr(BVSGT, lhs, BitVecLiteral(0, size(lhs).get))
+    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
+        if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) && ineqToStrict.contains(op) => {
+      BinaryExpr(ineqToStrict(op), lhs, BitVecLiteral(0, size(lhs).get))
     }
-
-    // x <= 0 && x != 0 ===> x < 0
-    case BinaryExpr(BoolAND, BinaryExpr(BVSLE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
-        if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) => {
-      BinaryExpr(BVSLT, lhs, BitVecLiteral(0, size(lhs).get))
+    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))) 
+      if lhs == lhs2 && rhs == rhs2  && ineqToStrict.contains(op) => {
+      BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
-
-    // x >= 0 && x != 0 ===> x > 0
-    case BinaryExpr(BoolAND, BinaryExpr(BVUGE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
-        if simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs => {
-      BinaryExpr(BVUGT, lhs, BitVecLiteral(0, sz))
+    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
+      if lhs == lhs2 && simplifyExpr(rhs) == simplifyExpr(UnaryExpr(BVNEG, rhs2)) && ineqToStrict.contains(op) => {
+      BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
-
-    // x <= 0 && x != 0 ===> x < 0
-    case BinaryExpr(BoolAND, BinaryExpr(BVULE, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
-        if simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs => {
-      BinaryExpr(BVULT, lhs, BitVecLiteral(0, sz))
+    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
+      if rhs == rhs2 && simplifyExpr(lhs) == simplifyExpr(UnaryExpr(BVNEG, lhs2)) && ineqToStrict.contains(op) => {
+      BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
 
     // inequality negation
@@ -335,7 +349,6 @@ def simplifyExpr(e: Expr): Expr = {
     case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => BinaryExpr(BVUGT, lhs, rhs)
     case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => BinaryExpr(BVULT, lhs, rhs)
 
-
     // tighten inequality bounds
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, z, y2))) if y == y2 => {
       BinaryExpr(BVSLT, x, z)
@@ -397,7 +410,8 @@ def simplifyExpr(e: Expr): Expr = {
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral)         => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
     case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => simplifyExpr(l)
-    case r => r
+    case BinaryExpr(op, x, y)                                 => BinaryExpr(op, simplifyExpr(x), simplifyExpr(y))
+    case r                                                    => r
   }
 
   if (simped != e) {
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 3ff00b4ee..227b245b1 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -12,7 +12,9 @@ trait BasilIRExp[Repr[_]] {
       case n: Literal                               => vliteral(n)
       case m @ MemoryLoad(mem, index, endian, size) => vload(m)
       case Extract(ed, start, arg)                  => vextract(ed, start, vexpr(arg))
-      case Repeat(repeats, arg)  => vexpr((0 until repeats).foldLeft(arg)((acc, n) => BinaryExpr(BVCONCAT, acc, arg)))
+      case Repeat(repeats, arg) => {
+        vexpr((0 until (repeats - 1)).foldLeft(arg)((acc, n) => BinaryExpr(BVCONCAT, acc, arg)))
+      }
       case ZeroExtend(bits, arg) => vexpr(BinaryExpr(BVCONCAT, BitVecLiteral(0, bits), arg))
       case SignExtend(bits, arg) =>
         vexpr(BinaryExpr(BVCONCAT, Repeat(bits, Extract(size(arg).get, size(arg).get - 1, arg)), arg))
@@ -58,6 +60,26 @@ def list[T](l: Sexp[T]*): Sexp[T] = Sexp.Slist(l.toList)
 
 object BasilIRToSMT2 extends BasilIRExp[Sexp] {
 
+  def exprUnsat(e: Expr, name : Option[String] = None): String = {
+
+    val assert = if (name.isDefined ) {
+        list(sym("assert"), list(sym("!"), BasilIRToSMT2.vexpr(e), sym(":named"), sym(name.get)))
+    } else {
+        list(sym("assert"), BasilIRToSMT2.vexpr(e))
+    }
+
+    val terms = list(sym("push"))::BasilIRToSMT2.extractDecls(e)
+      ++ List(
+        assert,
+        list(sym("echo"), sym("\"" + name.getOrElse("") + "  ::  " + e + "\"")),
+        list(sym("check-sat")),
+        list(sym("get-model")),
+        list(sym("pop"))
+      )
+
+    (terms.map(Sexp.print)).mkString("\n")
+  }
+
   def unaryOpnameToFun(b: UnOp) = {
     b match {
       case BoolNOT => "not"
@@ -82,26 +104,41 @@ object BasilIRToSMT2 extends BasilIRExp[Sexp] {
     }
   }
 
+  def fixVname(n: String): String = {
+    n.map(c =>
+      c match {
+        case '#' => 'x'
+        case c   => c
+      }
+    ).mkString("")
+  }
+
   def int2smt(i: Int) = sym(i.toString)
-  def bv2smt(i: BitVecLiteral) = sym(i.toString)
+  def bv2smt(i: BitVecLiteral) = list(sym("_"), sym(s"bv${i.value}"), sym(i.size.toString))
 
   override def vextract(ed: Int, start: Int, a: Sexp[Expr]): Sexp[Expr] =
     list(list(sym("_"), sym("extract"), int2smt(ed - 1), int2smt(start)), a)
   override def vbinary_expr(e: BinOp, l: Sexp[Expr], r: Sexp[Expr]): Sexp[Expr] = list(sym(opnameToFun(e)), l, r)
   override def vunary_expr(e: UnOp, arg: Sexp[Expr]): Sexp[Expr] = list(sym(unaryOpnameToFun(e)), arg)
   override def vliteral(arg: Literal): Sexp[Expr] = arg match {
-    case BitVecLiteral(value, size) => list(sym("_"), sym(s"bv${value}"), sym(size.toString))
-    case IntLiteral(i)              => sym(i.toString)
-    case TrueLiteral                => sym("true")
-    case FalseLiteral               => sym("false")
+    case bv @ BitVecLiteral(value, size) => bv2smt(bv)
+    case IntLiteral(i)                   => sym(i.toString)
+    case TrueLiteral                     => sym("true")
+    case FalseLiteral                    => sym("false")
   }
 
   def endianToBool(endian: Endian): Sexp[Expr] = {
     if endian == Endian.LittleEndian then vexpr(FalseLiteral) else vexpr(TrueLiteral)
   }
-  override def vuninterp_function(name: String, args: Seq[Sexp[Expr]]): Sexp[Expr] =
-    list(sym(name), Sexp.Slist(args.toList))
-  override def vrvar(e: Variable): Sexp[Expr] = sym(e.name)
+  override def vuninterp_function(name: String, args: Seq[Sexp[Expr]]): Sexp[Expr] = {
+    if (args.size == 1) {
+      list(sym(name), args.head)
+    } else {
+      list(sym(name), Sexp.Slist(args.toList))
+    }
+  }
+
+  override def vrvar(e: Variable): Sexp[Expr] = sym(fixVname(e.name))
   override def vload(l: MemoryLoad): Sexp[Expr] =
     list(sym("memoryload"), sym(l.mem.name), vexpr(l.index), endianToBool(l.endian), int2smt(l.size))
 
@@ -114,23 +151,41 @@ object BasilIRToSMT2 extends BasilIRExp[Sexp] {
     }
   }
 
+  def interpretFun(x: UninterpretedFunction): Sexp[Expr] = {
+    x.name match {
+      case "bool2bv1" => {
+        list(
+          sym("define-fun"),
+          sym(x.name),
+          list(list(sym("arg"), basilTypeToSMTType(BoolType))),
+          basilTypeToSMTType(x.returnType),
+          list(sym("ite"), sym("arg"), bv2smt(BitVecLiteral(1, 1)), bv2smt(BitVecLiteral(0, 1)))
+        )
+      }
+      case _ => {
+        list(
+          sym("declare-fun"),
+          sym(x.name),
+          Sexp.Slist(x.params.toList.map(a => basilTypeToSMTType(a.getType))),
+          basilTypeToSMTType(x.returnType)
+        )
+      }
+    }
+  }
+
   def extractDecls(e: Expr): List[Sexp[Expr]] = {
 
     class ToDecl extends CILVisitor {
       var decled = Set[Sexp[Expr]]()
 
       override def vexpr(e: Expr) = e match {
-        case UninterpretedFunction(name, args, rt) => {
-          val decl = list(
-            sym("declare-fun"),
-            Sexp.Slist(args.toList.map(a => basilTypeToSMTType(a.getType))),
-            basilTypeToSMTType(rt)
-          )
+        case f: UninterpretedFunction => {
+          val decl = interpretFun(f)
           decled = decled + decl
           DoChildren() // get variables out of args
         }
         case v: Variable => {
-          val decl = list(sym("declare-const"), sym(v.name), basilTypeToSMTType(v.getType))
+          val decl = list(sym("declare-const"), sym(fixVname(v.name)), basilTypeToSMTType(v.getType))
           decled = decled + decl
           SkipChildren()
         }
@@ -165,12 +220,3 @@ object BasilIRToSMT2 extends BasilIRExp[Sexp] {
   }
 
 }
-
-def expToSmt2(e: Expr): String = {
-
-  val decls = BasilIRToSMT2.extractDecls(e).map(Sexp.print)
-  val s = Sexp.print(BasilIRToSMT2.vexpr(e))
-
-  (decls ++ List(s)).mkString("\n")
-
-}
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 242d781a6..d5281eead 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -559,8 +559,11 @@ object RunUtils {
 
     if (conf.simplify) {
       doSimplify(ctx, conf.staticAnalysis)
+      writeToFile(ir.eval.makeValidation(), s"simps.smt2")
     }
 
+
+
     assert(invariant.correctCalls(ctx.program))
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))

From 8b4fd6f30b9e5e6e2afcd61a6b51132cec36d3f5 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 18 Oct 2024 17:55:05 +1000
Subject: [PATCH 083/127] transform order

---
 src/main/scala/ir/eval/SimplifyExpr.scala    |  5 +---
 src/main/scala/translating/IRExpToSMT2.scala | 26 +++++++++++++-------
 src/main/scala/util/RunUtils.scala           |  7 +++---
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 02fee773d..40f9d473b 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -138,9 +138,8 @@ def simplifyExpr(e: Expr): Expr = {
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
       BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
 
-    // def of bvneg
-    //case UnaryExpr(BVNOT, x) if (!size(x).contains(1)) => BinaryExpr(BVSUB, UnaryExpr(BVNEG, x), BitVecLiteral(1, size(x).get))
     case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
+
     case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _))
         if !(y.isInstanceOf[BitVecLiteral]) =>
       BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x))
@@ -148,8 +147,6 @@ def simplifyExpr(e: Expr): Expr = {
         if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) =>
       BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x)))
 
-    //case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _)) if !(y.isInstanceOf[BitVecLiteral]) => BinaryExpr(BVADD, UnaryExpr(BVNEG, x), y)
-
     /*
      * Simplify BVop to Bool ops in a boolean context.
      */
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 227b245b1..3add1ddbe 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -6,6 +6,21 @@ import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion}
 import ir.cilvisitor.*
 
 trait BasilIRExp[Repr[_]] {
+  def vexpr(e: Expr): Repr[Expr] 
+  def vextract(ed: Int, start: Int, a: Repr[Expr]): Repr[Expr]
+  def vbinary_expr(e: BinOp, l: Repr[Expr], r: Repr[Expr]): Repr[Expr]
+  def vunary_expr(e: UnOp, arg: Repr[Expr]): Repr[Expr]
+  def vliteral(arg: Literal): Repr[Expr]
+  def vuninterp_function(name: String, args: Seq[Repr[Expr]]): Repr[Expr]
+
+  def vrvar(e: Variable): Repr[Expr]
+  def vload(arg: MemoryLoad): Repr[Expr]
+}
+
+trait BasilIRExpWithVis[Repr[_]] extends BasilIRExp[Repr] {
+  /**
+   * Performs some simple reductions to fit basil IR into SMT2.
+   */
 
   def vexpr(e: Expr): Repr[Expr] = {
     e match {
@@ -31,14 +46,6 @@ trait BasilIRExp[Repr[_]] {
     }
   }
 
-  def vextract(ed: Int, start: Int, a: Repr[Expr]): Repr[Expr]
-  def vbinary_expr(e: BinOp, l: Repr[Expr], r: Repr[Expr]): Repr[Expr]
-  def vunary_expr(e: UnOp, arg: Repr[Expr]): Repr[Expr]
-  def vliteral(arg: Literal): Repr[Expr]
-  def vuninterp_function(name: String, args: Seq[Repr[Expr]]): Repr[Expr]
-
-  def vrvar(e: Variable): Repr[Expr]
-  def vload(arg: MemoryLoad): Repr[Expr]
 }
 
 enum Sexp[+T] {
@@ -58,7 +65,8 @@ object Sexp {
 def sym[T](l: String): Sexp[T] = Sexp.Symb[T](l)
 def list[T](l: Sexp[T]*): Sexp[T] = Sexp.Slist(l.toList)
 
-object BasilIRToSMT2 extends BasilIRExp[Sexp] {
+
+object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
 
   def exprUnsat(e: Expr, name : Option[String] = None): String = {
 
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index d5281eead..09b577b5c 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -527,13 +527,15 @@ object RunUtils {
     })
     writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
-    transforms.removeSlices(ctx.program)
-    writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
 
     Logger.info("[!] CopyProp")
     transforms.doCopyPropTransform(ctx.program)
     writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
+    // run this after cond recovery because sign bit calculations often need high bits
+    // which go away in high level conss
+    transforms.removeSlices(ctx.program)
+    writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
 
     config.foreach(_.analysisDotPath.foreach { s =>
       writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
@@ -563,7 +565,6 @@ object RunUtils {
     }
 
 
-
     assert(invariant.correctCalls(ctx.program))
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))

From bc48e00a092c11a39555ebbaf14650e905e73a47 Mon Sep 17 00:00:00 2001
From: alistair <alistair.michael@uq.edu.au>
Date: Sat, 19 Oct 2024 16:12:23 +1000
Subject: [PATCH 084/127] cleanup and perf

---
 src/main/scala/Main.scala                     |   5 +-
 .../analysis/IntraLiveVarsAnalysis.scala      |   4 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     | 226 ++++++---
 .../transforms/DynamicSingleAssignment.scala  |  10 +-
 .../ir/transforms/ProcedureParameters.scala   |   2 +-
 src/main/scala/ir/transforms/Simp.scala       | 477 +++++++++++++-----
 src/main/scala/translating/ILtoIL.scala       |   7 +
 src/main/scala/translating/IRToBoogie.scala   |   2 +-
 src/main/scala/util/BASILConfig.scala         |   1 +
 src/main/scala/util/RunUtils.scala            |  40 +-
 src/test/.~lock.full-summary-nosimplify.csv#  |   1 -
 src/test/.~lock.full-summary-simplify.csv#    |   1 -
 12 files changed, 547 insertions(+), 229 deletions(-)
 delete mode 100644 src/test/.~lock.full-summary-nosimplify.csv#
 delete mode 100644 src/test/.~lock.full-summary-simplify.csv#

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 5edebaad5..5b15d352b 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -53,7 +53,9 @@ object Main {
       @arg(name = "summarise-procedures", doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)")
       summariseProcedures: Flag,
       @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
-      simplify: Flag
+      simplify: Flag,
+      @arg(name = "validate-simplify", doc = "Emit SMT2 check for algebraic simplification translation validation to 'rewrites.smt2'")
+      validateSimplify: Flag
   )
 
   def main(args: Array[String]): Unit = {
@@ -87,6 +89,7 @@ object Main {
       loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value || conf.simplify.value),
       runInterpret = conf.interpret.value,
       simplify = conf.simplify.value,
+      validateSimp = conf.validateSimplify.value,
       staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot, conf.threadSplit.value, conf.summariseProcedures.value)) else None,
       boogieTranslation = BoogieGeneratorConfig(if conf.lambdaStores.value then BoogieMemoryAccessMode.LambdaStoreSelect else BoogieMemoryAccessMode.SuccessiveStoreSelect,
         true, rely, conf.threadSplit.value),
diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index a576b27fb..29f29e00c 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -16,9 +16,9 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
       case Assume(expr, _, _, _) => s ++ expr.variables
       case Assert(expr, _, _) => s ++ expr.variables
       case IndirectCall(variable, _) => s + variable
-      case c: DirectCall => s
+      case c: DirectCall => s -- c.outParams.map(_._2) ++ c.actualParams.flatMap(_._2.variables)
       case g: GoTo => s
-      case r: Return => s
+      case r: Return => s ++ r.outParams.flatMap(_._2.variables)
       case r: Unreachable => s
       case _ => ???
     }
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 40f9d473b..99eb22d3d 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -1,47 +1,121 @@
 package ir.eval
 import ir.*
+import util.Logger
+import scala.collection.mutable
+
+import java.io.{BufferedWriter}
+import ir.cilvisitor.*
 
 val assocOps: Set[BinOp] =
   Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
 
-var traceLog = List[(Expr, Expr)]()
+
+object AlgebraicSimplifications extends CILVisitor  {
+  override def vexpr(e: Expr) = ChangeDoChildrenPost(eval.simplifyExprFixpoint(e), eval.simplifyExprFixpoint)
+
+  def apply(e: Expr) = {
+    visit_expr(this, e)
+  }
+}
+
+
+object SimplifyValidation {
+  var traceLog = mutable.LinkedHashSet[(Expr, Expr)]()
+  var validate : Boolean = false
+
+  def makeValidation(writer: BufferedWriter) = {
+
+    def makeEQ(a: Expr, b: Expr) = {
+      require(a.getType == b.getType)
+      a.getType match {
+        case BitVecType(sz) => BinaryExpr(BVEQ, a, b)
+        case IntType        => BinaryExpr(IntEQ, a, b)
+        case BoolType       => BinaryExpr(BoolEQ, a, b)
+        case m: MapType        => ???
+      }
+    }
+
+    var ind = 0
+
+    for ((o, n) <- traceLog) {
+      ind += 1
+      if (ir.transforms.ExprComplexity()(n) > 5000) {
+        Logger.warn(s"Skipping simplification proof $ind because too large (> 5000)!")
+      } else {
+        if (ind % 100 == 0) Logger.info(s"Wrote simplification proof $ind / ${traceLog.size}")
+        val equal = UnaryExpr(BoolNOT, makeEQ(o, n))
+        val expr = translating.BasilIRToSMT2.exprUnsat(equal, Some(s"simp$ind"))
+        writer.write(expr)
+        writer.write("\n\n")
+      }
+    }
+  }
+
+
+}
+
 
 def simplifyExprFixpoint(e: Expr): Expr = {
   val begin = e
   var pe = e
+  var count = 0
   var ne = simplifyExpr(pe)
-  while (ne != pe) {
+  while (ne != pe && count < 5) {
+    count += 1
     pe = ne
     ne = simplifyExpr(pe)
   }
-  if (begin != ne) {
-    traceLog = (begin, ne) :: traceLog
+  if (ne != pe) {
+    Logger.error(s"stopping simp before fixed point: there is likely a simplificatinon loop: $pe !=== $ne")
+  }
+  if (SimplifyValidation.validate) {
+    // normalise to deduplicate log entries
+    val normer = VarNameNormalise()
+    val a = visit_expr(normer, begin) 
+    val b = visit_expr(normer, ne) 
+
+    SimplifyValidation.traceLog.add((a, b))
   }
   ne
 }
 
-def makeValidation() = {
-  def makeEQ(a: Expr, b: Expr) = {
-    require(a.getType == b.getType)
-    a.getType match {
-      case BitVecType(sz) => BinaryExpr(BVEQ, a, b)
-      case IntType        => BinaryExpr(IntEQ, a, b)
-      case BoolType       => BinaryExpr(BoolEQ, a, b)
-      case m: MapType        => ???
+class VarNameNormalise() extends CILVisitor {
+  var count = 1
+  val assigned = mutable.Map[Variable, Variable]()
+
+
+  def rename(v: Variable, newName: String) = {
+    v match {
+      case LocalVar(n, t) => LocalVar(newName, t)
+      case Register(n, sz) => Register(newName, sz)
     }
   }
 
-  var ind = 0
-  traceLog
-    .map((o, n) => {
-      ind += 1
-      val equal = UnaryExpr(BoolNOT, makeEQ(o, n))
-      val expr = translating.BasilIRToSMT2.exprUnsat(equal, Some(s"simp$ind"))
-      expr
-    })
-    .mkString("\n\n")
+  override def vlvar(v: Variable) = {
+    if (assigned.contains(v)) {
+      ChangeTo(assigned(v))
+    } else {
+      count += 1
+      val newName = "Var" + count
+      val nv = rename(v, newName)
+      assigned(v) = nv
+      ChangeTo(nv)
+    }
+  }
+
+
+  def apply(e: Expr) = {
+    count = 1
+    assigned.clear()
+    val ne = visit_expr(this, e)
+    count = 1
+    assigned.clear()
+    ne
+  }
 }
 
+
+
 def simplifyExpr(e: Expr): Expr = {
   // println((0 until indent).map(" ").mkString("") + e)
 
@@ -102,33 +176,34 @@ def simplifyExpr(e: Expr): Expr = {
 
     case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral)
         if !body.isInstanceOf[Literal] =>
-      BinaryExpr(BVADD, simplifyExpr(body), simplifyExpr(BinaryExpr(BVADD, r, l)))
+      BinaryExpr(BVADD, (body), (BinaryExpr(BVADD, r, l)))
 
     //case BinaryExpr(BVADD, BinaryExpr(BVADD, body1, r1: BitVecLiteral), BinaryExpr(BVADD, body2, r2)) => {
     //  BinaryExpr(BVADD, BinaryExpr(BVADD, body1, body2), BinaryExpr(BVADD, r1, r2))
     //}
 
     case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), simplifyExpr(body))
+      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), (body))
 
     case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), simplifyExpr(body))
+      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), (body))
     case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), simplifyExpr(body))
+      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), (body))
 
     case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral)) =>
-      BinaryExpr(BVADD, simplifyExpr(BinaryExpr(BVADD, l, r)), simplifyExpr(BinaryExpr(BVADD, lc, rc)))
+      BinaryExpr(BVADD, (BinaryExpr(BVADD, l, r)), (BinaryExpr(BVADD, lc, rc)))
     // normalise
     // make all comparisons positive so double negatives can be cleaned up
     case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, simplifyExpr(x), simplifyExpr(y)), BitVecLiteral(1, 1)))
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, (x), (y)), BitVecLiteral(1, 1)))
     case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(l), BitVecLiteral(1, 1)))
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (l), BitVecLiteral(1, 1)))
     case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
-      BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2))
+      BinaryExpr(BVEQ, (e1), (e2))
     case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2)))
-    case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, simplifyExpr(e1), simplifyExpr(e2)))
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+    case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+
 
     case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
         if !a.isInstanceOf[Literal] && !c.isInstanceOf[Literal]
@@ -136,7 +211,7 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(op, BinaryExpr(op, a, c), BinaryExpr(op, b, d))
 
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
-      BinaryExpr(op, simplifyExpr(y), simplifyExpr(x))
+      BinaryExpr(op, (y), (x))
 
     case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
 
@@ -165,23 +240,23 @@ def simplifyExpr(e: Expr): Expr = {
           UninterpretedFunction("bool2bv1", Seq(l), _),
           UninterpretedFunction("bool2bv1", Seq(r), _)
         ) if bvLogOpToBoolOp.contains(bop) => {
-      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), simplifyExpr(l), simplifyExpr(r)))
+      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
     }
     case BinaryExpr(
           bop,
           UninterpretedFunction("bool2bv1", Seq(l), _),
           UninterpretedFunction("bool2bv1", Seq(r), _)
         ) if bvLogOpToBoolOp.contains(bop) => {
-      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), simplifyExpr(l), simplifyExpr(r)))
+      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
     }
 
     case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(arg), BitVecType(1))) =>
-      bool2bv1(UnaryExpr(BoolNOT, simplifyExpr(arg)))
+      bool2bv1(UnaryExpr(BoolNOT, arg))
 
     /* remove bool2bv in boolean context */
-    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(body), _), BitVecLiteral(1, 1)) => simplifyExpr(body)
+    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(body), _), BitVecLiteral(1, 1)) => (body)
     case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), _), UninterpretedFunction("bool2bv1", Seq(r), _)) =>
-      BinaryExpr(BoolEQ, simplifyExpr(l), simplifyExpr(r))
+      BinaryExpr(BoolEQ, (l), (r))
     case UninterpretedFunction("bool2bv1", Seq(FalseLiteral), _) => BitVecLiteral(0, 1)
     case UninterpretedFunction("bool2bv1", Seq(TrueLiteral), _)  => BitVecLiteral(1, 1)
 
@@ -202,7 +277,7 @@ def simplifyExpr(e: Expr): Expr = {
 
     // NF check on expr
     case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) => {
-      bool2bv1(BinaryExpr(BVSLT, simplifyExpr(b), BitVecLiteral(0, size(b).get)))
+      bool2bv1(BinaryExpr(BVSLT, (b), BitVecLiteral(0, size(b).get)))
     }
 
     /** https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
@@ -225,9 +300,9 @@ def simplifyExpr(e: Expr): Expr = {
             ) // high precision op
           )
         )
-        if (o1 == o2) && o1 == BVADD && simplifyExpr(lhs) == simplifyExpr(orig)
-          && simplifyExpr(SignExtend(exts, x1)) == simplifyExpr(x2)
-          && simplifyExpr(SignExtend(exts, y1)) == simplifyExpr(y2)=> {
+        if (o1 == o2) && o1 == BVADD && (lhs) == (orig)
+          && AlgebraicSimplifications(SignExtend(exts, x1)) == x2
+          && AlgebraicSimplifications(SignExtend(exts, y1)) == y2 => {
       BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
     }
 
@@ -246,7 +321,7 @@ def simplifyExpr(e: Expr): Expr = {
             ) // high precision op
           )
         )
-        if (o1 == o2) && o1 == BVADD && simplifyExpr(lhs) == simplifyExpr(orig)
+        if (o1 == o2) && o1 == BVADD && (lhs) == (orig)
           && exts == ext1 && exts == ext2
           && x2 == x1
           && y2 == y1 => {
@@ -270,10 +345,10 @@ def simplifyExpr(e: Expr): Expr = {
             )
           )
         )
-        if (o1 == o2) && o2 == o4 && o1 == BVADD && simplifyExpr(lhs) == simplifyExpr(orig)
-          && simplifyExpr(x2) == simplifyExpr(SignExtend(exts, x1))
-          && simplifyExpr(y2) == simplifyExpr(SignExtend(exts, y1))
-          && simplifyExpr(z2) == simplifyExpr(SignExtend(exts, z1)) => {
+        if (o1 == o2) && o2 == o4 && o1 == BVADD && (lhs) == (orig)
+          && AlgebraicSimplifications(x2) == AlgebraicSimplifications(SignExtend(exts, x1))
+          && AlgebraicSimplifications(y2) == AlgebraicSimplifications(SignExtend(exts, y1))
+          && AlgebraicSimplifications(z2) == AlgebraicSimplifications(SignExtend(exts, z1)) => {
       BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1)))
     }
 
@@ -284,10 +359,10 @@ def simplifyExpr(e: Expr): Expr = {
           compar @ BinaryExpr(o2, x2, y2)
         )
         if (o1 == o2) && o1 == BVADD
-          && simplifyExpr(x2) == simplifyExpr(ZeroExtend(exts, x1))
-          && simplifyExpr(y2) == simplifyExpr(ZeroExtend(exts, y1)) => {
+          && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
+          && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
       // C not Set
-      simplifyExpr(UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y1))))
+      AlgebraicSimplifications(UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y1))))
     }
 
     case BinaryExpr(
@@ -296,9 +371,9 @@ def simplifyExpr(e: Expr): Expr = {
           BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
         )
         if (o1 == o2) && o2 == o4 && o1 == BVADD
-          && simplifyExpr(x2) == simplifyExpr(ZeroExtend(exts, x1))
-          && simplifyExpr(y2) == simplifyExpr(ZeroExtend(exts, y1))
-          && simplifyExpr(z2) == simplifyExpr(ZeroExtend(exts, z1)) => {
+          && (x2) == (ZeroExtend(exts, x1))
+          && (y2) == (ZeroExtend(exts, y1))
+          && (z2) == (ZeroExtend(exts, z1)) => {
       // C not Set
       UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1))))
     }
@@ -320,7 +395,7 @@ def simplifyExpr(e: Expr): Expr = {
     // weak to strict inequality 
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
-        if size(lhs).isDefined && (simplifyExpr(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) && ineqToStrict.contains(op) => {
+        if size(lhs).isDefined && (AlgebraicSimplifications(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) && ineqToStrict.contains(op) => {
       BinaryExpr(ineqToStrict(op), lhs, BitVecLiteral(0, size(lhs).get))
     }
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))) 
@@ -328,11 +403,11 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
-      if lhs == lhs2 && simplifyExpr(rhs) == simplifyExpr(UnaryExpr(BVNEG, rhs2)) && ineqToStrict.contains(op) => {
+      if lhs == lhs2 && AlgebraicSimplifications(rhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, rhs2)) && ineqToStrict.contains(op) => {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
-      if rhs == rhs2 && simplifyExpr(lhs) == simplifyExpr(UnaryExpr(BVNEG, lhs2)) && ineqToStrict.contains(op) => {
+      if rhs == rhs2 && AlgebraicSimplifications(lhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, lhs2)) && ineqToStrict.contains(op) => {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
 
@@ -354,14 +429,14 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(BVULT, x, z)
     }
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y), (BinaryExpr(BVULT, x2, z))) if x == x2 => {
-      simplifyExpr(BinaryExpr(BVULT, y, z)) match {
+      AlgebraicSimplifications(BinaryExpr(BVULT, y, z)) match {
         case TrueLiteral  => BinaryExpr(BVULT, x, y)
         case FalseLiteral => BinaryExpr(BVULT, x, z)
         case _            => e
       }
     }
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, x2, z))) if x == x2 => {
-      simplifyExpr(BinaryExpr(BVSLT, y, z)) match {
+      AlgebraicSimplifications(BinaryExpr(BVSLT, y, z)) match {
         case TrueLiteral  => BinaryExpr(BVSLT, x, y)
         case FalseLiteral => BinaryExpr(BVSLT, x, z)
         case _            => e
@@ -369,14 +444,15 @@ def simplifyExpr(e: Expr): Expr = {
     }
 
     // identities
-    case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => simplifyExpr(body)
-    case ZeroExtend(0, body)                                                             => simplifyExpr(body)
-    case SignExtend(0, body)                                                             => simplifyExpr(body)
-    case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => simplifyExpr(body)
-    case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => simplifyExpr(body)
-    case Repeat(1, body)                                                                 => simplifyExpr(body)
-    case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => simplifyExpr(body)
-    case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => simplifyExpr(body)
+    case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => (body)
+    case ZeroExtend(0, body)                                                             => (body)
+    case SignExtend(0, body)                                                             => (body)
+    case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => (body)
+    case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => (body)
+    case Repeat(1, body)                                                                 => (body)
+    case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
+    case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
+
     case BinaryExpr(BVXOR, l, r) if l == r =>
       e.getType match {
         case BitVecType(sz) => BitVecLiteral(0, sz)
@@ -384,30 +460,32 @@ def simplifyExpr(e: Expr): Expr = {
       }
     case BinaryExpr(BoolEQ, x, FalseLiteral) => UnaryExpr(BoolNOT, x)
     // double negation
-    case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => simplifyExpr(body)
-    case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => simplifyExpr(body)
-    case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => simplifyExpr(body)
+    case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => (body)
+    case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => (body)
+    case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => (body)
 
     // syntactic equality
     case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => TrueLiteral
 
     // compose slices
-    case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 - be2, be1 + be2, simplifyExpr(body))
+    case Extract(ed1, be1, Extract(ed2, be2, body)) => {
+      Extract(ed1 + be2, be1 + be2, (body))
+    }
 
     // (comp (comp x y) 1) = (comp x y)
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => simplifyExpr(body)
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
     case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
-      UnaryExpr(BVNOT, simplifyExpr(body))
+      UnaryExpr(BVNOT, (body))
     case BinaryExpr(
           BVEQ,
           BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
           BitVecLiteral(1, 1)
         ) =>
-      BinaryExpr(BVEQ, simplifyExpr(body), BitVecLiteral(0, 1))
+      BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1))
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral)         => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
-    case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => simplifyExpr(l)
-    case BinaryExpr(op, x, y)                                 => BinaryExpr(op, simplifyExpr(x), simplifyExpr(y))
+    case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => (l)
+    case BinaryExpr(op, x, y)                                 => BinaryExpr(op, (x), (y))
     case r                                                    => r
   }
 
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index 05defc0df..c01565ab0 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -7,8 +7,9 @@ import scala.collection.mutable
 import analysis._
 
 object DynamicSingleAssignment {
+  /* TODO: improve using liveness */
 
-  def applyTransform(program: Program) = {
+  def applyTransform(program: Program, liveVars: Map[CFGPosition, Set[Variable]]) = {
 
     case class DSARes(renames: Map[Variable, Int] = Map().withDefaultValue(-1)) // -1 means no rename
 
@@ -73,6 +74,8 @@ object DynamicSingleAssignment {
        * with the larger assignment.
        *
        * some consideration is required when adding copies to keep the call-end-of-block invariant
+       *
+       *  TODO: we can avoid adding copies for variables not live at the join
        */
       var lhs = lhss
       var rhs = rhss
@@ -81,12 +84,13 @@ object DynamicSingleAssignment {
         val all = incoming.flatMap(st(_).renames.keySet)
         val outgoing = rhss(IRWalk.firstInBlock(b))
 
-        // fix when all incoming block renames rhs don't match the expected rename rhs
+        // fix renames for all variables when when all incoming block renames rhs don't match 
+        // the expected rename at this block rhs AND the variable is still live at this block 
         // by adding the appropriate copy
         for (v <- all) {
           val outgoingRename = outgoing(v)
           for (b <- incoming) {
-            if (st(b).renames(v) != outgoingRename && outgoingRename != -1) {
+            if (st(b).renames(v) != outgoingRename && outgoingRename != -1 && (liveVars(b).contains(v))) {
               b.statements.lastOption match {
                 case Some(d: DirectCall) if d.outParams.toSet.map(_._2).contains(v) => {
                   // if there is a call on this block assigning the variable, update its outparam's ssa index
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index efc795ecf..d861ea5f9 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -235,7 +235,7 @@ def inOutParams(
     p -> p.returnBlock.getOrElse(p)
   }.toMap
 
-  val lives = p.procedures
+  val lives : Map[Procedure, (Set[Variable], Set[Variable])] = p.procedures
     .map(p => {
       val in = (interLiveVarsResults.get(p))
       val out = (interLiveVarsResults.get(procEnd(p)))
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index b59a67f5b..32ecef7da 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -1,10 +1,16 @@
 package ir.transforms
+import translating.serialiseIL
 
 import util.Logger
+import ir.eval.AlgebraicSimplifications
 import ir.cilvisitor.*
 import ir.*
 import scala.collection.mutable
 import analysis._
+import scala.concurrent.{Await, ExecutionContext, Future}
+import scala.concurrent.duration.*
+import scala.util.{Failure, Success}
+import ExecutionContext.Implicits.global
 
 trait AbstractDomain[L] {
   def join(a: L, b: L): L
@@ -16,11 +22,96 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
+object MakeLocalsBlockUnique extends CILVisitor {
+  var blockLabel: String = ""
+
+  override def vlvar(v: Variable) = v match {
+    case LocalVar(name, t) => ChangeTo(LocalVar(blockLabel + "_" + name, t))
+    case _                 => SkipChildren()
+  }
+
+  override def vrvar(v: Variable) = v match {
+    case LocalVar(name, t) => ChangeTo(LocalVar(blockLabel + "_" + name, t))
+    case _                 => SkipChildren()
+  }
+
+  override def vblock(b: Block) = {
+    blockLabel = b.label
+    DoChildren()
+  }
+
+  def apply(p: Program) = {
+    for (proc <- p.procedures.filter(_.entryBlock.isDefined)) {
+      blockLabel = ""
+      visit_proc(this, proc)
+    }
+  }
+}
+
 def removeSlices(p: Program): Unit = {
   p.procedures.foreach(removeSlices)
 }
 
+def circularDeps(p: Procedure): Set[Variable] = {
+
+  /** this is flow insensitive, used to remove copy prop candidates which produce a substitution cycle
+    */
+
+  case class VTerm(v: Variable) extends analysis.solvers.Var[VTerm]
+
+  // map variable to the representative of the set of dependencies
+  val results = mutable.Map[Variable, VTerm]()
+  val ufsolver = analysis.solvers.UnionFindSolver[VTerm]()
+
+  def addDependency(lhs: Variable, dependency: Variable) = {
+    val rep = results.get(lhs) match {
+      case Some(d) => {
+        ufsolver.unify(d, VTerm(dependency))
+        val nrep = ufsolver.find(d).asInstanceOf[VTerm]
+        results(lhs) = nrep
+      }
+      case None => VTerm(dependency)
+    }
+  }
+
+  p.foreach {
+    case (Assign(lhs: LocalVar, rhs, _)) => {
+      for (rvar <- rhs.variables) {
+        addDependency(lhs, rvar)
+      }
+    }
+    case d: DirectCall => {
+      // unify formal and actual
+      for (rvar <- d.actualParams) {
+        for (r <- rvar._2.variables) {
+          addDependency(rvar._1, r)
+        }
+      }
+      for (lvar <- d.outParams) {
+        addDependency(lvar._1, lvar._2)
+        for (rvar <- d.actualParams.flatMap(_._2.variables)) {
+          // unify in and out
+          addDependency(lvar._2, rvar)
+        }
+      }
+    }
+    case _ => ()
+  }
+
+  val unif = ufsolver.unifications().map((k, v) => (k, v.toSet)).toMap
+  val circular = results
+    .filter((v, rep) => {
+      unif(rep).contains(VTerm(v))
+    })
+    .map((v, rep) => v)
+    .toSet
+
+  circular
+
+}
+
 def removeSlices(p: Procedure): Unit = {
+  case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
 
   /** if for each variable v there is some i:int such that (i) all its assignments have a ZeroExtend(i, x) and (ii) all
     * its uses have Extract(size(v) - i, 0, v) Then we replace v by a variable of bitvector size (size(v) - i)
@@ -42,8 +133,6 @@ def removeSlices(p: Procedure): Unit = {
     case False // property is false
     case Bot // don't know anything
 
-  case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
-
   // unify variable uses across direct assignments
   val ufsolver = analysis.solvers.UnionFindSolver[LVTerm]()
   val unioned = assignments.foreach {
@@ -151,52 +240,6 @@ def removeSlices(p: Procedure): Unit = {
 
 }
 
-def saturateVariableDependencies(procedure: Procedure): Map[Variable, Set[Variable]] = {
-  // assuming dsa single-assigned variables are those which do not depend on themselves; variables which do not depend on themselves
-  //    x1 := y1 + z1
-  //    x2 := x1
-  //    z2 := 21
-  // x1 -> {y1, z1}
-  // x2 -> {x1, y1, z1,x2}
-  var deps = Map[Variable, Set[Variable]]().withDefaultValue(Set())
-
-  // add base facts
-  for (s <- procedure) {
-    s match {
-      case Assign(x, y, _) => {
-        deps = deps.updated(x, deps(x) ++ y.variables)
-      }
-      case d: DirectCall => {
-        val rhs = d.actualParams.toSet.flatMap(_._2.variables)
-        for (o <- d.outParams.map(_._2)) {
-          deps = deps.updated(o, deps(o) ++ rhs)
-        }
-      }
-      case _ => {}
-    }
-  }
-
-  // saturate
-  var ndeps = deps
-  while ({
-    deps = ndeps
-    for (fact <- deps) {
-      val (lhs, rhs) = fact
-      for (v <- rhs) {
-        ndeps = ndeps.updated(lhs, ndeps(lhs) ++ ndeps(v))
-      }
-    }
-    ndeps != deps
-  }) { ; }
-
-  ndeps
-}
-
-def cyclicVariables(p: Procedure): Set[Variable] = {
-  val deps = saturateVariableDependencies(p)
-  deps.filter(v => v._2.contains(v._1)).map(_._1).toSet
-}
-
 def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
 
   /** Get all assign statements which define a variable never used, assuming ssa form and proc parameters so that
@@ -300,33 +343,68 @@ class CleanupAssignments() extends CILVisitor {
 
 }
 
+def copypropTransform(p: Procedure) = {
+  val t = util.PerformanceTimer(s"simplify ${p.name} (${p.blocks.size} blocks)")
+  val dom = ConstCopyProp()
+  val solver = worklistSolver(dom)
+
+  // Logger.info(s"${p.name} ExprComplexity ${ExprComplexity()(p)}")
+  val result = solver.solveProc(p)
+  val solve = t.checkPoint("Solve CopyProp")
+
+  val vis = Simplify(result.withDefaultValue(dom.bot))
+  visit_proc(vis, p)
+  val xf = t.checkPoint("transform")
+  // Logger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
+
+  visit_proc(CleanupAssignments(), p)
+  t.checkPoint("redundant assignments")
+  // Logger.info(s"    ${p.name} after dead var cleanup expr complexity ${ExprComplexity()(p)}")
+
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  // Logger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
+  val sipm = t.checkPoint("algebraic simp")
+}
+
 def doCopyPropTransform(p: Program) = {
-  var runs = 0
-  var rerun = true
+
   applyRPO(p)
-  while (runs < 5) {
-    val nonConstVars = p.procedures.map(p => p -> cyclicVariables(p)).toMap
-    val d = ConstCopyProp(nonConstVars)
-
-    runs += 1
-    val solver = worklistSolver(d)
-    val result = solver.solveProg(p, Set(), Set())
-
-    while (rerun) {
-      rerun = false
-      for ((p, xf) <- result) {
-        val vis = Simplify(xf.withDefaultValue(CCP(Map(), Map())))
-        visit_proc(vis, p)
-        rerun = rerun || vis.madeAnyChange
+
+  Logger.info("[!] Simplify :: Expr/Copy-prop Transform")
+  val work = p.procedures
+    .filter(_.blocks.size > 0)
+    .map(p =>
+      p -> //Future
+        {
+          Logger
+            .debug(s"CopyProp Transform ${p.name} (${p.blocks.size} blocks, expr complexity ${ExprComplexity()(p)})")
+          copypropTransform(p)
+        }
+    )
+
+  work.foreach((p, job) => {
+    try {
+      //Await.result(job, 10000.millis)
+      job
+    } catch {
+      case e => {
+        Logger.error("Simplify :: CopyProp " + p.name + ": " + e.toString)
       }
     }
-  }
+  })
+
+  Logger.info("[!] Simplify :: Dead variable elimination")
 
   // cleanup
   visit_prog(CleanupAssignments(), p)
   val toremove = p.collect {
     case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
   }
+
+  Logger.info("[!] Simplify :: Merge empty blocks")
   for (b <- toremove) {
     val p = b.prevBlocks.head
     val n = b.nextBlocks.head
@@ -334,6 +412,7 @@ def doCopyPropTransform(p: Program) = {
     b.parent.removeBlocks(b)
   }
 
+
 }
 
 def reversePostOrder(startBlock: Block): Unit = {
@@ -363,6 +442,10 @@ def applyRPO(p: Program) = {
 
 class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
 
+  def solveProc(p: Procedure) = {
+    solve(p.blocks, Set(), Set())
+  }
+
   def solveProg(
       p: Program,
       widenpoints: Set[Block], // set of loop heads
@@ -370,7 +453,31 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
   ): Map[Procedure, Map[Block, L]] = {
     val initDom = p.procedures.map(p => (p, p.blocks))
 
-    initDom.map(d => (d._1, solve(d._2, Set(), Set()))).toMap
+    val work = initDom.map(d => {
+      (
+        d._1,
+        Future {
+          val t = util.PerformanceTimer(s"solve ${d._1.name}")
+          Logger.info(s"begin ${t.timerName}")
+          val r = solve(d._2, Set(), Set())
+          t.checkPoint("finished")
+          r
+        }
+      )
+    })
+    work
+      .map((prog, x) =>
+        try {
+          (prog, Await.result(x, 10000.millis))
+        } catch {
+          case t: Exception => {
+            Logger.error(s"${prog.name} : $t")
+            (prog, Map())
+          }
+        }
+      )
+      .toMap
+    // Await.result(Future.sequence(work), Duration.Inf).toMap
   }
 
   def solve(
@@ -379,6 +486,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       narrowpoints: Set[Block] // set of conditions
   ): Map[Block, L] = {
     val saved: mutable.HashMap[Block, L] = mutable.HashMap()
+    val saveCount: mutable.HashMap[Block, Int] = mutable.HashMap()
     val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
     worklist.addAll(initial)
 
@@ -396,17 +504,26 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       }
 
       def bs(b: Block): List[Block] = {
-        if (b.nextBlocks.size == 1) {
-          val n = b.nextBlocks.head
-          b :: bs(n)
-        } else {
-          List(b)
-        }
+        var blocks = mutable.LinkedHashSet[Block]()
+        var thisBlock = b
+        while ({
+          blocks.add(thisBlock)
+
+          if (thisBlock.nextBlocks.size == 1) {
+            thisBlock = thisBlock.nextBlocks.head
+            blocks.contains(thisBlock)
+          } else {
+            false
+          }
+        }) {}
+        blocks.toList
       }
 
+      val prev = saved.get(b)
       x = b.prevBlocks.flatMap(ib => saved.get(ib).toList).foldLeft(x)(domain.join)
       saved(b) = x
-      val todo = bs(b)
+      // val todo = bs(b)
+      val todo = List(b)
       val lastBlock = todo.last
 
       def xf_block(x: L, b: Block) = {
@@ -418,7 +535,13 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
         saved(b)
       })
       saved(lastBlock) = nx
-      if (nx != x) then {
+      saveCount(lastBlock) = saveCount.get(lastBlock).getOrElse(0) + 1
+      if (!prev.contains(nx)) then {
+        if (saveCount(lastBlock) == 50) {
+          Logger.warn(s"Large join count on block ${lastBlock.label}, no fix point? (-v for mor info)")
+          Logger.debug(lastBlock.label + "    ==> " + x)
+          Logger.debug(lastBlock.label + "    <== " + nx)
+        }
         worklist.addAll(lastBlock.nextBlocks)
       }
       x = nx
@@ -427,30 +550,63 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
   }
 }
 
-case class CopyProp(expr: Expr, deps: Set[Variable])
+// case class CopyProp(from: Expr, expr: Expr, deps: Set[Variable])
+
+enum CopyProp {
+  case Bot
+  case Prop(expr: Expr, deps: Set[Variable])
+  case Clobbered
+}
 
 case class CCP(
-    constants: Map[Variable, Literal],
-    // variable -> expr * dependencies
-    val exprs: Map[Variable, CopyProp]
+    val state: Map[Variable, CopyProp] = Map()
 )
 
-class ConstCopyProp(cyclicVariables: Map[Procedure, Set[Variable]]) extends AbstractDomain[CCP] {
+object CCP {
+  def toSubstitutions(c: CCP): Map[Variable, Expr] = {
+    c.state.collect { case (v, CopyProp.Prop(e, _)) =>
+      v -> e
+    }
+  }
+}
+
+class ConstCopyProp() extends AbstractDomain[CCP] {
   private final val callClobbers = (0 to 30).map("R" + _).map(c => Register(c, 64))
 
-  def top: CCP = CCP(Map(), Map())
-  def bot: CCP = CCP(Map(), Map())
+  def top: CCP = CCP(Map().withDefaultValue(CopyProp.Bot))
+  def bot: CCP = CCP(Map().withDefaultValue(CopyProp.Clobbered))
 
   override def join(l: CCP, r: CCP): CCP = {
-    val const = l.constants.keySet.intersect(r.constants.keySet)
-    val exprs = l.exprs.keySet.intersect(r.exprs.keySet)
+    val ks = l.state.keySet.intersect(r.state.keySet)
+    val merged = ks.map(v =>
+      (v ->
+        ((l.state(v), r.state(v)) match {
+          case (l, CopyProp.Bot)                                                            => l
+          case (CopyProp.Bot, r)                                                            => r
+          case (c @ CopyProp.Clobbered, _)                                                  => c
+          case (_, c @ CopyProp.Clobbered)                                                  => c
+          case (p1 @ CopyProp.Prop(e1, deps1), p2 @ CopyProp.Prop(e2, deps2)) if (p1 == p2) => p1
+          case (_, _)                                                                       => CopyProp.Clobbered
+        }))
+    )
+    CCP(merged.toMap)
+  }
+
+  def clobberFull(c: CCP, l: Variable) = {
+    val p = clobber(c, l)
+    p.copy(state = p.state + (l -> CopyProp.Clobbered))
+  }
+
+  def clobber(c: CCP, l: Variable) = {
     CCP(
-      const.collect {
-        case k if (l.constants(k) == r.constants(k)) => k -> l.constants(k)
-      }.toMap,
-      exprs.collect {
-        case k if (l.exprs(k) == r.exprs(k)) => k -> l.exprs(k)
-      }.toMap
+      c.state
+        .map((k, v) =>
+          k -> (v match {
+            case CopyProp.Prop(_, deps) if deps.contains(l) => CopyProp.Clobbered
+            case o                                          => o
+          })
+        )
+        .withDefaultValue(CopyProp.Bot)
     )
   }
 
@@ -461,43 +617,102 @@ class ConstCopyProp(cyclicVariables: Map[Procedure, Set[Variable]]) extends Abst
         c
       }
       case Assign(l, r, lb) => {
-        var p = c
-        val evaled = eval.partialEvalExpr(
-          eval.simplifyExprFixpoint(r),
-          v => p.constants.get(v)
-        )
-        val rhsDeps = evaled.variables
-
-        p = evaled match {
-          case lit: Literal => p.copy(constants = p.constants.updated(l, lit), exprs = p.exprs.removed(l))
-          case e: Expr
-              if e.loads.isEmpty && !e.variables.contains(l) && !(cyclicVariables(s.parent.parent).contains(l)) =>
-            p.copy(constants = p.constants.removed(l), exprs = p.exprs.updated(l, CopyProp(e, e.variables)))
-          case _ => p.copy(constants = p.constants.removed(l), exprs = p.exprs.removed(l))
+        if (r.loads.size > 0) {
+          clobberFull(c, l)
+        } else {
+          val consts = c.state.collect {
+            case (k, CopyProp.Prop(c, deps)) if deps.isEmpty => k -> c
+          }
+          val evaled = ir.eval.partialEvalExpr(Substitute(consts, false)(r).getOrElse(r), e => None)
+          val rhsDeps = evaled.variables.toSet
+          val existing = c.state.get(l).getOrElse(CopyProp.Bot)
+
+          val ns = existing match {
+            case CopyProp.Bot                                 => CopyProp.Prop(evaled, rhsDeps) // not seen yet
+            case CopyProp.Prop(e, _) if e == evaled || e == r => CopyProp.Prop(evaled, rhsDeps) // refine value
+            case _                                            => CopyProp.Clobbered // our expr value has changed
+          }
+          val p = c.copy(state = c.state + (l -> ns))
+          clobber(p, l)
         }
-
-        // remove candidates whose value changes due to this update
-        p = p.copy(exprs = p.exprs.filterNot((k, v) => v.deps.exists(c => c.name == l.name)))
-
-        p
       }
       case x: DirectCall => {
         val lhs = x.outParams.map(_._2)
-        lhs.foldLeft(c)((c, l) =>
-          c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
-        )
+        lhs.foldLeft(c)(clobberFull)
       }
       case x: IndirectCall => {
         val toClob = callClobbers
-        toClob.foldLeft(c)((c, l) =>
-          c.copy(constants = c.constants.removed(l), exprs = c.exprs.filterNot((k, v) => v.deps.contains(l)))
-        )
+        toClob.foldLeft(c)(clobberFull)
       }
       case _ => c
     }
   }
 }
 
+class ExprComplexity extends CILVisitor {
+  // count the nodes in the expression AST
+  var count = 0
+  override def vexpr(e: Expr) = {
+    count += 1
+    DoChildren()
+  }
+
+  def apply(e: Procedure) = {
+    count = 0
+    visit_proc(this, e)
+    count
+  }
+
+  def apply(e: Expr) = {
+    count = 0
+    visit_expr(this, e)
+    count
+  }
+}
+
+class Substitute(
+    val res: Map[Variable, Expr],
+    val recurse: Boolean = true,
+    val complexityThreshold: Int = 0
+) extends CILVisitor {
+  var madeAnyChange = false
+  var complexity = 0
+
+  override def vexpr(e: Expr) = {
+    e match {
+      case v: Variable if res.contains(v) => {
+        val changeTo = res(v)
+        if (complexityThreshold > 0) {
+          complexity += ExprComplexity()(changeTo)
+        }
+        if (complexityThreshold > 0 && complexity > complexityThreshold) {
+          SkipChildren()
+        } else if (recurse) {
+          madeAnyChange = true
+          ChangeDoChildrenPost(changeTo, x => x)
+        } else {
+          madeAnyChange = true
+          ChangeTo(changeTo)
+        }
+      }
+      case e => DoChildren()
+    }
+  }
+
+  def apply(e: Expr): Option[Expr] = {
+    madeAnyChange = false
+    val ne = visit_expr(this, e)
+    val changed = madeAnyChange
+    madeAnyChange = false
+    if (changed) {
+      Some(ne)
+    } else {
+      None
+    }
+  }
+
+}
+
 class Simplify(
     val res: Map[Block, CCP],
     val initialBlock: Block = null
@@ -505,35 +720,21 @@ class Simplify(
 
   var madeAnyChange = false
   var block: Block = initialBlock
-
-  def simp(pe: Expr)(ne: Expr) = {
-    val simped = eval.partialEvalExpr(ir.eval.simplifyExprFixpoint(ne), x => None)
-    if (pe != simped) {
-      madeAnyChange = true
-    }
-
-    simped
-  }
+  var skipped = Set[String]()
 
   override def vexpr(e: Expr) = {
-    e match {
-      case v: Variable if res(block).constants.contains(v) => {
-        madeAnyChange = true
-        ChangeDoChildrenPost(
-          res(block).constants(v),
-          simp(e)
-        )
-      }
-      case v: Variable if res(block).exprs.contains(v) => {
-        val repl = res(block).exprs(v).expr
-        madeAnyChange = true
-        ChangeDoChildrenPost(
-          repl,
-          simp(e)
-        )
+    val threshold = 500
+    val variables = e.variables.toSet
+    val subst = Substitute(CCP.toSubstitutions(res(block)), true, threshold)
+    val result = subst(e).getOrElse(e)
+    if (subst.complexity > threshold) {
+      val bl = s"${block.parent.name}::${block.label}"
+      if (!skipped.contains(bl)) {
+        skipped = skipped + bl
+        Logger.warn(s"Some skipped substitution at $bl due to resulting expr size > ${threshold} threshold")
       }
-      case e => ChangeDoChildrenPost(e, simp(e))
     }
+    ChangeTo(result)
   }
 
   override def vblock(b: Block) = {
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index b5af65231..ad843f4d1 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -243,6 +243,13 @@ private class ILSerialiser extends ReadOnlyVisitor {
 
 }
 
+
+def serialiseIL(p: Procedure): String = {
+  val s = ILSerialiser()
+  s.visitProcedure(p)
+  s.program.toString()
+}
+
 def serialiseIL(p: Program): String = {
   val s = ILSerialiser()
   s.visitProgram(p)
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 098250cd4..acdd70243 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -2,7 +2,7 @@ package translating
 import ir.{BoolOR, *}
 import boogie.*
 import specification.*
-import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion}
+import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion, Logger}
 
 import scala.collection.mutable.ArrayBuffer
 
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index f5ee7ca1d..87e4eab57 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -29,6 +29,7 @@ enum BoogieMemoryAccessMode:
 case class BASILConfig(loading: ILLoadingConfig,
                        runInterpret: Boolean = false,
                        simplify: Boolean = false,
+                       validateSimp: Boolean = false,
                        staticAnalysis: Option[StaticAnalysisConfig] = None,
                        boogieTranslation: BoogieGeneratorConfig = BoogieGeneratorConfig(),
                        outputPrefix: String
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 09b577b5c..b3987c86d 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -206,6 +206,11 @@ object IRTransform {
     val renamer = Renamer(boogieReserved)
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
+
+    // before DSA ; make locals block-local 
+    // TODO: should be in loading phase
+    // transforms.MakeLocalsBlockUnique(ctx.program)
+
     ctx
   }
 
@@ -215,7 +220,7 @@ object IRTransform {
   def prepareForTranslation(config: ILLoadingConfig, ctx: IRContext): Unit = {
     ctx.program.determineRelevantMemory(ctx.globalOffsets)
 
-    Logger.debug("[!] Stripping unreachable")
+    Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
     transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
     Logger.debug(
@@ -504,6 +509,7 @@ object RunUtils {
 
   def run(q: BASILConfig): Unit = {
     val result = loadAndTranslate(q)
+    Logger.info("Writing output")
     writeOutput(result)
   }
 
@@ -517,10 +523,19 @@ object RunUtils {
   }
 
   def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
-    Logger.info("[!] Running simplification")
-    Logger.info("[!] DynamicSingleAssignment")
+    Logger.info("[!] Running Simplify")
+
+    //val before = ctx.program.procedures.size
+    //transforms.stripUnreachableFunctions(ctx.program, 1)
+    //Logger.info(
+    //  s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
+    //)
+
+    Logger.info("[!] Simplify :: DynamicSingleAssignment")
+    val liveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
 
-    transforms.DynamicSingleAssignment.applyTransform(ctx.program)
+    writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
+    transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
 
     config.foreach(_.analysisDotPath.foreach { s =>
       writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa.dot")
@@ -528,18 +543,27 @@ object RunUtils {
     writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
 
-    Logger.info("[!] CopyProp")
     transforms.doCopyPropTransform(ctx.program)
     writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
     // run this after cond recovery because sign bit calculations often need high bits
     // which go away in high level conss
+    Logger.info("[!] Simplify :: RemoveSlices")
     transforms.removeSlices(ctx.program)
     writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
 
     config.foreach(_.analysisDotPath.foreach { s =>
       writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
     })
+
+    if (ir.eval.SimplifyValidation.validate) {
+      Logger.info("[!] Simplify :: Writing simplification validation")
+      val w = BufferedWriter(FileWriter("rewrites.smt2"))
+      ir.eval.SimplifyValidation.makeValidation(w)
+      w.close()
+    }
+
+    Logger.info("[!] Simplify :: finished")
   }
 
   def loadAndTranslate(conf: BASILConfig): BASILResult = {
@@ -552,6 +576,7 @@ object RunUtils {
 
     //assert(invariant.correctCalls(ctx.program))
     if (q.loading.parameterForm) {
+
       ir.transforms.clearParams(ctx.program)
       ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
     } else {
@@ -559,11 +584,12 @@ object RunUtils {
     }
     assert(invariant.correctCalls(ctx.program))
 
+    ir.eval.SimplifyValidation.validate = conf.validateSimp
     if (conf.simplify) {
       doSimplify(ctx, conf.staticAnalysis)
-      writeToFile(ir.eval.makeValidation(), s"simps.smt2")
     }
 
+    Logger.info("Done simplify")
 
     assert(invariant.correctCalls(ctx.program))
 
@@ -584,7 +610,7 @@ object RunUtils {
 
     IRTransform.prepareForTranslation(q.loading, ctx)
 
-    Logger.debug("[!] Translating to Boogie")
+    Logger.info("[!] Translating to Boogie")
 
     val boogiePrograms = if (q.boogieTranslation.threadSplit && ctx.program.threads.nonEmpty) {
       val outPrograms = ArrayBuffer[BProgram]()
diff --git a/src/test/.~lock.full-summary-nosimplify.csv# b/src/test/.~lock.full-summary-nosimplify.csv#
deleted file mode 100644
index b5478a8ff..000000000
--- a/src/test/.~lock.full-summary-nosimplify.csv#
+++ /dev/null
@@ -1 +0,0 @@
-,am,ampacdell,09.10.2024 16:57,file:///home/am/.config/libreoffice/4;
\ No newline at end of file
diff --git a/src/test/.~lock.full-summary-simplify.csv# b/src/test/.~lock.full-summary-simplify.csv#
deleted file mode 100644
index b5478a8ff..000000000
--- a/src/test/.~lock.full-summary-simplify.csv#
+++ /dev/null
@@ -1 +0,0 @@
-,am,ampacdell,09.10.2024 16:57,file:///home/am/.config/libreoffice/4;
\ No newline at end of file

From f2adf7297d9f3f152a5dd66d06d1321f05a6d4cd Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 22 Oct 2024 16:44:08 +1000
Subject: [PATCH 085/127] add early proc trim and fix remove unreachable cfg
 maintenance

---
 src/main/scala/Main.scala                     |  4 +-
 src/main/scala/ir/Expr.scala                  |  9 ++-
 src/main/scala/ir/Program.scala               | 35 ++++++++++--
 src/main/scala/ir/Statement.scala             |  1 +
 src/main/scala/ir/Visitor.scala               |  4 +-
 src/main/scala/ir/cilvisitor/CILVisitor.scala | 18 +++++-
 .../BackwardsCFGMatchesForwards.scala         | 57 +++++++++++++++++++
 .../invariant/BlocksUniqueToProcedure.scala   | 52 +++++++++++++++++
 .../ir/invariant/CorrectCallParams.scala      |  2 +-
 .../ir/invariant/EarlyCallStatement.scala     |  2 +-
 .../transforms/DynamicSingleAssignment.scala  | 45 ++++++++++++++-
 src/main/scala/ir/transforms/Simp.scala       |  8 ++-
 .../StripUnreachableFunctions.scala           | 27 ++++++---
 src/main/scala/util/BASILConfig.scala         |  3 +-
 src/main/scala/util/RunUtils.scala            | 39 ++++++++-----
 15 files changed, 269 insertions(+), 37 deletions(-)
 create mode 100644 src/main/scala/ir/invariant/BackwardsCFGMatchesForwards.scala
 create mode 100644 src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 5b15d352b..a97e23996 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -40,6 +40,8 @@ object Main {
       mainProcedureName: String = "main",
       @arg(name = "procedure-call-depth", doc = "Cull procedures beyond this call depth from the main function (defaults to Int.MaxValue)")
       procedureDepth: Int = Int.MaxValue,
+      @arg(name = "trim-early", doc = "Cull procedures BEFORE running analysis")
+      trimEarly: Flag,
       @arg(name = "help", short = 'h', doc = "Show this help message.")
       help: Flag,
       @arg(name = "analysis-results", doc = "Log analysis results in files at specified path.")
@@ -86,7 +88,7 @@ object Main {
     }
 
     val q = BASILConfig(
-      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value || conf.simplify.value),
+      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value || conf.simplify.value, conf.trimEarly.value),
       runInterpret = conf.interpret.value,
       simplify = conf.simplify.value,
       validateSimp = conf.validateSimplify.value,
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 2ca58ca75..3e09a7802 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -383,13 +383,20 @@ case class Register(override val name: String, size: Int) extends Variable with
 }
 
 // Variable with scope local to the procedure, typically a temporary variable created in the lifting process
-case class LocalVar(override val name: String, override val irType: IRType) extends Variable {
+case class LocalVar(varName: String, override val irType: IRType, val index : Int = 0) extends Variable {
+  override val name = varName + (if (index > 0) then s"_$index" else "")
   override def toGamma: BVar = BVariable(s"Gamma_$name", BoolBType, Scope.Local)
   override def toBoogie: BVar = BVariable(s"$name", irType.toBoogie, Scope.Local)
   override def toString: String = s"LocalVar(${name}, ${if sharedVariable then "shared" else "unshared"}, $irType)"
   override def acceptVisit(visitor: Visitor): Variable = visitor.visitLocalVar(this)
 }
 
+object LocalVar {
+
+  def unapply(l: LocalVar) : Option[(String, IRType)] = Some((s"${l.name}_${l.index}", l.irType)) 
+
+}
+
 
 // A memory section
 sealed trait Memory extends Global {
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 16cd6f2b4..53482bb21 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -33,13 +33,33 @@ class ILUnorderedIterator(private val begin: Iterable[CFGPosition]) extends Iter
 
 }
 
-class Program(var procedures: ArrayBuffer[Procedure],
+class Program(val procedures: ArrayBuffer[Procedure],
               var mainProcedure: Procedure,
               var initialMemory: ArrayBuffer[MemorySection],
               var readOnlyMemory: ArrayBuffer[MemorySection]) extends Iterable[CFGPosition] {
 
   val threads: ArrayBuffer[ProgramThread] = ArrayBuffer()
 
+
+  def removeProcedure(i: Int) : Unit = {
+    val p = procedures(i)
+    for (b <- p.blocks) {
+      b.deParent()
+    }
+    procedures.remove(i)
+  }
+
+  def removeProcedure(p: Procedure) : Unit = {
+    removeProcedure(procedures.indexOf(p))
+  }
+
+  def addProcedure(p: Procedure) = {
+    for (b <- p.blocks) {
+      b.setParent(p)
+    }
+    procedures += p
+  }
+
   override def toString(): String = {
     serialiseIL(this)
   }
@@ -276,11 +296,10 @@ class Procedure private (
    * @return the removed block
    */
   def removeBlocks(block: Block): Block = {
+    require(_blocks.contains(block)) 
     require(block.incomingJumps.isEmpty) // don't leave jumps dangling
-    if (_blocks.contains(block)) {
-      block.deParent()
-      _blocks.remove(block)
-    }
+    block.deParent()
+    _blocks.remove(block)
     if (_entryBlock.contains(block)) {
       _entryBlock = None
     }
@@ -455,11 +474,17 @@ class Block private (
 
   override def linkParent(p: Procedure): Unit = {
     // to connect call() links that reference jump.parent.parent
+    for (s <- statements) {
+      s.setParent(this)
+    }
     jump.setParent(this)
   }
 
   override def unlinkParent(): Unit = {
     // to disconnect call() links that reference jump.parent.parent
+    for (s <- statements) {
+      s.deParent()
+    }
     jump.deParent()
   }
 }
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index 6889f65ee..cb236a4fc 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -1,4 +1,5 @@
 package ir
+import util.Logger
 import util.intrusive_list.IntrusiveListElement
 import boogie.{BMapVar, GammaStore}
 import collection.immutable.SortedMap
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index edc19a1e0..b4ea25b90 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -352,8 +352,8 @@ class Substituter(variables: Map[Variable, Variable] = Map(), memories: Map[Memo
   */
 class Renamer(reserved: Set[String]) extends Visitor {
   override def visitLocalVar(node: LocalVar): LocalVar = {
-    if (reserved.contains(node.name)) {
-      node.copy(name = s"#${node.name}")
+    if (reserved.contains(node.varName)) {
+      node.copy(varName = s"#${node.varName}")
     } else {
       node
     }
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index b6997b986..89facf80e 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -168,7 +168,23 @@ class CILVisitorImpl(val v: CILVisitor) {
 
   def visit_prog(p: Program): Program = {
     def continue(p: Program) = {
-      p.procedures = p.procedures.flatMap(visit_proc)
+      for (i <- (0 until p.procedures.size)) {
+        visit_proc(p.procedures(i)) match {
+          case h::Nil if p.procedures(i) eq h => {}
+          case h::Nil if !(p.procedures(i) eq h) => {
+            // TODO: need some better approximation of knowing whether this procedure requires relinking?
+            p.removeProcedure(i)
+            p.addProcedure(h)
+          }
+          case Nil => p.removeProcedure(i)
+          case h::tl => {
+            p.removeProcedure(i)
+            for (x <- h::tl) {
+              p.addProcedure(x)
+            }
+          }
+        }
+      }
       p
     }
     doVisit(v, v.vprog(p), p, continue)
diff --git a/src/main/scala/ir/invariant/BackwardsCFGMatchesForwards.scala b/src/main/scala/ir/invariant/BackwardsCFGMatchesForwards.scala
new file mode 100644
index 000000000..caf61a677
--- /dev/null
+++ b/src/main/scala/ir/invariant/BackwardsCFGMatchesForwards.scala
@@ -0,0 +1,57 @@
+package ir.invariant
+import ir.*
+import ir.cilvisitor.*
+import util.Logger
+import scala.collection.mutable
+
+
+def cfgCorrect(p: Program | Procedure) = {
+
+  val forwardsInter = p.collect {
+    case d @ DirectCall(tgt, _ , _, _) => (d.parent.parent, tgt)
+  }
+  val revForwardsInter = forwardsInter.groupBy(_._2).map((dest, origs) => (dest, origs.map(_._1).toSet)).toMap
+  val forwardsInterMap = forwardsInter.groupBy(_._1).map((orig, dests) => (orig, dests.map(_._2).toSet)).toMap
+
+  val forwardsIntra = p.collect {
+    case g @ GoTo(targets, _) => targets.map((t: Block) => (g.parent, t))
+  }.flatten
+
+  val revForwardsIntra = forwardsIntra.groupBy(_._2).map((dest, origs) => (dest, origs.map(_._1).toSet)).toMap
+  val forwardsIntraMap = forwardsIntra.groupBy(_._1).map((orig, dests) => (orig, dests.map(_._2).toSet)).toMap
+
+  p.forall {
+    case b: Block => {
+      val backwards = (b.prevBlocks.toSet == revForwardsIntra.get(b).getOrElse(Set()))
+      val forwards = b.nextBlocks.toSet == forwardsIntraMap.get(b).getOrElse(Set()) 
+      val c = forwards && backwards
+      if (!forwards) {
+        Logger.error(s"Forwards block cfg does not match : ${b.nextBlocks.toSet.map(_.label)} == ${forwardsIntraMap.get(b).getOrElse(Set()).map(_.label)}")
+      }
+      if (!backwards) {
+        Logger.error(s"Backward block cfg does not match : ${b.prevBlocks.toSet.map(_.label)} == ${revForwardsIntra.get(b).getOrElse(Set()).map(_.label)}")
+      }
+      c
+    }
+    case p: Procedure => {
+      val factual = p.calls.toSet
+      val fexpected = forwardsInterMap.get(p).getOrElse(Set()).toSet
+      val bactual = p.callers().toSet
+      val bexpected = revForwardsInter.get(p).getOrElse(Set()).toSet
+      if (factual != fexpected) {
+        Logger.error(s"${p.name} forwards proc cfg does not match : ${factual.map(_.name)} == ${fexpected.map(_.name)} ")
+      }
+      if (bactual != bexpected) {
+        Logger.error(p.incomingCalls().map(_.parent).toList.toString)
+        Logger.error(p.incomingCalls().map(_.parent.parent).toList.toString)
+        Logger.error(s"${p.name} backward proc cfg does not match : ${bactual.map(_.name)} == ${bexpected.map(_.name)} ")
+      }
+
+      factual == fexpected && bactual == bexpected
+    }
+    case _ => true
+  }
+
+
+
+}
diff --git a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
new file mode 100644
index 000000000..a90f7633a
--- /dev/null
+++ b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
@@ -0,0 +1,52 @@
+package ir.invariant
+import ir.*
+import ir.cilvisitor.*
+import util.Logger
+import scala.collection.mutable
+
+private class BVis extends CILVisitor {
+  var proc: Procedure = null
+  var block: Block = null
+  val gotoViolations = mutable.Set[GoTo]()
+  val blockMultiProcViolations = mutable.Set[Block]()
+
+  override def vproc(p: Procedure) = {
+    proc = p
+    DoChildren()
+  }
+
+  override def vblock(b: Block) = {
+    block = b
+    if (b.parent != proc) {
+      blockMultiProcViolations.add(b)
+    }
+    DoChildren()
+  }
+
+  override def vstmt(s: Statement) = {
+    SkipChildren()
+  }
+
+  override def vjump(j: Jump) = {
+    j match {
+      case g @ GoTo(targets, _) if !(targets.forall(t => t.parent == proc)) => gotoViolations.add(g)
+      case _ => ()
+    }
+
+    SkipChildren()
+  }
+}
+
+def blocksUniqueToEachProcedure(p: Program) : Boolean = {
+  val v = BVis()
+  visit_prog(v, p)
+  for (g <- v.gotoViolations) {
+    Logger.error(s"$g has target outside parent block")
+  }
+
+  for (b <- v.blockMultiProcViolations) {
+    Logger.error(s"block ${b.label} is referenced in multiple procedures.")
+  }
+
+  v.gotoViolations.isEmpty && v.blockMultiProcViolations.isEmpty
+}
diff --git a/src/main/scala/ir/invariant/CorrectCallParams.scala b/src/main/scala/ir/invariant/CorrectCallParams.scala
index 5721889ff..e23a262ec 100644
--- a/src/main/scala/ir/invariant/CorrectCallParams.scala
+++ b/src/main/scala/ir/invariant/CorrectCallParams.scala
@@ -1,5 +1,5 @@
 package ir.invariant
-import ir._
+import ir.*
 import util.Logger
 
 
diff --git a/src/main/scala/ir/invariant/EarlyCallStatement.scala b/src/main/scala/ir/invariant/EarlyCallStatement.scala
index bb4504343..52e6e6ac9 100644
--- a/src/main/scala/ir/invariant/EarlyCallStatement.scala
+++ b/src/main/scala/ir/invariant/EarlyCallStatement.scala
@@ -1,5 +1,5 @@
 package ir.invariant
-import ir._
+import ir.*
 
 
 def singleCallBlockEnd(p: Program) : Boolean = {
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index c01565ab0..3a84ef732 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -16,8 +16,11 @@ object DynamicSingleAssignment {
     def addIndex(v: Variable, idx: Int) = {
       if (idx != -1) {
         v match {
-          case Register(n, sz) => Register(n + "_" + idx, sz)
-          case LocalVar(n, t)  => LocalVar(n + "_" + idx, t)
+          case Register(n, sz) => {
+            throw Exception("Should not SSA registers")
+            Register(n + "_" + idx, sz)
+          }
+          case v @ LocalVar(n, t)  => LocalVar(v.varName, t, idx)
         }
       } else {
         v
@@ -231,3 +234,41 @@ object DynamicSingleAssignment {
     program.procedures.foreach(visitProc)
   }
 }
+
+
+
+def undoDSA(p: Procedure) : Unit = {
+  /**
+   * This just naively removes the indices from variables, some analyses may require dsa form to maintain correctness
+   * (e.g. bitvector width removal)
+   *
+   * You can only do this if the ssa index order matches the flow order, and all have the same type. 
+   */
+  visit_proc(RevIndices, p)
+  visit_proc(RemoveCopy, p)
+
+  object RevIndices extends CILVisitor {
+    override def vlvar(v: Variable) = v match {
+      case l: LocalVar => ChangeTo(LocalVar(l.varName, l.irType))
+      case o => SkipChildren()
+    }
+    override def vrvar(v: Variable) = v match {
+      case l: LocalVar => ChangeTo(LocalVar(l.varName, l.irType))
+      case o => SkipChildren()
+    }
+  }
+
+  object RemoveCopy extends CILVisitor {
+    override def vstmt(s: Statement) = s match {
+      case Assign(LocalVar(n1, t1), LocalVar(n2, t2), _) if n1 == n2 => ChangeTo(List())
+      case o => SkipChildren()
+    }
+  }
+}
+
+def undoDSA(p: Program) : Unit = {
+  for (proc <- p.procedures) {
+    undoDSA(proc)
+  }
+}
+
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 32ecef7da..e24b4f257 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -361,6 +361,12 @@ def copypropTransform(p: Procedure) = {
   t.checkPoint("redundant assignments")
   // Logger.info(s"    ${p.name} after dead var cleanup expr complexity ${ExprComplexity()(p)}")
 
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
@@ -629,7 +635,7 @@ class ConstCopyProp() extends AbstractDomain[CCP] {
 
           val ns = existing match {
             case CopyProp.Bot                                 => CopyProp.Prop(evaled, rhsDeps) // not seen yet
-            case CopyProp.Prop(e, _) if e == evaled || e == r => CopyProp.Prop(evaled, rhsDeps) // refine value
+            case CopyProp.Prop(e, _)                          => CopyProp.Prop(evaled, rhsDeps)
             case _                                            => CopyProp.Clobbered // our expr value has changed
           }
           val p = c.copy(state = c.state + (l -> ns))
diff --git a/src/main/scala/ir/transforms/StripUnreachableFunctions.scala b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
index 96784cc28..ab6279406 100644
--- a/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
+++ b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
@@ -1,21 +1,23 @@
 package ir.transforms
-import ir._
+import ir.*
 import collection.mutable
+import util.Logger
+import ir.cilvisitor.*
 
 // This shouldn't be run before indirect calls are resolved
 def stripUnreachableFunctions(p: Program, depth: Int = Int.MaxValue): Unit = {
-  val procedureCalleeNames = p.procedures.map(f => f.name -> f.calls.map(_.name)).toMap
+  val procedureCalleeNames = p.procedures.map(f => f -> f.calls).toMap
 
-  val toVisit: mutable.LinkedHashSet[(Int, String)] = mutable.LinkedHashSet((0, p.mainProcedure.name))
+  val toVisit: mutable.LinkedHashSet[(Int, Procedure)] = mutable.LinkedHashSet((0, p.mainProcedure))
   var reachableFound = true
-  val reachableNames = mutable.HashMap[String, Int]()
+  val reachableNames = mutable.HashMap[Procedure, Int]()
   while (toVisit.nonEmpty) {
     val next = toVisit.head
     toVisit.remove(next)
 
     if (next._1 <= depth) {
 
-      def addName(depth: Int, name: String): Unit = {
+      def addName(depth: Int, name: Procedure): Unit = {
         val oldDepth = reachableNames.getOrElse(name, Integer.MAX_VALUE)
         reachableNames.put(next._2, if depth < oldDepth then depth else oldDepth)
       }
@@ -27,12 +29,23 @@ def stripUnreachableFunctions(p: Program, depth: Int = Int.MaxValue): Unit = {
       callees.foreach(c => addName(next._1 + 1, c))
     }
   }
-  p.procedures = p.procedures.filter(f => reachableNames.keySet.contains(f.name))
+  assert(invariant.cfgCorrect(p))
+  val removed  = p.procedures.filterNot(f => reachableNames.keySet.contains(f)).toSet
+  // p.procedures = p.procedures.filter(f => reachableNames.keySet.contains(f.name))
+  for (proc <- removed) {
+    p.removeProcedure(proc)
+  }
 
-  for (elem <- p.procedures.filter(c => c.calls.exists(s => !p.procedures.contains(s)))) {
+  for (elem <- p.procedures.filter(c => c.calls.exists(s => removed.contains(s)))) {
     // last layer is analysed only as specifications so we remove the body for anything that calls
     // a function we have removed
 
     elem.clearBlocks()
+    assert(elem.entryBlock.isEmpty)
+    assert(elem.returnBlock.isEmpty)
+
   }
+  assert(invariant.blocksUniqueToEachProcedure(p))
+  assert(invariant.cfgCorrect(p))
+
 }
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index 87e4eab57..486546f13 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -14,7 +14,8 @@ case class ILLoadingConfig(inputFile: String,
                            dumpIL: Option[String] = None,
                            mainProcedureName: String = "main",
                            procedureTrimDepth: Int = Int.MaxValue,
-                           parameterForm: Boolean = false
+                           parameterForm: Boolean = false,
+                           trimEarly: Boolean = false,
                            )
 
 case class StaticAnalysisConfig(dumpILToPath: Option[String] = None,
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index b3987c86d..0ddf35b38 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -207,10 +207,9 @@ object IRTransform {
     externalRemover.visitProgram(ctx.program)
     renamer.visitProgram(ctx.program)
 
-    // before DSA ; make locals block-local 
-    // TODO: should be in loading phase
-    // transforms.MakeLocalsBlockUnique(ctx.program)
-
+    assert(invariant.singleCallBlockEnd(ctx.program))
+    assert(invariant.cfgCorrect(ctx.program))
+    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
     ctx
   }
 
@@ -223,7 +222,7 @@ object IRTransform {
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
     transforms.stripUnreachableFunctions(ctx.program, config.procedureTrimDepth)
-    Logger.debug(
+    Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
     val dupProcNames = (ctx.program.procedures.groupBy(_.name).filter((n,p) => p.size > 1)).toList.flatMap(_._2)
@@ -290,6 +289,12 @@ object StaticAnalysis {
     val globals: Set[SpecGlobal] = ctx.globals
     val globalOffsets: Map[BigInt, BigInt] = ctx.globalOffsets
 
+    assert(invariant.singleCallBlockEnd(ctx.program))
+    assert(invariant.cfgCorrect(ctx.program))
+    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
+    assert(invariant.correctCalls(ctx.program))
+
+
     val subroutines = IRProgram.procedures
       .filter(p => p.address.isDefined)
       .map(p => p.address.get -> p.name)
@@ -305,6 +310,7 @@ object StaticAnalysis {
     Logger.debug("Subroutine Addresses:")
     Logger.debug(subroutines)
 
+    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
 
     Logger.info("reducible loops")
     // reducible loops
@@ -525,12 +531,6 @@ object RunUtils {
   def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
     Logger.info("[!] Running Simplify")
 
-    //val before = ctx.program.procedures.size
-    //transforms.stripUnreachableFunctions(ctx.program, 1)
-    //Logger.info(
-    //  s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
-    //)
-
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
     val liveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
 
@@ -574,7 +574,17 @@ object RunUtils {
 
     ctx = IRTransform.doCleanup(ctx)
 
-    //assert(invariant.correctCalls(ctx.program))
+    if (q.loading.trimEarly) {
+      val before = ctx.program.procedures.size
+      transforms.stripUnreachableFunctions(ctx.program, q.loading.procedureTrimDepth)
+      Logger.info(
+        s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
+      )
+
+      val dumpdomain = computeDomain[CFGPosition, CFGPosition](InterProcIRCursor, ctx.program.procedures)
+      writeToFile(toDot(dumpdomain, InterProcIRCursor, Map.empty), s"ldakjldajnew_ir_intercfg.dot")
+    }
+
     if (q.loading.parameterForm) {
 
       ir.transforms.clearParams(ctx.program)
@@ -589,8 +599,9 @@ object RunUtils {
       doSimplify(ctx, conf.staticAnalysis)
     }
 
-    Logger.info("Done simplify")
-
+    assert(invariant.singleCallBlockEnd(ctx.program))
+    assert(invariant.cfgCorrect(ctx.program))
+    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
     assert(invariant.correctCalls(ctx.program))
 
     q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))

From a6d302ffa5c2d4ca0b8885abc6781e43b5150ff8 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 23 Oct 2024 14:03:42 +1000
Subject: [PATCH 086/127] flow insensitive copyprop and single pass dsa

---
 .../analysis/IntraLiveVarsAnalysis.scala      |  13 +-
 src/main/scala/boogie/BExpr.scala             |   2 +-
 src/main/scala/cfg_visualiser/DotTools.scala  |   5 +-
 src/main/scala/ir/Expr.scala                  |   7 +-
 src/main/scala/ir/IRCursor.scala              |   2 +-
 src/main/scala/ir/Statement.scala             |   2 +-
 src/main/scala/ir/cilvisitor/CILVisitor.scala |  50 +-
 src/main/scala/ir/eval/ExprEval.scala         |  78 ++
 src/main/scala/ir/eval/SimplifyExpr.scala     |  93 ++-
 ...MatchesForwards.scala => CFGCorrect.scala} |   0
 .../transforms/DynamicSingleAssignment.scala  | 692 ++++++++++++------
 .../ir/transforms/ProcedureParameters.scala   |  57 +-
 src/main/scala/ir/transforms/Simp.scala       | 626 ++++++++++++----
 src/main/scala/translating/GTIRBToIR.scala    |   1 +
 src/main/scala/translating/IRExpToSMT2.scala  |  13 +-
 .../scala/translating/ReadELFLoader.scala     |  10 +-
 src/main/scala/util/RunUtils.scala            |  48 +-
 .../basic_arrays_write.spec                   |   2 +-
 .../basic_function_call_caller.spec           |   2 +-
 .../basic_lock_security_write.spec            |   2 +-
 .../basic_sec_policy_write.spec               |   2 +-
 .../functionpointer/functionpointer.spec      |   2 +-
 src/test/correct/ifbranches/ifbranches.spec   |   2 +-
 .../functionpointer/functionpointer.spec      |   2 +-
 .../indirect_calls/jumptable3/jumptable3.spec |   2 +-
 src/test/indirect_calls/switch2/switch2.spec  |   2 +-
 26 files changed, 1217 insertions(+), 500 deletions(-)
 rename src/main/scala/ir/invariant/{BackwardsCFGMatchesForwards.scala => CFGCorrect.scala} (100%)

diff --git a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
index 29f29e00c..f17d91590 100644
--- a/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/IntraLiveVarsAnalysis.scala
@@ -11,16 +11,15 @@ abstract class LivenessAnalysis(program: Program) extends Analysis[Any]:
     n match {
       case p: Procedure => s
       case b: Block => s
-      case Assign(variable, expr, _) => (s - variable) ++ expr.variables
-      case MemoryAssign(_, index, value, _, _, _) => s ++ index.variables ++ value.variables
-      case Assume(expr, _, _, _) => s ++ expr.variables
-      case Assert(expr, _, _) => s ++ expr.variables
-      case IndirectCall(variable, _) => s + variable
-      case c: DirectCall => s -- c.outParams.map(_._2) ++ c.actualParams.flatMap(_._2.variables)
+      case a : Assign => (s - a.lhs) ++ a.rhs.variables
+      case m: MemoryAssign => s ++ m.index.variables ++ m.value.variables
+      case a : Assume => s ++ a.body.variables
+      case a : Assert => s ++ a.body.variables
+      case i : IndirectCall => s + i.target
+      case c: DirectCall => (s -- c.outParams.map(_._2)) ++ c.actualParams.flatMap(_._2.variables)
       case g: GoTo => s
       case r: Return => s ++ r.outParams.flatMap(_._2.variables)
       case r: Unreachable => s
-      case _ => ???
     }
   }
 
diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala
index c00985361..3d3d00e52 100644
--- a/src/main/scala/boogie/BExpr.scala
+++ b/src/main/scala/boogie/BExpr.scala
@@ -359,7 +359,7 @@ case class BinaryBExpr(op: BinOp, arg1: BExpr, arg2: BExpr) extends BExpr {
           } else {
             throw new Exception(s"bitvector size mismatch: $arg1, $arg2")
           }
-        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE =>
+        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE | BVSADDO =>
           if (bv1.size == bv2.size) {
             BoolBType
           } else {
diff --git a/src/main/scala/cfg_visualiser/DotTools.scala b/src/main/scala/cfg_visualiser/DotTools.scala
index ab754d152..75f7b55ee 100644
--- a/src/main/scala/cfg_visualiser/DotTools.scala
+++ b/src/main/scala/cfg_visualiser/DotTools.scala
@@ -57,7 +57,7 @@ class DotNode(val id: String, val label: String) extends DotElement {
   override def toString: String = toDotString
 
   def toDotString: String =
-    s"\"$id\"" + "[label=\"" + wrap(label, 100) + "\", shape=\"box\", fontname=\"Mono\"]"
+    s"\"$id\"" + "[label=\"" + wrap(label, 100) + "\", shape=\"box\", fontname=\"Mono\", fontsize=\"5\"]"
 
 }
 
@@ -140,5 +140,6 @@ class DotGraph(val title: String, val nodes: Iterable[DotNode], val edges: Itera
 
   override def toString: String = toDotString
 
-  def toDotString: String = "digraph " + title + " {\n" + (nodes ++ edges).foldLeft("")((str, elm) => str + elm.toDotString + "\n") + "}"
+  val graph = "graph [ fontsize=18 ];" 
+  def toDotString: String = "digraph " + title + " {\n" + graph + "\n" + (nodes ++ edges).foldLeft("")((str, elm) => str + elm.toDotString + "\n") + "}"
 }
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 3e09a7802..b572a52eb 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -21,6 +21,8 @@ sealed trait Expr {
   def gammas: Set[Expr] = Set()
   def variables: Set[Variable] = Set()
   def acceptVisit(visitor: Visitor): Expr = throw new Exception("visitor " + visitor + " unimplemented for: " + this)
+
+  lazy val variablesCached = variables
 }
 
 
@@ -195,7 +197,7 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
           } else {
             throw new Exception("bitvector size mismatch")
           }
-        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE =>
+        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE | BVSADDO =>
           if (bv1.size == bv2.size) {
             BoolType
           } else {
@@ -210,7 +212,7 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
         case IntEQ | IntNEQ | IntLT | IntLE | IntGT | IntGE => BoolType
       }
     case _ =>
-      throw new Exception("type mismatch, operator " + op + " type doesn't match args: (" + arg1 + ", " + arg2 + ")")
+      throw new Exception("type mismatch, operator " + op.getClass.getSimpleName + s" type doesn't match args: (" + arg1 + ", " + arg2 + ")")
   }
 
   private def inSize = arg1.getType match {
@@ -255,6 +257,7 @@ sealed trait BVBinOp(op: String) extends BinOp {
   def opName = op
 }
 
+case object BVSADDO extends BVBinOp("saddo")
 case object BVAND extends BVBinOp("and")
 case object BVOR extends BVBinOp("or")
 case object BVADD extends BVBinOp("add")
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 21944d4f1..165e946f1 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -289,7 +289,7 @@ def toDot[T <: CFGPosition](
 
   def nodeText(node: CFGPosition): String = {
     var text = node match {
-      case s: Block => f"[Block] ${s.label}"
+      case s: Block => f"[Block] (prec ${s.rpoOrder}) ${s.label}"
       case s        => s.toString
     }
     if (labels.contains(node)) {
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index cb236a4fc..4fd94fac0 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -156,7 +156,7 @@ class DirectCall(val target: Procedure,
     case None => Set()
   } */
   def calls: Set[Procedure] = Set(target)
-  override def toString: String = s"${labelStr}${outParams.mkString(",")} := DirectCall(${target.name})(${actualParams.mkString(",")})"
+  override def toString: String = s"${labelStr}${outParams.map(_._2.name).mkString(",")} := DirectCall(${target.name})(${actualParams.map(_._2).mkString(",")})"
   override def acceptVisit(visitor: Visitor): Statement = visitor.visitDirectCall(this)
 
   override def linkParent(p: Block): Unit = {
diff --git a/src/main/scala/ir/cilvisitor/CILVisitor.scala b/src/main/scala/ir/cilvisitor/CILVisitor.scala
index 89facf80e..a44672324 100644
--- a/src/main/scala/ir/cilvisitor/CILVisitor.scala
+++ b/src/main/scala/ir/cilvisitor/CILVisitor.scala
@@ -80,18 +80,46 @@ class CILVisitorImpl(val v: CILVisitor) {
   }
 
 
-  def visit_expr(n: Expr): Expr = {
+
+   def visit_expr(n: Expr): Expr = {
     def continue(n: Expr): Expr = n match {
-      case n: Literal                           => n
-      case MemoryLoad(mem, index, endian, size) => MemoryLoad(visit_mem(mem), visit_expr(index), endian, size)
-      case Extract(end, start, arg)             => Extract(end, start, visit_expr(arg))
-      case Repeat(repeats, arg)                 => Repeat(repeats, visit_expr(arg))
-      case ZeroExtend(bits, arg)                => ZeroExtend(bits, visit_expr(arg))
-      case SignExtend(bits, arg)                => SignExtend(bits, visit_expr(arg))
-      case BinaryExpr(op, arg, arg2)            => BinaryExpr(op, visit_expr(arg), visit_expr(arg2))
-      case UnaryExpr(op, arg)                   => UnaryExpr(op, visit_expr(arg))
-      case v: Variable                          => visit_rvar(v)
-      case UninterpretedFunction(n, params, rt) => UninterpretedFunction(n, params.map(visit_expr), rt)
+      case n: Literal => n
+      case MemoryLoad(mem, index, endian, size) => {
+        val nmem = visit_mem(mem)
+        val nind = visit_expr(index)
+        if ((nmem ne mem) || (nind ne index)) MemoryLoad(visit_mem(mem), visit_expr(index), endian, size) else n
+      }
+      case Extract(end, start, arg) => {
+        val narg = visit_expr(arg)
+        if (narg ne arg) Extract(end, start, narg) else n
+      }
+      case Repeat(repeats, arg) => {
+        val narg = visit_expr(arg)
+        if (narg ne arg) Repeat(repeats, arg) else n
+      }
+      case ZeroExtend(bits, arg) => {
+        val narg = visit_expr(arg)
+        if (narg ne arg) ZeroExtend(bits, narg) else n
+      }
+      case SignExtend(bits, arg) => {
+        val narg = visit_expr(arg)
+        if (narg ne arg) SignExtend(bits, narg) else n
+      }
+      case BinaryExpr(op, arg, arg2) => {
+        val narg1 = visit_expr(arg)
+        val narg2 = visit_expr(arg2)
+        if ((narg1 ne arg) || (narg2 ne arg2)) BinaryExpr(op, narg1, narg2) else n
+      }
+      case UnaryExpr(op, arg) => {
+        val narg = visit_expr(arg)
+        if (narg ne arg) UnaryExpr(op, narg) else n
+      }
+      case v: Variable => visit_rvar(v)
+      case UninterpretedFunction(name, params, rt) => {
+        val nparams = params.map(visit_expr)
+        val updated = (params.zip(nparams).map((a, b) => a ne b)).contains(true)
+        if (updated) UninterpretedFunction(name, nparams, rt) else n
+      } 
     }
     doVisit(v, v.vexpr(n), n, continue)
   }
diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 0ad0a55ca..22ee56370 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -147,6 +147,84 @@ trait Loader[S, E] {
   }
 }
 
+def fastPartialEvalExpr(exp: Expr): Expr = {
+  /*
+   * Ignore substitutions and parital eval
+   */
+  exp match {
+    case f: UninterpretedFunction => f
+    case unOp: UnaryExpr => {
+        unOp.arg match {
+          case l: Literal => evalUnOp(unOp.op, l)
+          case o          => UnaryExpr(unOp.op, o) 
+        }
+      }
+    case binOp: BinaryExpr =>
+        val lhs = binOp.arg1
+        val rhs = binOp.arg2
+        binOp.getType match {
+        case m: MapType => binOp
+        case b: BitVecType => {
+          (binOp.op, lhs, rhs) match {
+            case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => evalBVBinExpr(o, l, r)
+            case _                                                => BinaryExpr(binOp.op, lhs, rhs)
+          }
+        }
+        case BoolType => {
+          def bool2lit(b: Boolean) = if b then TrueLiteral else FalseLiteral
+          (binOp.op, lhs, rhs) match {
+            case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => bool2lit(evalBVLogBinExpr(o, l, r))
+            case (o: IntBinOp, l: IntLiteral, r: IntLiteral)      => bool2lit(evalIntLogBinExpr(o, l.value, r.value))
+            case (o: BoolBinOp, l: BoolLit, r: BoolLit)           => bool2lit(evalBoolLogBinExpr(o, l.value, r.value))
+            case _                                                => BinaryExpr(binOp.op, lhs, rhs)
+          }
+        }
+        case IntType => {
+          (binOp.op, lhs, rhs) match {
+            case (o: IntBinOp, l: IntLiteral, r: IntLiteral) => IntLiteral(evalIntBinExpr(o, l.value, r.value))
+            case _                                           => BinaryExpr(binOp.op, lhs, rhs)
+          }
+        }
+      }
+    case extend: ZeroExtend =>
+      val body = extend.body
+      (body match {
+        case b: BitVecLiteral => BitVectorEval.smt_zero_extend(extend.extension, b)
+        case o                => extend.copy(body = o)
+      })
+    case extend: SignExtend =>
+      val body = extend.body
+      body match {
+        case b: BitVecLiteral => BitVectorEval.smt_sign_extend(extend.extension, b)
+        case o                => extend.copy(body = o)
+      }
+    case e: Extract =>
+      val body = e.body
+      body match {
+        case b: BitVecLiteral => BitVectorEval.boogie_extract(e.end, e.start, b)
+        case o                => e.copy(body = o)
+      }
+    case r: Repeat =>
+      val body = r.body
+      body match {
+        case b: BitVecLiteral => {
+          assert(r.repeats > 0)
+          if (r.repeats == 1) b
+          else {
+            (2 to r.repeats).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b))
+          }
+        }
+        case o => r.copy(body = o)
+      }
+    case variable: Variable => variable
+    case ml: MemoryLoad => 
+      val addr = ml.index
+      ml.copy(index= addr)
+    case b: Literal =>  b
+  }
+}
+
+
 def statePartialEvalExpr[S](l: Loader[S, InterpreterError])(exp: Expr): State[S, Expr, InterpreterError] = {
   val eval = statePartialEvalExpr(l)
   val ns = exp match {
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 99eb22d3d..bd837b4e0 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -9,19 +9,17 @@ import ir.cilvisitor.*
 val assocOps: Set[BinOp] =
   Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
 
-
-object AlgebraicSimplifications extends CILVisitor  {
-  override def vexpr(e: Expr) = ChangeDoChildrenPost(eval.simplifyExprFixpoint(e), eval.simplifyExprFixpoint)
+object AlgebraicSimplifications extends CILVisitor {
+  override def vexpr(e: Expr) = ChangeDoChildrenPost(e, eval.simplifyExprFixpoint)
 
   def apply(e: Expr) = {
     visit_expr(this, e)
   }
 }
 
-
 object SimplifyValidation {
   var traceLog = mutable.LinkedHashSet[(Expr, Expr)]()
-  var validate : Boolean = false
+  var validate: Boolean = false
 
   def makeValidation(writer: BufferedWriter) = {
 
@@ -31,7 +29,7 @@ object SimplifyValidation {
         case BitVecType(sz) => BinaryExpr(BVEQ, a, b)
         case IntType        => BinaryExpr(IntEQ, a, b)
         case BoolType       => BinaryExpr(BoolEQ, a, b)
-        case m: MapType        => ???
+        case m: MapType     => ???
       }
     }
 
@@ -51,28 +49,30 @@ object SimplifyValidation {
     }
   }
 
-
 }
 
-
 def simplifyExprFixpoint(e: Expr): Expr = {
   val begin = e
   var pe = e
   var count = 0
-  var ne = simplifyExpr(pe)
-  while (ne != pe && count < 5) {
+  var ne = e
+  var changedAny = false
+  var changed = true
+  while (changed) {
+    val (x, didAnything) = simplifyExpr(ne)
+    changed = didAnything
+    changedAny = changedAny || changed
     count += 1
-    pe = ne
-    ne = simplifyExpr(pe)
+    ne = ir.eval.fastPartialEvalExpr(x)
   }
-  if (ne != pe) {
+  if (changed) {
     Logger.error(s"stopping simp before fixed point: there is likely a simplificatinon loop: $pe !=== $ne")
   }
   if (SimplifyValidation.validate) {
     // normalise to deduplicate log entries
     val normer = VarNameNormalise()
-    val a = visit_expr(normer, begin) 
-    val b = visit_expr(normer, ne) 
+    val a = visit_expr(normer, begin)
+    val b = visit_expr(normer, ne)
 
     SimplifyValidation.traceLog.add((a, b))
   }
@@ -83,10 +83,9 @@ class VarNameNormalise() extends CILVisitor {
   var count = 1
   val assigned = mutable.Map[Variable, Variable]()
 
-
   def rename(v: Variable, newName: String) = {
     v match {
-      case LocalVar(n, t) => LocalVar(newName, t)
+      case LocalVar(n, t)  => LocalVar(newName, t)
       case Register(n, sz) => Register(newName, sz)
     }
   }
@@ -103,7 +102,6 @@ class VarNameNormalise() extends CILVisitor {
     }
   }
 
-
   def apply(e: Expr) = {
     count = 1
     assigned.clear()
@@ -114,9 +112,7 @@ class VarNameNormalise() extends CILVisitor {
   }
 }
 
-
-
-def simplifyExpr(e: Expr): Expr = {
+def simplifyExpr(e: Expr): (Expr, Boolean) = {
   // println((0 until indent).map(" ").mkString("") + e)
 
   def bool2bv1(e: Expr) = {
@@ -133,19 +129,7 @@ def simplifyExpr(e: Expr): Expr = {
     BVUGE -> BVUGT,
     BVSLE -> BVSLT,
     BVULE -> BVULT
-    )
-
-
-  def isNegBV(e: Expr) = {
-    simplifyExpr(e).getType match {
-      case BitVecType(sz) => {
-        BinaryExpr(BVSLT, e, BitVecLiteral(0, sz))
-      }
-      case _ => ???
-    }
-  }
-
-  val e2 = ir.eval.partialEvalExpr(e, (v) => None)
+  )
 
   def pushExtend(e: Expr, extend: Expr => Expr): Expr = {
     e match {
@@ -170,7 +154,8 @@ def simplifyExpr(e: Expr): Expr = {
   /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
     * more effective when applied iteratively until a fixed point.
     */
-  val simped = e2 match {
+  var didAnything = true
+  val simped = e match {
     // constant folding
     // const + (expr + const) -> expr + (const + const)
 
@@ -204,7 +189,6 @@ def simplifyExpr(e: Expr): Expr = {
       UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
     case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
 
-
     case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
         if !a.isInstanceOf[Literal] && !c.isInstanceOf[Literal]
           && assocOps.contains(op) && op == op1 && op == op2 =>
@@ -269,6 +253,10 @@ def simplifyExpr(e: Expr): Expr = {
         if ir.eval.BitVectorEval.isNegative(y) =>
       BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y))
 
+    case BinaryExpr(BVCONCAT, BitVecLiteral(0, sz), expr) => ZeroExtend(sz, expr)
+    case BinaryExpr(BVCONCAT, expr, BitVecLiteral(0, sz)) if (BigInt(2).pow(sz + size(expr).get) > sz) =>
+      BinaryExpr(BVSHL, ZeroExtend(sz, expr), BitVecLiteral(sz, sz + size(expr).get))
+
     /*  COMPARISON FLAG HANDLING
      *
      * We quite precisely pattern match ASLp's output for C and V,
@@ -362,7 +350,7 @@ def simplifyExpr(e: Expr): Expr = {
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
       // C not Set
-      AlgebraicSimplifications(UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y1))))
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y1)))
     }
 
     case BinaryExpr(
@@ -392,7 +380,7 @@ def simplifyExpr(e: Expr): Expr = {
 
     /* generic comparison simplification */
 
-    // weak to strict inequality 
+    // weak to strict inequality
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
         if size(lhs).isDefined && (AlgebraicSimplifications(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) && ineqToStrict.contains(op) => {
@@ -407,7 +395,7 @@ def simplifyExpr(e: Expr): Expr = {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
-      if rhs == rhs2 && AlgebraicSimplifications(lhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, lhs2)) && ineqToStrict.contains(op) => {
+      if rhs == rhs2 && (AlgebraicSimplifications(lhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, lhs2))) && ineqToStrict.contains(op) => {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
 
@@ -459,6 +447,18 @@ def simplifyExpr(e: Expr): Expr = {
         case _              => throw Exception("Type error (should be unreachable)")
       }
     case BinaryExpr(BoolEQ, x, FalseLiteral) => UnaryExpr(BoolNOT, x)
+
+    // redundant extends
+    // extract extended zero part
+    case Extract(ed, bg, ZeroExtend(x, expr)) if (bg > size(expr).get) => BitVecLiteral(0, ed - bg)
+    // extract below extend
+    case Extract(ed, bg, ZeroExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
+    case Extract(ed, bg, SignExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
+
+    case BinaryExpr(BVEQ, ZeroExtend(sz, expr), BitVecLiteral(0, sz2)) => BinaryExpr(BVEQ, expr, BitVecLiteral(0, size(expr).get))
+
+
+
     // double negation
     case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => (body)
     case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => (body)
@@ -483,15 +483,12 @@ def simplifyExpr(e: Expr): Expr = {
         ) =>
       BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1))
 
-    case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral)         => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
-    case BinaryExpr(BVAND, l, r) if l == r && l.loads.isEmpty => (l)
-    case BinaryExpr(op, x, y)                                 => BinaryExpr(op, (x), (y))
-    case r                                                    => r
+    case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
+    case r => {
+      didAnything = false
+      r
+    }
   }
 
-  if (simped != e) {
-    // println(s"old $e -> ")
-    // println(s"    $simped")
-  }
-  simped
+  (simped, didAnything)
 }
diff --git a/src/main/scala/ir/invariant/BackwardsCFGMatchesForwards.scala b/src/main/scala/ir/invariant/CFGCorrect.scala
similarity index 100%
rename from src/main/scala/ir/invariant/BackwardsCFGMatchesForwards.scala
rename to src/main/scala/ir/invariant/CFGCorrect.scala
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index 3a84ef732..5a009ad39 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -2,273 +2,541 @@ package ir.transforms
 
 import util.Logger
 import ir.cilvisitor.*
+import translating.*
 import ir.*
 import scala.collection.mutable
 import analysis._
 
-object DynamicSingleAssignment {
-  /* TODO: improve using liveness */
+val phiAssignLabel = Some("phi")
+
+/** This transforms the program by no-op copies and renaming local variable indices to establish the property that
+  *
+  * \forall variables v, forall uses of v : u, No subset of definitions of v defines the use u.
+  */
+
+class OnePassDSA(
+    liveVarsCheck: Option[Map[CFGPosition, Set[Variable]]] = None
+    /** Check our (faster) live var result against the TIP sovler solution */
+) {
+
+  val liveVarsDom = transforms.IntraLiveVarsDomain()
+  val liveVarsSolver = transforms.worklistSolver(liveVarsDom)
+
+  case class BlockState(
+      renamesBefore: mutable.Map[Variable, Int] = mutable.Map[Variable, Int](),
+      renamesAfter: mutable.Map[Variable, Int] = mutable.Map[Variable, Int](),
+      var filled: Boolean = false, /* have given local value numbering */
+      var completed: Boolean = false, /* have filled and processed all incoming */
+      var isPhi: Boolean = false /* begins filled */
+  )
+
+  def renameLHS(c: Command, variable: Variable, index: Int) = {
+    c match {
+      case s: Statement => visit_stmt(StmtRenamer(Map((variable -> index)), Map()), s)
+      case j: Jump      => visit_jump(StmtRenamer(Map((variable -> index)), Map()), j)
+    }
+  }
+
+  def renameRHS(c: Command, variable: Variable, index: Int) = {
+    c match {
+      case s: Statement => visit_stmt(StmtRenamer(Map(), Map((variable -> index))), s)
+      case j: Jump      => visit_jump(StmtRenamer(Map(), Map((variable -> index))), j)
+    }
+  }
+
+  def appendAssign(b: Block, s: Assign) = {
+    // maintain call end of lock invariant
+    if (b.statements.size > 0 && b.statements.last.isInstanceOf[Call]) {
+      b.statements.insertBefore(b.statements.last, s)
+    } else {
+      b.statements.append(s)
+    }
+  }
+
+  def withDefault(_st: mutable.Map[Block, BlockState])(b: Block) = {
+    if _st.contains(b) then _st(b)
+    else {
+      _st(b) = BlockState()
+      _st(b)
+    }
+  }
 
-  def applyTransform(program: Program, liveVars: Map[CFGPosition, Set[Variable]]) = {
+  def localProcessBlock(
+      state: mutable.Map[Block, BlockState],
+      count: mutable.Map[Variable, Int],
+      block: Block
+  ): Unit = {
+    def st(b: Block) = withDefault(state)(b)
 
-    case class DSARes(renames: Map[Variable, Int] = Map().withDefaultValue(-1)) // -1 means no rename
+    var renames = st(block).renamesBefore
 
-    def addIndex(v: Variable, idx: Int) = {
-      if (idx != -1) {
-        v match {
-          case Register(n, sz) => {
-            throw Exception("Should not SSA registers")
-            Register(n + "_" + idx, sz)
+    for (s <- block.statements) {
+      visit_stmt(StmtRenamer(Map(), renames.toMap), s)
+      s match {
+        case a @ Assign(lhs: LocalVar, _, _) => {
+          count(lhs) = count(lhs) + 1
+          renameLHS(a, lhs, count(lhs))
+          renames = renames + (lhs -> count(lhs))
+
+        }
+        case d: DirectCall => {
+          val vars = d.outParams.map(_._2).toList
+          for (lhs <- vars) {
+            count(lhs) = count(lhs) + 1
+            renameLHS(d, lhs, count(lhs))
+            renames = renames + (lhs -> count(lhs))
           }
-          case v @ LocalVar(n, t)  => LocalVar(v.varName, t, idx)
         }
-      } else {
-        v
+        case _ => ()
       }
     }
 
-    class StmtRenamer(renamesL: Map[Variable, Int] = Map(), renames: Map[Variable, Int] = Map()) extends CILVisitor {
-      override def vrvar(v: Variable) = v match {
-        case v if renames.contains(v) && renames(v) != -1 => ChangeTo(addIndex(v, renames(v)))
-        case _                                            => DoChildren()
-      }
+    visit_jump(StmtRenamer(Map(), renames.toMap), block.jump)
+    st(block).renamesAfter.addAll(renames)
+    st(block).filled = true
 
-      override def vlvar(v: Variable) = v match {
-        case v if renamesL.contains(v) && renamesL(v) != -1 => ChangeTo(addIndex(v, renamesL(v)))
-        case _                                              => DoChildren()
-      }
-    }
+  }
 
-    def appendAssign(b: Block, s: Assign) = {
-      // maintain call end of lock invariant
-      if (b.statements.size > 0 && b.statements.last.isInstanceOf[Call]) {
-        b.statements.insertBefore(b.statements.last, s)
-      } else {
-        b.statements.append(s)
-      }
+  def applyTransform(p: Program): Unit = {
+    for (proc <- p.procedures) {
+      applyTransform(proc)
     }
+  }
 
-    def njoin(st: Map[Block, DSARes], blocks: Iterable[Block] /* incoming blocks */) = {
-      require(blocks.size >= 2)
-      val rs = blocks.map(st(_))
-      val allRenamedVars = rs.flatMap(_.renames.keySet)
-      val renames = allRenamedVars.map {
-        case v => {
-          // for branches which have different renamings of variables, we know the larger index renaming is so far unused
-          // on the branches with smaller indexes, so we add a copy to these branches renaming to the largest index
-          val maxrename = rs.map(_.renames(v)).foldLeft(-1)(Integer.max)
-          v -> maxrename
-        }
-      }.toMap
-
-      DSARes(renames.withDefaultValue(-1))
+  def createBlockBetween(b1: Block, b2: Block, label: String = "_phi_"): Block = {
+    require(b1.nextBlocks.toSet.contains(b2))
+    val nb = Block(b1.label + label + b2.label)
+    b1.parent.addBlocks(nb)
+    b1.jump match {
+      case g: GoTo => {
+        g.addTarget(nb)
+        g.removeTarget(b2)
+      }
+      case _ => ???
     }
+    nb.replaceJump(GoTo(b2))
+    nb
+  }
 
-    def fixJoins(
-        st: Map[Block, DSARes],
-        p: Procedure,
-        lhss: Map[Command, Map[Variable, Int]],
-        rhss: Map[Command, Map[Variable, Int]]
-    ): (Map[Command, Map[Variable, Int]], Map[Command, Map[Variable, Int]]) = {
-      /**
-       * Add copies to blocks who have two incoming blocks with different renamings present to unify the renamings into the 
-       * subsequent block. We will expect that one of the incoming branches has a reassignment equal to this blocks entry point
-       * reassignment. All other branches should have a smaller SSA index, and allow an additional copy to be added ot unify them
-       * with the larger assignment.
-       *
-       * some consideration is required when adding copies to keep the call-end-of-block invariant
-       *
-       *  TODO: we can avoid adding copies for variables not live at the join
-       */
-      var lhs = lhss
-      var rhs = rhss
-      for (b <- p.blocks) {
-        val incoming = b.prevBlocks
-        val all = incoming.flatMap(st(_).renames.keySet)
-        val outgoing = rhss(IRWalk.firstInBlock(b))
-
-        // fix renames for all variables when when all incoming block renames rhs don't match 
-        // the expected rename at this block rhs AND the variable is still live at this block 
-        // by adding the appropriate copy
-        for (v <- all) {
-          val outgoingRename = outgoing(v)
-          for (b <- incoming) {
-            if (st(b).renames(v) != outgoingRename && outgoingRename != -1 && (liveVars(b).contains(v))) {
-              b.statements.lastOption match {
-                case Some(d: DirectCall) if d.outParams.toSet.map(_._2).contains(v) => {
-                  // if there is a call on this block assigning the variable, update its outparam's ssa index
-                  lhs = lhs + (d -> (lhs.get(d).getOrElse(Map()) + (v -> st(b).renames(v))))
+  def fixPredecessors(
+      _st: mutable.Map[Block, BlockState],
+      count: mutable.Map[Variable, Int],
+      liveBefore: mutable.Map[Block, Set[Variable]],
+      block: Block
+  ) = {
+    def state(b: Block) = withDefault(_st)(b)
+
+    val preds = block.prevBlocks.toList
+    val toJoin = preds.filter(state(_).filled)
+    assert(!(toJoin.isEmpty && preds.nonEmpty), s"should always have at least one processed predecessor ${preds}")
+
+    {
+      val definedVars = toJoin.flatMap(state(_).renamesAfter.keySet).toSet.intersect(liveBefore(block))
+      val toUnify = definedVars
+        .map(v => v -> toJoin.map(state(_).renamesAfter.get(v).getOrElse(0)))
+        .filter((v, rns) => {
+          rns.toList match {
+            case Nil      => false
+            case h :: Nil => false
+            // if there is no renaming such that all the incoming renames agree
+            // then we create a new copy
+            case h :: tl =>
+              tl.foldLeft(Some(h): Option[Int])((acc, rn) =>
+                acc match {
+                  case Some(v) if v == rn => Some(v)
+                  case _                  => None
                 }
-                case c => {
-                  // otherwise add an assignment to the block at the end or immediately before the call, and
-                  // update the ssa index of the in-parameters to the call
-                  val assign = Assign(v, v, Some("appended"))
-                  appendAssign(b, assign)
-
-                  lhs = lhs + (assign -> (lhs.get(assign).getOrElse(Map()) + (v -> outgoingRename)))
-                  rhs = rhs + (assign -> (rhs.get(assign).getOrElse(Map()) + (v -> st(b).renames(v))))
-                  c match {
-                    case Some(call: Call) => {
-                      rhs = rhs + (call -> (rhs.get(call).getOrElse(Map()) + (v -> outgoingRename)))
-                    }
-                    case _ => ()
-                  }
-                }
-              }
-            }
+              ).isEmpty
+          }
+        })
+
+      if (toUnify.nonEmpty) {
+        val blocks = toJoin.map(b => b -> createBlockBetween(b, block, "_phi_back_")).toMap
+        for (v <- toUnify.map(_._1)) {
+          count(v) = count(v) + 1
+          // new index for new copy of v (definition added to all incoming edges)
+
+          for (b <- toJoin) {
+            val nb = blocks(b)
+            assert(state(b).filled)
+            state(nb).renamesBefore.addAll(state(b).renamesAfter)
+
+            val assign = Assign(v, v, Some("phiback"))
+            state(nb).renamesAfter(v) = count(v)
+            appendAssign(nb, assign)
+            renameLHS(assign, v, state(nb).renamesAfter(v))
+            renameRHS(assign, v, state(nb).renamesBefore.get(v).getOrElse(0))
+            state(block).renamesBefore.addAll(state(nb).renamesAfter)
           }
+
+        }
+      } else {
+        // all our incoming are equal, or we have only one predecessor etc
+        for (b <- toJoin) {
+          state(block).renamesBefore.addAll(state(b).renamesAfter)
         }
       }
-      (lhs, rhs)
     }
+    // set completed
+    if (toJoin.size == preds.size) {
+      state(block).completed = true
+    } else {
+      state(block).completed = false
+    }
+
+  }
 
-    def processCollect(
-        i: DSARes,
-        b: Block,
-        count: mutable.Map[Variable, Int],
-        lhs: Map[Command, Map[Variable, Int]],
-        rhs: Map[Command, Map[Variable, Int]]
-    ): (DSARes, Map[Command, Map[Variable, Int]], Map[Command, Map[Variable, Int]]) = {
-      var r = i
-      var lh = lhs
-      var rh = rhs
-      // push the renames through a block, incrementing the ssa index when we see a new assignment
-
-      for (s <- b.statements) {
-        rh = rh.updated(s, rh(s) ++ r.renames)
-        val renames: Map[Variable, Int] = s match {
-          case a: Assign => {
-            if ((lh.get(a).flatMap(_.get(a.lhs))).map(_ == -1).getOrElse(true)) {
-              count(a.lhs) = (count(a.lhs) + 1)
-              Map(a.lhs -> count(a.lhs))
-            } else {
-              Map(a.lhs -> lh(a)(a.lhs))
-            }
+  def fixSuccessors(
+      _st: mutable.Map[Block, BlockState],
+      count: mutable.Map[Variable, Int],
+      liveBefore: mutable.Map[Block, Set[Variable]],
+      liveAfter: mutable.Map[Block, Set[Variable]],
+      block: Block
+  ) = {
+    def state(b: Block) = withDefault(_st)(b)
+
+    val next = block.nextBlocks.toList
+    val anyNextFilled = next.exists(state(_).filled)
+    val anyNextJoin = next.exists(_.prevBlocks.size > 1)
+    for (b <- next) {
+      val definedVars = state(block).renamesAfter.keySet.intersect(liveAfter(block))
+
+      if (definedVars.size > 0 && (anyNextFilled || anyNextJoin)) {
+        val nb = createBlockBetween(block, b, "_phi_")
+
+        state(nb).renamesBefore.addAll(state(block).renamesAfter)
+        if (state(b).filled) {
+          // if filled we have chosen an incoming rename
+          state(nb).renamesAfter.addAll(state(b).renamesBefore)
+        }
+
+        for (v <- definedVars) {
+          if (!state(nb).renamesAfter.contains(v)) {
+            count(v) = count(v) + 1
+            state(nb).renamesAfter(v) = count(v)
           }
-          case a: DirectCall => {
-            (a.outParams
-              .map(_._2))
-              .map(l => {
-                if (lh.get(s).flatMap(_.get(l)).map(_ == -1).getOrElse(true)) {
-                  count(l) = (count(l) + 1)
-                  (l -> count(l))
-                } else {
-                  (l -> lh(s)(l))
-                }
-              })
-              .toMap
+          if (state(nb).renamesBefore(v) != state(nb).renamesAfter(v)) {
+            val assign = Assign(v, v, phiAssignLabel)
+            appendAssign(nb, assign)
+            renameLHS(assign, v, state(nb).renamesAfter(v))
+            renameRHS(assign, v, state(nb).renamesBefore(v))
           }
-          case _ => Map()
         }
-        lh = lh.updated(s, lh(s) ++ renames)
-        r = r.copy(renames = r.renames ++ renames)
+        state(nb).filled = true
+        state(nb).isPhi = true
+        liveBefore(nb) = liveBefore(b)
+        liveAfter(nb) = liveBefore(b)
       }
-      rh = rh.updated(b.jump, rh(b.jump) ++ r.renames)
-      r = r.copy(renames = r.renames ++ rh(b.jump))
+    }
+  }
 
-      (r, lh, rh)
+  def visitBlock(
+      _st: mutable.Map[Block, BlockState],
+      count: mutable.Map[Variable, Int],
+      liveBefore: mutable.Map[Block, Set[Variable]],
+      liveAfter: mutable.Map[Block, Set[Variable]],
+      block: Block
+  ) = {
+
+    /** VisitBlock:
+      *
+      *   1. for all complete incoming
+      *      - if there is an incoming rename that is not equal across the predecessors
+      *      - add back phi block to each incoming edge
+      *      - create a fresh copy of each non-uniform renamed variable
+      *      - add copies to each phi block unify the incoming rename with the nominated new rename 2. add local value
+      *        numbering to this block 3. if all predecessors are filled, mark this complete, otherwise mark this
+      *        filled. 4. for all successors
+      *   - if marked filled, add phi block to unify our outgoing with its incoming
+      *   - if > 1 total predecessors for each unmarked , add phi block to nominate a new copy 5. for all successors, if
+      *     all predecessors are now filled, mark complete
+      */
+
+    def state(b: Block) = withDefault(_st)(b)
+
+    // add copies on incoming edges to make the outgoing rename of all filled precesessors
+    // the same, and define `block`'s incoming rename
+    fixPredecessors(_st, count, liveBefore, block)
+
+    // apply local value numbering to `block`
+    var seenBefore = true
+    if (!(state(block).filled)) {
+      localProcessBlock(_st, count, block)
+      state(block).filled = true
+      assert(state(block).filled)
+      seenBefore = false
     }
 
-    def renameAll(b: Block, lhs: Map[Command, Map[Variable, Int]], rhs: Map[Command, Map[Variable, Int]]) = {
-      for (s <- b.statements) {
-        visit_stmt(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
+    // mark successors complete which are completed as a result of processing `block`
+    for (b <- block.nextBlocks) {
+      if (b.prevBlocks.forall(state(_).filled)) {
+        state(b).completed = true
       }
-      val s = b.jump
-      visit_jump(StmtRenamer(lhs.get(s).getOrElse(Map()), rhs.get(s).getOrElse(Map())), s)
     }
 
-    def visitProc(p: Procedure) = {
-      /*
-       * visit in weak topological order, collect renames and copies of ssa variables then apply transform
-       * we need to visit loops twice to handle joins
-       */
-
-      val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
-      worklist.addAll(p.blocks)
-      var seen = Set[Block]()
-      val count = mutable.Map[Variable, Int]().withDefaultValue(0)
+    // add outgoing copies for e.g. loop headers
+    fixSuccessors(_st, count, liveBefore, liveAfter, block)
+  }
 
-      // ssa index to rename lvars and rvars respectively
-      var lhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
-      var rhs = Map[Command, Map[Variable, Int]]().withDefaultValue(Map().withDefaultValue(-1))
+  def applyTransform(p: Procedure): Unit = {
+    val _st = mutable.Map[Block, BlockState]()
+    // ensure order is defined
+    p.entryBlock.map(reversePostOrder)
+
+    val (liveBeforeIn, liveAfterIn) = liveVarsSolver.solveProc(p, backwards = true)
+    val liveBefore = mutable.Map.from(liveBeforeIn)
+    val liveAfter = mutable.Map.from(liveAfterIn)
+
+    for (lvResult <- liveVarsCheck) {
+      // check live vars has equal result to TIP solver
+      for ((b, s) <- liveBefore) {
+        assert(
+          lvResult(b) == s,
+          s"LiveVars unequal ${b.label}: ${lvResult(b)} == $s (differing ${lvResult(b).diff(s)})"
+        )
+      }
+    }
 
-      // the variable renaming at the end of each block
-      var st = Map[Block, DSARes]().withDefaultValue(DSARes())
+    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+    worklist.addAll(p.blocks)
+    var seen = Set[Block]()
+    val count = mutable.Map[Variable, Int]().withDefaultValue(0)
 
+    while (worklist.nonEmpty) {
       while (worklist.nonEmpty) {
-        val b = worklist.dequeue
+        val block = worklist.dequeue
+        assert(worklist.headOption.map(_.rpoOrder < block.rpoOrder).getOrElse(true))
 
-        if (b.prevBlocks.forall(st.contains(_)) && !b.prevBlocks.forall(b => seen.contains(b))) {
-          worklist.addAll(b.prevBlocks)
-          worklist.enqueue(b)
-        } else {
-          val prev = if (b.prevBlocks.size > 1 && b.prevBlocks.forall(b => st.contains(b))) {
-            // if we have a (possibly incomplete) entry for the incoming blocks we join them  
-            njoin(st, b.prevBlocks)
-          } else if (b.incomingJumps.size == 1) {
-            st(b.incomingJumps.head.parent)
-          } else {
-            DSARes()
-          }
-          val (processed, nlhs, nrhs) = processCollect(prev, b, count, lhs, rhs)
-          if (st(b) != processed || nlhs != lhs || nrhs != rhs) {
-            lhs = nlhs
-            rhs = nrhs
-            worklist.addAll(b.nextBlocks)
-            st = st.updated(b, processed)
-          }
-        }
-        seen += b
+        visitBlock(_st, count, liveBefore, liveAfter, block)
       }
-      val (lhss, rhss) = fixJoins(st, p, lhs, rhs)
-      lhs = lhss
-      rhs = rhss
+    }
 
-      for (b <- p.blocks) {
-        renameAll(b, lhs, rhs)
-      }
+    // fix up rpo index of added phi blocks
+    p.entryBlock.map(reversePostOrder)
+  }
 
+}
+
+class StmtRenamer(renamesL: Map[Variable, Int] = Map(), renames: Map[Variable, Int] = Map()) extends CILVisitor {
+
+  private def addIndex(v: Variable, idx: Int) = {
+    assert(idx != -1)
+    v match {
+      case Register(n, sz) => {
+        throw Exception("Should not SSA registers")
+        Register(n + "_" + idx, sz)
+      }
+      case v: LocalVar => LocalVar(v.varName, v.irType, idx)
     }
+  }
 
-    applyRPO(program)
-    program.procedures.foreach(visitProc)
+  override def vrvar(v: Variable) = v match {
+    case v if renames.contains(v) && renames(v) != -1 => ChangeTo(addIndex(v, renames(v)))
+    case _                                            => DoChildren()
+  }
+
+  override def vlvar(v: Variable) = v match {
+    case v if renamesL.contains(v) && renamesL(v) != -1 => ChangeTo(addIndex(v, renamesL(v)))
+    case _                                              => DoChildren()
   }
 }
 
+def rdDSAProperty(p: Procedure): Boolean = {
+  /*
+   * Check the DSA property using a reaching definitions analysis.
+   * DSA Property: Every use of a variable v has every definition of v as a reaching definition
+   *  / no strict subset of defintions of v defines any use of v, forall v.
+   */
+  val defs: Map[Variable, Set[Assign | DirectCall]] = p
+    .flatMap {
+      case a: Assign     => Seq((a.lhs, (a: Assign | DirectCall)))
+      case a: DirectCall => a.outParams.map(_._2).map((l: Variable) => (l, (a: Assign | DirectCall))).toSeq
+      case _             => Seq()
+    }
+    .groupBy(_._1)
+    .map((v, vs) => (v, vs.map(_._2).toSet))
+
+  Logger.debug(s"Reaching defs ${p.name}")
+  val reachingDefs = basicReachingDefs(p)
+  Logger.debug(s"Reaching defs ${p.name} DONE")
+
+  class CheckDSAProperty(
+      defs: Map[Variable, Set[Assign | DirectCall]],
+      reaching: Map[Command, Map[Variable, Set[Assign | DirectCall]]]
+  ) extends CILVisitor {
+    var passed = true
+    var stmt: Command = null
+    val violations = mutable.HashSet[(Command, Variable)]()
+
+    override def vrvar(v: Variable) = {
+      val allDefs = defs.get(v).toSet.flatten
+      val reachDefs = reachingDefs(stmt).get(v).toSet.flatten
+
+      val check = allDefs == reachDefs
+      if (!check) {
+        val vil = (stmt, v)
+        if (!violations.contains(vil)) {
+          violations.add(vil)
+          // Logger.error(s"DSA Property violated on $v at $stmt @ ${stmt.parent.parent.name}::${stmt.parent.label}\n\t ${allDefs.diff(reachDefs)} defs not reached")
+          Logger.error(
+            s"DSA Property violated on $v at $stmt @ ${stmt.parent.parent.name}::${stmt.parent.label}\n\t ${allDefs
+              .diff(reachDefs)} defs not reached\n\t${reachDefs}"
+          )
+        }
+      }
+      passed = passed && check
+      SkipChildren()
+    }
+    override def vstmt(v: Statement) = {
+      stmt = v
+      DoChildren()
+    }
+    override def vjump(j: Jump) = {
+      stmt = j
+      DoChildren()
+    }
 
+  }
 
-def undoDSA(p: Procedure) : Unit = {
-  /**
-   * This just naively removes the indices from variables, some analyses may require dsa form to maintain correctness
-   * (e.g. bitvector width removal)
-   *
-   * You can only do this if the ssa index order matches the flow order, and all have the same type. 
-   */
-  visit_proc(RevIndices, p)
-  visit_proc(RemoveCopy, p)
+  val vis = CheckDSAProperty(defs, reachingDefs)
+  visit_proc(vis, p)
+  if (vis.passed) {
+    Logger.debug(s"${p.name} DSA check OK")
+  }
+  vis.passed
+}
 
-  object RevIndices extends CILVisitor {
-    override def vlvar(v: Variable) = v match {
-      case l: LocalVar => ChangeTo(LocalVar(l.varName, l.irType))
-      case o => SkipChildren()
-    }
-    override def vrvar(v: Variable) = v match {
-      case l: LocalVar => ChangeTo(LocalVar(l.varName, l.irType))
-      case o => SkipChildren()
+object DSAPropCheck {
+  // check the property that no strict subset of definitions dominates a use
+  //
+  // This attempts to generate an SMT proof of this, by encoding the reaching definitions in SMT2
+  // Likely this does not work.
+
+  def getUses(s: CFGPosition): Set[Variable] = {
+    s match {
+      case a: Assign       => a.rhs.variables
+      case a: DirectCall   => a.actualParams.flatMap(_._2.variables).toSet
+      case a: Return       => a.outParams.flatMap(_._2.variables).toSet
+      case a: IndirectCall => Set(a.target)
+      case a: Assert       => a.body.variables
+      case a: Assume       => a.body.variables
+      case _               => Set()
     }
   }
 
-  object RemoveCopy extends CILVisitor {
-    override def vstmt(s: Statement) = s match {
-      case Assign(LocalVar(n1, t1), LocalVar(n2, t2), _) if n1 == n2 => ChangeTo(List())
-      case o => SkipChildren()
+  def getDefinitions(s: CFGPosition): Set[Variable] = {
+    s match {
+      case a: Assign     => Set(a.lhs)
+      case a: DirectCall => a.outParams.map(_._2).toSet
+      case _             => Set()
     }
   }
-}
 
-def undoDSA(p: Program) : Unit = {
-  for (proc <- p.procedures) {
-    undoDSA(proc)
+  def emitProof(proc: Procedure) = {
+
+    var fresh = 0
+    val vartoIdx = mutable.Map[Variable, Int]()
+    val nodeToIdx = mutable.Map[CFGPosition, Int]()
+
+    val blockcfg = proc.blocks.flatMap(b => {
+      val pred = IRWalk.lastInBlock(b)
+      b.statements.map(s => (s, s.successor)) ++
+        b.nextBlocks
+          .map(IRWalk.firstInBlock)
+          .map(succ => {
+            (pred, succ)
+          })
+    })
+
+    def getVarIdx(n: Variable): Int = {
+      if (vartoIdx.contains(n)) {
+        vartoIdx(n)
+      } else {
+        fresh += 1
+        vartoIdx(n) = fresh
+        vartoIdx(n)
+      }
+    }
+
+    def getGraphNode(p: CFGPosition): Int = {
+      // val idx = getVarIdx(v) // put in map
+      val n = p
+      if (nodeToIdx.contains(n)) {
+        nodeToIdx(n)
+      } else {
+        fresh += 1
+        nodeToIdx(n) = fresh
+        nodeToIdx(n)
+      }
+    }
+
+    def defTruePredicate(name: String, args: List[IRType]) =
+      list(
+        sym("declare-fun"),
+        sym(name),
+        Sexp.Slist(args.map(i => BasilIRToSMT2.basilTypeToSMTType(i)).toList),
+        BasilIRToSMT2.basilTypeToSMTType(BoolType)
+      )
+
+    def dominates[T](pred: Sexp[T], succ: Sexp[T]) = {
+      list(sym("assert"), list(sym("dominates"), pred, succ))
+    }
+    def notDominates[T](pred: Sexp[T], succ: Sexp[T]) = {
+      list(sym("assert"), list(sym("not"), list(sym("dominates"), pred, succ)))
+    }
+
+    val edges = blockcfg.map((p, s) => ((getGraphNode(p)), (getGraphNode(s)))).toSet
+    val nodes = edges.flatMap((a, b) => Seq(a, b))
+
+    val doms = nodes.flatMap(nn1 => {
+      nodes.flatMap(nn2 => {
+        val (n1, n2) = (BasilIRToSMT2.int2smt(nn1), BasilIRToSMT2.int2smt(nn2))
+        if (edges.contains((nn1, nn2))) {
+          Seq(dominates(n1, n2))
+        } else {
+          Seq()
+          // notDominates(n1, n2)
+        }
+      })
+    })
+
+    val res: List[Sexp[_]] = List(
+      defTruePredicate("isUse", List(IntType, IntType)), // node, var
+      defTruePredicate("isDef", List(IntType, IntType)), // node, var
+      defTruePredicate("dominates", List(IntType, IntType)) // node, node
+    ) ++ doms
+
+    val written = res.map(Sexp.print)
+
+    val vars = nodeToIdx.flatMap((p, nodeID) => {
+      getUses(p).map(vn => {
+        val v = getVarIdx(vn)
+        list(sym("assert"), list(sym("isUse"), BasilIRToSMT2.int2smt(nodeID), BasilIRToSMT2.int2smt(v)))
+      })
+      ++
+      getDefinitions(p).map(vn => {
+        val v = getVarIdx(vn)
+        list(sym("assert"), list(sym("isUse"), BasilIRToSMT2.int2smt(nodeID), BasilIRToSMT2.int2smt(v)))
+      })
+    })
+    val axioms = List(
+      "(assert (forall ((x Int) (y Int) (z Int)) (implies (and (dominates x y) (dominates y z)) (dominates x z))))",
+      "(assert (not (forall ((n Int) (v Int) (v2 Int)) (and (isDef n v) (isUse n v2)))))",
+      // check of dsa property
+      """(declare-fun defines (Int Int) Bool)
+(assert (forall ((d Int) (u Int) (i Int) (v Int)) (implies (and (isUse u v) (isDef d v) (dominates d u) (not (and (dominates d i) (dominates i u) (isDef i v)))) (defines d u))))
+(assert (not (forall ((usenode Int) (variable Int)) 
+  (implies  (isUse usenode variable) 
+    (forall ((defnode Int))
+      (implies (isDef defnode variable)
+        (defines defnode usenode)))))))
+        """
+    )
+
+    util.writeToFile(
+      (written ++ vars.map(Sexp.print) ++ axioms).mkString("\n") + "\n(check-sat)",
+      s"proofs/${proc.name}-dsa-graph.smt2"
+    )
   }
-}
 
+}
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index d861ea5f9..fa64f7c26 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -8,6 +8,24 @@ import specification.Specification
 import analysis.{TwoElement, TwoElementTop, TwoElementBottom}
 import ir.CallGraph
 
+case class FunSig(inArgs: List[Register], outArgs: List[Register]) 
+
+def R(n: Int) = {
+  Register(s"R$n", 64)
+}
+
+val builtinSigs : Map[String, FunSig] = Map(
+  "#free" -> FunSig(List(R(0)), List(R(0))),
+  "malloc" -> FunSig(List(R(0)), List(R(0))),
+  "strlen" -> FunSig(List(R(0)), List(R(0))),
+  "strchr" -> FunSig(List(R(0), R(1)), List(R(0))),
+  "strlcpy" -> FunSig(List(R(0), R(1), R(2)), List(R(0))),
+  "strlcat" -> FunSig(List(R(0), R(1), R(2)), List(R(0)))
+  )
+
+def fnsigToBinding(f: FunSig) = (f.inArgs.map(a => LocalVar(a.name + "_in", a.getType) -> LocalVar(a.name, a.getType)), 
+  f.outArgs.map(a => LocalVar(a.name + "_out", a.getType) -> LocalVar(a.name, a.getType)))
+
 def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
 
   val liveVars  =
@@ -103,6 +121,9 @@ class SetFormalParams(
 
   override def vproc(p: Procedure) = {
     if (externalFunctions.contains(p.name)) {
+
+
+
       p.formalInParam = mutable.SortedSet.from(externalIn.map(_._1))
       p.formalOutParam = mutable.SortedSet.from(externalOut.map(_._1))
       p.inParamDefaultBinding = immutable.SortedMap.from(externalIn)
@@ -293,22 +314,22 @@ class SetActualParams(
   override def vstmt(s: Statement) = {
     currStmt = Some(s)
     s match {
-      case d: DirectCall if !externalFunctions.contains(d.target.name) => {
-        // we have changed the parameter-passed variable to locals so we have LocalVar(n) -> LocalVar(n)
-        for (binding <- inBinding.get(d.target)) {
-          if (externalFunctions.contains(d.target.name)) {
-            d.actualParams = SortedMap.from(binding)
-          } else {
-            d.actualParams = d.actualParams ++ SortedMap.from(binding)
-          }
-        }
-        for (binding <- outBinding.get(d.target)) {
-          d.outParams = SortedMap.from(binding)
-        }
-      }
-      case d: DirectCall /* if external */ => {
-        d.actualParams = SortedMap.from(externalIn)
-        d.outParams = SortedMap.from(externalOut)
+      // case d: DirectCall if !externalFunctions.contains(d.target.name) => {
+      //   // we have changed the parameter-passed variable to locals so we have LocalVar(n) -> LocalVar(n)
+      //   for (binding <- inBinding.get(d.target)) {
+      //     if (externalFunctions.contains(d.target.name)) {
+      //       d.actualParams = SortedMap.from(binding)
+      //     } else {
+      //       d.actualParams = d.actualParams ++ SortedMap.from(binding)
+      //     }
+      //   }
+      //   for (binding <- outBinding.get(d.target)) {
+      //     d.outParams = SortedMap.from(binding)
+      //   }
+      // }
+      case d: DirectCall => {
+        d.actualParams = SortedMap.from(d.target.inParamDefaultBinding)
+        d.outParams = SortedMap.from(d.target.outParamDefaultBinding)
       }
       case _ => ()
     }
@@ -318,9 +339,7 @@ class SetActualParams(
   override def vjump(j: Jump) = {
     j match {
       case r: Return => {
-        for (binding <- outBinding.get(r.parent.parent)) {
-          r.outParams = SortedMap.from(binding)
-        }
+        r.outParams = SortedMap.from(r.parent.parent.outParamDefaultBinding)
         DoChildren()
       }
       case _ => DoChildren()
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index e24b4f257..1b698c2ec 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -13,15 +13,136 @@ import scala.util.{Failure, Success}
 import ExecutionContext.Implicits.global
 
 trait AbstractDomain[L] {
-  def join(a: L, b: L): L
-  def widen(a: L, b: L): L = join(a, b)
+  def join(a: L, b: L, pos: Block): L
+  def widen(a: L, b: L, pos: Block): L = join(a, b, pos)
   def narrow(a: L, b: L): L = a
-  def transfer(a: L, b: Statement): L
+  def transfer(a: L, b: Command): L
+  def transferBlockFwd(a: L, b: Block): L = {
+    transfer(b.statements.foldLeft(a)(transfer), b.jump)
+  }
+  def transferBlockBwd(a: L, b: Block): L = {
+    b.statements.toList.reverse.foldLeft(transfer(a, b.jump))(transfer)
+  }
 
   def top: L
   def bot: L
 }
 
+
+def getLiveVars(p: Procedure) = {
+  val liveVarsDom = IntraLiveVarsDomain()
+  val liveVarsSolver = worklistSolver(liveVarsDom)
+  liveVarsSolver.solveProc(p, backwards=true)
+}
+
+
+def basicReachingDefs(p: Procedure): Map[Command, Map[Variable, Set[Assign | DirectCall]]] = {
+  val (beforeLive, afterLive) = getLiveVars(p)
+  val dom = DefUseDomain(beforeLive)
+  val solver = worklistSolver(dom)
+  // type rtype = Map[Block, Map[Variable, Set[Assign | DirectCall]]]
+  val (beforeRes, afterRes) = solver.solveProc(p)
+
+
+  val merged: Map[Command, Map[Variable, Set[Assign | DirectCall]]] = 
+    beforeRes.flatMap((block, sts) => {
+      val b = Seq(IRWalk.firstInBlock(block) -> sts)
+      val stmts =
+        if (block.statements.nonEmpty) then
+          (block.statements.toList: List[Command]).zip(block.statements.toList.tail ++ List(block.jump))
+        else List()
+      val transferred = stmts
+        .foldLeft((sts, List[(Command, Map[Variable, Set[Assign | DirectCall]])]()))((st, s) => {
+          // map successor to transferred predecessor
+          val x = dom.transfer(st._1, s._1)
+          (x, (s._2 -> x) :: st._2)
+        })
+        ._2.toMap
+      b ++ transferred 
+    })
+    .toMap
+  merged
+}
+
+case class DefUse(defined: Map[Variable, Assign | DirectCall])
+
+// map v -> definitions reached here
+class DefUseDomain(liveBefore: Map[Block, Set[Variable]]) extends AbstractDomain[Map[Variable, Set[Assign | DirectCall]]] {
+  // TODO: cull values using liveness
+
+  override def transfer(s: Map[Variable, Set[Assign | DirectCall]], b: Command) = {
+    b match {
+      case a: Assign     => s.updated(a.lhs, Set(a))
+      case d: DirectCall => d.outParams.map(_._2).foldLeft(s)((s, r) => s.updated(r, Set(d)))
+      case _             => s
+    }
+  }
+  override def top = ???
+  def bot = Map[Variable, Set[Assign | DirectCall]]()
+  def join(l: Map[Variable, Set[Assign | DirectCall]], r: Map[Variable, Set[Assign | DirectCall]], pos: Block) = {
+    l.keySet
+      .union(r.keySet).filter(k => liveBefore(pos).contains(k))
+      .map(k => {
+        k -> (l.get(k).getOrElse(Set()) ++ r.get(k).getOrElse(Set()))
+      })
+      .toMap
+  }
+
+}
+
+class CollectingDomain[T, D <: AbstractDomain[T]](d: D) extends AbstractDomain[(T, Map[Command, T])] {
+  def bot = (d.bot, Map())
+  def top = ???
+
+  def join(l: (T, Map[Command, T]), r: (T, Map[Command, T]), pos: Block): (T, Map[Command, T]) = {
+    val nr = d.join(l._1, r._1, pos)
+    (
+      nr,
+      (l._2.keySet ++ r._2.keySet)
+        .map((s: Command) => {
+          ((l._2.get(s), r._2.get(s)) match {
+            case (Some(l), Some(r)) if l == r => Seq(s -> l)
+            case (Some(l), Some(r)) if l != r => Seq()
+            case (Some(l), None)              => Seq(s -> l)
+            case (None, Some(l))              => Seq(s -> l)
+            case _                            => ???
+          })
+        })
+        .flatten
+        .toMap
+    )
+  }
+
+  override def transfer(s: (T, Map[Command, T]), c: Command) = {
+    val u = d.transfer(s._1, c)
+    (u, s._2.updated(c, u))
+  }
+}
+
+trait PowerSetDomain[T] extends AbstractDomain[Set[T]] {
+  def bot = Set()
+  def top = ???
+  def join(a: Set[T], b: Set[T], pos: Block) = a.union(b)
+}
+
+class IntraLiveVarsDomain extends PowerSetDomain[Variable] {
+  // expected backwards
+
+  def transfer(s: Set[Variable], a: Command): Set[Variable] = {
+    a match {
+      case a: Assign       => (s - a.lhs) ++ a.rhs.variables
+      case m: MemoryAssign => s ++ m.index.variables ++ m.value.variables
+      case a: Assume       => s ++ a.body.variables
+      case a: Assert       => s ++ a.body.variables
+      case i: IndirectCall => s + i.target
+      case c: DirectCall   => (s -- c.outParams.map(_._2)) ++ c.actualParams.flatMap(_._2.variables)
+      case g: GoTo         => s
+      case r: Return       => s ++ r.outParams.flatMap(_._2.variables)
+      case r: Unreachable  => s
+    }
+  }
+}
+
 object MakeLocalsBlockUnique extends CILVisitor {
   var blockLabel: String = ""
 
@@ -129,7 +250,7 @@ def removeSlices(p: Procedure): Unit = {
     }
 
   enum HighZeroBits:
-    case Bits(n: Int) // (i) and (ii) hold; the n highest bits are redundant
+    case Bits(n: Int) // most significant bit that is accessed (and all below)
     case False // property is false
     case Bot // don't know anything
 
@@ -142,10 +263,12 @@ def removeSlices(p: Procedure): Unit = {
 
   val unifiedAssignments = ufsolver
     .unifications()
-    .map { case (v: LVTerm, rvs) =>
-      v.v -> (rvs.map { case LVTerm(rv) =>
-        rv
-      }).toSet
+    .map {
+      case (v: LVTerm, rvs) =>
+        v.v -> (rvs.map { case LVTerm(rv) =>
+          rv
+        }).toSet
+      case _ => ???
     }
     .map((repr: LocalVar, elems: Set[LocalVar]) =>
       repr -> elems.flatMap(assignments(_).filter(_ match {
@@ -156,79 +279,115 @@ def removeSlices(p: Procedure): Unit = {
     )
 
   // try and find a single extension size for all rhs of assignments to all variables in the assigned equality class
-  val varHighZeroBits: Map[LocalVar, HighZeroBits] = assignments.map((v, assigns) =>
-    // note: this overapproximates on x := y when x and y may both be smaller than their declared size
-    val allRHSExtended = assigns.foldLeft(HighZeroBits.Bot: HighZeroBits)((e, assign) =>
-      (e, assign.rhs) match {
-        case (HighZeroBits.Bot, ZeroExtend(i, lhs))                   => HighZeroBits.Bits(i)
-        case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i == ei => b
-        case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i != ei => HighZeroBits.False
-        case (HighZeroBits.False, _)                                  => HighZeroBits.False
-        case (_, other)                                               => HighZeroBits.False
-      }
-    )
-    (v, allRHSExtended)
-  )
-
-  val varsWithExtend: Map[LocalVar, HighZeroBits] = assignments
-    .map((lhs, _) => {
-      // map all lhs to the result for their representative
-      val rep = ufsolver.find(LVTerm(lhs)) match {
-        case LVTerm(r) => r
-      }
-      lhs -> varHighZeroBits.get(rep)
-    })
-    .collect { case (l, Some(x)) /* remove anything we have no information on */ =>
-      (l, x)
-    }
+  // val varHighZeroBits: Map[LocalVar, HighZeroBits] = assignments.map((v, assigns) =>
+  //   // note: this overapproximates on x := y when x and y may both be smaller than their declared size
+  //   val allRHSExtended = assigns.foldLeft(HighZeroBits.Bot: HighZeroBits)((e, assign) =>
+  //     (e, assign.rhs) match {
+  //       case (HighZeroBits.Bot, ZeroExtend(i, lhs))                   => HighZeroBits.Bits(i)
+  //       case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i == ei => b
+  //       case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i != ei => HighZeroBits.False
+  //       case (HighZeroBits.False, _)                                  => HighZeroBits.False
+  //       case (_, other)                                               => HighZeroBits.False
+  //     }
+  //   )
+  //   (v, allRHSExtended)
+  // )
+
+  //val varsWithExtend: Map[LocalVar, HighZeroBits] = assignments
+  //  .map((lhs, _) => {
+  //    // map all lhs to the result for their representative
+  //    val rep = ufsolver.find(LVTerm(lhs)) match {
+  //      case LVTerm(r) => r
+  //      case _         => ???
+  //    }
+  //    lhs -> varHighZeroBits.get(rep)
+  //  })
+  //  .collect { case (l, Some(x)) /* remove anything we have no information on */ =>
+  //    (l, x)
+  //  }
 
   class CheckUsesHaveExtend() extends CILVisitor {
     val result: mutable.HashMap[LocalVar, HighZeroBits] =
       mutable.HashMap[LocalVar, HighZeroBits]()
 
+    override def vrvar(v: Variable) = {
+      v match {
+        case v: LocalVar => {
+          result(v) = HighZeroBits.False
+        }
+        case _ => ()
+      }
+      SkipChildren()
+    }
+
     override def vexpr(v: Expr) = {
       v match {
         case Extract(i, 0, v: LocalVar)
-            if size(v).isDefined && result.get(v).contains(HighZeroBits.Bits(size(v).get - i)) =>
-          SkipChildren()
-        case v: LocalVar => {
-          result.remove(v)
+            if size(v).isDefined && ((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot)) => {
+          result(v) = HighZeroBits.Bits(i)
           SkipChildren()
         }
+        case Extract(i, 0, v: LocalVar) if size(v).isDefined && result.get(v).contains(HighZeroBits.Bits(i)) =>
+          SkipChildren()
         case _ => DoChildren()
       }
     }
 
-    def apply(assignHighZeroBits: Map[LocalVar, HighZeroBits])(p: Procedure): Map[LocalVar, HighZeroBits] = {
+    def apply(p: Procedure): Map[LocalVar, HighZeroBits] = {
       result.clear()
-      result.addAll(assignHighZeroBits)
       visit_proc(this, p)
       result.toMap
     }
   }
 
-  val toSmallen = CheckUsesHaveExtend()(varsWithExtend)(p).collect { case (v, HighZeroBits.Bits(x)) =>
+  val toSmallen = CheckUsesHaveExtend()(p).collect { case (v, HighZeroBits.Bits(x)) =>
     v -> x
   }.toMap
 
   class ReplaceAlwaysSlicedVars(varHighZeroBits: Map[LocalVar, Int]) extends CILVisitor {
+    var formals = Set[LocalVar]()
 
     override def vexpr(v: Expr) = {
       v match {
-        case Extract(i, 0, v: LocalVar) if size(v).isDefined && varHighZeroBits.contains(v) => {
-          ChangeTo(LocalVar(v.name, BitVecType(size(v).get - varHighZeroBits(v))))
+        case Extract(i, 0, v: LocalVar)
+            if size(v).isDefined && !(formals.contains(v)) && varHighZeroBits.contains(v) => {
+          assert(varHighZeroBits(v) == i)
+          ChangeTo(LocalVar(v.name, BitVecType(varHighZeroBits(v))))
         }
         case _ => DoChildren()
       }
     }
 
+    override def vproc(p: Procedure) = {
+      formals = p.formalInParam.toSet ++ p.formalOutParam.toSet
+      DoChildren()
+    }
+
     override def vstmt(s: Statement) = {
       s match {
+        case a @ Assign(lhs: LocalVar, SignExtend(sz, rhs), _)
+            if size(lhs).isDefined && varHighZeroBits.get(lhs).contains(size(rhs).get) && !(formals.contains(lhs)) => {
+          // assert(varHighZeroBits(lhs) == sz)
+          val varsize = varHighZeroBits(lhs)
+          a.lhs = LocalVar(lhs.name, BitVecType(varsize))
+          a.rhs = rhs
+          assert(size(a.lhs).get == size(a.rhs).get)
+          DoChildren()
+        }
         case a @ Assign(lhs: LocalVar, ZeroExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.contains(lhs) => {
-          assert(varHighZeroBits(lhs) == sz)
-          a.lhs = LocalVar(lhs.name, BitVecType(size(lhs).get - varHighZeroBits(lhs)))
+            if size(lhs).isDefined && varHighZeroBits.get(lhs).contains(size(rhs).get) && !(formals.contains(lhs)) => {
+          val varsize = varHighZeroBits(lhs)
+          a.lhs = LocalVar(lhs.name, BitVecType(varsize))
           a.rhs = rhs
+          assert(size(a.lhs).get == size(a.rhs).get)
+          DoChildren()
+        }
+        case a @ Assign(lhs: LocalVar, rhs, _)
+            if size(lhs).isDefined && varHighZeroBits.contains(lhs) && !(formals.contains(lhs)) => {
+          // promote extract to the definition
+          a.lhs = LocalVar(lhs.name, BitVecType(varHighZeroBits(lhs)))
+          a.rhs = Extract(varHighZeroBits(lhs), 0, rhs)
+          assert(size(a.lhs).get == size(a.rhs).get, s"${size(a.lhs).get} != ${size(a.rhs).get}")
           DoChildren()
         }
         case _ => DoChildren()
@@ -249,14 +408,15 @@ def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
   enum VS:
     case Bot
     case Assigned(definition: Set[Assign])
-    case Read
+    case Read(definition: Set[Assign], uses: Set[CFGPosition])
 
   def joinVS(a: VS, b: VS) = {
     (a, b) match {
       case (VS.Bot, o)                        => o
       case (o, VS.Bot)                        => o
-      case (VS.Read, _)                       => VS.Read
-      case (_, VS.Read)                       => VS.Read
+      case (VS.Read(d, u), VS.Read(d1, u1))   => VS.Read(d ++ d1, u ++ u1)
+      case (VS.Assigned(d), VS.Read(d1, u1))  => VS.Read(d ++ d1, u1)
+      case (VS.Read(d1, u1), VS.Assigned(d))  => VS.Read(d ++ d1, u1)
       case (VS.Assigned(d1), VS.Assigned(d2)) => VS.Assigned(d1 ++ d2)
     }
   }
@@ -268,43 +428,42 @@ def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
       case a: Assign => {
         assignedNotRead(a.lhs) = joinVS(assignedNotRead(a.lhs), VS.Assigned(Set(a)))
         a.rhs.variables.foreach(v => {
-          assignedNotRead(v) = VS.Read
+          assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(a)))
         })
       }
       case m: MemoryAssign => {
         m.index.variables.foreach(v => {
-          assignedNotRead(v) = VS.Read
+          assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(m)))
         })
         m.value.variables.foreach(v => {
-          assignedNotRead(v) = VS.Read
+          assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(m)))
         })
       }
       case m: IndirectCall => {
-        assignedNotRead(m.target) = VS.Read
+        assignedNotRead(m.target) = joinVS(assignedNotRead(m.target), VS.Read(Set(), Set(m)))
       }
       case m: Assert => {
         m.body.variables.foreach(v => {
-          assignedNotRead(v) = VS.Read
+          assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(m)))
         })
       }
       case m: Assume => {
         for (v <- m.body.variables) {
-          assignedNotRead(v) = VS.Read
+          assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(m)))
         }
       }
       case c: DirectCall => {
         c.actualParams
           .flatMap(_._2.variables)
           .foreach(v => {
-            assignedNotRead(v) = VS.Read
+            assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(c)))
           })
-
       }
       case p: Return => {
         p.outParams
           .flatMap(_._2.variables)
           .foreach(v => {
-            assignedNotRead(v) = VS.Read
+            assignedNotRead(v) = joinVS(assignedNotRead(v), VS.Read(Set(), Set(p)))
           })
       }
       case p: GoTo        => ()
@@ -315,7 +474,41 @@ def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
     }
   }
 
-  val r = assignedNotRead
+  var toRemove = assignedNotRead
+  var removeOld = toRemove
+
+  // def remove(a: Assign): Boolean = {
+  //   var removed : Boolean = false
+  //   toRemove = toRemove.map((v, s) =>
+  //     v -> {
+  //       s match {
+  //         case VS.Read(defs, uses) if uses.size == 1 && uses.contains(a) => {
+  //           removed = true
+  //           VS.Assigned(defs)
+  //         }
+  //         case VS.Read(defs, uses) if uses.contains(a)                   => {
+  //           removed = true
+  //           VS.Read(defs, uses - a)
+  //         }
+  //         case o                                                         => o
+  //       }
+  //     }
+  //   )
+  //   removed
+  // }
+
+  // while ({
+  //   removeOld = toRemove
+  //   val removed = removeOld.map((v, s) => {
+  //     s match {
+  //       case VS.Assigned(definition) => definition.map(remove).foldLeft(false)((x,y) => x || y)
+  //       case _                       => false
+  //     }
+  //   })
+  //   removed.exists(x => x)
+  // }) {}
+
+  val r = toRemove
     .collect { case (v, VS.Assigned(d)) =>
       d
     }
@@ -345,14 +538,15 @@ class CleanupAssignments() extends CILVisitor {
 
 def copypropTransform(p: Procedure) = {
   val t = util.PerformanceTimer(s"simplify ${p.name} (${p.blocks.size} blocks)")
-  val dom = ConstCopyProp()
-  val solver = worklistSolver(dom)
+  // val dom = ConstCopyProp()
+  // val solver = worklistSolver(dom)
 
   // Logger.info(s"${p.name} ExprComplexity ${ExprComplexity()(p)}")
-  val result = solver.solveProc(p)
+  // val result = solver.solveProc(p, true).withDefaultValue(dom.bot)
+  val result = DSACopyProp(p)
   val solve = t.checkPoint("Solve CopyProp")
 
-  val vis = Simplify(result.withDefaultValue(dom.bot))
+  val vis = Simplify(result)
   visit_proc(vis, p)
   val xf = t.checkPoint("transform")
   // Logger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
@@ -364,15 +558,21 @@ def copypropTransform(p: Procedure) = {
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
+  // visit_proc(AlgebraicSimplifications, p)
   // Logger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
   val sipm = t.checkPoint("algebraic simp")
+
+  // Logger.info("[!] Simplify :: RemoveSlices")
+  removeSlices(p)
+  visit_proc(AlgebraicSimplifications, p)
+
 }
 
 def doCopyPropTransform(p: Program) = {
@@ -406,18 +606,29 @@ def doCopyPropTransform(p: Program) = {
 
   // cleanup
   visit_prog(CleanupAssignments(), p)
-  val toremove = p.collect {
-    case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => b
+  for (proc <- p.procedures) {
+    val blocks = proc.blocks.toList
+    for (b <- blocks) {
+      b match {
+        case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => {
+          val p = b.prevBlocks.head
+          val n = b.nextBlocks.head
+          p.jump match {
+            case g: GoTo => {
+              g.addTarget(n)
+              g.removeTarget(b)
+            }
+            case _ => ???
+          }
+          b.replaceJump(Unreachable())
+          b.parent.removeBlocks(b)
+        }
+        case _ => ()
+      }
+    }
   }
 
   Logger.info("[!] Simplify :: Merge empty blocks")
-  for (b <- toremove) {
-    val p = b.prevBlocks.head
-    val n = b.nextBlocks.head
-    p.replaceJump((GoTo(n)))
-    b.parent.removeBlocks(b)
-  }
-
 
 }
 
@@ -448,8 +659,8 @@ def applyRPO(p: Program) = {
 
 class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
 
-  def solveProc(p: Procedure) = {
-    solve(p.blocks, Set(), Set())
+  def solveProc(p: Procedure, backwards: Boolean = false) = {
+    solve(p.blocks, Set(), Set(), backwards)
   }
 
   def solveProg(
@@ -474,7 +685,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
     work
       .map((prog, x) =>
         try {
-          (prog, Await.result(x, 10000.millis))
+          (prog, Await.result(x, 10000.millis)._2)
         } catch {
           case t: Exception => {
             Logger.error(s"${prog.name} : $t")
@@ -489,18 +700,30 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
   def solve(
       initial: IterableOnce[Block],
       widenpoints: Set[Block], // set of loop heads
-      narrowpoints: Set[Block] // set of conditions
-  ): Map[Block, L] = {
-    val saved: mutable.HashMap[Block, L] = mutable.HashMap()
+      narrowpoints: Set[Block], // set of conditions
+      backwards: Boolean = false
+  ): (Map[Block, L], Map[Block, L]) = {
+    val savedAfter: mutable.HashMap[Block, L] = mutable.HashMap()
+    val savedBefore: mutable.HashMap[Block, L] = mutable.HashMap()
     val saveCount: mutable.HashMap[Block, Int] = mutable.HashMap()
-    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+    val worklist = {
+      if (backwards) {
+        mutable.PriorityQueue[Block]()(Ordering.by(b => -b.rpoOrder))
+      } else {
+        mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+      }
+    }
     worklist.addAll(initial)
 
-    var x = domain.bot
+    def successors(b: Block) = if backwards then b.prevBlocks else b.nextBlocks
+    def predecessors(b: Block) = if backwards then b.nextBlocks else b.prevBlocks
+
     while (worklist.nonEmpty) {
       val b = worklist.dequeue
 
-      while (worklist.nonEmpty && (worklist.head.rpoOrder >= b.rpoOrder)) do {
+      while (worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
+                                   else (worklist.head.rpoOrder >= b.rpoOrder)))
+      do {
         // drop rest of blocks with same priority
         val m = worklist.dequeue()
         assert(
@@ -509,50 +732,42 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
         )
       }
 
-      def bs(b: Block): List[Block] = {
-        var blocks = mutable.LinkedHashSet[Block]()
-        var thisBlock = b
-        while ({
-          blocks.add(thisBlock)
-
-          if (thisBlock.nextBlocks.size == 1) {
-            thisBlock = thisBlock.nextBlocks.head
-            blocks.contains(thisBlock)
-          } else {
-            false
-          }
-        }) {}
-        blocks.toList
-      }
 
-      val prev = saved.get(b)
-      x = b.prevBlocks.flatMap(ib => saved.get(ib).toList).foldLeft(x)(domain.join)
-      saved(b) = x
-      // val todo = bs(b)
+      val prev = savedAfter.get(b)
+      val x = {
+        predecessors(b).toList.flatMap(b => savedAfter.get(b).toList) match {
+          case Nil      => domain.bot
+          case h :: Nil => h
+          case h :: tl  => tl.foldLeft(h)((acc, nb) => domain.join(acc, nb, b))
+        }
+      }
+      savedBefore(b) = x
       val todo = List(b)
-      val lastBlock = todo.last
 
-      def xf_block(x: L, b: Block) = {
-        saved(b) = b.statements.foldLeft(x)(domain.transfer)
-        saved(b)
-      }
+      val lastBlock = b // todo.last
       var nx = todo.foldLeft(x)((x, b) => {
-        saved(b) = xf_block(x, b)
-        saved(b)
+        savedBefore(b) = x
+        if (backwards) {
+          val ojmp = domain.transfer(x, b.jump)
+          savedAfter(b) = b.statements.toList.reverse.foldLeft(ojmp)(domain.transfer)
+        } else {
+          val stmts = b.statements.foldLeft(x)(domain.transfer)
+          savedAfter(b) = domain.transfer(stmts, b.jump)
+        }
+        savedAfter(b)
       })
-      saved(lastBlock) = nx
+      savedAfter(lastBlock) = nx
       saveCount(lastBlock) = saveCount.get(lastBlock).getOrElse(0) + 1
       if (!prev.contains(nx)) then {
-        if (saveCount(lastBlock) == 50) {
+        if (saveCount(lastBlock) >= 50) {
           Logger.warn(s"Large join count on block ${lastBlock.label}, no fix point? (-v for mor info)")
           Logger.debug(lastBlock.label + "    ==> " + x)
           Logger.debug(lastBlock.label + "    <== " + nx)
         }
-        worklist.addAll(lastBlock.nextBlocks)
+        worklist.addAll(successors(lastBlock))
       }
-      x = nx
     }
-    saved.toMap
+    if backwards then (savedAfter.toMap, savedBefore.toMap) else (savedBefore.toMap, savedAfter.toMap)
   }
 }
 
@@ -569,34 +784,12 @@ case class CCP(
 )
 
 object CCP {
+
   def toSubstitutions(c: CCP): Map[Variable, Expr] = {
     c.state.collect { case (v, CopyProp.Prop(e, _)) =>
       v -> e
     }
   }
-}
-
-class ConstCopyProp() extends AbstractDomain[CCP] {
-  private final val callClobbers = (0 to 30).map("R" + _).map(c => Register(c, 64))
-
-  def top: CCP = CCP(Map().withDefaultValue(CopyProp.Bot))
-  def bot: CCP = CCP(Map().withDefaultValue(CopyProp.Clobbered))
-
-  override def join(l: CCP, r: CCP): CCP = {
-    val ks = l.state.keySet.intersect(r.state.keySet)
-    val merged = ks.map(v =>
-      (v ->
-        ((l.state(v), r.state(v)) match {
-          case (l, CopyProp.Bot)                                                            => l
-          case (CopyProp.Bot, r)                                                            => r
-          case (c @ CopyProp.Clobbered, _)                                                  => c
-          case (_, c @ CopyProp.Clobbered)                                                  => c
-          case (p1 @ CopyProp.Prop(e1, deps1), p2 @ CopyProp.Prop(e2, deps2)) if (p1 == p2) => p1
-          case (_, _)                                                                       => CopyProp.Clobbered
-        }))
-    )
-    CCP(merged.toMap)
-  }
 
   def clobberFull(c: CCP, l: Variable) = {
     val p = clobber(c, l)
@@ -615,16 +808,126 @@ class ConstCopyProp() extends AbstractDomain[CCP] {
         .withDefaultValue(CopyProp.Bot)
     )
   }
+}
+
+def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
+
+  case class PropState(val e: Expr, val deps: Set[Variable], var clobbered: Boolean, var useCount: Int)
+  val state = mutable.HashMap[Variable, PropState]()
+  var poisoned = false
+
+  def clobberFull(c: mutable.HashMap[Variable, PropState], l: Variable): Unit = {
+    if (c.contains(l)) {
+      c(l).clobbered = true
+    } else {
+      c(l) = PropState(FalseLiteral, Set(), true, 0)
+    }
+  }
+
+  def clobberDeps(c: mutable.HashMap[Variable, PropState], l: Variable): Unit = {
+    val toclobber = c.filter(_.isInstanceOf[CopyProp.Prop]).filter(_.asInstanceOf[CopyProp.Prop].deps.contains(l))
+    for ((v, e) <- toclobber) {
+      c(v).clobbered = true
+    }
+  }
 
-  override def transfer(c: CCP, s: Statement): CCP = {
+  def transfer(c: mutable.HashMap[Variable, PropState], s: Statement): Unit = {
+    // val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
     s match {
-      case m: MemoryAssign => {
-        // c.copy(exprs = c.exprs.filterNot((k, v) => v.expr.loads.nonEmpty))
-        c
-      }
       case Assign(l, r, lb) => {
         if (r.loads.size > 0) {
+          // c.copy(state = c.state + (l -> CopyProp.Clobbered))
           clobberFull(c, l)
+        } else {
+          val evaled = r
+          val rhsDeps = evaled.variables.toSet
+          val existing = c.get(l)
+
+          existing match {
+            case None => {
+              c(l) = PropState(evaled, rhsDeps, false, 0)
+            }
+            case Some(ps) if ps.clobbered => {
+              ()
+            }
+            case Some(ps) if ps.e != evaled => {
+              clobberFull(c, l)
+            }
+            case _ => {
+              // ps.e == evaled and have prop
+            }
+          }
+
+          for (v <- rhsDeps) {
+            if (state.contains(v)) {
+              state(v).useCount += 1
+            }
+          }
+
+        }
+      }
+      case x: DirectCall => {
+        val lhs = x.outParams.map(_._2)
+        for (l <- lhs) {
+          clobberFull(c, l)
+        }
+      }
+      case x: IndirectCall => {
+        for ((i, v) <- c) {
+          v.clobbered = true
+        }
+      }
+      case _ => ()
+    }
+  }
+
+  // sort by precedence
+  val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
+  worklist.addAll(p.blocks)
+
+  while (worklist.nonEmpty) {
+    val b: Block = worklist.dequeue
+
+    for (l <- b.statements) {
+      transfer(state, l)
+    }
+  }
+
+  val res = state.collect {
+    case (v, c) if !c.clobbered => v -> c.e
+  }.toMap
+  res
+}
+
+class ConstCopyProp() extends AbstractDomain[CCP] {
+  private final val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
+
+  def top: CCP = CCP(Map().withDefaultValue(CopyProp.Clobbered))
+  def bot: CCP = CCP(Map().withDefaultValue(CopyProp.Bot))
+
+  override def join(l: CCP, r: CCP, pos: Block): CCP = {
+    // val ks = l.state.keySet.intersect(r.state.keySet)
+    val ks = l.state.keySet ++ (r.state.keySet)
+
+    val merged = ks.map(v =>
+      (v ->
+        ((l.state.get(v).getOrElse(CopyProp.Clobbered), r.state.get(v).getOrElse(CopyProp.Clobbered)) match {
+          case (l, CopyProp.Bot)                                                            => l
+          case (CopyProp.Bot, r)                                                            => r
+          case (c @ CopyProp.Clobbered, _)                                                  => c
+          case (_, c @ CopyProp.Clobbered)                                                  => c
+          case (p1 @ CopyProp.Prop(e1, deps1), p2 @ CopyProp.Prop(e2, deps2)) if (p1 == p2) => p1
+          case (_, _)                                                                       => CopyProp.Clobbered
+        }))
+    )
+    CCP(merged.toMap)
+  }
+
+  override def transfer(c: CCP, s: Command): CCP = {
+    s match {
+      case Assign(l, r, lb) => {
+        if (r.loads.size > 0) {
+          CCP.clobberFull(c, l)
         } else {
           val consts = c.state.collect {
             case (k, CopyProp.Prop(c, deps)) if deps.isEmpty => k -> c
@@ -633,22 +936,27 @@ class ConstCopyProp() extends AbstractDomain[CCP] {
           val rhsDeps = evaled.variables.toSet
           val existing = c.state.get(l).getOrElse(CopyProp.Bot)
 
-          val ns = existing match {
-            case CopyProp.Bot                                 => CopyProp.Prop(evaled, rhsDeps) // not seen yet
-            case CopyProp.Prop(e, _)                          => CopyProp.Prop(evaled, rhsDeps)
-            case _                                            => CopyProp.Clobbered // our expr value has changed
+          existing match {
+            case CopyProp.Bot => {
+              c.copy(state = c.state + (l -> CopyProp.Prop(evaled, rhsDeps))) // not seen yet
+            }
+            case CopyProp.Prop(e, _) => {
+              val p = CCP.clobber(c, l)
+              p.copy(state = p.state + (l -> CopyProp.Prop(evaled, rhsDeps))) // not seen yet
+            }
+            case _ => {
+              CCP.clobberFull(c, l)
+            }
           }
-          val p = c.copy(state = c.state + (l -> ns))
-          clobber(p, l)
         }
       }
       case x: DirectCall => {
         val lhs = x.outParams.map(_._2)
-        lhs.foldLeft(c)(clobberFull)
+        lhs.foldLeft(c)(CCP.clobberFull)
       }
       case x: IndirectCall => {
         val toClob = callClobbers
-        toClob.foldLeft(c)(clobberFull)
+        toClob.foldLeft(c)(CCP.clobberFull)
       }
       case _ => c
     }
@@ -720,8 +1028,9 @@ class Substitute(
 }
 
 class Simplify(
-    val res: Map[Block, CCP],
-    val initialBlock: Block = null
+    val res: Map[Variable, Expr],
+    val initialBlock: Block = null,
+    val absdom: Option[ConstCopyProp] = None /* flow sensitive */
 ) extends CILVisitor {
 
   var madeAnyChange = false
@@ -731,7 +1040,7 @@ class Simplify(
   override def vexpr(e: Expr) = {
     val threshold = 500
     val variables = e.variables.toSet
-    val subst = Substitute(CCP.toSubstitutions(res(block)), true, threshold)
+    val subst = Substitute(res, true, threshold)
     val result = subst(e).getOrElse(e)
     if (subst.complexity > threshold) {
       val bl = s"${block.parent.name}::${block.label}"
@@ -744,7 +1053,8 @@ class Simplify(
   }
 
   override def vblock(b: Block) = {
-    block = b
+    block = b  
     DoChildren()
   }
+
 }
diff --git a/src/main/scala/translating/GTIRBToIR.scala b/src/main/scala/translating/GTIRBToIR.scala
index f675631a2..74ba8b8eb 100644
--- a/src/main/scala/translating/GTIRBToIR.scala
+++ b/src/main/scala/translating/GTIRBToIR.scala
@@ -261,6 +261,7 @@ class GTIRBToIR(mods: Seq[Module], parserMap: immutable.Map[String, Array[Array[
     val (in, out) = createArguments(name)
 
     val procedure = Procedure(name, address, formalInParam = in.map(_._1), formalOutParam = out, inParamDefaultBinding=in.toMap)
+    procedure.inParamDefaultBinding = immutable.SortedMap.from(in.map((l,r) => l -> LocalVar(l.name, BitVecType(64))))
     uuidToProcedure += (functionUUID -> procedure)
     entranceUUIDtoProcedure += (entranceUUID -> procedure)
 
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 3add1ddbe..fd71a3440 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -159,24 +159,25 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     }
   }
 
-  def interpretFun(x: UninterpretedFunction): Sexp[Expr] = {
+  def interpretFun(x: UninterpretedFunction): Option[Sexp[Expr]] = {
     x.name match {
       case "bool2bv1" => {
-        list(
+        Some(list(
           sym("define-fun"),
           sym(x.name),
           list(list(sym("arg"), basilTypeToSMTType(BoolType))),
           basilTypeToSMTType(x.returnType),
           list(sym("ite"), sym("arg"), bv2smt(BitVecLiteral(1, 1)), bv2smt(BitVecLiteral(0, 1)))
-        )
+        ))
       }
+      case "bvsaddo" => None
       case _ => {
-        list(
+        Some(list(
           sym("declare-fun"),
           sym(x.name),
           Sexp.Slist(x.params.toList.map(a => basilTypeToSMTType(a.getType))),
           basilTypeToSMTType(x.returnType)
-        )
+        ))
       }
     }
   }
@@ -189,7 +190,7 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
       override def vexpr(e: Expr) = e match {
         case f: UninterpretedFunction => {
           val decl = interpretFun(f)
-          decled = decled + decl
+          decled = decled ++ decl.toSet
           DoChildren() // get variables out of args
         }
         case v: Variable => {
diff --git a/src/main/scala/translating/ReadELFLoader.scala b/src/main/scala/translating/ReadELFLoader.scala
index 0fca50e72..01af088d8 100644
--- a/src/main/scala/translating/ReadELFLoader.scala
+++ b/src/main/scala/translating/ReadELFLoader.scala
@@ -1,5 +1,6 @@
 package translating
 
+import util.Logger
 import Parsers.ReadELFParser.*
 import boogie.*
 import specification.*
@@ -111,11 +112,14 @@ object ReadELFLoader {
   private def getFunctionAddress(ctx: SymbolTableContext, functionName: String): Option[BigInt] = {
     if (ctx.symbolTableHeader.tableName.STRING.getText == ".symtab") {
       val rows = ctx.symbolTableRow.asScala
-      val mainAddress = rows.collectFirst {
-        case r if r.entrytype.getText == "FUNC" && r.bind.getText == "GLOBAL" && r.name.getText == functionName =>
+      val mainAddress = rows.collect {
+        case r if r.entrytype.getText == "FUNC" && r.name.getText == functionName =>
           hexToBigInt(r.value.getText)
       }
-      mainAddress
+      if (mainAddress.size > 1) {
+        Logger.warn(s"Multiple procedures with name $functionName")
+      }
+      mainAddress.headOption
     } else {
       None
     }
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 0ddf35b38..8a20a5070 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -310,8 +310,6 @@ object StaticAnalysis {
     Logger.debug("Subroutine Addresses:")
     Logger.debug(subroutines)
 
-    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
-
     Logger.info("reducible loops")
     // reducible loops
     val detector = LoopDetector(IRProgram)
@@ -530,31 +528,39 @@ object RunUtils {
 
   def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
     Logger.info("[!] Running Simplify")
+    val timer = PerformanceTimer("Simplify")
 
+    transforms.applyRPO(ctx.program)
+    Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
-    val liveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
-
-    writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
-    transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
+    // val liveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
+
+    // writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
+
+    // transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
+    transforms.OnePassDSA().applyTransform(ctx.program)
+    Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
+    // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-dsa.dot")
+    Logger.info("DSA Check")
+    val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+    assert(x)
+    Logger.info("DSA Check passed")
+    assert(invariant.singleCallBlockEnd(ctx.program))
+    assert(invariant.cfgCorrect(ctx.program))
+    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
 
-    config.foreach(_.analysisDotPath.foreach { s =>
-      writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-dsa.dot")
-    })
-    writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
+    // writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
 
     transforms.doCopyPropTransform(ctx.program)
-    writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
+    Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
+    // writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
     // run this after cond recovery because sign bit calculations often need high bits
     // which go away in high level conss
-    Logger.info("[!] Simplify :: RemoveSlices")
-    transforms.removeSlices(ctx.program)
-    writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
+    // writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
 
-    config.foreach(_.analysisDotPath.foreach { s =>
-      writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-simp.dot")
-    })
+    // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
 
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("[!] Simplify :: Writing simplification validation")
@@ -572,6 +578,10 @@ object RunUtils {
 
     var ctx = IRLoading.load(q.loading)
 
+    assert(invariant.singleCallBlockEnd(ctx.program))
+    assert(invariant.cfgCorrect(ctx.program))
+    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
+
     ctx = IRTransform.doCleanup(ctx)
 
     if (q.loading.trimEarly) {
@@ -580,9 +590,6 @@ object RunUtils {
       Logger.info(
         s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
       )
-
-      val dumpdomain = computeDomain[CFGPosition, CFGPosition](InterProcIRCursor, ctx.program.procedures)
-      writeToFile(toDot(dumpdomain, InterProcIRCursor, Map.empty), s"ldakjldajnew_ir_intercfg.dot")
     }
 
     if (q.loading.parameterForm) {
@@ -680,6 +687,7 @@ object RunUtils {
 }
 
 def writeToFile(content: String, fileName: String): Unit = {
+  Logger.debug(s"Writing $fileName (${content.size} bytes)")
   val outFile = File(fileName)
   val pw = PrintWriter(outFile, "UTF-8")
   pw.write(content)
diff --git a/src/test/correct/basic_arrays_write/basic_arrays_write.spec b/src/test/correct/basic_arrays_write/basic_arrays_write.spec
index cfe441557..6e181ea4b 100644
--- a/src/test/correct/basic_arrays_write/basic_arrays_write.spec
+++ b/src/test/correct/basic_arrays_write/basic_arrays_write.spec
@@ -6,4 +6,4 @@ Rely: true
 Guarantee: old(arr[0]) == arr[0]
 
 Subroutine: main
-Requires: Gamma_main_argc == false
\ No newline at end of file
+Requires: Gamma_R0 == false
diff --git a/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec b/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
index 3a35abe63..b7b91e75e 100644
--- a/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
+++ b/src/test/correct/basic_function_call_caller/basic_function_call_caller.spec
@@ -7,7 +7,7 @@ Rely: x == old(x), y == old(y)
 Guarantee: old(x) == 0bv32 ==> x == 0bv32, old(Gamma_y) ==> x == 0bv32 || Gamma_y
 
 Subroutine: main
-Requires: Gamma_main_argc == false
+Requires: Gamma_R0 == false
 
 Subroutine: zero
 Ensures: zero_result == 0bv32  && Gamma_R0
diff --git a/src/test/correct/basic_lock_security_write/basic_lock_security_write.spec b/src/test/correct/basic_lock_security_write/basic_lock_security_write.spec
index 5804dfbcc..f7515ed10 100644
--- a/src/test/correct/basic_lock_security_write/basic_lock_security_write.spec
+++ b/src/test/correct/basic_lock_security_write/basic_lock_security_write.spec
@@ -8,4 +8,4 @@ Guarantee: old(z) == 0bv32 ==> x == old(x) && z == old(z)
 
 Subroutine: main
 Requires: z != 0bv32
-Requires: Gamma_main_argc == false
\ No newline at end of file
+Requires: Gamma_R0 == false
diff --git a/src/test/correct/basic_sec_policy_write/basic_sec_policy_write.spec b/src/test/correct/basic_sec_policy_write/basic_sec_policy_write.spec
index a66060980..3780fc89a 100644
--- a/src/test/correct/basic_sec_policy_write/basic_sec_policy_write.spec
+++ b/src/test/correct/basic_sec_policy_write/basic_sec_policy_write.spec
@@ -7,4 +7,4 @@ Rely: old(z) == z
 Guarantee: old(z) != 0bv32 ==> z != 0bv32
 
 Subroutine: main
-Requires: Gamma_main_argc == false
\ No newline at end of file
+Requires: Gamma_R0 == false
diff --git a/src/test/correct/functionpointer/functionpointer.spec b/src/test/correct/functionpointer/functionpointer.spec
index 84cc2d8c6..f49fabf7f 100644
--- a/src/test/correct/functionpointer/functionpointer.spec
+++ b/src/test/correct/functionpointer/functionpointer.spec
@@ -1,2 +1,2 @@
 Subroutine: main
-Requires: Gamma_main_argc == true
\ No newline at end of file
+Requires: Gamma_R0 == true
diff --git a/src/test/correct/ifbranches/ifbranches.spec b/src/test/correct/ifbranches/ifbranches.spec
index 84cc2d8c6..f49fabf7f 100644
--- a/src/test/correct/ifbranches/ifbranches.spec
+++ b/src/test/correct/ifbranches/ifbranches.spec
@@ -1,2 +1,2 @@
 Subroutine: main
-Requires: Gamma_main_argc == true
\ No newline at end of file
+Requires: Gamma_R0 == true
diff --git a/src/test/indirect_calls/functionpointer/functionpointer.spec b/src/test/indirect_calls/functionpointer/functionpointer.spec
index 84cc2d8c6..f49fabf7f 100644
--- a/src/test/indirect_calls/functionpointer/functionpointer.spec
+++ b/src/test/indirect_calls/functionpointer/functionpointer.spec
@@ -1,2 +1,2 @@
 Subroutine: main
-Requires: Gamma_main_argc == true
\ No newline at end of file
+Requires: Gamma_R0 == true
diff --git a/src/test/indirect_calls/jumptable3/jumptable3.spec b/src/test/indirect_calls/jumptable3/jumptable3.spec
index 84cc2d8c6..f49fabf7f 100644
--- a/src/test/indirect_calls/jumptable3/jumptable3.spec
+++ b/src/test/indirect_calls/jumptable3/jumptable3.spec
@@ -1,2 +1,2 @@
 Subroutine: main
-Requires: Gamma_main_argc == true
\ No newline at end of file
+Requires: Gamma_R0 == true
diff --git a/src/test/indirect_calls/switch2/switch2.spec b/src/test/indirect_calls/switch2/switch2.spec
index 84cc2d8c6..f49fabf7f 100644
--- a/src/test/indirect_calls/switch2/switch2.spec
+++ b/src/test/indirect_calls/switch2/switch2.spec
@@ -1,2 +1,2 @@
 Subroutine: main
-Requires: Gamma_main_argc == true
\ No newline at end of file
+Requires: Gamma_R0 == true

From f313ed34466fee570d7b163d4c9d6699cb6cd4a5 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 31 Oct 2024 17:44:18 +1000
Subject: [PATCH 087/127] block coalescing

---
 src/main/scala/cfg_visualiser/DotTools.scala  |   2 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     |   6 +-
 .../transforms/DynamicSingleAssignment.scala  |  44 ++-
 src/main/scala/ir/transforms/Simp.scala       | 278 ++++++++++++------
 src/main/scala/util/RunUtils.scala            |  19 +-
 5 files changed, 225 insertions(+), 124 deletions(-)

diff --git a/src/main/scala/cfg_visualiser/DotTools.scala b/src/main/scala/cfg_visualiser/DotTools.scala
index 75f7b55ee..0cd7614c5 100644
--- a/src/main/scala/cfg_visualiser/DotTools.scala
+++ b/src/main/scala/cfg_visualiser/DotTools.scala
@@ -57,7 +57,7 @@ class DotNode(val id: String, val label: String) extends DotElement {
   override def toString: String = toDotString
 
   def toDotString: String =
-    s"\"$id\"" + "[label=\"" + wrap(label, 100) + "\", shape=\"box\", fontname=\"Mono\", fontsize=\"5\"]"
+    s"\"$id\"" + "[label=\"" + wrap(label, 200) + "\", shape=\"box\", fontname=\"Mono\", fontsize=\"5\"]"
 
 }
 
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index bd837b4e0..ec42a540d 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -468,9 +468,9 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => TrueLiteral
 
     // compose slices
-    case Extract(ed1, be1, Extract(ed2, be2, body)) => {
-      Extract(ed1 + be2, be1 + be2, (body))
-    }
+    case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 + be2, be1 + be2, (body))
+    case SignExtend(sz1, SignExtend(sz2, exp)) => SignExtend(sz1 + sz2, exp)
+    case ZeroExtend(sz1, ZeroExtend(sz2, exp)) => ZeroExtend(sz1 + sz2, exp)
 
     // (comp (comp x y) 1) = (comp x y)
     case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index 5a009ad39..53908582e 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -9,14 +9,14 @@ import analysis._
 
 val phiAssignLabel = Some("phi")
 
-/** This transforms the program by no-op copies and renaming local variable indices to establish the property that
+/** This transforms the program by adding no-op copies and renaming local variable indices to establish the property that
   *
   * \forall variables v, forall uses of v : u, No subset of definitions of v defines the use u.
   */
 
 class OnePassDSA(
-    liveVarsCheck: Option[Map[CFGPosition, Set[Variable]]] = None
-    /** Check our (faster) live var result against the TIP sovler solution */
+    /** Check our (faster) live var result against the TIP sovler solution 
+     */
 ) {
 
   val liveVarsDom = transforms.IntraLiveVarsDomain()
@@ -141,7 +141,7 @@ class OnePassDSA(
             // if there is no renaming such that all the incoming renames agree
             // then we create a new copy
             case h :: tl =>
-              tl.foldLeft(Some(h): Option[Int])((acc, rn) =>
+              tl.foldLeft(Some(h): Option[Int])((acc : Option[Int], rn: Int) =>
                 acc match {
                   case Some(v) if v == rn => Some(v)
                   case _                  => None
@@ -238,19 +238,19 @@ class OnePassDSA(
       block: Block
   ) = {
 
-    /** VisitBlock:
-      *
-      *   1. for all complete incoming
-      *      - if there is an incoming rename that is not equal across the predecessors
-      *      - add back phi block to each incoming edge
-      *      - create a fresh copy of each non-uniform renamed variable
-      *      - add copies to each phi block unify the incoming rename with the nominated new rename 2. add local value
-      *        numbering to this block 3. if all predecessors are filled, mark this complete, otherwise mark this
-      *        filled. 4. for all successors
-      *   - if marked filled, add phi block to unify our outgoing with its incoming
-      *   - if > 1 total predecessors for each unmarked , add phi block to nominate a new copy 5. for all successors, if
-      *     all predecessors are now filled, mark complete
-      */
+  /** VisitBlock:
+    *
+    *   1. for all complete incoming
+    *      - if there is an incoming rename that is not equal across the predecessors
+    *      - add back phi block to each incoming edge
+    *      - create a fresh copy of each non-uniform renamed variable
+    *      - add copies to each phi block unify the incoming rename with the nominated new rename 2. add local value
+    *        numbering to this block 3. if all predecessors are filled, mark this complete, otherwise mark this
+    *        filled. 4. for all successors
+    *   - if marked filled, add phi block to unify our outgoing with its incoming
+    *   - if > 1 total predecessors for each unmarked , add phi block to nominate a new copy 5. for all successors, if
+    *     all predecessors are now filled, mark complete
+    */
 
     def state(b: Block) = withDefault(_st)(b)
 
@@ -287,16 +287,6 @@ class OnePassDSA(
     val liveBefore = mutable.Map.from(liveBeforeIn)
     val liveAfter = mutable.Map.from(liveAfterIn)
 
-    for (lvResult <- liveVarsCheck) {
-      // check live vars has equal result to TIP solver
-      for ((b, s) <- liveBefore) {
-        assert(
-          lvResult(b) == s,
-          s"LiveVars unequal ${b.label}: ${lvResult(b)} == $s (differing ${lvResult(b).diff(s)})"
-        )
-      }
-    }
-
     val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
     worklist.addAll(p.blocks)
     var seen = Set[Block]()
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 1b698c2ec..77974081b 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -28,14 +28,30 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
-
 def getLiveVars(p: Procedure) = {
   val liveVarsDom = IntraLiveVarsDomain()
   val liveVarsSolver = worklistSolver(liveVarsDom)
-  liveVarsSolver.solveProc(p, backwards=true)
+  liveVarsSolver.solveProc(p, backwards = true)
+}
+
+def difftestLiveVars(p: Procedure, compareResult: Map[CFGPosition, Set[Variable]]) = {
+  val (liveBefore, liveAfter) = getLiveVars(p)
+  var passed = true
+
+  for ((b, s) <- liveBefore) {
+    val c = (compareResult(b) == s)
+    passed = passed && c
+    if (!c) {
+      Logger.error(
+        s"LiveVars unequal ${b.label}: ${compareResult(b)} == $s (differing ${compareResult(b).diff(s)})"
+      )
+    }
+  }
+  passed
 }
 
 
+
 def basicReachingDefs(p: Procedure): Map[Command, Map[Variable, Set[Assign | DirectCall]]] = {
   val (beforeLive, afterLive) = getLiveVars(p)
   val dom = DefUseDomain(beforeLive)
@@ -43,31 +59,33 @@ def basicReachingDefs(p: Procedure): Map[Command, Map[Variable, Set[Assign | Dir
   // type rtype = Map[Block, Map[Variable, Set[Assign | DirectCall]]]
   val (beforeRes, afterRes) = solver.solveProc(p)
 
-
-  val merged: Map[Command, Map[Variable, Set[Assign | DirectCall]]] = 
-    beforeRes.flatMap((block, sts) => {
-      val b = Seq(IRWalk.firstInBlock(block) -> sts)
-      val stmts =
-        if (block.statements.nonEmpty) then
-          (block.statements.toList: List[Command]).zip(block.statements.toList.tail ++ List(block.jump))
-        else List()
-      val transferred = stmts
-        .foldLeft((sts, List[(Command, Map[Variable, Set[Assign | DirectCall]])]()))((st, s) => {
-          // map successor to transferred predecessor
-          val x = dom.transfer(st._1, s._1)
-          (x, (s._2 -> x) :: st._2)
-        })
-        ._2.toMap
-      b ++ transferred 
-    })
-    .toMap
+  val merged: Map[Command, Map[Variable, Set[Assign | DirectCall]]] =
+    beforeRes
+      .flatMap((block, sts) => {
+        val b = Seq(IRWalk.firstInBlock(block) -> sts)
+        val stmts =
+          if (block.statements.nonEmpty) then
+            (block.statements.toList: List[Command]).zip(block.statements.toList.tail ++ List(block.jump))
+          else List()
+        val transferred = stmts
+          .foldLeft((sts, List[(Command, Map[Variable, Set[Assign | DirectCall]])]()))((st, s) => {
+            // map successor to transferred predecessor
+            val x = dom.transfer(st._1, s._1)
+            (x, (s._2 -> x) :: st._2)
+          })
+          ._2
+          .toMap
+        b ++ transferred
+      })
+      .toMap
   merged
 }
 
 case class DefUse(defined: Map[Variable, Assign | DirectCall])
 
 // map v -> definitions reached here
-class DefUseDomain(liveBefore: Map[Block, Set[Variable]]) extends AbstractDomain[Map[Variable, Set[Assign | DirectCall]]] {
+class DefUseDomain(liveBefore: Map[Block, Set[Variable]])
+    extends AbstractDomain[Map[Variable, Set[Assign | DirectCall]]] {
   // TODO: cull values using liveness
 
   override def transfer(s: Map[Variable, Set[Assign | DirectCall]], b: Command) = {
@@ -81,7 +99,8 @@ class DefUseDomain(liveBefore: Map[Block, Set[Variable]]) extends AbstractDomain
   def bot = Map[Variable, Set[Assign | DirectCall]]()
   def join(l: Map[Variable, Set[Assign | DirectCall]], r: Map[Variable, Set[Assign | DirectCall]], pos: Block) = {
     l.keySet
-      .union(r.keySet).filter(k => liveBefore(pos).contains(k))
+      .union(r.keySet)
+      .filter(k => liveBefore(pos).contains(k))
       .map(k => {
         k -> (l.get(k).getOrElse(Set()) ++ r.get(k).getOrElse(Set()))
       })
@@ -278,42 +297,52 @@ def removeSlices(p: Procedure): Unit = {
       }))
     )
 
-  // try and find a single extension size for all rhs of assignments to all variables in the assigned equality class
-  // val varHighZeroBits: Map[LocalVar, HighZeroBits] = assignments.map((v, assigns) =>
-  //   // note: this overapproximates on x := y when x and y may both be smaller than their declared size
-  //   val allRHSExtended = assigns.foldLeft(HighZeroBits.Bot: HighZeroBits)((e, assign) =>
-  //     (e, assign.rhs) match {
-  //       case (HighZeroBits.Bot, ZeroExtend(i, lhs))                   => HighZeroBits.Bits(i)
-  //       case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i == ei => b
-  //       case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i != ei => HighZeroBits.False
-  //       case (HighZeroBits.False, _)                                  => HighZeroBits.False
-  //       case (_, other)                                               => HighZeroBits.False
-  //     }
-  //   )
-  //   (v, allRHSExtended)
-  // )
-
-  //val varsWithExtend: Map[LocalVar, HighZeroBits] = assignments
-  //  .map((lhs, _) => {
-  //    // map all lhs to the result for their representative
-  //    val rep = ufsolver.find(LVTerm(lhs)) match {
-  //      case LVTerm(r) => r
-  //      case _         => ???
-  //    }
-  //    lhs -> varHighZeroBits.get(rep)
-  //  })
-  //  .collect { case (l, Some(x)) /* remove anything we have no information on */ =>
-  //    (l, x)
-  //  }
-
   class CheckUsesHaveExtend() extends CILVisitor {
     val result: mutable.HashMap[LocalVar, HighZeroBits] =
       mutable.HashMap[LocalVar, HighZeroBits]()
 
+    def extractAccess(v: LocalVar, highestBit: Int): Unit = {
+      if (!size(v).isDefined) {
+        return ();
+      }
+      if (((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot))) {
+        result(v) = HighZeroBits.Bits(highestBit)
+      } else {
+        result(v) match {
+          case HighZeroBits.Bits(n) if highestBit == size(v).get => {
+            // access full expr
+            result(v) = HighZeroBits.False
+          }
+          case HighZeroBits.Bits(n) if highestBit > n => {
+            // relax constraint to bits accessed
+            result(v) = HighZeroBits.Bits(highestBit)
+          }
+          case HighZeroBits.Bits(n) if n >= highestBit => {
+            // access satisfied by upper constraint
+          }
+          case _ => ()
+        }
+      }
+    }
+
+    override def vstmt(s: Statement) = {
+      s match {
+        case d: DirectCall => {
+          d.outParams.map(_._2).collect {
+            case l: LocalVar => {
+              result(l) = HighZeroBits.False
+            }
+          }
+        }
+        case _ => ()
+      }
+      DoChildren()
+    }
+
     override def vrvar(v: Variable) = {
       v match {
-        case v: LocalVar => {
-          result(v) = HighZeroBits.False
+        case v: LocalVar if size(v).isDefined => {
+          extractAccess(v, size(v).get)
         }
         case _ => ()
       }
@@ -322,13 +351,10 @@ def removeSlices(p: Procedure): Unit = {
 
     override def vexpr(v: Expr) = {
       v match {
-        case Extract(i, 0, v: LocalVar)
-            if size(v).isDefined && ((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot)) => {
-          result(v) = HighZeroBits.Bits(i)
+        case Extract(i, 0, v: LocalVar) if size(v).isDefined => {
+          extractAccess(v, i)
           SkipChildren()
         }
-        case Extract(i, 0, v: LocalVar) if size(v).isDefined && result.get(v).contains(HighZeroBits.Bits(i)) =>
-          SkipChildren()
         case _ => DoChildren()
       }
     }
@@ -351,13 +377,37 @@ def removeSlices(p: Procedure): Unit = {
       v match {
         case Extract(i, 0, v: LocalVar)
             if size(v).isDefined && !(formals.contains(v)) && varHighZeroBits.contains(v) => {
-          assert(varHighZeroBits(v) == i)
-          ChangeTo(LocalVar(v.name, BitVecType(varHighZeroBits(v))))
+          assert(varHighZeroBits(v) >= i)
+          if (varHighZeroBits(v) == i) {
+            ChangeTo(v.copy(irType = BitVecType(varHighZeroBits(v))))
+          } else {
+            ChangeTo(Extract(i, 0, v.copy(irType = BitVecType(varHighZeroBits(v)))))
+          }
         }
         case _ => DoChildren()
       }
     }
 
+    override def vlvar(v: Variable) = {
+      v match {
+        case lhs: LocalVar if (varHighZeroBits.contains(lhs) && !formals.contains(lhs)) => {
+          val n = lhs.copy(irType = BitVecType(varHighZeroBits(lhs)))
+          ChangeTo(n)
+        }
+        case _ => SkipChildren()
+      }
+    }
+
+    override def vrvar(v: Variable) = {
+      v match {
+        case lhs: LocalVar if (varHighZeroBits.contains(lhs) && !formals.contains(lhs)) => {
+          val n = lhs.copy(irType = BitVecType(varHighZeroBits(lhs)), lhs.index)
+          ChangeTo(n)
+        }
+        case _ => SkipChildren()
+      }
+    }
+
     override def vproc(p: Procedure) = {
       formals = p.formalInParam.toSet ++ p.formalOutParam.toSet
       DoChildren()
@@ -369,7 +419,7 @@ def removeSlices(p: Procedure): Unit = {
             if size(lhs).isDefined && varHighZeroBits.get(lhs).contains(size(rhs).get) && !(formals.contains(lhs)) => {
           // assert(varHighZeroBits(lhs) == sz)
           val varsize = varHighZeroBits(lhs)
-          a.lhs = LocalVar(lhs.name, BitVecType(varsize))
+          a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
           a.rhs = rhs
           assert(size(a.lhs).get == size(a.rhs).get)
           DoChildren()
@@ -377,7 +427,7 @@ def removeSlices(p: Procedure): Unit = {
         case a @ Assign(lhs: LocalVar, ZeroExtend(sz, rhs), _)
             if size(lhs).isDefined && varHighZeroBits.get(lhs).contains(size(rhs).get) && !(formals.contains(lhs)) => {
           val varsize = varHighZeroBits(lhs)
-          a.lhs = LocalVar(lhs.name, BitVecType(varsize))
+          a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
           a.rhs = rhs
           assert(size(a.lhs).get == size(a.rhs).get)
           DoChildren()
@@ -385,7 +435,7 @@ def removeSlices(p: Procedure): Unit = {
         case a @ Assign(lhs: LocalVar, rhs, _)
             if size(lhs).isDefined && varHighZeroBits.contains(lhs) && !(formals.contains(lhs)) => {
           // promote extract to the definition
-          a.lhs = LocalVar(lhs.name, BitVecType(varHighZeroBits(lhs)))
+          a.lhs = LocalVar(lhs.varName, BitVecType(varHighZeroBits(lhs)), lhs.index)
           a.rhs = Extract(varHighZeroBits(lhs), 0, rhs)
           assert(size(a.lhs).get == size(a.rhs).get, s"${size(a.lhs).get} != ${size(a.rhs).get}")
           DoChildren()
@@ -575,10 +625,73 @@ def copypropTransform(p: Procedure) = {
 
 }
 
+  def removeEmptyBlocks(p: Program) = {
+    for (proc <- p.procedures) {
+      val blocks = proc.blocks.toList
+      for (b <- blocks) {
+        b match {
+          case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.jump.isInstanceOf[GoTo] => {
+            val prev = b.prevBlocks
+            val next = b.nextBlocks
+            for (p <- prev) {
+              p.jump match {
+                case g: GoTo => {
+                  for (n <- next) {
+                    g.addTarget(n)
+                  }
+                  g.removeTarget(b)
+                }
+                case _ => throw Exception("Must have goto")
+              }
+            }
+            b.replaceJump(Unreachable())
+            b.parent.removeBlocks(b)
+          }
+          case _ => ()
+        }
+      }
+    }
+  }
+
+def coalesceBlocks(p: Program) = {
+  var didAny = false
+  for (proc <- p.procedures) {
+    val blocks = proc.blocks.toList
+    for (b <- blocks.sortBy(_.rpoOrder)) {
+      if (b.prevBlocks.size == 1 && b.prevBlocks.head.statements.nonEmpty && b.statements.nonEmpty
+        && b.prevBlocks.head.nextBlocks.size == 1
+        && b.prevBlocks.head.statements.lastOption.map(s => !(s.isInstanceOf[Call])).getOrElse(true)) {
+          didAny = true
+          // append topredecessor  
+          // we know prevBlock is only jumping to b and has no call at the end
+          val prevBlock = b.prevBlocks.head
+          val stmts = b.statements.map(b.statements.remove).toList
+          prevBlock.statements.appendAll(stmts)
+          // leave empty block b and cleanup with removeEmptyBlocks 
+        } else if (b.nextBlocks.size == 1 && b.nextBlocks.head.statements.nonEmpty && b.statements.nonEmpty
+          && b.nextBlocks.head.prevBlocks.size == 1
+          && b.statements.lastOption.map(s => !(s.isInstanceOf[Call])).getOrElse(true)) {
+          didAny = true
+          // append to successor
+          // we know b is only jumping to nextBlock and does not end in a call
+          val nextBlock = b.nextBlocks.head
+          val stmts = b.statements.map(b.statements.remove).toList
+          nextBlock.statements.prependAll(stmts)
+          // leave empty block b and cleanup with removeEmptyBlocks 
+      }
+    }
+  }
+  didAny
+}
+
 def doCopyPropTransform(p: Program) = {
 
   applyRPO(p)
 
+  removeEmptyBlocks(p)
+  coalesceBlocks(p)
+  removeEmptyBlocks(p)
+
   Logger.info("[!] Simplify :: Expr/Copy-prop Transform")
   val work = p.procedures
     .filter(_.blocks.size > 0)
@@ -606,30 +719,18 @@ def doCopyPropTransform(p: Program) = {
 
   // cleanup
   visit_prog(CleanupAssignments(), p)
-  for (proc <- p.procedures) {
-    val blocks = proc.blocks.toList
-    for (b <- blocks) {
-      b match {
-        case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.nextBlocks.size == 1 => {
-          val p = b.prevBlocks.head
-          val n = b.nextBlocks.head
-          p.jump match {
-            case g: GoTo => {
-              g.addTarget(n)
-              g.removeTarget(b)
-            }
-            case _ => ???
-          }
-          b.replaceJump(Unreachable())
-          b.parent.removeBlocks(b)
-        }
-        case _ => ()
-      }
-    }
-  }
-
   Logger.info("[!] Simplify :: Merge empty blocks")
 
+  
+
+  removeEmptyBlocks(p)
+  coalesceBlocks(p)
+  coalesceBlocks(p)
+  coalesceBlocks(p)
+  coalesceBlocks(p)
+  removeEmptyBlocks(p)
+
+
 }
 
 def reversePostOrder(startBlock: Block): Unit = {
@@ -721,8 +822,10 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
     while (worklist.nonEmpty) {
       val b = worklist.dequeue
 
-      while (worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
-                                   else (worklist.head.rpoOrder >= b.rpoOrder)))
+      while (
+          worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
+                                else (worklist.head.rpoOrder >= b.rpoOrder))
+        )
       do {
         // drop rest of blocks with same priority
         val m = worklist.dequeue()
@@ -732,7 +835,6 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
         )
       }
 
-
       val prev = savedAfter.get(b)
       val x = {
         predecessors(b).toList.flatMap(b => savedAfter.get(b).toList) match {
@@ -1053,7 +1155,7 @@ class Simplify(
   }
 
   override def vblock(b: Block) = {
-    block = b  
+    block = b
     DoChildren()
   }
 
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 8a20a5070..9a9c00694 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -527,13 +527,14 @@ object RunUtils {
   }
 
   def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
+
+    // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
 
     transforms.applyRPO(ctx.program)
     Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
-    // val liveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
 
     // writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
 
@@ -541,9 +542,15 @@ object RunUtils {
     transforms.OnePassDSA().applyTransform(ctx.program)
     Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-dsa.dot")
-    Logger.info("DSA Check")
-    val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
-    assert(x)
+    if (ir.eval.SimplifyValidation.validate) {
+      Logger.info("Live vars difftest")
+      val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
+      assert(ctx.program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
+
+      Logger.info("DSA Check")
+      val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+      assert(x)
+    }
     Logger.info("DSA Check passed")
     assert(invariant.singleCallBlockEnd(ctx.program))
     assert(invariant.cfgCorrect(ctx.program))
@@ -551,7 +558,9 @@ object RunUtils {
 
     // writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
-
+    // brute force run the analysis twice because it cleans up more stuff
+    transforms.doCopyPropTransform(ctx.program)
+    transforms.doCopyPropTransform(ctx.program)
     transforms.doCopyPropTransform(ctx.program)
     Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
     // writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")

From 95744f7774f57df5719761d7b1085dc809fcd14e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 1 Nov 2024 15:13:27 +1000
Subject: [PATCH 088/127] booltobv1 and copyprop heuristic

---
 src/main/scala/boogie/BExpr.scala             |  8 +++
 src/main/scala/ir/Expr.scala                  | 28 +++++----
 src/main/scala/ir/eval/ExprEval.scala         | 23 +++----
 src/main/scala/ir/eval/SimplifyExpr.scala     | 31 +++++-----
 .../invariant/BlocksUniqueToProcedure.scala   | 20 +++++++
 src/main/scala/ir/transforms/Simp.scala       | 60 ++++++++++++++-----
 src/main/scala/translating/IRExpToSMT2.scala  | 24 +++++---
 src/main/scala/translating/IRToBoogie.scala   |  8 ++-
 src/main/scala/util/RunUtils.scala            | 43 +++++++++----
 9 files changed, 171 insertions(+), 74 deletions(-)

diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala
index 3d3d00e52..cd01c39b9 100644
--- a/src/main/scala/boogie/BExpr.scala
+++ b/src/main/scala/boogie/BExpr.scala
@@ -270,6 +270,7 @@ case class BFunctionCall(name: String, args: List[BExpr], outType: BType, uninte
 
 case class UnaryBExpr(op: UnOp, arg: BExpr) extends BExpr {
   override def getType: BType = (op, arg.getType) match {
+    case (BoolToBV1, BoolBType)       => BitVecBType(1)
     case (_: BoolUnOp, BoolBType)     => BoolBType
     case (_: BVUnOp, bv: BitVecBType) => bv
     case (_: IntUnOp, IntBType)       => IntBType
@@ -282,6 +283,7 @@ case class UnaryBExpr(op: UnOp, arg: BExpr) extends BExpr {
   }
 
   override def toString: String = op match {
+    case BoolToBV1     => s"$op($arg)"
     case uOp: BoolUnOp => s"($uOp$arg)"
     case uOp: BVUnOp   => s"bv$uOp$inSize($arg)"
     case uOp: IntUnOp  => s"($uOp$arg)"
@@ -289,6 +291,7 @@ case class UnaryBExpr(op: UnOp, arg: BExpr) extends BExpr {
 
   override def functionOps: Set[FunctionOp] = {
     val thisFn = op match {
+      case b @ BoolToBV1 => Set(BoolToBV1Op(arg))
       case b: BVUnOp =>
         Set(BVFunctionOp(s"bv$b$inSize", s"bv$b", List(BParam(arg.getType)), BParam(getType)))
       case _ => Set()
@@ -680,6 +683,11 @@ case class BInBounds(base: BExpr, len: BExpr, endian: Endian, i: BExpr) extends
   override def loads: Set[BExpr]  = base.loads ++ len.loads ++ i.loads 
 }
 
+
+case class BoolToBV1Op(arg: BExpr) extends FunctionOp {
+  val fnName: String = "bool2bv1"
+}
+
 case class BMemoryLoad(memory: BMapVar, index: BExpr, endian: Endian, bits: Int) extends BExpr {
   override def toString: String = s"$fnName($memory, $index)"
 
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index b572a52eb..8fd9f2fa6 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -25,7 +25,6 @@ sealed trait Expr {
   lazy val variablesCached = variables
 }
 
-
 def size(e: Expr) = {
   e.getType match {
     case BitVecType(s) => Some(s)
@@ -67,9 +66,10 @@ case class IntLiteral(value: BigInt) extends Literal {
   override def toString: String = value.toString
 }
 
-/**
-  * @param end : high bit exclusive
-  * @param start : low bit inclusive
+/** @param end
+  *   : high bit exclusive
+  * @param start
+  *   : low bit inclusive
   * @param body
   */
 case class Extract(end: Int, start: Int, body: Expr) extends Expr {
@@ -130,6 +130,7 @@ case class UnaryExpr(op: UnOp, arg: Expr) extends Expr {
   override def variables: Set[Variable] = arg.variables
   override def loads: Set[MemoryLoad] = arg.loads
   override def getType: IRType = (op, arg.getType) match {
+    case (BoolToBV1, BoolType)       => BitVecType(1)
     case (_: BoolUnOp, BoolType)     => BoolType
     case (_: BVUnOp, bv: BitVecType) => bv
     case (_: IntUnOp, IntType)       => IntType
@@ -157,6 +158,7 @@ sealed trait BoolUnOp(op: String) extends UnOp {
 }
 
 case object BoolNOT extends BoolUnOp("!")
+case object BoolToBV1 extends BoolUnOp("bool2bv1")
 
 sealed trait IntUnOp(op: String) extends UnOp {
   override def toString: String = op
@@ -165,7 +167,6 @@ sealed trait IntUnOp(op: String) extends UnOp {
 
 case object IntNEG extends IntUnOp("-")
 
-
 sealed trait BVUnOp(op: String) extends UnOp {
   override def toString: String = op
 }
@@ -212,7 +213,9 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
         case IntEQ | IntNEQ | IntLT | IntLE | IntGT | IntGE => BoolType
       }
     case _ =>
-      throw new Exception("type mismatch, operator " + op.getClass.getSimpleName + s" type doesn't match args: (" + arg1 + ", " + arg2 + ")")
+      throw new Exception(
+        "type mismatch, operator " + op.getClass.getSimpleName + s" type doesn't match args: (" + arg1 + ", " + arg2 + ")"
+      )
   }
 
   private def inSize = arg1.getType match {
@@ -237,7 +240,7 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
 }
 
 trait BinOp {
-  def opName : String  
+  def opName: String
 }
 
 sealed trait BoolBinOp(op: String) extends BinOp {
@@ -386,7 +389,7 @@ case class Register(override val name: String, size: Int) extends Variable with
 }
 
 // Variable with scope local to the procedure, typically a temporary variable created in the lifting process
-case class LocalVar(varName: String, override val irType: IRType, val index : Int = 0) extends Variable {
+case class LocalVar(varName: String, override val irType: IRType, val index: Int = 0) extends Variable {
   override val name = varName + (if (index > 0) then s"_$index" else "")
   override def toGamma: BVar = BVariable(s"Gamma_$name", BoolBType, Scope.Local)
   override def toBoogie: BVar = BVariable(s"$name", irType.toBoogie, Scope.Local)
@@ -396,11 +399,10 @@ case class LocalVar(varName: String, override val irType: IRType, val index : In
 
 object LocalVar {
 
-  def unapply(l: LocalVar) : Option[(String, IRType)] = Some((s"${l.name}_${l.index}", l.irType)) 
+  def unapply(l: LocalVar): Option[(String, IRType)] = Some((s"${l.name}_${l.index}", l.irType))
 
 }
 
-
 // A memory section
 sealed trait Memory extends Global {
   val name: String
@@ -416,11 +418,13 @@ sealed trait Memory extends Global {
 }
 
 // A stack section of memory, which is local to a thread
-case class StackMemory(override val name: String, override val addressSize: Int, override val valueSize: Int) extends Memory {
+case class StackMemory(override val name: String, override val addressSize: Int, override val valueSize: Int)
+    extends Memory {
   override def acceptVisit(visitor: Visitor): Memory = visitor.visitStackMemory(this)
 }
 
 // A non-stack region of memory, which is shared between threads
-case class SharedMemory(override val name: String, override val addressSize: Int, override val valueSize: Int) extends Memory {
+case class SharedMemory(override val name: String, override val addressSize: Int, override val valueSize: Int)
+    extends Memory {
   override def acceptVisit(visitor: Visitor): Memory = visitor.visitSharedMemory(this)
 }
diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 22ee56370..18a154e99 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -89,6 +89,8 @@ def evalUnOp(op: UnOp, body: Literal): Expr = {
     case (i: IntLiteral, IntNEG)   => IntLiteral(-i.value)
     case (FalseLiteral, BoolNOT)   => TrueLiteral
     case (TrueLiteral, BoolNOT)    => FalseLiteral
+    case (TrueLiteral, BoolToBV1)  => BitVecLiteral(1, 0)
+    case (FalseLiteral, BoolToBV1) => BitVecLiteral(0, 1)
     case (_, _)                    => throw Exception(s"Unreachable ${(body, op)}")
   }
 }
@@ -154,15 +156,15 @@ def fastPartialEvalExpr(exp: Expr): Expr = {
   exp match {
     case f: UninterpretedFunction => f
     case unOp: UnaryExpr => {
-        unOp.arg match {
-          case l: Literal => evalUnOp(unOp.op, l)
-          case o          => UnaryExpr(unOp.op, o) 
-        }
+      unOp.arg match {
+        case l: Literal => evalUnOp(unOp.op, l)
+        case o          => UnaryExpr(unOp.op, o)
       }
+    }
     case binOp: BinaryExpr =>
-        val lhs = binOp.arg1
-        val rhs = binOp.arg2
-        binOp.getType match {
+      val lhs = binOp.arg1
+      val rhs = binOp.arg2
+      binOp.getType match {
         case m: MapType => binOp
         case b: BitVecType => {
           (binOp.op, lhs, rhs) match {
@@ -217,14 +219,13 @@ def fastPartialEvalExpr(exp: Expr): Expr = {
         case o => r.copy(body = o)
       }
     case variable: Variable => variable
-    case ml: MemoryLoad => 
+    case ml: MemoryLoad =>
       val addr = ml.index
-      ml.copy(index= addr)
-    case b: Literal =>  b
+      ml.copy(index = addr)
+    case b: Literal => b
   }
 }
 
-
 def statePartialEvalExpr[S](l: Loader[S, InterpreterError])(exp: Expr): State[S, Expr, InterpreterError] = {
   val eval = statePartialEvalExpr(l)
   val ns = exp match {
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index ec42a540d..2a94aa399 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -118,7 +118,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
   def bool2bv1(e: Expr) = {
     e.getType match {
       case BitVecType(1) => e
-      case BoolType      => UninterpretedFunction("bool2bv1", Seq(e), BitVecType(1))
+      case BoolType      => UnaryExpr(BoolToBV1, e) 
       case _             => ???
     }
 
@@ -221,28 +221,27 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     /* push bool2bv upwards */
     case BinaryExpr(
           bop,
-          UninterpretedFunction("bool2bv1", Seq(l), _),
-          UninterpretedFunction("bool2bv1", Seq(r), _)
+          UnaryExpr(BoolToBV1, l),
+          UnaryExpr(BoolToBV1, r),
         ) if bvLogOpToBoolOp.contains(bop) => {
       bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
     }
     case BinaryExpr(
           bop,
-          UninterpretedFunction("bool2bv1", Seq(l), _),
-          UninterpretedFunction("bool2bv1", Seq(r), _)
+          UnaryExpr(BoolToBV1, l),
+          UnaryExpr(BoolToBV1, r),
         ) if bvLogOpToBoolOp.contains(bop) => {
       bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
     }
 
-    case UnaryExpr(BVNOT, UninterpretedFunction("bool2bv1", Seq(arg), BitVecType(1))) =>
+    case UnaryExpr(BVNOT, UnaryExpr(BoolToBV1, arg)) =>
       bool2bv1(UnaryExpr(BoolNOT, arg))
 
     /* remove bool2bv in boolean context */
-    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(body), _), BitVecLiteral(1, 1)) => (body)
-    case BinaryExpr(BVEQ, UninterpretedFunction("bool2bv1", Seq(l), _), UninterpretedFunction("bool2bv1", Seq(r), _)) =>
-      BinaryExpr(BoolEQ, (l), (r))
-    case UninterpretedFunction("bool2bv1", Seq(FalseLiteral), _) => BitVecLiteral(0, 1)
-    case UninterpretedFunction("bool2bv1", Seq(TrueLiteral), _)  => BitVecLiteral(1, 1)
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body),  BitVecLiteral(1, 1)) => body
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => BinaryExpr(BoolEQ, (l), (r))
+    case UnaryExpr(BoolToBV1, FalseLiteral) => BitVecLiteral(0, 1)
+    case UnaryExpr(BoolToBV1, TrueLiteral)  => BitVecLiteral(1, 1)
 
     case BinaryExpr(BoolAND, x, TrueLiteral)  => x
     case BinaryExpr(BoolAND, x, FalseLiteral) => FalseLiteral
@@ -288,7 +287,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
             ) // high precision op
           )
         )
-        if (o1 == o2) && o1 == BVADD && (lhs) == (orig)
+      if sz > 1 && (o1 == o2) && o1 == BVADD && (lhs) == (orig)
           && AlgebraicSimplifications(SignExtend(exts, x1)) == x2
           && AlgebraicSimplifications(SignExtend(exts, y1)) == y2 => {
       BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
@@ -333,7 +332,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
             )
           )
         )
-        if (o1 == o2) && o2 == o4 && o1 == BVADD && (lhs) == (orig)
+        if sz > 1 && (o1 == o2) && o2 == o4 && o1 == BVADD && (lhs) == (orig)
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(SignExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(SignExtend(exts, y1))
           && AlgebraicSimplifications(z2) == AlgebraicSimplifications(SignExtend(exts, z1)) => {
@@ -346,7 +345,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
           compar @ BinaryExpr(o2, x2, y2)
         )
-        if (o1 == o2) && o1 == BVADD
+      if size(x1).get > 1 && (o1 == o2) && o1 == BVADD
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
       // C not Set
@@ -358,7 +357,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           ZeroExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
           BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
         )
-        if (o1 == o2) && o2 == o4 && o1 == BVADD
+        if size(x1).get > 1 && (o1 == o2) && o2 == o4 && o1 == BVADD
           && (x2) == (ZeroExtend(exts, x1))
           && (y2) == (ZeroExtend(exts, y1))
           && (z2) == (ZeroExtend(exts, z1)) => {
@@ -371,7 +370,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           ZeroExtend(exts, orig @ BinaryExpr(o1, x1, UnaryExpr(BVNEG, y1))),
           BinaryExpr(o2, compar @ BinaryExpr(o4, ZeroExtend(ext1, x2), ZeroExtend(ext2, UnaryExpr(BVNOT, y2))), BitVecLiteral(1, _)) // high precision op
         )
-        if (o1 == o2) && o2 == o4 && o1 == BVADD
+        if size(x1).get > 1 && (o1 == o2) && o2 == o4 && o1 == BVADD
           && exts == ext1 && exts == ext2
           && x1 == x2 && y1 == y2 => {
       // C not Set
diff --git a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
index a90f7633a..e53ae4d30 100644
--- a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
+++ b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
@@ -37,6 +37,26 @@ private class BVis extends CILVisitor {
   }
 }
 
+
+def blockUniqueLabels(p: Program) : Boolean = {
+  p.procedures.forall(blockUniqueLabels)
+}
+
+def blockUniqueLabels(p: Procedure) : Boolean = {
+  val blockNames = mutable.Set[String]()
+  var passed = true
+
+  for (block <- p.blocks) {
+    if (blockNames.contains(block.label)) {
+      passed = false
+      Logger.error("Duplicate block name: " + block.label)
+    }
+    blockNames.add(block.label)
+  }
+  passed
+}
+
+
 def blocksUniqueToEachProcedure(p: Program) : Boolean = {
   val v = BVis()
   visit_prog(v, p)
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 77974081b..af95457fc 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -269,7 +269,7 @@ def removeSlices(p: Procedure): Unit = {
     }
 
   enum HighZeroBits:
-    case Bits(n: Int) // most significant bit that is accessed (and all below)
+    case Bits(n: Int, var unifromAccesses: Boolean = true) // most significant bit that is accessed (and all below)
     case False // property is false
     case Bot // don't know anything
 
@@ -306,18 +306,18 @@ def removeSlices(p: Procedure): Unit = {
         return ();
       }
       if (((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot))) {
-        result(v) = HighZeroBits.Bits(highestBit)
+        result(v) = HighZeroBits.Bits(highestBit, true)
       } else {
         result(v) match {
-          case HighZeroBits.Bits(n) if highestBit == size(v).get => {
+          case HighZeroBits.Bits(n, _) if highestBit == size(v).get => {
             // access full expr
             result(v) = HighZeroBits.False
           }
-          case HighZeroBits.Bits(n) if highestBit > n => {
+          case HighZeroBits.Bits(n, _) if highestBit > n => {
             // relax constraint to bits accessed
-            result(v) = HighZeroBits.Bits(highestBit)
+            result(v) = HighZeroBits.Bits(highestBit, false)
           }
-          case HighZeroBits.Bits(n) if n >= highestBit => {
+          case HighZeroBits.Bits(n, _) if n >= highestBit => {
             // access satisfied by upper constraint
           }
           case _ => ()
@@ -327,7 +327,12 @@ def removeSlices(p: Procedure): Unit = {
 
     override def vstmt(s: Statement) = {
       s match {
+        case Assign(l: LocalVar, r: LocalVar, _) => {
+          /** direct copy ; use union-find result to process access **/
+          SkipChildren()
+        }
         case d: DirectCall => {
+          /** we always need to pass whole variable across calls since we analyse intraprocedurally */
           d.outParams.map(_._2).collect {
             case l: LocalVar => {
               result(l) = HighZeroBits.False
@@ -366,10 +371,18 @@ def removeSlices(p: Procedure): Unit = {
     }
   }
 
-  val toSmallen = CheckUsesHaveExtend()(p).collect { case (v, HighZeroBits.Bits(x)) =>
+  val onlyKeepWhereAllAccessesSliceSameBits = true
+  val toSmallen = CheckUsesHaveExtend()(p).collect { case (v, HighZeroBits.Bits(x, onlyKeepWhereAllAccessesSliceSameBits)) =>
     v -> x
   }.toMap
 
+  /**
+   * This transform moves bvextracts from the uses to the definition, if all uses have an extract of some size. 
+   * Ideally this removes the extract in some cases. To bemore strict the 
+   *    val onlyKeepWhereAllAccessesSliceSameBits = true
+   * flag only applies this transform when all accesses have extactly the same slice, effectively removing the slice at access.
+   */
+
   class ReplaceAlwaysSlicedVars(varHighZeroBits: Map[LocalVar, Int]) extends CILVisitor {
     var formals = Set[LocalVar]()
 
@@ -914,15 +927,15 @@ object CCP {
 
 def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
 
-  case class PropState(val e: Expr, val deps: Set[Variable], var clobbered: Boolean, var useCount: Int)
+  case class PropState(val e: Expr, val deps: mutable.Set[Variable], var clobbered: Boolean, var useCount: Int, var isFlagDep: Boolean)
   val state = mutable.HashMap[Variable, PropState]()
-  var poisoned = false
+  var poisoned = false // we have an indirect call
 
   def clobberFull(c: mutable.HashMap[Variable, PropState], l: Variable): Unit = {
     if (c.contains(l)) {
       c(l).clobbered = true
     } else {
-      c(l) = PropState(FalseLiteral, Set(), true, 0)
+      c(l) = PropState(FalseLiteral, mutable.Set(), true, 0, false)
     }
   }
 
@@ -933,6 +946,8 @@ def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
     }
   }
 
+  val flagNames = Set("ZF", "VF", "CF", "NF", "R31")
+
   def transfer(c: mutable.HashMap[Variable, PropState], s: Statement): Unit = {
     // val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
     s match {
@@ -945,17 +960,29 @@ def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
           val rhsDeps = evaled.variables.toSet
           val existing = c.get(l)
 
+          val isFlag = l match {
+            case l: LocalVar =>  flagNames.contains(l.varName)
+            case l           =>  flagNames.contains(l.name)
+          }
+
+          c.get(l).foreach(v => v.isFlagDep = v.isFlagDep || isFlag)
+          for (l <- rhsDeps) {
+            c.get(l).foreach(v => v.isFlagDep = v.isFlagDep || isFlag)
+          }
+
           existing match {
             case None => {
-              c(l) = PropState(evaled, rhsDeps, false, 0)
+              c(l) = PropState(evaled, mutable.Set.from(rhsDeps), false, 0, isFlag)
             }
             case Some(ps) if ps.clobbered => {
               ()
             }
             case Some(ps) if ps.e != evaled => {
+              ps.deps.addAll(rhsDeps)
               clobberFull(c, l)
             }
             case _ => {
+              // clobberFull(c, l)
               // ps.e == evaled and have prop
             }
           }
@@ -975,6 +1002,8 @@ def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
         }
       }
       case x: IndirectCall => {
+        // not really correct 
+        poisoned = true
         for ((i, v) <- c) {
           v.clobbered = true
         }
@@ -987,7 +1016,7 @@ def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
   val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
   worklist.addAll(p.blocks)
 
-  while (worklist.nonEmpty) {
+  while (worklist.nonEmpty && !poisoned) {
     val b: Block = worklist.dequeue
 
     for (l <- b.statements) {
@@ -995,8 +1024,8 @@ def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
     }
   }
 
-  val res = state.collect {
-    case (v, c) if !c.clobbered => v -> c.e
+  val res = if poisoned then Map() else state.collect {
+    case (v, c) if !c.clobbered && (c.useCount == 1 || c.isFlagDep || c.e.isInstanceOf[Variable] || c.e.isInstanceOf[Literal]) => v -> c.e
   }.toMap
   res
 }
@@ -1151,7 +1180,8 @@ class Simplify(
         Logger.warn(s"Some skipped substitution at $bl due to resulting expr size > ${threshold} threshold")
       }
     }
-    ChangeTo(result)
+    // ChangeDoChildrenPost(result, x => x)
+    ChangeDoChildrenPost(result, x => x)
   }
 
   override def vblock(b: Block) = {
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index fd71a3440..30edde03c 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -94,6 +94,7 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
       case BVNOT   => "bvnot"
       case BVNEG   => "bvneg"
       case IntNEG  => "-"
+      case BoolToBV1 => "bool2bv1"
     }
   }
 
@@ -159,16 +160,21 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     }
   }
 
+
+  def booltoBVDef : Sexp[Expr] = {
+    list(
+      sym("define-fun"),
+      sym("bool2bv1"),
+      list(list(sym("arg"), basilTypeToSMTType(BoolType))),
+      basilTypeToSMTType(BitVecType(1)),
+      list(sym("ite"), sym("arg"), bv2smt(BitVecLiteral(1, 1)), bv2smt(BitVecLiteral(0, 1)))
+    )
+  }
+
   def interpretFun(x: UninterpretedFunction): Option[Sexp[Expr]] = {
     x.name match {
       case "bool2bv1" => {
-        Some(list(
-          sym("define-fun"),
-          sym(x.name),
-          list(list(sym("arg"), basilTypeToSMTType(BoolType))),
-          basilTypeToSMTType(x.returnType),
-          list(sym("ite"), sym("arg"), bv2smt(BitVecLiteral(1, 1)), bv2smt(BitVecLiteral(0, 1)))
-        ))
+        Some(booltoBVDef)
       }
       case "bvsaddo" => None
       case _ => {
@@ -193,6 +199,10 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
           decled = decled ++ decl.toSet
           DoChildren() // get variables out of args
         }
+        case UnaryExpr(BoolToBV1, _) => {
+          decled = decled + booltoBVDef
+          DoChildren()
+        }
         case v: Variable => {
           val decl = list(sym("declare-const"), sym(fixVname(v.name)), basilTypeToSMTType(v.getType))
           decled = decled + decl
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index acdd70243..b32ec0ffb 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -63,7 +63,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
         translatedProcedures
     }
     val defaultGlobals = List(BVarDecl(mem, List(externAttr)), BVarDecl(Gamma_mem, List(externAttr)))
-    val globalVars = procedures.flatMap(p => p.globals ++ p.freeRequires.flatMap(_.globals) ++ p.freeEnsures.flatMap(_.globals) ++ p.ensures.flatMap(_.globals) ++ p.requires.flatMap(_.globals))
+    val globalVars = procedures.flatMap(p => p.globals)
     val globalDecls = (globalVars.map(b => BVarDecl(b, List(externAttr))) ++ defaultGlobals).distinct.sorted.toList
 
     val globalConsts: List[BConstAxiomPair] =
@@ -217,6 +217,12 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
   def functionOpToDefinition(f: FunctionOp): BFunction = {
     f match {
+      case b @ BoolToBV1Op(arg) =>  {
+        val invar = BParam("arg", BoolBType)
+        val outvar = BParam(BitVecBType(1))
+        val body = IfThenElse(invar, BitVecBLiteral(1,1), BitVecBLiteral(0, 1))
+        BFunction(b.fnName, List(invar), outvar, Some(body), List(externAttr))
+      }
       case b: BVFunctionOp => BFunction(b.name, b.in, b.out, None, List(externAttr, b.attribute))
       case m: MemoryLoadOp =>
         val memVar = BMapVar("memory", MapBType(BitVecBType(m.addressSize), BitVecBType(m.valueSize)), Scope.Parameter)
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 9a9c00694..cf3d1ff3d 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -531,45 +531,64 @@ object RunUtils {
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
+    val write = false
 
     transforms.applyRPO(ctx.program)
+
+    transforms.removeEmptyBlocks(ctx.program)
+    transforms.coalesceBlocks(ctx.program)
+    transforms.removeEmptyBlocks(ctx.program)
+    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-dsa.dot")
+    
     Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
-
-    // writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
+    if write then writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
 
     // transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
     transforms.OnePassDSA().applyTransform(ctx.program)
     Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
-    // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-dsa.dot")
+    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-dsa.dot")
     if (ir.eval.SimplifyValidation.validate) {
-      Logger.info("Live vars difftest")
-      val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
-      assert(ctx.program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
+      // Logger.info("Live vars difftest")
+      // val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
+      //assert(ctx.program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
 
       Logger.info("DSA Check")
       val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
       assert(x)
+      Logger.info("DSA Check passed")
     }
-    Logger.info("DSA Check passed")
     assert(invariant.singleCallBlockEnd(ctx.program))
     assert(invariant.cfgCorrect(ctx.program))
     assert(invariant.blocksUniqueToEachProcedure(ctx.program))
 
-    // writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
+    if write then writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
     // brute force run the analysis twice because it cleans up more stuff
     transforms.doCopyPropTransform(ctx.program)
     transforms.doCopyPropTransform(ctx.program)
-    transforms.doCopyPropTransform(ctx.program)
+    assert(invariant.blockUniqueLabels(ctx.program))
     Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
-    // writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
+    if write then writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
+
+
+    if (ir.eval.SimplifyValidation.validate) {
+      Logger.info("DSA Check (after transform)")
+      val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+      assert(x)
+      Logger.info("passed")
+    }
 
     // run this after cond recovery because sign bit calculations often need high bits
     // which go away in high level conss
-    // writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
+    if write then writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
+
+    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
+
+    // re-apply dsa
+    // transforms.OnePassDSA().applyTransform(ctx.program)
+    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-second-dsa.dot")
 
-    // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
 
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("[!] Simplify :: Writing simplification validation")

From 70a22c1f61477a6bee82e5f080a55bf3f306216f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 1 Nov 2024 17:32:39 +1000
Subject: [PATCH 089/127] WIP bitvector size type inference

---
 .../ir/invariant/CorrectCallParams.scala      |  15 ++
 src/main/scala/ir/transforms/Simp.scala       | 172 ++++++++++++------
 src/main/scala/util/RunUtils.scala            |   4 +-
 3 files changed, 131 insertions(+), 60 deletions(-)

diff --git a/src/main/scala/ir/invariant/CorrectCallParams.scala b/src/main/scala/ir/invariant/CorrectCallParams.scala
index e23a262ec..d5a934340 100644
--- a/src/main/scala/ir/invariant/CorrectCallParams.scala
+++ b/src/main/scala/ir/invariant/CorrectCallParams.scala
@@ -34,6 +34,21 @@ def correctCalls(p: Program) : Boolean = {
 
       r
     }
+    case c: Return => {
+      val t = c.parent.parent
+      val outparams = (c.outParams.keySet == t.formalOutParam) 
+      val typecheck = c.outParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k,v) => k.getType == v.getType)
+      if (!outparams) {
+        Logger.error(s"Return formal out params do  do not match procedure formal out params: ${c.outParams} != ${t.formalOutParam}")
+      }
+      if (!typecheck) {
+        val out = c.outParams.collect {
+          case (k,v) if k.getType != v.getType => s"$k := $v"
+        }
+        Logger.error(s"doesn't typecheck:$c  \n${if out.nonEmpty then " out : " else ""}${out.mkString(" ")}")
+      }
+      typecheck && outparams
+    }
     case _ => true
   }
 }
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index af95457fc..b25ba2418 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -162,32 +162,6 @@ class IntraLiveVarsDomain extends PowerSetDomain[Variable] {
   }
 }
 
-object MakeLocalsBlockUnique extends CILVisitor {
-  var blockLabel: String = ""
-
-  override def vlvar(v: Variable) = v match {
-    case LocalVar(name, t) => ChangeTo(LocalVar(blockLabel + "_" + name, t))
-    case _                 => SkipChildren()
-  }
-
-  override def vrvar(v: Variable) = v match {
-    case LocalVar(name, t) => ChangeTo(LocalVar(blockLabel + "_" + name, t))
-    case _                 => SkipChildren()
-  }
-
-  override def vblock(b: Block) = {
-    blockLabel = b.label
-    DoChildren()
-  }
-
-  def apply(p: Program) = {
-    for (proc <- p.procedures.filter(_.entryBlock.isDefined)) {
-      blockLabel = ""
-      visit_proc(this, proc)
-    }
-  }
-}
-
 def removeSlices(p: Program): Unit = {
   p.procedures.foreach(removeSlices)
 }
@@ -269,17 +243,19 @@ def removeSlices(p: Procedure): Unit = {
     }
 
   enum HighZeroBits:
-    case Bits(n: Int, var unifromAccesses: Boolean = true) // most significant bit that is accessed (and all below)
+    case Bits(n: Int, var unifromAccesses: Boolean = true, highAlwaysZero: Option[Int] = None) // most significant bit that is accessed (and all below)
     case False // property is false
     case Bot // don't know anything
 
   // unify variable uses across direct assignments
   val ufsolver = analysis.solvers.UnionFindSolver[LVTerm]()
-  val unioned = assignments.foreach {
+  assignments.foreach {
     case (lv, Assign(lhs: LocalVar, rhs: LocalVar, _)) => ufsolver.unify(LVTerm(lhs), LVTerm(rhs))
     case _                                             => ()
   }
 
+  def getRep(v: LocalVar)  : LocalVar = ufsolver.find(LVTerm(v)).asInstanceOf[LVTerm].v
+
   val unifiedAssignments = ufsolver
     .unifications()
     .map {
@@ -297,27 +273,29 @@ def removeSlices(p: Procedure): Unit = {
       }))
     )
 
+
   class CheckUsesHaveExtend() extends CILVisitor {
     val result: mutable.HashMap[LocalVar, HighZeroBits] =
       mutable.HashMap[LocalVar, HighZeroBits]()
 
-    def extractAccess(v: LocalVar, highestBit: Int): Unit = {
+    def extractAccess(actualVar: LocalVar, highestBit: Int): Unit = {
+      val v = getRep(actualVar)
+      // val v = actualVar
       if (!size(v).isDefined) {
         return ();
       }
-      if (((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot))) {
+
+      if (highestBit == size(v).get) {
+        result(v) = HighZeroBits.False
+      } else if (((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot))) {
         result(v) = HighZeroBits.Bits(highestBit, true)
       } else {
         result(v) match {
-          case HighZeroBits.Bits(n, _) if highestBit == size(v).get => {
-            // access full expr
-            result(v) = HighZeroBits.False
-          }
-          case HighZeroBits.Bits(n, _) if highestBit > n => {
+          case HighZeroBits.Bits(n, _, z) if highestBit > n && n != 0 => {
             // relax constraint to bits accessed
-            result(v) = HighZeroBits.Bits(highestBit, false)
+            result(v) = HighZeroBits.Bits(highestBit, false, z)
           }
-          case HighZeroBits.Bits(n, _) if n >= highestBit => {
+          case HighZeroBits.Bits(n, _, _) if n >= highestBit => {
             // access satisfied by upper constraint
           }
           case _ => ()
@@ -325,29 +303,88 @@ def removeSlices(p: Procedure): Unit = {
       }
     }
 
+    // TODO: make correct wrt casting if you know that you can extend to zero
+    //  - otherwise dont smallen variable
+    //  - allow casting at more points (e.g. copies)
+
     override def vstmt(s: Statement) = {
       s match {
         case Assign(l: LocalVar, r: LocalVar, _) => {
           /** direct copy ; use union-find result to process access **/
+          ufsolver.unify(LVTerm(l), LVTerm(r))
           SkipChildren()
         }
+        case Assign(v: LocalVar, ZeroExtend(sz, exp), _) => {
+          val l = getRep(v)
+          result.get(l) match {
+            case None => {
+              result(l) = HighZeroBits.Bits(0, true, Some(sz))
+            }
+            case Some(HighZeroBits.Bits(bits, o, None)) => {
+              result(l) = HighZeroBits.Bits(bits, o, Some(sz))
+            }
+            case Some(HighZeroBits.Bits(bits, o, Some(existing))) if existing <= sz => {
+              result(l) = HighZeroBits.Bits(bits, o, Some(existing))
+            }
+            case Some(HighZeroBits.Bits(bits, o, Some(existing))) if existing > sz => {
+              result(l) = HighZeroBits.Bits(bits, o, Some(sz))
+            }
+          }
+          DoChildren()
+        }
+        case Assign(v: LocalVar, exp, _) => {
+          val l = getRep(v)
+          result.get(l) match {
+            case None => {
+              result(l) = HighZeroBits.Bits(0, true, Some(0))
+            }
+            case Some(HighZeroBits.Bot) => {
+              result(l) = HighZeroBits.Bits(0, true, Some(0))
+            }
+            case Some(HighZeroBits.Bits(bits, o, Some(existing))) => {
+              result(l) = HighZeroBits.Bits(bits, o, Some(0))
+            }
+            case _ => {}
+          }
+          DoChildren()
+        }
         case d: DirectCall => {
           /** we always need to pass whole variable across calls since we analyse intraprocedurally */
           d.outParams.map(_._2).collect {
             case l: LocalVar => {
-              result(l) = HighZeroBits.False
+              extractAccess(l, size(l).get)
+            }
+          }
+          d.actualParams.flatMap(_._2.variables).collect {
+            case l: LocalVar => {
+              extractAccess(l, size(l).get)
+            }
+          }
+          SkipChildren()
+        }
+        case _ => DoChildren()
+      }
+    }
+
+    override def vjump(j: Jump) = j match {
+      case r: Return => { 
+        for ((formal, actual) <- r.outParams) {
+          actual match {
+            case v: LocalVar if (size(v).isDefined)=> {
+              extractAccess(v, size(formal).get)
             }
+            case _ => ()
           }
         }
-        case _ => ()
+        SkipChildren()
       }
-      DoChildren()
+      case _ => DoChildren()
     }
 
     override def vrvar(v: Variable) = {
       v match {
         case v: LocalVar if size(v).isDefined => {
-          extractAccess(v, size(v).get)
+          result(getRep(v)) = HighZeroBits.False
         }
         case _ => ()
       }
@@ -357,7 +394,7 @@ def removeSlices(p: Procedure): Unit = {
     override def vexpr(v: Expr) = {
       v match {
         case Extract(i, 0, v: LocalVar) if size(v).isDefined => {
-          extractAccess(v, i)
+          result(getRep(v)) = HighZeroBits.False
           SkipChildren()
         }
         case _ => DoChildren()
@@ -372,7 +409,7 @@ def removeSlices(p: Procedure): Unit = {
   }
 
   val onlyKeepWhereAllAccessesSliceSameBits = true
-  val toSmallen = CheckUsesHaveExtend()(p).collect { case (v, HighZeroBits.Bits(x, onlyKeepWhereAllAccessesSliceSameBits)) =>
+  val toSmallen = CheckUsesHaveExtend()(p).collect { case (v, HighZeroBits.Bits(x, _, _)) =>
     v -> x
   }.toMap
 
@@ -389,12 +426,13 @@ def removeSlices(p: Procedure): Unit = {
     override def vexpr(v: Expr) = {
       v match {
         case Extract(i, 0, v: LocalVar)
-            if size(v).isDefined && !(formals.contains(v)) && varHighZeroBits.contains(v) => {
-          assert(varHighZeroBits(v) >= i)
-          if (varHighZeroBits(v) == i) {
-            ChangeTo(v.copy(irType = BitVecType(varHighZeroBits(v))))
+            if size(v).isDefined && !(formals.contains(v)) && varHighZeroBits.contains(getRep(v)) => {
+          val size = varHighZeroBits(getRep(v))
+          assert(size >= i)
+          if (size == i) {
+            ChangeTo(v.copy(irType = BitVecType(size)))
           } else {
-            ChangeTo(Extract(i, 0, v.copy(irType = BitVecType(varHighZeroBits(v)))))
+            ChangeTo(Extract(i, 0, v.copy(irType = BitVecType(size))))
           }
         }
         case _ => DoChildren()
@@ -403,8 +441,8 @@ def removeSlices(p: Procedure): Unit = {
 
     override def vlvar(v: Variable) = {
       v match {
-        case lhs: LocalVar if (varHighZeroBits.contains(lhs) && !formals.contains(lhs)) => {
-          val n = lhs.copy(irType = BitVecType(varHighZeroBits(lhs)))
+        case lhs: LocalVar if (varHighZeroBits.contains(getRep(lhs)) && !formals.contains(getRep(lhs))) => {
+          val n = lhs.copy(irType = BitVecType(varHighZeroBits(getRep(lhs))))
           ChangeTo(n)
         }
         case _ => SkipChildren()
@@ -413,8 +451,8 @@ def removeSlices(p: Procedure): Unit = {
 
     override def vrvar(v: Variable) = {
       v match {
-        case lhs: LocalVar if (varHighZeroBits.contains(lhs) && !formals.contains(lhs)) => {
-          val n = lhs.copy(irType = BitVecType(varHighZeroBits(lhs)), lhs.index)
+        case lhs: LocalVar if (varHighZeroBits.contains(getRep(lhs)) && !formals.contains(getRep(lhs))) => {
+          val n = lhs.copy(irType = BitVecType(varHighZeroBits(getRep(lhs))))
           ChangeTo(n)
         }
         case _ => SkipChildren()
@@ -428,28 +466,44 @@ def removeSlices(p: Procedure): Unit = {
 
     override def vstmt(s: Statement) = {
       s match {
+        case a @ Assign(lhs: LocalVar, rhs : LocalVar, _) if  varHighZeroBits.contains(getRep(lhs)) && varHighZeroBits.contains(getRep(rhs)) => {
+          assert(varHighZeroBits(getRep(lhs)) == varHighZeroBits(getRep(rhs)))
+          a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(getRep(lhs))))
+          a.rhs = rhs.copy(irType=BitVecType(varHighZeroBits(getRep(rhs))))
+          // if (varHighZeroBits(getRep(lhs)) == varHighZeroBits(getRep(rhs))) {
+          // } else if (varHighZeroBits(lhs) < varHighZeroBits(rhs)) {
+          //   a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(lhs)))
+          //   a.rhs = Extract(varHighZeroBits(lhs), 0, rhs.copy(irType=BitVecType(varHighZeroBits(rhs))))
+          // } else {
+          //   // lhs > rhs
+          //   a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(lhs)))
+          //   a.rhs = ZeroExtend(varHighZeroBits(lhs) - varHighZeroBits(rhs),rhs.copy(irType=BitVecType(varHighZeroBits(rhs))))
+          // }
+          SkipChildren()
+        }
         case a @ Assign(lhs: LocalVar, SignExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.get(lhs).contains(size(rhs).get) && !(formals.contains(lhs)) => {
+            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals.contains(lhs)) => {
           // assert(varHighZeroBits(lhs) == sz)
-          val varsize = varHighZeroBits(lhs)
+          val varsize = varHighZeroBits(getRep(lhs))
           a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
           a.rhs = rhs
           assert(size(a.lhs).get == size(a.rhs).get)
           DoChildren()
         }
         case a @ Assign(lhs: LocalVar, ZeroExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.get(lhs).contains(size(rhs).get) && !(formals.contains(lhs)) => {
-          val varsize = varHighZeroBits(lhs)
+            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals.contains(lhs)) => {
+          val varsize = varHighZeroBits(getRep(lhs))
           a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
           a.rhs = rhs
           assert(size(a.lhs).get == size(a.rhs).get)
           DoChildren()
         }
         case a @ Assign(lhs: LocalVar, rhs, _)
-            if size(lhs).isDefined && varHighZeroBits.contains(lhs) && !(formals.contains(lhs)) => {
+            if size(lhs).isDefined && varHighZeroBits.contains(getRep(lhs)) && !(formals.contains(lhs)) => {
           // promote extract to the definition
-          a.lhs = LocalVar(lhs.varName, BitVecType(varHighZeroBits(lhs)), lhs.index)
-          a.rhs = Extract(varHighZeroBits(lhs), 0, rhs)
+          val varsize = varHighZeroBits(getRep(lhs))
+          a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
+          a.rhs = Extract(varsize, 0, rhs)
           assert(size(a.lhs).get == size(a.rhs).get, s"${size(a.lhs).get} != ${size(a.rhs).get}")
           DoChildren()
         }
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index cf3d1ff3d..92ad3d83c 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -531,7 +531,7 @@ object RunUtils {
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
-    val write = false
+    val write = true
 
     transforms.applyRPO(ctx.program)
 
@@ -572,6 +572,8 @@ object RunUtils {
     if write then writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
 
+    val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+    assert(x)
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("DSA Check (after transform)")
       val x = ctx.program.procedures.forall(transforms.rdDSAProperty)

From 760bc0ad7418971e2da0fbbe995760f1acc823f2 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 5 Nov 2024 17:47:12 +1000
Subject: [PATCH 090/127] copyprop completeness improvements

---
 src/main/scala/boogie/BExpr.scala             |   2 +-
 src/main/scala/ir/Visitor.scala               |  17 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     |  10 +-
 .../transforms/DynamicSingleAssignment.scala  |   4 +-
 src/main/scala/ir/transforms/Simp.scala       | 437 ++++++++++++------
 src/main/scala/translating/IRToBoogie.scala   |   5 +-
 src/main/scala/util/BASILConfig.scala         |   1 -
 src/main/scala/util/PerformanceTimer.scala    |   2 +-
 src/main/scala/util/RunUtils.scala            |  10 +-
 src/test/scala/test_util/BASILTest.scala      |   3 +-
 10 files changed, 323 insertions(+), 168 deletions(-)

diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala
index cd01c39b9..e8eb610a3 100644
--- a/src/main/scala/boogie/BExpr.scala
+++ b/src/main/scala/boogie/BExpr.scala
@@ -673,7 +673,7 @@ case class BInBounds(base: BExpr, len: BExpr, endian: Endian, i: BExpr) extends
     case _              => throw new Exception(s"InBounds does not have Bitvector type: $this")
   }
 
-  val fnName: String = s"in_bounds${baseSize}"
+  val fnName: String = s"in_bounds${baseSize}_${if endian == Endian.LittleEndian then "le" else "be"}"
 
   override val getType: BType = BoolBType
   override def functionOps: Set[FunctionOp] =
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index b4ea25b90..5ad5daae2 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -297,10 +297,17 @@ class StackSubstituter extends IntraproceduralControlFlowVisitor {
     super.visitProcedure(node)
   }
 
+  def isStackPtr(v: Variable) = {
+      (v match {
+            case l: LocalVar if l.varName == "R31" => true
+            case r: Variable if r.name == "R31" => true
+            case _ => false
+      }) || stackRefs.contains(v)
+  }
+
   override def visitMemoryLoad(node: MemoryLoad): MemoryLoad = {
     // replace mem with stack in load if index contains stack references
-    val loadStackRefs = node.index.variables.intersect(stackRefs)
-    if (loadStackRefs.nonEmpty) {
+    if (node.index.variables.exists(isStackPtr)) {
       node.copy(mem = stackMemory)
     } else {
       node
@@ -315,8 +322,7 @@ class StackSubstituter extends IntraproceduralControlFlowVisitor {
     val variableVisitor = VariablesWithoutStoresLoads()
     variableVisitor.visitExpr(node.rhs)
 
-    val rhsStackRefs = variableVisitor.variables.toSet.intersect(stackRefs)
-    if (rhsStackRefs.nonEmpty) {
+    if (variableVisitor.variables.exists(isStackPtr)) {
       stackRefs.add(node.lhs)
     } else if (stackRefs.contains(node.lhs) && node.lhs.name != stackPointer.name) {
       stackRefs.remove(node.lhs)
@@ -325,8 +331,7 @@ class StackSubstituter extends IntraproceduralControlFlowVisitor {
   }
 
   override def visitMemoryAssign(node: MemoryAssign): Statement = {
-    val indexStackRefs = node.index.variables.intersect(stackRefs)
-    if (indexStackRefs.nonEmpty) {
+    if (node.index.variables.exists(isStackPtr)) {
       node.mem = stackMemory
     }
     node
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 2a94aa399..bfd1e5352 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -263,7 +263,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
      */
 
     // NF check on expr
-    case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) => {
+    case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) && size(b).get >= 8 => {
       bool2bv1(BinaryExpr(BVSLT, (b), BitVecLiteral(0, size(b).get)))
     }
 
@@ -308,7 +308,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
             ) // high precision op
           )
         )
-        if (o1 == o2) && o1 == BVADD && (lhs) == (orig)
+      if (o1 == o2) && o1 == BVADD && (lhs) == (orig) && sz >= 8
           && exts == ext1 && exts == ext2
           && x2 == x1
           && y2 == y1 => {
@@ -332,7 +332,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
             )
           )
         )
-        if sz > 1 && (o1 == o2) && o2 == o4 && o1 == BVADD && (lhs) == (orig)
+        if sz >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD && (lhs) == (orig)
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(SignExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(SignExtend(exts, y1))
           && AlgebraicSimplifications(z2) == AlgebraicSimplifications(SignExtend(exts, z1)) => {
@@ -357,7 +357,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           ZeroExtend(exts, orig @ BinaryExpr(o1, BinaryExpr(o3, x1, y1), z1)),
           BinaryExpr(o2, compar @ BinaryExpr(o4, x2, y2), z2) // high precision op
         )
-        if size(x1).get > 1 && (o1 == o2) && o2 == o4 && o1 == BVADD
+        if size(x1).get >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD
           && (x2) == (ZeroExtend(exts, x1))
           && (y2) == (ZeroExtend(exts, y1))
           && (z2) == (ZeroExtend(exts, z1)) => {
@@ -370,7 +370,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           ZeroExtend(exts, orig @ BinaryExpr(o1, x1, UnaryExpr(BVNEG, y1))),
           BinaryExpr(o2, compar @ BinaryExpr(o4, ZeroExtend(ext1, x2), ZeroExtend(ext2, UnaryExpr(BVNOT, y2))), BitVecLiteral(1, _)) // high precision op
         )
-        if size(x1).get > 1 && (o1 == o2) && o2 == o4 && o1 == BVADD
+        if size(x1).get >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD
           && exts == ext1 && exts == ext2
           && x1 == x2 && y1 == y2 => {
       // C not Set
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index 53908582e..cb1dc97ee 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -197,11 +197,11 @@ class OnePassDSA(
 
     val next = block.nextBlocks.toList
     val anyNextFilled = next.exists(state(_).filled)
-    val anyNextJoin = next.exists(_.prevBlocks.size > 1)
+    val anyNextPrevNotFilled = next.exists(_.prevBlocks.exists(b => !state(b).filled))
     for (b <- next) {
       val definedVars = state(block).renamesAfter.keySet.intersect(liveAfter(block))
 
-      if (definedVars.size > 0 && (anyNextFilled || anyNextJoin)) {
+      if (definedVars.size > 0 && (anyNextPrevNotFilled)) {
         val nb = createBlockBetween(block, b, "_phi_")
 
         state(nb).renamesBefore.addAll(state(block).renamesAfter)
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index b25ba2418..556ee20e1 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -50,8 +50,6 @@ def difftestLiveVars(p: Procedure, compareResult: Map[CFGPosition, Set[Variable]
   passed
 }
 
-
-
 def basicReachingDefs(p: Procedure): Map[Command, Map[Variable, Set[Assign | DirectCall]]] = {
   val (beforeLive, afterLive) = getLiveVars(p)
   val dom = DefUseDomain(beforeLive)
@@ -243,7 +241,11 @@ def removeSlices(p: Procedure): Unit = {
     }
 
   enum HighZeroBits:
-    case Bits(n: Int, var unifromAccesses: Boolean = true, highAlwaysZero: Option[Int] = None) // most significant bit that is accessed (and all below)
+    case Bits(
+        n: Int,
+        var unifromAccesses: Boolean = true,
+        highAlwaysZero: Option[Int] = None
+    ) // most significant bit that is accessed (and all below)
     case False // property is false
     case Bot // don't know anything
 
@@ -254,7 +256,7 @@ def removeSlices(p: Procedure): Unit = {
     case _                                             => ()
   }
 
-  def getRep(v: LocalVar)  : LocalVar = ufsolver.find(LVTerm(v)).asInstanceOf[LVTerm].v
+  def getRep(v: LocalVar): LocalVar = ufsolver.find(LVTerm(v)).asInstanceOf[LVTerm].v
 
   val unifiedAssignments = ufsolver
     .unifications()
@@ -273,7 +275,6 @@ def removeSlices(p: Procedure): Unit = {
       }))
     )
 
-
   class CheckUsesHaveExtend() extends CILVisitor {
     val result: mutable.HashMap[LocalVar, HighZeroBits] =
       mutable.HashMap[LocalVar, HighZeroBits]()
@@ -310,7 +311,8 @@ def removeSlices(p: Procedure): Unit = {
     override def vstmt(s: Statement) = {
       s match {
         case Assign(l: LocalVar, r: LocalVar, _) => {
-          /** direct copy ; use union-find result to process access **/
+
+          /** direct copy ; use union-find result to process access * */
           ufsolver.unify(LVTerm(l), LVTerm(r))
           SkipChildren()
         }
@@ -349,6 +351,7 @@ def removeSlices(p: Procedure): Unit = {
           DoChildren()
         }
         case d: DirectCall => {
+
           /** we always need to pass whole variable across calls since we analyse intraprocedurally */
           d.outParams.map(_._2).collect {
             case l: LocalVar => {
@@ -367,10 +370,10 @@ def removeSlices(p: Procedure): Unit = {
     }
 
     override def vjump(j: Jump) = j match {
-      case r: Return => { 
+      case r: Return => {
         for ((formal, actual) <- r.outParams) {
           actual match {
-            case v: LocalVar if (size(v).isDefined)=> {
+            case v: LocalVar if (size(v).isDefined) => {
               extractAccess(v, size(formal).get)
             }
             case _ => ()
@@ -413,12 +416,11 @@ def removeSlices(p: Procedure): Unit = {
     v -> x
   }.toMap
 
-  /**
-   * This transform moves bvextracts from the uses to the definition, if all uses have an extract of some size. 
-   * Ideally this removes the extract in some cases. To bemore strict the 
-   *    val onlyKeepWhereAllAccessesSliceSameBits = true
-   * flag only applies this transform when all accesses have extactly the same slice, effectively removing the slice at access.
-   */
+  /** This transform moves bvextracts from the uses to the definition, if all uses have an extract of some size. Ideally
+    * this removes the extract in some cases. To bemore strict the val onlyKeepWhereAllAccessesSliceSameBits = true flag
+    * only applies this transform when all accesses have extactly the same slice, effectively removing the slice at
+    * access.
+    */
 
   class ReplaceAlwaysSlicedVars(varHighZeroBits: Map[LocalVar, Int]) extends CILVisitor {
     var formals = Set[LocalVar]()
@@ -466,10 +468,11 @@ def removeSlices(p: Procedure): Unit = {
 
     override def vstmt(s: Statement) = {
       s match {
-        case a @ Assign(lhs: LocalVar, rhs : LocalVar, _) if  varHighZeroBits.contains(getRep(lhs)) && varHighZeroBits.contains(getRep(rhs)) => {
+        case a @ Assign(lhs: LocalVar, rhs: LocalVar, _)
+            if varHighZeroBits.contains(getRep(lhs)) && varHighZeroBits.contains(getRep(rhs)) => {
           assert(varHighZeroBits(getRep(lhs)) == varHighZeroBits(getRep(rhs)))
-          a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(getRep(lhs))))
-          a.rhs = rhs.copy(irType=BitVecType(varHighZeroBits(getRep(rhs))))
+          a.lhs = lhs.copy(irType = BitVecType(varHighZeroBits(getRep(lhs))))
+          a.rhs = rhs.copy(irType = BitVecType(varHighZeroBits(getRep(rhs))))
           // if (varHighZeroBits(getRep(lhs)) == varHighZeroBits(getRep(rhs))) {
           // } else if (varHighZeroBits(lhs) < varHighZeroBits(rhs)) {
           //   a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(lhs)))
@@ -482,7 +485,8 @@ def removeSlices(p: Procedure): Unit = {
           SkipChildren()
         }
         case a @ Assign(lhs: LocalVar, SignExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals.contains(lhs)) => {
+            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals
+              .contains(lhs)) => {
           // assert(varHighZeroBits(lhs) == sz)
           val varsize = varHighZeroBits(getRep(lhs))
           a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
@@ -491,7 +495,8 @@ def removeSlices(p: Procedure): Unit = {
           DoChildren()
         }
         case a @ Assign(lhs: LocalVar, ZeroExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals.contains(lhs)) => {
+            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals
+              .contains(lhs)) => {
           val varsize = varHighZeroBits(getRep(lhs))
           a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
           a.rhs = rhs
@@ -660,11 +665,19 @@ def copypropTransform(p: Procedure) = {
 
   // Logger.info(s"${p.name} ExprComplexity ${ExprComplexity()(p)}")
   // val result = solver.solveProc(p, true).withDefaultValue(dom.bot)
-  val result = DSACopyProp(p)
+  val result = CopyProp.DSACopyProp(p)
   val solve = t.checkPoint("Solve CopyProp")
 
-  val vis = Simplify(result)
-  visit_proc(vis, p)
+  if (result.nonEmpty) {
+    val vis = Simplify(CopyProp.toResult(result, true))
+    visit_proc(vis, p)
+
+    val condResult = CopyProp.PropFlagCalculations(p, result.toMap)
+    val condVis = Simplify(CopyProp.toResult(condResult, false))
+    visit_proc(condVis, p)
+
+  }
+
   val xf = t.checkPoint("transform")
   // Logger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
 
@@ -687,64 +700,70 @@ def copypropTransform(p: Procedure) = {
   val sipm = t.checkPoint("algebraic simp")
 
   // Logger.info("[!] Simplify :: RemoveSlices")
-  removeSlices(p)
+  // removeSlices(p)
   visit_proc(AlgebraicSimplifications, p)
 
 }
 
-  def removeEmptyBlocks(p: Program) = {
-    for (proc <- p.procedures) {
-      val blocks = proc.blocks.toList
-      for (b <- blocks) {
-        b match {
-          case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.jump.isInstanceOf[GoTo] => {
-            val prev = b.prevBlocks
-            val next = b.nextBlocks
-            for (p <- prev) {
-              p.jump match {
-                case g: GoTo => {
-                  for (n <- next) {
-                    g.addTarget(n)
-                  }
-                  g.removeTarget(b)
+def removeEmptyBlocks(p: Program) = {
+  for (proc <- p.procedures) {
+    val blocks = proc.blocks.toList
+    for (b <- blocks) {
+      b match {
+        case b: Block if b.statements.size == 0 && b.prevBlocks.size == 1 && b.jump.isInstanceOf[GoTo] => {
+          val prev = b.prevBlocks
+          val next = b.nextBlocks
+          for (p <- prev) {
+            p.jump match {
+              case g: GoTo => {
+                for (n <- next) {
+                  g.addTarget(n)
                 }
-                case _ => throw Exception("Must have goto")
+                g.removeTarget(b)
               }
+              case _ => throw Exception("Must have goto")
             }
-            b.replaceJump(Unreachable())
-            b.parent.removeBlocks(b)
           }
-          case _ => ()
+          b.replaceJump(Unreachable())
+          b.parent.removeBlocks(b)
         }
+        case _ => ()
       }
     }
   }
+}
 
 def coalesceBlocks(p: Program) = {
   var didAny = false
   for (proc <- p.procedures) {
     val blocks = proc.blocks.toList
     for (b <- blocks.sortBy(_.rpoOrder)) {
-      if (b.prevBlocks.size == 1 && b.prevBlocks.head.statements.nonEmpty && b.statements.nonEmpty
+      if (
+        b.prevBlocks.size == 1 && b.prevBlocks.head.statements.nonEmpty && b.statements.nonEmpty
         && b.prevBlocks.head.nextBlocks.size == 1
-        && b.prevBlocks.head.statements.lastOption.map(s => !(s.isInstanceOf[Call])).getOrElse(true)) {
-          didAny = true
-          // append topredecessor  
-          // we know prevBlock is only jumping to b and has no call at the end
-          val prevBlock = b.prevBlocks.head
-          val stmts = b.statements.map(b.statements.remove).toList
-          prevBlock.statements.appendAll(stmts)
-          // leave empty block b and cleanup with removeEmptyBlocks 
-        } else if (b.nextBlocks.size == 1 && b.nextBlocks.head.statements.nonEmpty && b.statements.nonEmpty
-          && b.nextBlocks.head.prevBlocks.size == 1
-          && b.statements.lastOption.map(s => !(s.isInstanceOf[Call])).getOrElse(true)) {
-          didAny = true
-          // append to successor
-          // we know b is only jumping to nextBlock and does not end in a call
-          val nextBlock = b.nextBlocks.head
-          val stmts = b.statements.map(b.statements.remove).toList
-          nextBlock.statements.prependAll(stmts)
-          // leave empty block b and cleanup with removeEmptyBlocks 
+        && b.prevBlocks.head.statements.lastOption.map(s => !(s.isInstanceOf[Call])).getOrElse(true)
+        && !(b.parent.entryBlock.contains(b) || b.parent.returnBlock.contains(b))
+      ) {
+        didAny = true
+        // append topredecessor
+        // we know prevBlock is only jumping to b and has no call at the end
+        val prevBlock = b.prevBlocks.head
+        val stmts = b.statements.map(b.statements.remove).toList
+        prevBlock.statements.appendAll(stmts)
+        // leave empty block b and cleanup with removeEmptyBlocks
+      } else if (
+        b.nextBlocks.size == 1 && b.nextBlocks.head.statements.nonEmpty && b.statements.nonEmpty
+        && b.nextBlocks.head.prevBlocks.size == 1
+        && b.statements.lastOption.map(s => !(s.isInstanceOf[Call])).getOrElse(true)
+        && !(b.parent.entryBlock.contains(b) || b.parent.returnBlock.contains(b))
+      ) {
+        didAny = true
+        // append to successor
+        // we know b is only jumping to nextBlock and does not end in a call
+        val nextBlock = b.nextBlocks.head
+        val stmts = b.statements.map(b.statements.remove).toList
+        nextBlock.statements.prependAll(stmts)
+        // leave empty block b and cleanup with removeEmptyBlocks
       }
     }
   }
@@ -788,8 +807,6 @@ def doCopyPropTransform(p: Program) = {
   visit_prog(CleanupAssignments(), p)
   Logger.info("[!] Simplify :: Merge empty blocks")
 
-  
-
   removeEmptyBlocks(p)
   coalesceBlocks(p)
   coalesceBlocks(p)
@@ -797,7 +814,6 @@ def doCopyPropTransform(p: Program) = {
   coalesceBlocks(p)
   removeEmptyBlocks(p)
 
-
 }
 
 def reversePostOrder(startBlock: Block): Unit = {
@@ -890,10 +906,9 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       val b = worklist.dequeue
 
       while (
-          worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
-                                else (worklist.head.rpoOrder >= b.rpoOrder))
-        )
-      do {
+        worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
+                              else (worklist.head.rpoOrder >= b.rpoOrder))
+      ) do {
         // drop rest of blocks with same priority
         val m = worklist.dequeue()
         assert(
@@ -979,11 +994,75 @@ object CCP {
   }
 }
 
-def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
+object CopyProp {
+
+  def isFlagVar(l: Variable) = {
+    val flagNames = Set("ZF", "VF", "CF", "NF")
+    l match {
+      case l: LocalVar => flagNames.contains(l.varName)
+      case l           => flagNames.contains(l.name)
+    }
+  }
+
+  case class PropState(
+      var e: Expr,
+      val deps: mutable.Set[Variable],
+      var clobbered: Boolean,
+      var useCount: Int,
+      var isFlagDep: Boolean,
+  )
+
+
+  def PropFlagCalculations(p: Procedure, initialState: Map[Variable, PropState]) = {
+    val state = mutable.HashMap[Variable, PropState]()
+
+    val flagDeps = initialState.collect {
+      case (v, e) if e.isFlagDep => v -> e
+    }
 
-  case class PropState(val e: Expr, val deps: mutable.Set[Variable], var clobbered: Boolean, var useCount: Int, var isFlagDep: Boolean)
-  val state = mutable.HashMap[Variable, PropState]()
-  var poisoned = false // we have an indirect call
+    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
+    worklist.addAll(p.blocks)
+    var poisoned = false
+
+    def transfer(s: Statement) = {
+      s match {
+        case a: Assign if a.rhs.loads.size > 0 => clobberFull(state, a.lhs)
+        case a: Assign if !state.contains(a.lhs) && flagDeps.contains(a.lhs) => {
+          val r = canPropTo(state, a.rhs, true).get
+          state(a.lhs) = PropState(r, mutable.Set.from(r.variables), false, 0, true)
+        }
+        case a: Assign if state.contains(a.lhs) && state(a.lhs).clobbered => {
+          ()
+        }
+        case a: Assign
+            if state.contains(a.lhs) && (a.rhs != state(a.lhs).e) && (canPropTo(state, a.rhs, true) != canPropTo(state, state(a.lhs).e, true))
+             => {
+          clobberFull(state, a.lhs)
+        }
+        case a: Assign if state.contains(a.lhs) => {
+          state(a.lhs) = state(a.lhs).copy(e = canPropTo(state, a.rhs, true).get)
+        }
+        case i: IndirectCall => {
+          poisoned = true
+        }
+        case d: DirectCall => {
+          for (l <- d.outParams.map(_._2)) {
+            clobberFull(state, l)
+          }
+        }
+        case _ => ()
+      }
+    }
+
+    while (worklist.nonEmpty && !poisoned) {
+      val b: Block = worklist.dequeue
+
+      for (l <- b.statements) {
+        transfer(l)
+      }
+    }
+    if (poisoned) then mutable.HashMap() else state
+  }
 
   def clobberFull(c: mutable.HashMap[Variable, PropState], l: Variable): Unit = {
     if (c.contains(l)) {
@@ -1000,88 +1079,141 @@ def DSACopyProp(p: Procedure): Map[Variable, Expr] = {
     }
   }
 
-  val flagNames = Set("ZF", "VF", "CF", "NF", "R31")
+  def isTrivial(e: Expr) = e match {
+    case l: Literal                              => true
+    case l: Variable                             => true
+    case BinaryExpr(op, e: Variable, b: Literal) => true
+    case _                                       => false
+  }
 
-  def transfer(c: mutable.HashMap[Variable, PropState], s: Statement): Unit = {
-    // val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
-    s match {
-      case Assign(l, r, lb) => {
-        if (r.loads.size > 0) {
-          // c.copy(state = c.state + (l -> CopyProp.Clobbered))
-          clobberFull(c, l)
-        } else {
-          val evaled = r
-          val rhsDeps = evaled.variables.toSet
-          val existing = c.get(l)
+  def canPropTo(s: mutable.HashMap[Variable, PropState], e: Expr, isFlag: Boolean = false): Option[Expr] = {
+
+    def proped(e: Expr) = {
+      val ne =
+        if e.variables.size > 1 && !isFlag then Some(e)
+        else
+          Substitute(
+            v => {
+              s.get(v) match {
+                case Some(vs) if !vs.clobbered => Some(vs.e)
+                case _                         => None
+              }
+            },
+            true
+          )(e)
 
-          val isFlag = l match {
-            case l: LocalVar =>  flagNames.contains(l.varName)
-            case l           =>  flagNames.contains(l.name)
-          }
+      // partial eval after prop
+      visit_expr(AlgebraicSimplifications, ne.getOrElse(e))
+    }
 
-          c.get(l).foreach(v => v.isFlagDep = v.isFlagDep || isFlag)
-          for (l <- rhsDeps) {
-            c.get(l).foreach(v => v.isFlagDep = v.isFlagDep || isFlag)
-          }
+    def propfp(e: Expr) = {
+      var o = e
+      var p = proped(e)
 
-          existing match {
-            case None => {
-              c(l) = PropState(evaled, mutable.Set.from(rhsDeps), false, 0, isFlag)
-            }
-            case Some(ps) if ps.clobbered => {
-              ()
-            }
-            case Some(ps) if ps.e != evaled => {
-              ps.deps.addAll(rhsDeps)
-              clobberFull(c, l)
-            }
-            case _ => {
-              // clobberFull(c, l)
-              // ps.e == evaled and have prop
+      while (o != p) {
+        o = p
+        p = proped(o)
+      }
+      p
+    }
+
+    proped(e) match {
+      case l: Literal                                 => Some(l)
+      case l: Variable                                => Some(l)
+      case e @ BinaryExpr(o, v: Variable, c: Literal) => Some(e)
+      case e: Expr if isFlag || e.variables.size <= 1 => Some(e)
+      case e                                          => None
+    }
+  }
+
+  def DSACopyProp(p: Procedure) = {
+
+    val state = mutable.HashMap[Variable, PropState]()
+    var poisoned = false // we have an indirect call
+
+    def transfer(c: mutable.HashMap[Variable, PropState], s: Statement): Unit = {
+      // val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
+      s match {
+        case Assign(l, r, lb) => {
+          if (r.loads.size > 0) {
+            // c.copy(state = c.state + (l -> CopyProp.Clobbered))
+            clobberFull(c, l)
+          } else {
+
+            val isFlag = isFlagVar(l) || r.variables.exists(isFlagVar)
+            val isFlagDep = isFlag || c.get(l).map(v => v.isFlagDep).getOrElse(false)
+
+            c.get(l).foreach(v => v.isFlagDep = v.isFlagDep || isFlagDep)
+            for (l <- r.variables) {
+              c.get(l).foreach(v => v.isFlagDep = v.isFlagDep || isFlagDep)
             }
-          }
 
-          for (v <- rhsDeps) {
-            if (state.contains(v)) {
-              state(v).useCount += 1
+            var prop = canPropTo(c, r, isFlagDep)
+            val existing = c.get(l)
+
+            (prop, existing) match {
+              case (Some(evaled), None) => {
+                c(l) = PropState(evaled, mutable.Set.from(evaled.variables), false, 0, isFlagDep)
+              }
+              case (_, Some(ps)) if ps.clobbered => {
+                ()
+              }
+              case (Some(evaled), Some(ps))
+                  if ps.e == r || ps.e == evaled || (canPropTo(c, ps.e, isFlagDep).contains(evaled)) => {
+                c(l) = c(l).copy(e = evaled)
+              }
+              case (Some(evaled), Some(ps)) => {
+                clobberFull(c, l)
+              }
+              case _ => {
+                // ps.e != evaled and have prop
+                clobberFull(c, l)
+              }
             }
-          }
 
+          }
         }
-      }
-      case x: DirectCall => {
-        val lhs = x.outParams.map(_._2)
-        for (l <- lhs) {
-          clobberFull(c, l)
+        case x: DirectCall => {
+          val lhs = x.outParams.map(_._2)
+          for (l <- lhs) {
+            clobberFull(c, l)
+          }
         }
-      }
-      case x: IndirectCall => {
-        // not really correct 
-        poisoned = true
-        for ((i, v) <- c) {
-          v.clobbered = true
+        case x: IndirectCall => {
+          // not really correct
+          poisoned = true
+          for ((i, v) <- c) {
+            v.clobbered = true
+          }
         }
+        case _ => ()
       }
-      case _ => ()
     }
-  }
 
-  // sort by precedence
-  val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
-  worklist.addAll(p.blocks)
+    // sort by precedence
+    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
+    worklist.addAll(p.blocks)
 
-  while (worklist.nonEmpty && !poisoned) {
-    val b: Block = worklist.dequeue
+    while (worklist.nonEmpty && !poisoned) {
+      val b: Block = worklist.dequeue
 
-    for (l <- b.statements) {
-      transfer(state, l)
+      for (l <- b.statements) {
+        transfer(state, l)
+      }
+    }
+
+    val trivialOnly = false
+
+    if poisoned then mutable.HashMap() else state
+  }
+
+  def toResult(s: mutable.Map[Variable, PropState], trivialOnly: Boolean = true)(v: Variable): Option[Expr] = {
+    s.get(v) match {
+      case Some(c) if !c.clobbered && (!trivialOnly || isTrivial(c.e)) => Some(c.e)
+      case _                                                           => None
     }
   }
 
-  val res = if poisoned then Map() else state.collect {
-    case (v, c) if !c.clobbered && (c.useCount == 1 || c.isFlagDep || c.e.isInstanceOf[Variable] || c.e.isInstanceOf[Literal]) => v -> c.e
-  }.toMap
-  res
 }
 
 class ConstCopyProp() extends AbstractDomain[CCP] {
@@ -1114,10 +1246,18 @@ class ConstCopyProp() extends AbstractDomain[CCP] {
         if (r.loads.size > 0) {
           CCP.clobberFull(c, l)
         } else {
-          val consts = c.state.collect {
-            case (k, CopyProp.Prop(c, deps)) if deps.isEmpty => k -> c
-          }
-          val evaled = ir.eval.partialEvalExpr(Substitute(consts, false)(r).getOrElse(r), e => None)
+          val evaled = ir.eval.partialEvalExpr(
+            Substitute(
+              v => {
+                c.state.get(v) match {
+                  case Some(CopyProp.Prop(c, deps)) if deps.isEmpty => Some(c)
+                  case _                                            => None
+                }
+              },
+              false
+            )(r).getOrElse(r),
+            e => None
+          )
           val rhsDeps = evaled.variables.toSet
           val existing = c.state.get(l).getOrElse(CopyProp.Bot)
 
@@ -1170,7 +1310,7 @@ class ExprComplexity extends CILVisitor {
 }
 
 class Substitute(
-    val res: Map[Variable, Expr],
+    val res: Variable => Option[Expr],
     val recurse: Boolean = true,
     val complexityThreshold: Int = 0
 ) extends CILVisitor {
@@ -1179,10 +1319,10 @@ class Substitute(
 
   override def vexpr(e: Expr) = {
     e match {
-      case v: Variable if res.contains(v) => {
-        val changeTo = res(v)
+      case v: Variable if res(v).isDefined => {
+        val changeTo = res(v).get
         if (complexityThreshold > 0) {
-          complexity += ExprComplexity()(changeTo)
+          complexity += ExprComplexity()(changeTo) - ExprComplexity()(e)
         }
         if (complexityThreshold > 0 && complexity > complexityThreshold) {
           SkipChildren()
@@ -1213,7 +1353,7 @@ class Substitute(
 }
 
 class Simplify(
-    val res: Map[Variable, Expr],
+    val res: Variable => Option[Expr],
     val initialBlock: Block = null,
     val absdom: Option[ConstCopyProp] = None /* flow sensitive */
 ) extends CILVisitor {
@@ -1226,7 +1366,13 @@ class Simplify(
     val threshold = 500
     val variables = e.variables.toSet
     val subst = Substitute(res, true, threshold)
-    val result = subst(e).getOrElse(e)
+    var old: Expr = e
+    var result = subst(e).getOrElse(e)
+    while (old != result) {
+      old = result
+      result = subst(e).getOrElse(e)
+    }
+
     if (subst.complexity > threshold) {
       val bl = s"${block.parent.name}::${block.label}"
       if (!skipped.contains(bl)) {
@@ -1234,7 +1380,6 @@ class Simplify(
         Logger.warn(s"Some skipped substitution at $bl due to resulting expr size > ${threshold} threshold")
       }
     }
-    // ChangeDoChildrenPost(result, x => x)
     ChangeDoChildrenPost(result, x => x)
   }
 
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index b32ec0ffb..9bcf81c39 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -100,7 +100,8 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     val functionsUsed2 = functionsUsed1.map(p => functionOpToDefinition(p))
     val functionsUsed3 = functionsUsed2.flatMap(p => p.functionOps).map(p => functionOpToDefinition(p))
     val functionsUsed4 = functionsUsed3.flatMap(p => p.functionOps).map(p => functionOpToDefinition(p))
-    val functionsUsed = (functionsUsed2 ++ functionsUsed3 ++ functionsUsed4).toList.sorted
+    val functionsUsed5 = functionsUsed4.flatMap(p => p.functionOps).map(p => functionOpToDefinition(p))
+    val functionsUsed = (functionsUsed2 ++ functionsUsed3 ++ functionsUsed4 ++ functionsUsed5).toList.sorted
 
 
     val declarations = globalDecls ++ globalConsts ++ functionsUsed ++ rgLib ++ pushUpModifiesFixedPoint(rgProcs ++ procedures)
@@ -439,7 +440,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
 
   def translateProcedure(p: Procedure, readOnlyMemory: List[BExpr]): BProcedure = {
-    val body = (p.entryBlock.view ++ p.blocks.filterNot(x => p.entryBlock.contains(x))).map(translateBlock).toList
+    val body = (p.entryBlock.view ++ ArrayBuffer.from(p.blocks).sortBy( x => -x.rpoOrder).filterNot(x => p.entryBlock.contains(x))).map(translateBlock).toList
 
     val callsRely: Boolean = body.flatMap(_.body).exists(_ match
       case BProcedureCall("rely", lhs, params, comment) => true
diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala
index 486546f13..a971148af 100644
--- a/src/main/scala/util/BASILConfig.scala
+++ b/src/main/scala/util/BASILConfig.scala
@@ -1,6 +1,5 @@
 package util
 
-
 enum ProcRelyVersion:
   case Function, IfCommandContradiction
 case class BoogieGeneratorConfig(memoryFunctionType: BoogieMemoryAccessMode = BoogieMemoryAccessMode.SuccessiveStoreSelect,
diff --git a/src/main/scala/util/PerformanceTimer.scala b/src/main/scala/util/PerformanceTimer.scala
index f5fe74151..50b106e37 100644
--- a/src/main/scala/util/PerformanceTimer.scala
+++ b/src/main/scala/util/PerformanceTimer.scala
@@ -12,7 +12,7 @@ case class PerformanceTimer(timerName: String = "") {
       val delta = elapsed()
       lastCheckpoint = System.currentTimeMillis()
       checkpoints.put(name, delta)
-      Logger.debug(s"PerformanceTimer $timerName [$name]: ${delta}ms")
+      // Logger.debug(s"PerformanceTimer $timerName [$name]: ${delta}ms")
       delta
   }
   def elapsed() :  Long = {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 92ad3d83c..4df05ea59 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -218,6 +218,7 @@ object IRTransform {
     */
   def prepareForTranslation(config: ILLoadingConfig, ctx: IRContext): Unit = {
     ctx.program.determineRelevantMemory(ctx.globalOffsets)
+    transforms.applyRPO(ctx.program)
 
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
@@ -531,7 +532,7 @@ object RunUtils {
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
-    val write = true
+    val write = false
 
     transforms.applyRPO(ctx.program)
 
@@ -551,7 +552,7 @@ object RunUtils {
     if (ir.eval.SimplifyValidation.validate) {
       // Logger.info("Live vars difftest")
       // val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
-      //assert(ctx.program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
+      // assert(ctx.program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
 
       Logger.info("DSA Check")
       val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
@@ -565,8 +566,11 @@ object RunUtils {
     if write then writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
     // brute force run the analysis twice because it cleans up more stuff
+    assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
     transforms.doCopyPropTransform(ctx.program)
-    transforms.doCopyPropTransform(ctx.program)
+    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
+    assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
+
     assert(invariant.blockUniqueLabels(ctx.program))
     Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
     if write then writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
diff --git a/src/test/scala/test_util/BASILTest.scala b/src/test/scala/test_util/BASILTest.scala
index 240d9a661..2885399fb 100644
--- a/src/test/scala/test_util/BASILTest.scala
+++ b/src/test/scala/test_util/BASILTest.scala
@@ -33,7 +33,8 @@ trait BASILTest {
       ),
       simplify = simplify,
       staticAnalysis = staticAnalysisConf,
-      outputPrefix = BPLPath
+      boogieTranslation = util.BoogieGeneratorConfig().copy(memoryFunctionType=util.BoogieMemoryAccessMode.LambdaStoreSelect),
+      outputPrefix = BPLPath,
     )
     val result = RunUtils.loadAndTranslate(config)
     RunUtils.writeOutput(result)

From 2b2a0a59ab845676cf6e2a8e867941213b4b34a2 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 6 Nov 2024 18:13:55 +1000
Subject: [PATCH 091/127] improvements to cond identification

---
 src/main/scala/ir/Expr.scala                 |   1 +
 src/main/scala/ir/eval/ExprEval.scala        |  99 +---
 src/main/scala/ir/eval/SimplifyExpr.scala    | 590 +++++++++++++------
 src/main/scala/ir/transforms/Simp.scala      |  27 +-
 src/main/scala/translating/IRExpToSMT2.scala |   1 +
 src/main/scala/util/RunUtils.scala           |   8 +-
 6 files changed, 472 insertions(+), 254 deletions(-)

diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 8fd9f2fa6..15d601ec2 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -55,6 +55,7 @@ case object FalseLiteral extends BoolLit {
 }
 
 case class BitVecLiteral(value: BigInt, size: Int) extends Literal {
+  assert(size > 0)
   override def toBoogie: BitVecBLiteral = BitVecBLiteral(value, size)
   override def getType: IRType = BitVecType(size)
   override def toString: String = s"${value}bv$size"
diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 18a154e99..e84792626 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -89,7 +89,7 @@ def evalUnOp(op: UnOp, body: Literal): Expr = {
     case (i: IntLiteral, IntNEG)   => IntLiteral(-i.value)
     case (FalseLiteral, BoolNOT)   => TrueLiteral
     case (TrueLiteral, BoolNOT)    => FalseLiteral
-    case (TrueLiteral, BoolToBV1)  => BitVecLiteral(1, 0)
+    case (TrueLiteral, BoolToBV1)  => BitVecLiteral(1, 1)
     case (FalseLiteral, BoolToBV1) => BitVecLiteral(0, 1)
     case (_, _)                    => throw Exception(s"Unreachable ${(body, op)}")
   }
@@ -149,81 +149,40 @@ trait Loader[S, E] {
   }
 }
 
-def fastPartialEvalExpr(exp: Expr): Expr = {
+def fastPartialEvalExpr(exp: Expr): (Expr, Boolean) = {
   /*
    * Ignore substitutions and parital eval
    */
-  exp match {
-    case f: UninterpretedFunction => f
-    case unOp: UnaryExpr => {
-      unOp.arg match {
-        case l: Literal => evalUnOp(unOp.op, l)
-        case o          => UnaryExpr(unOp.op, o)
+  var didAnything = true
+  val r = exp match {
+    case f: UninterpretedFunction  => f
+    case UnaryExpr(op, l: Literal) => evalUnOp(op, l)
+    case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType.isInstanceOf[BitVecType] =>
+      evalBVBinExpr(op, l, r)
+    case BinaryExpr(op: IntBinOp, l: IntLiteral, r: IntLiteral) if exp.getType == IntType =>
+      IntLiteral(evalIntBinExpr(op, l.value, r.value))
+    case BinaryExpr(op: IntBinOp, l: IntLiteral, r: IntLiteral) if exp.getType == BoolType =>
+      if evalIntLogBinExpr(op, l.value, r.value) then TrueLiteral else FalseLiteral
+    case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType == BoolType =>
+      if evalBVLogBinExpr(op, l, r) then TrueLiteral else FalseLiteral
+    case BinaryExpr(op: BoolBinOp, l: BoolLit, r: BoolLit) =>
+      if (evalBoolLogBinExpr(op, l.value, r.value)) then TrueLiteral else FalseLiteral
+    case ZeroExtend(e, l: BitVecLiteral) => BitVectorEval.smt_zero_extend(e, l)
+    case SignExtend(e, l: BitVecLiteral) => BitVectorEval.smt_sign_extend(e, l)
+    case Extract(e, b, l: BitVecLiteral) => BitVectorEval.boogie_extract(e, b, l)
+    case Repeat(reps, b: BitVecLiteral) => {
+      assert(reps > 0)
+      if (reps == 1) b
+      else {
+        (2 to reps).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b))
       }
     }
-    case binOp: BinaryExpr =>
-      val lhs = binOp.arg1
-      val rhs = binOp.arg2
-      binOp.getType match {
-        case m: MapType => binOp
-        case b: BitVecType => {
-          (binOp.op, lhs, rhs) match {
-            case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => evalBVBinExpr(o, l, r)
-            case _                                                => BinaryExpr(binOp.op, lhs, rhs)
-          }
-        }
-        case BoolType => {
-          def bool2lit(b: Boolean) = if b then TrueLiteral else FalseLiteral
-          (binOp.op, lhs, rhs) match {
-            case (o: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) => bool2lit(evalBVLogBinExpr(o, l, r))
-            case (o: IntBinOp, l: IntLiteral, r: IntLiteral)      => bool2lit(evalIntLogBinExpr(o, l.value, r.value))
-            case (o: BoolBinOp, l: BoolLit, r: BoolLit)           => bool2lit(evalBoolLogBinExpr(o, l.value, r.value))
-            case _                                                => BinaryExpr(binOp.op, lhs, rhs)
-          }
-        }
-        case IntType => {
-          (binOp.op, lhs, rhs) match {
-            case (o: IntBinOp, l: IntLiteral, r: IntLiteral) => IntLiteral(evalIntBinExpr(o, l.value, r.value))
-            case _                                           => BinaryExpr(binOp.op, lhs, rhs)
-          }
-        }
-      }
-    case extend: ZeroExtend =>
-      val body = extend.body
-      (body match {
-        case b: BitVecLiteral => BitVectorEval.smt_zero_extend(extend.extension, b)
-        case o                => extend.copy(body = o)
-      })
-    case extend: SignExtend =>
-      val body = extend.body
-      body match {
-        case b: BitVecLiteral => BitVectorEval.smt_sign_extend(extend.extension, b)
-        case o                => extend.copy(body = o)
-      }
-    case e: Extract =>
-      val body = e.body
-      body match {
-        case b: BitVecLiteral => BitVectorEval.boogie_extract(e.end, e.start, b)
-        case o                => e.copy(body = o)
-      }
-    case r: Repeat =>
-      val body = r.body
-      body match {
-        case b: BitVecLiteral => {
-          assert(r.repeats > 0)
-          if (r.repeats == 1) b
-          else {
-            (2 to r.repeats).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b))
-          }
-        }
-        case o => r.copy(body = o)
-      }
-    case variable: Variable => variable
-    case ml: MemoryLoad =>
-      val addr = ml.index
-      ml.copy(index = addr)
-    case b: Literal => b
+    case o => {
+      didAnything = false
+      o
+    }
   }
+  (r, didAnything)
 }
 
 def statePartialEvalExpr[S](l: Loader[S, InterpreterError])(exp: Expr): State[S, Expr, InterpreterError] = {
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index bfd1e5352..b87205e4b 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -10,7 +10,7 @@ val assocOps: Set[BinOp] =
   Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
 
 object AlgebraicSimplifications extends CILVisitor {
-  override def vexpr(e: Expr) = ChangeDoChildrenPost(e, eval.simplifyExprFixpoint)
+  override def vexpr(e: Expr) = ChangeDoChildrenPost(e, eval.simplifyExprFixpoint(true))
 
   def apply(e: Expr) = {
     visit_expr(this, e)
@@ -48,10 +48,9 @@ object SimplifyValidation {
       }
     }
   }
-
 }
 
-def simplifyExprFixpoint(e: Expr): Expr = {
+def simplifyExprFixpoint(conditions: Boolean = false)(e: Expr): Expr = {
   val begin = e
   var pe = e
   var count = 0
@@ -59,23 +58,56 @@ def simplifyExprFixpoint(e: Expr): Expr = {
   var changedAny = false
   var changed = true
   while (changed) {
-    val (x, didAnything) = simplifyExpr(ne)
-    changed = didAnything
+    {
+      val (x, didAnything) = simplifyExpr(ne)
+      ne = x
+      changed = didAnything
+    }
+
+    if (conditions) {
+      val p = ne
+      val (cx, didConds) = simplifyCmpInequalities(ne)
+      changed = changed || didConds
+      ne = cx
+
+      if (SimplifyValidation.validate) {
+        // normalise to deduplicate log entries
+        val normer = VarNameNormalise()
+        val a = visit_expr(normer, p)
+        val b = visit_expr(normer, ne)
+
+        SimplifyValidation.traceLog.add((a, b))
+      }
+
+    }
+
+    class peevis extends CILVisitor {
+      override def vexpr(e: Expr) = ChangeDoChildrenPost(
+        e,
+        e => {
+          val (per, didpe) = ir.eval.fastPartialEvalExpr(e)
+          changed = changed || didpe
+          per
+        }
+      )
+    }
+
     changedAny = changedAny || changed
     count += 1
-    ne = ir.eval.fastPartialEvalExpr(x)
+
+    try {
+      ne = visit_expr(peevis(), ne)
+    } catch {
+      case ex => {
+        Logger.error(ne)
+        throw ex
+      }
+    }
+
   }
   if (changed) {
     Logger.error(s"stopping simp before fixed point: there is likely a simplificatinon loop: $pe !=== $ne")
   }
-  if (SimplifyValidation.validate) {
-    // normalise to deduplicate log entries
-    val normer = VarNameNormalise()
-    val a = visit_expr(normer, begin)
-    val b = visit_expr(normer, ne)
-
-    SimplifyValidation.traceLog.add((a, b))
-  }
   ne
 }
 
@@ -112,150 +144,11 @@ class VarNameNormalise() extends CILVisitor {
   }
 }
 
-def simplifyExpr(e: Expr): (Expr, Boolean) = {
-  // println((0 until indent).map(" ").mkString("") + e)
-
-  def bool2bv1(e: Expr) = {
-    e.getType match {
-      case BitVecType(1) => e
-      case BoolType      => UnaryExpr(BoolToBV1, e) 
-      case _             => ???
-    }
-
-  }
-
-  val ineqToStrict = Map[BinOp, BinOp](
-    BVSGE -> BVSGT,
-    BVUGE -> BVUGT,
-    BVSLE -> BVSLT,
-    BVULE -> BVULT
-  )
+def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
 
-  def pushExtend(e: Expr, extend: Expr => Expr): Expr = {
-    e match {
-      case BinaryExpr(op, lhs, rhs) if size(e).isDefined =>
-        BinaryExpr(op, pushExtend(lhs, extend), pushExtend(rhs, extend))
-      case UnaryExpr(op, v) if size(e).isDefined => UnaryExpr(op, pushExtend(v, extend))
-      case l: Literal if size(l).isDefined       => extend(l)
-      case v: Variable if size(v).isDefined      => extend(v)
-      case e: Extract                            => extend(e)
-      case e: SignExtend                         => extend(e)
-      case e: ZeroExtend                         => extend(e)
-      case o                                     => o
-    }
-  }
-
-  def bvLogOpToBoolOp = Map[BinOp, BinOp](
-    // logical ops when bv1
-    BVAND -> BoolAND,
-    BVOR -> BoolOR
-  )
-
-  /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
-    * more effective when applied iteratively until a fixed point.
-    */
   var didAnything = true
-  val simped = e match {
-    // constant folding
-    // const + (expr + const) -> expr + (const + const)
-
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral)
-        if !body.isInstanceOf[Literal] =>
-      BinaryExpr(BVADD, (body), (BinaryExpr(BVADD, r, l)))
-
-    //case BinaryExpr(BVADD, BinaryExpr(BVADD, body1, r1: BitVecLiteral), BinaryExpr(BVADD, body2, r2)) => {
-    //  BinaryExpr(BVADD, BinaryExpr(BVADD, body1, body2), BinaryExpr(BVADD, r1, r2))
-    //}
-
-    case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), (body))
-
-    case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), (body))
-    case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), (body))
-
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral)) =>
-      BinaryExpr(BVADD, (BinaryExpr(BVADD, l, r)), (BinaryExpr(BVADD, lc, rc)))
-    // normalise
-    // make all comparisons positive so double negatives can be cleaned up
-    case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, (x), (y)), BitVecLiteral(1, 1)))
-    case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (l), BitVecLiteral(1, 1)))
-    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
-      BinaryExpr(BVEQ, (e1), (e2))
-    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
-    case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
-
-    case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
-        if !a.isInstanceOf[Literal] && !c.isInstanceOf[Literal]
-          && assocOps.contains(op) && op == op1 && op == op2 =>
-      BinaryExpr(op, BinaryExpr(op, a, c), BinaryExpr(op, b, d))
-
-    case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
-      BinaryExpr(op, (y), (x))
-
-    case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
-
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _))
-        if !(y.isInstanceOf[BitVecLiteral]) =>
-      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x))
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, ed @ SignExtend(sz, UnaryExpr(BVNOT, x))), BitVecLiteral(1, sz2))
-        if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) =>
-      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x)))
-
-    /*
-     * Simplify BVop to Bool ops in a boolean context.
-     */
-
-    /* intro bool2bv */
-    case BinaryExpr(
-          BVCOMP,
-          l,
-          r
-        ) => {
-      bool2bv1(BinaryExpr(BVEQ, l, r))
-    }
-    /* push bool2bv upwards */
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          UnaryExpr(BoolToBV1, r),
-        ) if bvLogOpToBoolOp.contains(bop) => {
-      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
-    }
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          UnaryExpr(BoolToBV1, r),
-        ) if bvLogOpToBoolOp.contains(bop) => {
-      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
-    }
-
-    case UnaryExpr(BVNOT, UnaryExpr(BoolToBV1, arg)) =>
-      bool2bv1(UnaryExpr(BoolNOT, arg))
-
-    /* remove bool2bv in boolean context */
-    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body),  BitVecLiteral(1, 1)) => body
-    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => BinaryExpr(BoolEQ, (l), (r))
-    case UnaryExpr(BoolToBV1, FalseLiteral) => BitVecLiteral(0, 1)
-    case UnaryExpr(BoolToBV1, TrueLiteral)  => BitVecLiteral(1, 1)
-
-    case BinaryExpr(BoolAND, x, TrueLiteral)  => x
-    case BinaryExpr(BoolAND, x, FalseLiteral) => FalseLiteral
-    case BinaryExpr(BoolOR, x, FalseLiteral)  => x
-    case BinaryExpr(BoolOR, x, TrueLiteral)   => TrueLiteral
-
-    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s))
-        if ir.eval.BitVectorEval.isNegative(y) =>
-      BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y))
-
-    case BinaryExpr(BVCONCAT, BitVecLiteral(0, sz), expr) => ZeroExtend(sz, expr)
-    case BinaryExpr(BVCONCAT, expr, BitVecLiteral(0, sz)) if (BigInt(2).pow(sz + size(expr).get) > sz) =>
-      BinaryExpr(BVSHL, ZeroExtend(sz, expr), BitVecLiteral(sz, sz + size(expr).get))
 
+  val r = e match {
     /*  COMPARISON FLAG HANDLING
      *
      * We quite precisely pattern match ASLp's output for C and V,
@@ -266,14 +159,18 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) && size(b).get >= 8 => {
       bool2bv1(BinaryExpr(BVSLT, (b), BitVecLiteral(0, size(b).get)))
     }
+    // sliced negative
+    case Extract(upper, lower, b)
+        if lower == upper - 1 && (upper % 8) == 0 && size(b).get % upper == 0 && size(b).get > upper => {
+      bool2bv1(BinaryExpr(BVSLT, Extract(upper, 0, b), BitVecLiteral(0, upper)))
+    }
 
     /** https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
       *
       * match NF == VF
-      *
       */
     case BinaryExpr(
-     // add case
+          // add case
           BoolEQ,
           // N set
           (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
@@ -287,14 +184,15 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
             ) // high precision op
           )
         )
-      if sz > 1 && (o1 == o2) && o1 == BVADD && (lhs) == (orig)
+        if sz > 1 && (o1 == o2) && o1 == BVADD && (lhs) == (orig)
           && AlgebraicSimplifications(SignExtend(exts, x1)) == x2
           && AlgebraicSimplifications(SignExtend(exts, y1)) == y2 => {
       BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
     }
 
+
     case BinaryExpr(
-        // sub case (with two args)
+          // sub case (with two args)
           BoolEQ,
           // N set
           (BinaryExpr(BVSLT, lhs, BitVecLiteral(0, sz))),
@@ -308,7 +206,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
             ) // high precision op
           )
         )
-      if (o1 == o2) && o1 == BVADD && (lhs) == (orig) && sz >= 8
+        if (o1 == o2) && o1 == BVADD && (lhs) == (orig) && sz >= 8
           && exts == ext1 && exts == ext2
           && x2 == x1
           && y2 == y1 => {
@@ -345,7 +243,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
           compar @ BinaryExpr(o2, x2, y2)
         )
-      if size(x1).get > 1 && (o1 == o2) && o1 == BVADD
+        if size(x1).get > 1 && (o1 == o2) && o1 == BVADD
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
       // C not Set
@@ -365,10 +263,28 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
       UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1))))
     }
 
+    case BinaryExpr(
+          BVEQ,
+          extended @ ZeroExtend(exts, orig @ BinaryExpr(o1, x1, z1)),
+          BinaryExpr(o2, compar @ ZeroExtend(ext2, BinaryExpr(o4, x2, y2)), z2)
+        )
+        if exts == ext2 && size(x1).get >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD
+          && AlgebraicSimplifications(BinaryExpr(o1, ZeroExtend(exts, x1), ZeroExtend(exts, z1)))
+          == AlgebraicSimplifications(
+            BinaryExpr(BVADD, ZeroExtend(exts, x2), (BinaryExpr(BVADD, ZeroExtend(exts, y2), z2)))
+          ) => {
+      // C not Set
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, z1)))
+    }
+
     case BinaryExpr(
           BVEQ,
           ZeroExtend(exts, orig @ BinaryExpr(o1, x1, UnaryExpr(BVNEG, y1))),
-          BinaryExpr(o2, compar @ BinaryExpr(o4, ZeroExtend(ext1, x2), ZeroExtend(ext2, UnaryExpr(BVNOT, y2))), BitVecLiteral(1, _)) // high precision op
+          BinaryExpr(
+            o2,
+            compar @ BinaryExpr(o4, ZeroExtend(ext1, x2), ZeroExtend(ext2, UnaryExpr(BVNOT, y2))),
+            BitVecLiteral(1, _)
+          ) // high precision op
         )
         if size(x1).get >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD
           && exts == ext1 && exts == ext2
@@ -377,24 +293,181 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
       UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, y1))
     }
 
+    case BinaryExpr(
+          BVEQ,
+          ZeroExtend(exts, orig @ BinaryExpr(BVADD, x1, y1: BitVecLiteral)),
+          BinaryExpr(BVADD, ZeroExtend(ext1, BinaryExpr(BVADD, x2, y3neg: BitVecLiteral)), y4neg: BitVecLiteral)
+        )
+        if size(x1).get >= 8
+          && exts == ext1
+          && AlgebraicSimplifications(UnaryExpr(BVNEG, y1))
+          == AlgebraicSimplifications(
+            BinaryExpr(BVADD, UnaryExpr(BVNEG, y3neg), UnaryExpr(BVNEG, Extract(size(y4neg).get - exts, 0, y4neg)))
+          )
+          && AlgebraicSimplifications(ZeroExtend(exts, Extract(size(y4neg).get - exts, 0, y4neg))) == y4neg
+          && {
+            val l = AlgebraicSimplifications(BinaryExpr(BVSUB, UnaryExpr(BVNEG, y1), UnaryExpr(BVNEG, (y3neg))))
+            val r = AlgebraicSimplifications(UnaryExpr(BVNEG, Extract(size(y4neg).get - exts, 0, y4neg)))
+            l == r
+          }
+          && x1 == x2 => {
+      // somehow we get three-way inequality
+      BinaryExpr(BoolAND, BinaryExpr(BVULT, x1, UnaryExpr(BVNEG, y1)), BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y3neg)))
+    }
+
+    //case BinaryExpr(
+    //      BVEQ,
+    //      ZeroExtend(exts, orig @ BinaryExpr(BVADD, x1, y1)),
+    //      BinaryExpr(BVADD, ZeroExtend(ext1, BinaryExpr(BVADD, x2, y3neg)), y4neg)
+    //    )
+    //    if size(x1).get >= 8
+    //      && exts == ext1
+    //      && AlgebraicSimplifications(UnaryExpr(BVNEG, y1))
+    //        == AlgebraicSimplifications(BinaryExpr(BVADD, UnaryExpr(BVNEG, y3neg), UnaryExpr(BVNEG,  Extract(size(y4neg).get - exts, 0, y4neg))))
+    //        && AlgebraicSimplifications(ZeroExtend(exts, Extract(size(y4neg).get - exts, 0, y4neg))) == y4neg
+    //          // negation definitely overflows
+    //        && AlgebraicSimplifications(BinaryExpr(BVULE, y1, UnaryExpr(BVNEG, y1))) == FalseLiteral
+    //      && x1 == x2 =>
+    //      {
+    //      Logger.error("HIT CASE")
+    //      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, y1))
+    //}
+
     /* generic comparison simplification */
 
     // weak to strict inequality
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
-        if size(lhs).isDefined && (AlgebraicSimplifications(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) && ineqToStrict.contains(op) => {
+        if ineqToStrict.contains(op) &&
+          size(lhs).isDefined && (AlgebraicSimplifications(
+            BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))
+          ) == rhs) => {
       BinaryExpr(ineqToStrict(op), lhs, BitVecLiteral(0, size(lhs).get))
     }
-    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))) 
-      if lhs == lhs2 && rhs == rhs2  && ineqToStrict.contains(op) => {
+    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2)))
+        if ineqToStrict.contains(op) &&
+          lhs == lhs2 && (AlgebraicSimplifications(UnaryExpr(BVNEG, rhs)) == AlgebraicSimplifications(rhs2)) => {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
-    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
-      if lhs == lhs2 && AlgebraicSimplifications(rhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, rhs2)) && ineqToStrict.contains(op) => {
+    case BinaryExpr(BoolAND, l @ BinaryExpr(BoolOR, a, b), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))) => {
+      BinaryExpr(
+        BoolAND,
+        AlgebraicSimplifications(BinaryExpr(BoolAND, a, r)),
+        AlgebraicSimplifications(BinaryExpr(BoolAND, b, r))
+      )
+    }
+
+    //case BinaryExpr(BoolOR, a @ BinaryExpr(BoolAND, BinaryExpr(o1,_,_), b @ BinaryExpr(o2, _, _)), d @ BinaryExpr(BVEQ, _, _)) => {
+    //  BinaryExpr(BoolAND, BinaryExpr(BoolOR, a , d), BinaryExpr(BoolOR, b, d))
+    //}
+
+    case BinaryExpr(BoolEQ, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => BinaryExpr(BoolEQ, x, y)
+    case BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
+      BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r))
+    }
+    case BinaryExpr(BoolOR, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
+      BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r))
+    }
+    case BinaryExpr(BoolAND, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => {
+      UnaryExpr(BoolNOT, BinaryExpr(BoolOR, x, y))
+    }
+
+    // redundant inequality
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs)),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))
+        ) if strictIneq.contains(op) && rhs == rhs2 && lhs == lhs2 => {
+      l
+    }
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), _),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))
+        ) if strictIneq.contains(op) && rhs == rhs2 && lhs == lhs2 => {
+      l
+    }
+
+    case BinaryExpr(BoolOR, BinaryExpr(op, lhs, rhs), BinaryExpr(BVEQ, lhs2, rhs2))
+        if strictToNonStrict.contains(op) && rhs == rhs2 && lhs == lhs2 => {
+      BinaryExpr(strictToNonStrict(op), lhs, rhs)
+    }
+
+    // x < y && x != z when z <= y
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs: BitVecLiteral)),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
+        )
+        if (ineqToStrict.contains(op) || strictIneq.contains(op)) && AlgebraicSimplifications(
+          BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
+        ) == TrueLiteral
+          && lhs == lhs2 => {
+      l
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(op, lhs, rhs: BitVecLiteral), BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
+        if isIneq(op) && AlgebraicSimplifications(
+          BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
+        ) == TrueLiteral
+          && lhs == lhs2 => {
+      l
+    }
+    case BinaryExpr(
+          BoolOR,
+          BinaryExpr(BoolAND, l @ BinaryExpr(op1, lhs1, lb: Literal), r @ BinaryExpr(op2, lhs3, rb: Literal)),
+          d @ BinaryExpr(BVEQ, lhs2, rhs2: Literal)
+        )
+        if isIneq(op1) && isIneq(op2) && lhs1 == lhs2 && lhs3 == lhs2
+          && {
+            val ls = AlgebraicSimplifications(BinaryExpr(BoolOR, l, d))
+            val rs = AlgebraicSimplifications(BinaryExpr(BoolOR, r, d))
+            (ls, rs) match {
+              case (BinaryExpr(_, l, r: Literal), BinaryExpr(_, ll, rr: Literal)) => true
+              case _                                                              => false
+            }
+          } => {
+      BinaryExpr(
+        BoolAND,
+        AlgebraicSimplifications(BinaryExpr(BoolOR, l, d)),
+        AlgebraicSimplifications(BinaryExpr(BoolOR, r, d))
+      )
+    }
+    //case BinaryExpr(BoolAND, l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, BitVecLiteral(rhs, _))), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, BitVecLiteral(rhs2, _))))
+    //  if (op == BVULT || op == BVSLT) && rhs <= rhs2 && lhs == lhs2 => {
+    //  l
+    //}
+    //case BinaryExpr(BoolAND, l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, BitVecLiteral(rhs, _))), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, BitVecLiteral(rhs2, _))))
+    //  if (op == BVUGE || op == BVSGE) && rhs > rhs2 && lhs == lhs2 => {
+    //  l
+    //}
+    //case BinaryExpr(BoolAND, l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, BitVecLiteral(rhs, _))), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, BitVecLiteral(rhs2, _))))
+    //  if (op == BVUGT || op == BVSGT) && rhs >= rhs2 && lhs == lhs2 => {
+    //  l
+    //}
+
+    case BinaryExpr(
+          BoolAND,
+          BinaryExpr(op, lhs, rhs),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _)))
+        )
+        if ineqToStrict.contains(op) &&
+          rhs == rhs2 && (AlgebraicSimplifications(lhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, lhs2))) => {
+      BinaryExpr(ineqToStrict(op), lhs, rhs)
+    }
+
+    // TODO: below are possibly redundant due to changed canonical form
+    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2)))
+        if ineqToStrict.contains(op) &&
+          lhs == lhs2 && rhs == rhs2 => {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
-    case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _))))
-      if rhs == rhs2 && (AlgebraicSimplifications(lhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, lhs2))) && ineqToStrict.contains(op) => {
+    case BinaryExpr(
+          BoolAND,
+          BinaryExpr(op, lhs, rhs),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _)))
+        )
+        if ineqToStrict.contains(op) &&
+          lhs == lhs2 && AlgebraicSimplifications(rhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, rhs2)) => {
       BinaryExpr(ineqToStrict(op), lhs, rhs)
     }
 
@@ -429,6 +502,175 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
         case _            => e
       }
     }
+    case o => {
+      didAnything = false
+      o
+    }
+  }
+  (r, didAnything)
+}
+
+def bool2bv1(e: Expr) = {
+  e.getType match {
+    case BitVecType(1) => e
+    case BoolType      => UnaryExpr(BoolToBV1, e)
+    case _             => ???
+  }
+
+}
+
+def isIneq(b: BinOp) = {
+  ineqToStrict.contains(b) || strictIneq.contains(b)
+}
+
+val ineqToStrict = Map[BinOp, BinOp](
+  BVSGE -> BVSGT,
+  BVUGE -> BVUGT,
+  BVSLE -> BVSLT,
+  BVULE -> BVULT
+)
+
+val strictToNonStrict = Map[BinOp, BinOp](
+  BVSGT -> BVSGE,
+  BVUGT -> BVUGE,
+  BVSLT -> BVSLE,
+  BVULT -> BVULE
+)
+
+val strictIneq = Set[BinOp](
+  BVSGT,
+  BVUGT,
+  BVSLT,
+  BVULT
+)
+
+def simplifyExpr(e: Expr): (Expr, Boolean) = {
+  // println((0 until indent).map(" ").mkString("") + e)
+
+  def pushExtend(e: Expr, extend: Expr => Expr): Expr = {
+    e match {
+      case BinaryExpr(op, lhs, rhs) if size(e).isDefined =>
+        BinaryExpr(op, pushExtend(lhs, extend), pushExtend(rhs, extend))
+      case UnaryExpr(op, v) if size(e).isDefined => UnaryExpr(op, pushExtend(v, extend))
+      case l: Literal if size(l).isDefined       => extend(l)
+      case v: Variable if size(v).isDefined      => extend(v)
+      case e: Extract                            => extend(e)
+      case e: SignExtend                         => extend(e)
+      case e: ZeroExtend                         => extend(e)
+      case o                                     => o
+    }
+  }
+
+  def bvLogOpToBoolOp = Map[BinOp, BinOp](
+    // logical ops when bv1
+    BVAND -> BoolAND,
+    BVOR -> BoolOR
+  )
+
+  /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
+    * more effective when applied iteratively until a fixed point.
+    */
+  var didAnything = true
+  val simped = e match {
+    // constant folding
+    // const + (expr + const) -> expr + (const + const)
+
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral)
+        if !body.isInstanceOf[Literal] =>
+      BinaryExpr(BVADD, (body), (BinaryExpr(BVADD, r, l)))
+
+    //case BinaryExpr(BVADD, BinaryExpr(BVADD, body1, r1: BitVecLiteral), BinaryExpr(BVADD, body2, r2)) => {
+    //  BinaryExpr(BVADD, BinaryExpr(BVADD, body1, body2), BinaryExpr(BVADD, r1, r2))
+    //}
+
+    case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), (body))
+
+    case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), (body))
+    case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
+      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), (body))
+
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral)) =>
+      BinaryExpr(BVADD, (BinaryExpr(BVADD, l, r)), (BinaryExpr(BVADD, lc, rc)))
+    // normalise
+    // make all comparisons positive so double negatives can be cleaned up
+    case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, (x), (y)), BitVecLiteral(1, 1)))
+    case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (l), BitVecLiteral(1, 1)))
+    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
+      BinaryExpr(BVEQ, (e1), (e2))
+    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+    case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+
+    case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
+        if !a.isInstanceOf[Literal] && !c.isInstanceOf[Literal]
+          && assocOps.contains(op) && op == op1 && op == op2 =>
+      BinaryExpr(op, BinaryExpr(op, a, c), BinaryExpr(op, b, d))
+
+    case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
+      BinaryExpr(op, (y), (x))
+
+    case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
+
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _))
+        if !(y.isInstanceOf[BitVecLiteral]) =>
+      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, ed @ SignExtend(sz, UnaryExpr(BVNOT, x))), BitVecLiteral(1, sz2))
+        if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) =>
+      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x)))
+
+    /*
+     * Simplify BVop to Bool ops in a boolean context.
+     */
+
+    /* intro bool2bv */
+    case BinaryExpr(
+          BVCOMP,
+          l,
+          r
+        ) => {
+      bool2bv1(BinaryExpr(BVEQ, l, r))
+    }
+    /* push bool2bv upwards */
+    case BinaryExpr(
+          bop,
+          UnaryExpr(BoolToBV1, l),
+          UnaryExpr(BoolToBV1, r)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
+    }
+    case BinaryExpr(
+          bop,
+          UnaryExpr(BoolToBV1, l),
+          UnaryExpr(BoolToBV1, r)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
+    }
+
+    case UnaryExpr(BVNOT, UnaryExpr(BoolToBV1, arg)) =>
+      bool2bv1(UnaryExpr(BoolNOT, arg))
+
+    /* remove bool2bv in boolean context */
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1))  => body
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => BinaryExpr(BoolEQ, (l), (r))
+    case UnaryExpr(BoolToBV1, FalseLiteral)                                 => BitVecLiteral(0, 1)
+    case UnaryExpr(BoolToBV1, TrueLiteral)                                  => BitVecLiteral(1, 1)
+
+    case BinaryExpr(BoolAND, x, TrueLiteral)  => x
+    case BinaryExpr(BoolAND, x, FalseLiteral) => FalseLiteral
+    case BinaryExpr(BoolOR, x, FalseLiteral)  => x
+    case BinaryExpr(BoolOR, x, TrueLiteral)   => TrueLiteral
+
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s))
+        if ir.eval.BitVectorEval.isNegative(y) =>
+      BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y))
+
+    case BinaryExpr(BVCONCAT, BitVecLiteral(0, sz), expr) => ZeroExtend(sz, expr)
+    case BinaryExpr(BVCONCAT, expr, BitVecLiteral(0, sz)) if (BigInt(2).pow(sz + size(expr).get) > sz) =>
+      BinaryExpr(BVSHL, ZeroExtend(sz, expr), BitVecLiteral(sz, sz + size(expr).get))
 
     // identities
     case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => (body)
@@ -439,6 +681,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case Repeat(1, body)                                                                 => (body)
     case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
     case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
+    case Extract(ed, 0, ZeroExtend(exts, body)) if exts + size(body).get >= ed  && ed > size(body).get    => ZeroExtend(ed - size(body).get, body)
 
     case BinaryExpr(BVXOR, l, r) if l == r =>
       e.getType match {
@@ -454,9 +697,8 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case Extract(ed, bg, ZeroExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
     case Extract(ed, bg, SignExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
 
-    case BinaryExpr(BVEQ, ZeroExtend(sz, expr), BitVecLiteral(0, sz2)) => BinaryExpr(BVEQ, expr, BitVecLiteral(0, size(expr).get))
-
-
+    case BinaryExpr(BVEQ, ZeroExtend(sz, expr), BitVecLiteral(0, sz2)) =>
+      BinaryExpr(BVEQ, expr, BitVecLiteral(0, size(expr).get))
 
     // double negation
     case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => (body)
@@ -468,8 +710,8 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
 
     // compose slices
     case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 + be2, be1 + be2, (body))
-    case SignExtend(sz1, SignExtend(sz2, exp)) => SignExtend(sz1 + sz2, exp)
-    case ZeroExtend(sz1, ZeroExtend(sz2, exp)) => ZeroExtend(sz1 + sz2, exp)
+    case SignExtend(sz1, SignExtend(sz2, exp))      => SignExtend(sz1 + sz2, exp)
+    case ZeroExtend(sz1, ZeroExtend(sz2, exp))      => ZeroExtend(sz1 + sz2, exp)
 
     // (comp (comp x y) 1) = (comp x y)
     case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 556ee20e1..48ac618d4 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -28,7 +28,7 @@ trait AbstractDomain[L] {
   def bot: L
 }
 
-def getLiveVars(p: Procedure) = {
+def getLiveVars(p: Procedure) : (Map[Block, Set[Variable]], Map[Block, Set[Variable]]) = {
   val liveVarsDom = IntraLiveVarsDomain()
   val liveVarsSolver = worklistSolver(liveVarsDom)
   liveVarsSolver.solveProc(p, backwards = true)
@@ -643,7 +643,7 @@ class CleanupAssignments() extends CILVisitor {
   var redundantAssignments = Set[Assign]()
 
   def isRedundant(a: Assign) = {
-    redundantAssignments.contains(a)
+    a.lhs == a.rhs || redundantAssignments.contains(a)
   }
 
   override def vproc(p: Procedure) = {
@@ -685,6 +685,11 @@ def copypropTransform(p: Procedure) = {
   t.checkPoint("redundant assignments")
   // Logger.info(s"    ${p.name} after dead var cleanup expr complexity ${ExprComplexity()(p)}")
 
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
+  visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
@@ -774,9 +779,6 @@ def doCopyPropTransform(p: Program) = {
 
   applyRPO(p)
 
-  removeEmptyBlocks(p)
-  coalesceBlocks(p)
-  removeEmptyBlocks(p)
 
   Logger.info("[!] Simplify :: Expr/Copy-prop Transform")
   val work = p.procedures
@@ -809,8 +811,11 @@ def doCopyPropTransform(p: Program) = {
 
   removeEmptyBlocks(p)
   coalesceBlocks(p)
+  removeEmptyBlocks(p)
   coalesceBlocks(p)
+  removeEmptyBlocks(p)
   coalesceBlocks(p)
+  removeEmptyBlocks(p)
   coalesceBlocks(p)
   removeEmptyBlocks(p)
 
@@ -996,6 +1001,16 @@ object CCP {
 
 object CopyProp {
 
+
+  def forwardFlagCalc(p: Procedure) = {
+    val (beforeLive, afterLive) = getLiveVars(p)
+    val dom = DefUseDomain(beforeLive)
+    val solver = worklistSolver(dom)
+    // type rtype = Map[Block, Map[Variable, Set[Assign | DirectCall]]]
+    val (beforeRes, afterRes) = solver.solveProc(p)
+
+  }
+
   def isFlagVar(l: Variable) = {
     val flagNames = Set("ZF", "VF", "CF", "NF")
     l match {
@@ -1103,7 +1118,7 @@ object CopyProp {
           )(e)
 
       // partial eval after prop
-      visit_expr(AlgebraicSimplifications, ne.getOrElse(e))
+      eval.simplifyExprFixpoint(false)(ne.getOrElse(e))
     }
 
     def propfp(e: Expr) = {
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 30edde03c..110fb2fd1 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -106,6 +106,7 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
       case BVNEQ        => ???
       case IntNEQ       => ???
       case BoolNEQ      => ???
+      case BoolOR       => "or"
       case BVCONCAT     => "concat"
       case b: BVBinOp   => "bv" + b.opName
       case b: BoolBinOp => b.opName
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 4df05ea59..2ca777498 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -566,18 +566,18 @@ object RunUtils {
     if write then writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
 
     // brute force run the analysis twice because it cleans up more stuff
-    assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
+    //assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
     transforms.doCopyPropTransform(ctx.program)
     if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
-    assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
+    // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
 
     assert(invariant.blockUniqueLabels(ctx.program))
     Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
     if write then writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
 
 
-    val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
-    assert(x)
+    // val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+    //assert(x)
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("DSA Check (after transform)")
       val x = ctx.program.procedures.forall(transforms.rdDSAProperty)

From 6ea3b1a190fe62bd6d8485ae05794668428d0be3 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 7 Nov 2024 12:54:19 +1000
Subject: [PATCH 092/127] improve shift/extend/extract removal

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 187 +++++++++++++++++-----
 src/main/scala/ir/transforms/Simp.scala   |   7 +-
 2 files changed, 150 insertions(+), 44 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index b87205e4b..d0e47e846 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -17,6 +17,28 @@ object AlgebraicSimplifications extends CILVisitor {
   }
 }
 
+def cleanupSimplify(p: Procedure) = {
+
+  class Simplify extends CILVisitor {
+    override def vexpr(e: Expr) =  {
+      ChangeDoChildrenPost(e, e => {
+        var (ne,changed) = cleanupExtends(e)
+        while (changed) {
+          val (ne2,changed2) = cleanupExtends(ne)
+          ne = ne2
+          changed = changed2
+        }
+        logSimp(e, ne)
+        ne
+      })
+
+    }
+  }
+
+  visit_proc(Simplify(), p)
+
+}
+
 object SimplifyValidation {
   var traceLog = mutable.LinkedHashSet[(Expr, Expr)]()
   var validate: Boolean = false
@@ -50,6 +72,16 @@ object SimplifyValidation {
   }
 }
 
+def logSimp(e: Expr, ne: Expr) = {
+  if (e != ne) {
+    val normer = VarNameNormalise()
+    val a = visit_expr(normer, e)
+    val b = visit_expr(normer, ne)
+
+    SimplifyValidation.traceLog.add((a, b))
+  }
+}
+
 def simplifyExprFixpoint(conditions: Boolean = false)(e: Expr): Expr = {
   val begin = e
   var pe = e
@@ -72,11 +104,7 @@ def simplifyExprFixpoint(conditions: Boolean = false)(e: Expr): Expr = {
 
       if (SimplifyValidation.validate) {
         // normalise to deduplicate log entries
-        val normer = VarNameNormalise()
-        val a = visit_expr(normer, p)
-        val b = visit_expr(normer, ne)
-
-        SimplifyValidation.traceLog.add((a, b))
+        // logSimp(p, ne)
       }
 
     }
@@ -122,7 +150,7 @@ class VarNameNormalise() extends CILVisitor {
     }
   }
 
-  override def vlvar(v: Variable) = {
+  override def vrvar(v: Variable) = {
     if (assigned.contains(v)) {
       ChangeTo(assigned(v))
     } else {
@@ -247,7 +275,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
       // C not Set
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y1)))
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, y1)))
     }
 
     case BinaryExpr(
@@ -260,7 +288,9 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && (y2) == (ZeroExtend(exts, y1))
           && (z2) == (ZeroExtend(exts, z1)) => {
       // C not Set
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1))))
+      // TODO: dead
+      Logger.error("HIT1")
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, BinaryExpr(BVADD, y1, z1))))
     }
 
     case BinaryExpr(
@@ -274,7 +304,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
             BinaryExpr(BVADD, ZeroExtend(exts, x2), (BinaryExpr(BVADD, ZeroExtend(exts, y2), z2)))
           ) => {
       // C not Set
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, z1)))
+      UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, z1)))
     }
 
     case BinaryExpr(
@@ -405,13 +435,6 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && lhs == lhs2 => {
       l
     }
-    case BinaryExpr(BoolOR, l @ BinaryExpr(op, lhs, rhs: BitVecLiteral), BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
-        if isIneq(op) && AlgebraicSimplifications(
-          BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
-        ) == TrueLiteral
-          && lhs == lhs2 => {
-      l
-    }
     case BinaryExpr(
           BoolOR,
           BinaryExpr(BoolAND, l @ BinaryExpr(op1, lhs1, lb: Literal), r @ BinaryExpr(op2, lhs3, rb: Literal)),
@@ -502,6 +525,34 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
         case _            => e
       }
     }
+    // constant case combine overlaping
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
+      if x == x2 && y.value == z.value => {
+      BinaryExpr(BVULE, x, z)
+    }
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
+      if x == x2 && y.value + 1 == z .value=> {
+      BinaryExpr(BVULE, x, z)
+    }
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
+      if x == x2 && y.value == z.value => {
+      BinaryExpr(BVUGE, x, z)
+    }
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
+      if x == x2 && y.value - 1 == z.value=> {
+      BinaryExpr(BVULE, x, z)
+    }
+    // TODO; we can generalise
+    // below is wrong obviously; would be good to have a better 'in-interval' notion
+    //case BinaryExpr(BoolOR, l @ BinaryExpr(op, lhs, rhs: BitVecLiteral), BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
+    //    if isIneq(op) && AlgebraicSimplifications(
+    //      BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
+    //    ) == TrueLiteral
+    //      && lhs == lhs2 => {
+    //  l
+    //}
+
+
     case o => {
       didAnything = false
       o
@@ -544,6 +595,82 @@ val strictIneq = Set[BinOp](
   BVULT
 )
 
+
+def cleanupExtends(e: Expr): (Expr, Boolean) = {
+  // this 'de-canonicalises' to some extent, but makes the resulting program simpler, so we perform as a post pass
+
+  var changedAnything = true
+
+  val res = e match {
+    case Extract(ed, 0, body) if size(body).get == ed                        => (body)
+    case ZeroExtend(0, body)                                                             => (body)
+    case SignExtend(0, body)                                                             => (body)
+    case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => (body)
+    case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => (body)
+    case Repeat(1, body)                                                                 => (body)
+    case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
+    case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
+    case Extract(ed, 0, ZeroExtend(exts, body)) if exts + size(body).get >= ed  && ed > size(body).get    => ZeroExtend(ed - size(body).get, body)
+
+    case BinaryExpr(BVEQ, ZeroExtend(x, body), y: BitVecLiteral) 
+    if y.value <= BigInt(2).pow(size(body).get) - 1 => BinaryExpr(BVEQ, body, BitVecLiteral(y.value, size(body).get))
+
+    case BinaryExpr(BVEQ, ZeroExtend(sz, expr), BitVecLiteral(0, sz2)) =>
+      BinaryExpr(BVEQ, expr, BitVecLiteral(0, size(expr).get))
+
+    // compose slices
+    case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 + be2, be1 + be2, (body))
+    case SignExtend(sz1, SignExtend(sz2, exp))      => SignExtend(sz1 + sz2, exp)
+    case ZeroExtend(sz1, ZeroExtend(sz2, exp))      => ZeroExtend(sz1 + sz2, exp)
+
+    // make subs more readable
+    case BinaryExpr(BVADD, x, b: BitVecLiteral) if eval.BitVectorEval.isNegative(b) => {
+      BinaryExpr(BVSUB, x, eval.BitVectorEval.smt_bvneg(b))
+    }
+
+    // redundant extends
+    // extract extended zero part
+    case Extract(ed, bg, ZeroExtend(x, expr)) if (bg > size(expr).get) => BitVecLiteral(0, ed - bg)
+    // extract below extend
+    case Extract(ed, bg, ZeroExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
+    case Extract(ed, bg, SignExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
+
+    case BinaryExpr(BVSHL, body, BitVecLiteral(n, _)) if size(body).get <= n => BitVecLiteral(0, size(body).get)
+
+    // simplify convoluted bit test
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body), BitVecLiteral(n, _)), BitVecLiteral(0, _)) 
+      if n1 == n => {
+        BinaryExpr(BVEQ, body, BitVecLiteral(0, size(body).get))
+    }
+    //     assume (!(bvshl8(zero_extend6_2(R3_19[8:6]), 6bv8) == 128bv8));
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body @ Extract(hi, lo, v)), BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _)) 
+      if lo == n && cval >= BigInt(2).pow(lo + n.toInt) => {
+        BinaryExpr(BVEQ, body, Extract(hi + n.toInt, lo + n.toInt, c))
+    }
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, b, BitVecLiteral(n, _)), c @ BitVecLiteral(0, _)) => {
+        // b low bits are all zero due to shift
+        BinaryExpr(BVEQ, b, BitVecLiteral(0, size(b).get))
+    }
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, b, BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _)) 
+      if cval != 0 && cval < BigInt(2).pow(n.toInt) => {
+        // low bits are all zero due to shift, and cval low bits are not zero
+        FalseLiteral
+    }
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body @ Extract(hi, lo, v)), BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _)) 
+      if lo == n && cval >= BigInt(2).pow(n.toInt) => {
+        // extract the part of cval we are testing and remove the shift on the lhs operand
+        BinaryExpr(BVEQ, body, Extract((hi - lo) + n.toInt, n.toInt, c))
+    }
+
+    case r => {
+      changedAnything = false
+      r
+    }
+  }
+
+  (res, changedAnything)
+}
+
 def simplifyExpr(e: Expr): (Expr, Boolean) = {
   // println((0 until indent).map(" ").mkString("") + e)
 
@@ -672,17 +799,8 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVCONCAT, expr, BitVecLiteral(0, sz)) if (BigInt(2).pow(sz + size(expr).get) > sz) =>
       BinaryExpr(BVSHL, ZeroExtend(sz, expr), BitVecLiteral(sz, sz + size(expr).get))
 
-    // identities
-    case Extract(ed, 0, body) if (body.getType == BitVecType(ed))                        => (body)
-    case ZeroExtend(0, body)                                                             => (body)
-    case SignExtend(0, body)                                                             => (body)
-    case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => (body)
-    case BinaryExpr(BVMUL, body, BitVecLiteral(1, _))                                    => (body)
-    case Repeat(1, body)                                                                 => (body)
-    case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
-    case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
-    case Extract(ed, 0, ZeroExtend(exts, body)) if exts + size(body).get >= ed  && ed > size(body).get    => ZeroExtend(ed - size(body).get, body)
 
+    // identities
     case BinaryExpr(BVXOR, l, r) if l == r =>
       e.getType match {
         case BitVecType(sz) => BitVecLiteral(0, sz)
@@ -690,16 +808,6 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
       }
     case BinaryExpr(BoolEQ, x, FalseLiteral) => UnaryExpr(BoolNOT, x)
 
-    // redundant extends
-    // extract extended zero part
-    case Extract(ed, bg, ZeroExtend(x, expr)) if (bg > size(expr).get) => BitVecLiteral(0, ed - bg)
-    // extract below extend
-    case Extract(ed, bg, ZeroExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
-    case Extract(ed, bg, SignExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
-
-    case BinaryExpr(BVEQ, ZeroExtend(sz, expr), BitVecLiteral(0, sz2)) =>
-      BinaryExpr(BVEQ, expr, BitVecLiteral(0, size(expr).get))
-
     // double negation
     case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => (body)
     case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => (body)
@@ -708,10 +816,6 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     // syntactic equality
     case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => TrueLiteral
 
-    // compose slices
-    case Extract(ed1, be1, Extract(ed2, be2, body)) => Extract(ed1 + be2, be1 + be2, (body))
-    case SignExtend(sz1, SignExtend(sz2, exp))      => SignExtend(sz1 + sz2, exp)
-    case ZeroExtend(sz1, ZeroExtend(sz2, exp))      => ZeroExtend(sz1 + sz2, exp)
 
     // (comp (comp x y) 1) = (comp x y)
     case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
@@ -725,6 +829,9 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
       BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1))
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
+
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)) => BinaryExpr(BVEQ, x, y)
+
     case r => {
       didAnything = false
       r
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 48ac618d4..65b015408 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -689,10 +689,9 @@ def copypropTransform(p: Procedure) = {
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
+  ir.eval.cleanupSimplify(p)
+  ir.eval.cleanupSimplify(p)
+  ir.eval.cleanupSimplify(p)
   // visit_proc(AlgebraicSimplifications, p)
   // visit_proc(AlgebraicSimplifications, p)
   // visit_proc(AlgebraicSimplifications, p)

From 3beb84df84bea87bdadd1eb4b5c7a9d406a250d7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 7 Nov 2024 16:22:10 +1000
Subject: [PATCH 093/127] improve cond detection

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 99 +++++++++++++++++++++--
 src/main/scala/ir/transforms/Simp.scala   |  2 -
 2 files changed, 91 insertions(+), 10 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index d0e47e846..29d49bd4f 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -196,6 +196,11 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     /** https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
       *
       * match NF == VF
+      *
+      * (declare-const Var2 (_ BitVec 64))
+      * (declare-const Var3 (_ BitVec 64))
+      * (assert (! (not (= (= (bvslt (bvadd Var2 Var3) (_ bv0 64)) (not (= (concat ((_ extract 63 63) (bvadd Var2 Var3)) (bvadd Var2 Var3)) (bvadd (concat ((_ extract 63 63) Var2) Var2) (concat ((_ extract 63 63) Var3) Var3))))) (bvsgt Var2 (bvnot Var3)))) :named simp105))
+      *
       */
     case BinaryExpr(
           // add case
@@ -207,15 +212,39 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
             BoolNOT,
             BinaryExpr(
               BVEQ,
-              SignExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
-              compar @ BinaryExpr(o2, x2, y2)
+              SignExtend(exts, orig @ BinaryExpr(BVADD, x1, y1)),
+              compar @ BinaryExpr(BVADD, x2, y2)
             ) // high precision op
           )
         )
-        if sz > 1 && (o1 == o2) && o1 == BVADD && (lhs) == (orig)
+        if sz > 1 && lhs == orig
           && AlgebraicSimplifications(SignExtend(exts, x1)) == x2
           && AlgebraicSimplifications(SignExtend(exts, y1)) == y2 => {
-      BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
+      val n = BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
+      logSimp(e, n)
+      n
+    }
+
+    // special case for collapsed cmp 0 x
+    case BinaryExpr(
+          // add case
+          BoolEQ,
+          // N set
+          (BinaryExpr(BVSLT, lhs @ UnaryExpr(BVNOT, _), BitVecLiteral(0, sz))),
+          // V set
+          UnaryExpr(
+            BoolNOT,
+            BinaryExpr(
+              BVEQ,
+              SignExtend(exts, orig @ UnaryExpr(BVNOT, x2)),
+              compar @ BinaryExpr(BVADD, SignExtend(_, UnaryExpr(BVNOT, x3)), BitVecLiteral(2, _))
+            ) // high precision op
+          )
+        )
+        if sz >= 8 && lhs == orig && x2 == x3
+          => {
+      val n = BinaryExpr(BVSLE, BitVecLiteral(0, sz), x2)
+      n
     }
 
 
@@ -275,7 +304,18 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
           && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
       // C not Set
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, y1)))
+      val n = UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, y1)))
+      // logSimp(e, n)
+      n
+    }
+
+    case BinaryExpr(BVEQ, ZeroExtend(sz, v), 
+        BinaryExpr(BVADD, ZeroExtend(sz2, v2), BitVecLiteral(mv, _))) 
+      if sz == sz2 && v == v2 && mv == BigInt(2).pow(size(v).get)  => {
+      // special case for comparison collapsed cmp 0 - v
+      val ne = UnaryExpr(BoolNOT, BinaryExpr(BVUGT, v, UnaryExpr(BVNEG, BitVecLiteral(1, size(v).get))))
+      // logSimp(e, ne)
+      ne
     }
 
     case BinaryExpr(
@@ -435,6 +475,11 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && lhs == lhs2 => {
       l
     }
+
+    case BinaryExpr(BoolAND, lhs @ BinaryExpr(op, l, r), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, l2, r2))) if strictIneq.contains(op) && l == l2 && r == r2=> {
+      lhs
+    }
+
     case BinaryExpr(
           BoolOR,
           BinaryExpr(BoolAND, l @ BinaryExpr(op1, lhs1, lb: Literal), r @ BinaryExpr(op2, lhs3, rb: Literal)),
@@ -525,7 +570,22 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
         case _            => e
       }
     }
-    // constant case combine overlaping
+
+    // subsume constant bound
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVUGE, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value >= y.value => {
+      l
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVULE, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value <= y.value => {
+      l
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVUGT, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value > y.value => {
+      l
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVULT, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value < y.value => {
+      l
+    }
+
+    // relax bound by 1
     case e @ BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
       if x == x2 && y.value == z.value => {
       BinaryExpr(BVULE, x, z)
@@ -542,6 +602,25 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       if x == x2 && y.value - 1 == z.value=> {
       BinaryExpr(BVULE, x, z)
     }
+
+    // tighten bound by 1
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVUGT, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
+      if x == x2 && z.value == y.value + 1 => {
+      BinaryExpr(BVUGT, x, z)
+    }
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
+      if x == x2 && z.value == y.value - 1 => {
+      BinaryExpr(BVULT, x, z)
+    }
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVUGE, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
+      if x == x2 && z.value == y.value + 1 => {
+      BinaryExpr(BVUGT, x, z)
+    }
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULE, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
+      if x == x2 && z.value == y.value - 1 => {
+      BinaryExpr(BVULT, x, z)
+    }
+
     // TODO; we can generalise
     // below is wrong obviously; would be good to have a better 'in-interval' notion
     //case BinaryExpr(BoolOR, l @ BinaryExpr(op, lhs, rhs: BitVecLiteral), BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
@@ -749,6 +828,9 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
         if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) =>
       BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x)))
 
+    case BinaryExpr(BVADD, UnaryExpr(BVNEG, x), BitVecLiteral(1, _)) => UnaryExpr(BVNOT, x)
+    case BinaryExpr(BVADD, BitVecLiteral(1, _), UnaryExpr(BVNEG, x)) => UnaryExpr(BVNOT, x)
+
     /*
      * Simplify BVop to Bool ops in a boolean context.
      */
@@ -791,8 +873,7 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BoolOR, x, FalseLiteral)  => x
     case BinaryExpr(BoolOR, x, TrueLiteral)   => TrueLiteral
 
-    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s))
-        if ir.eval.BitVectorEval.isNegative(y) =>
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s)) =>
       BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y))
 
     case BinaryExpr(BVCONCAT, BitVecLiteral(0, sz), expr) => ZeroExtend(sz, expr)
@@ -831,6 +912,8 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
 
     case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)) => BinaryExpr(BVEQ, x, y)
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, _)) 
+      if (eval.BitVectorEval.isNegative(y)) => BinaryExpr(BVEQ, x, eval.BitVectorEval.smt_bvneg(y))
 
     case r => {
       didAnything = false
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 65b015408..6b478e166 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -690,8 +690,6 @@ def copypropTransform(p: Procedure) = {
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   ir.eval.cleanupSimplify(p)
-  ir.eval.cleanupSimplify(p)
-  ir.eval.cleanupSimplify(p)
   // visit_proc(AlgebraicSimplifications, p)
   // visit_proc(AlgebraicSimplifications, p)
   // visit_proc(AlgebraicSimplifications, p)

From 7c0c98b2d97eafcc838bcca6ecc590aadf70f86d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 7 Nov 2024 16:57:58 +1000
Subject: [PATCH 094/127] revert to old slice removal

---
 src/main/scala/ir/transforms/Simp.scala | 350 ++++--------------------
 1 file changed, 54 insertions(+), 296 deletions(-)

diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 6b478e166..98718347a 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -164,73 +164,13 @@ def removeSlices(p: Program): Unit = {
   p.procedures.foreach(removeSlices)
 }
 
-def circularDeps(p: Procedure): Set[Variable] = {
-
-  /** this is flow insensitive, used to remove copy prop candidates which produce a substitution cycle
-    */
-
-  case class VTerm(v: Variable) extends analysis.solvers.Var[VTerm]
-
-  // map variable to the representative of the set of dependencies
-  val results = mutable.Map[Variable, VTerm]()
-  val ufsolver = analysis.solvers.UnionFindSolver[VTerm]()
-
-  def addDependency(lhs: Variable, dependency: Variable) = {
-    val rep = results.get(lhs) match {
-      case Some(d) => {
-        ufsolver.unify(d, VTerm(dependency))
-        val nrep = ufsolver.find(d).asInstanceOf[VTerm]
-        results(lhs) = nrep
-      }
-      case None => VTerm(dependency)
-    }
-  }
-
-  p.foreach {
-    case (Assign(lhs: LocalVar, rhs, _)) => {
-      for (rvar <- rhs.variables) {
-        addDependency(lhs, rvar)
-      }
-    }
-    case d: DirectCall => {
-      // unify formal and actual
-      for (rvar <- d.actualParams) {
-        for (r <- rvar._2.variables) {
-          addDependency(rvar._1, r)
-        }
-      }
-      for (lvar <- d.outParams) {
-        addDependency(lvar._1, lvar._2)
-        for (rvar <- d.actualParams.flatMap(_._2.variables)) {
-          // unify in and out
-          addDependency(lvar._2, rvar)
-        }
-      }
-    }
-    case _ => ()
-  }
-
-  val unif = ufsolver.unifications().map((k, v) => (k, v.toSet)).toMap
-  val circular = results
-    .filter((v, rep) => {
-      unif(rep).contains(VTerm(v))
-    })
-    .map((v, rep) => v)
-    .toSet
-
-  circular
-
-}
 
 def removeSlices(p: Procedure): Unit = {
-  case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
-
   /** if for each variable v there is some i:int such that (i) all its assignments have a ZeroExtend(i, x) and (ii) all
     * its uses have Extract(size(v) - i, 0, v) Then we replace v by a variable of bitvector size (size(v) - i)
     *
     * We check this flow-insensitively and recover precision using DSA form.
     */
-
   val assignments: Map[LocalVar, Iterable[Assign]] = p
     .collect { case a: Assign =>
       a
@@ -239,33 +179,29 @@ def removeSlices(p: Procedure): Unit = {
     .collect { case (k: LocalVar, v) =>
       (k, v)
     }
-
   enum HighZeroBits:
-    case Bits(
-        n: Int,
-        var unifromAccesses: Boolean = true,
-        highAlwaysZero: Option[Int] = None
-    ) // most significant bit that is accessed (and all below)
+    case Bits(n: Int) // (i) and (ii) hold; the n highest bits are redundant
     case False // property is false
     case Bot // don't know anything
-
+  def size(e: Expr) = {
+    e.getType match {
+      case BitVecType(s) => Some(s)
+      case _             => None
+    }
+  }
+  case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
   // unify variable uses across direct assignments
   val ufsolver = analysis.solvers.UnionFindSolver[LVTerm]()
-  assignments.foreach {
+  val unioned = assignments.foreach {
     case (lv, Assign(lhs: LocalVar, rhs: LocalVar, _)) => ufsolver.unify(LVTerm(lhs), LVTerm(rhs))
     case _                                             => ()
   }
-
-  def getRep(v: LocalVar): LocalVar = ufsolver.find(LVTerm(v)).asInstanceOf[LVTerm].v
-
   val unifiedAssignments = ufsolver
     .unifications()
-    .map {
-      case (v: LVTerm, rvs) =>
-        v.v -> (rvs.map { case LVTerm(rv) =>
-          rv
-        }).toSet
-      case _ => ???
+    .map { case (v: LVTerm, rvs) =>
+      v.v -> (rvs.map { case LVTerm(rv) =>
+        rv
+      }).toSet
     }
     .map((repr: LocalVar, elems: Set[LocalVar]) =>
       repr -> elems.flatMap(assignments(_).filter(_ match {
@@ -274,253 +210,82 @@ def removeSlices(p: Procedure): Unit = {
         case _                                                                                     => true
       }))
     )
-
-  class CheckUsesHaveExtend() extends CILVisitor {
-    val result: mutable.HashMap[LocalVar, HighZeroBits] =
-      mutable.HashMap[LocalVar, HighZeroBits]()
-
-    def extractAccess(actualVar: LocalVar, highestBit: Int): Unit = {
-      val v = getRep(actualVar)
-      // val v = actualVar
-      if (!size(v).isDefined) {
-        return ();
-      }
-
-      if (highestBit == size(v).get) {
-        result(v) = HighZeroBits.False
-      } else if (((!result.contains(v)) || result.get(v).contains(HighZeroBits.Bot))) {
-        result(v) = HighZeroBits.Bits(highestBit, true)
-      } else {
-        result(v) match {
-          case HighZeroBits.Bits(n, _, z) if highestBit > n && n != 0 => {
-            // relax constraint to bits accessed
-            result(v) = HighZeroBits.Bits(highestBit, false, z)
-          }
-          case HighZeroBits.Bits(n, _, _) if n >= highestBit => {
-            // access satisfied by upper constraint
-          }
-          case _ => ()
-        }
-      }
-    }
-
-    // TODO: make correct wrt casting if you know that you can extend to zero
-    //  - otherwise dont smallen variable
-    //  - allow casting at more points (e.g. copies)
-
-    override def vstmt(s: Statement) = {
-      s match {
-        case Assign(l: LocalVar, r: LocalVar, _) => {
-
-          /** direct copy ; use union-find result to process access * */
-          ufsolver.unify(LVTerm(l), LVTerm(r))
-          SkipChildren()
-        }
-        case Assign(v: LocalVar, ZeroExtend(sz, exp), _) => {
-          val l = getRep(v)
-          result.get(l) match {
-            case None => {
-              result(l) = HighZeroBits.Bits(0, true, Some(sz))
-            }
-            case Some(HighZeroBits.Bits(bits, o, None)) => {
-              result(l) = HighZeroBits.Bits(bits, o, Some(sz))
-            }
-            case Some(HighZeroBits.Bits(bits, o, Some(existing))) if existing <= sz => {
-              result(l) = HighZeroBits.Bits(bits, o, Some(existing))
-            }
-            case Some(HighZeroBits.Bits(bits, o, Some(existing))) if existing > sz => {
-              result(l) = HighZeroBits.Bits(bits, o, Some(sz))
-            }
-          }
-          DoChildren()
-        }
-        case Assign(v: LocalVar, exp, _) => {
-          val l = getRep(v)
-          result.get(l) match {
-            case None => {
-              result(l) = HighZeroBits.Bits(0, true, Some(0))
-            }
-            case Some(HighZeroBits.Bot) => {
-              result(l) = HighZeroBits.Bits(0, true, Some(0))
-            }
-            case Some(HighZeroBits.Bits(bits, o, Some(existing))) => {
-              result(l) = HighZeroBits.Bits(bits, o, Some(0))
-            }
-            case _ => {}
-          }
-          DoChildren()
-        }
-        case d: DirectCall => {
-
-          /** we always need to pass whole variable across calls since we analyse intraprocedurally */
-          d.outParams.map(_._2).collect {
-            case l: LocalVar => {
-              extractAccess(l, size(l).get)
-            }
-          }
-          d.actualParams.flatMap(_._2.variables).collect {
-            case l: LocalVar => {
-              extractAccess(l, size(l).get)
-            }
-          }
-          SkipChildren()
-        }
-        case _ => DoChildren()
-      }
-    }
-
-    override def vjump(j: Jump) = j match {
-      case r: Return => {
-        for ((formal, actual) <- r.outParams) {
-          actual match {
-            case v: LocalVar if (size(v).isDefined) => {
-              extractAccess(v, size(formal).get)
-            }
-            case _ => ()
-          }
-        }
-        SkipChildren()
+  // try and find a single extension size for all rhs of assignments to all variables in the assigned equality class
+  val varHighZeroBits: Map[LocalVar, HighZeroBits] = assignments.map((v, assigns) =>
+    // note: this overapproximates on x := y when x and y may both be smaller than their declared size
+    val allRHSExtended = assigns.foldLeft(HighZeroBits.Bot: HighZeroBits)((e, assign) =>
+      (e, assign.rhs) match {
+        case (HighZeroBits.Bot, ZeroExtend(i, lhs))                   => HighZeroBits.Bits(i)
+        case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i == ei => b
+        case (b @ HighZeroBits.Bits(ei), ZeroExtend(i, _)) if i != ei => HighZeroBits.False
+        case (HighZeroBits.False, _)                                  => HighZeroBits.False
+        case (_, other)                                               => HighZeroBits.False
       }
-      case _ => DoChildren()
-    }
-
-    override def vrvar(v: Variable) = {
-      v match {
-        case v: LocalVar if size(v).isDefined => {
-          result(getRep(v)) = HighZeroBits.False
-        }
-        case _ => ()
+    )
+    (v, allRHSExtended)
+  )
+  val varsWithExtend: Map[LocalVar, HighZeroBits] = assignments
+    .map((lhs, _) => {
+      // map all lhs to the result for their representative
+      val rep = ufsolver.find(LVTerm(lhs)) match {
+        case LVTerm(r) => r
       }
-      SkipChildren()
+      lhs -> varHighZeroBits.get(rep)
+    })
+    .collect { case (l, Some(x)) /* remove anything we have no information on */ =>
+      (l, x)
     }
-
+  class CheckUsesHaveExtend() extends CILVisitor {
+    val result: mutable.HashMap[LocalVar, HighZeroBits] =
+      mutable.HashMap[LocalVar, HighZeroBits]()
     override def vexpr(v: Expr) = {
       v match {
-        case Extract(i, 0, v: LocalVar) if size(v).isDefined => {
-          result(getRep(v)) = HighZeroBits.False
+        case Extract(i, 0, v: LocalVar)
+            if size(v).isDefined && result.get(v).contains(HighZeroBits.Bits(size(v).get - i)) =>
+          SkipChildren()
+        case v: LocalVar => {
+          result.remove(v)
           SkipChildren()
         }
         case _ => DoChildren()
       }
     }
-
-    def apply(p: Procedure): Map[LocalVar, HighZeroBits] = {
+    def apply(assignHighZeroBits: Map[LocalVar, HighZeroBits])(p: Procedure): Map[LocalVar, HighZeroBits] = {
       result.clear()
+      result.addAll(assignHighZeroBits)
       visit_proc(this, p)
       result.toMap
     }
   }
-
-  val onlyKeepWhereAllAccessesSliceSameBits = true
-  val toSmallen = CheckUsesHaveExtend()(p).collect { case (v, HighZeroBits.Bits(x, _, _)) =>
+  val toSmallen = CheckUsesHaveExtend()(varsWithExtend)(p).collect { case (v, HighZeroBits.Bits(x)) =>
     v -> x
   }.toMap
-
-  /** This transform moves bvextracts from the uses to the definition, if all uses have an extract of some size. Ideally
-    * this removes the extract in some cases. To bemore strict the val onlyKeepWhereAllAccessesSliceSameBits = true flag
-    * only applies this transform when all accesses have extactly the same slice, effectively removing the slice at
-    * access.
-    */
-
   class ReplaceAlwaysSlicedVars(varHighZeroBits: Map[LocalVar, Int]) extends CILVisitor {
-    var formals = Set[LocalVar]()
-
     override def vexpr(v: Expr) = {
       v match {
-        case Extract(i, 0, v: LocalVar)
-            if size(v).isDefined && !(formals.contains(v)) && varHighZeroBits.contains(getRep(v)) => {
-          val size = varHighZeroBits(getRep(v))
-          assert(size >= i)
-          if (size == i) {
-            ChangeTo(v.copy(irType = BitVecType(size)))
-          } else {
-            ChangeTo(Extract(i, 0, v.copy(irType = BitVecType(size))))
-          }
+        case Extract(i, 0, v: LocalVar) if size(v).isDefined && varHighZeroBits.contains(v) => {
+          ChangeTo(LocalVar(v.name, BitVecType(size(v).get - varHighZeroBits(v))))
         }
         case _ => DoChildren()
       }
     }
-
-    override def vlvar(v: Variable) = {
-      v match {
-        case lhs: LocalVar if (varHighZeroBits.contains(getRep(lhs)) && !formals.contains(getRep(lhs))) => {
-          val n = lhs.copy(irType = BitVecType(varHighZeroBits(getRep(lhs))))
-          ChangeTo(n)
-        }
-        case _ => SkipChildren()
-      }
-    }
-
-    override def vrvar(v: Variable) = {
-      v match {
-        case lhs: LocalVar if (varHighZeroBits.contains(getRep(lhs)) && !formals.contains(getRep(lhs))) => {
-          val n = lhs.copy(irType = BitVecType(varHighZeroBits(getRep(lhs))))
-          ChangeTo(n)
-        }
-        case _ => SkipChildren()
-      }
-    }
-
-    override def vproc(p: Procedure) = {
-      formals = p.formalInParam.toSet ++ p.formalOutParam.toSet
-      DoChildren()
-    }
-
     override def vstmt(s: Statement) = {
       s match {
-        case a @ Assign(lhs: LocalVar, rhs: LocalVar, _)
-            if varHighZeroBits.contains(getRep(lhs)) && varHighZeroBits.contains(getRep(rhs)) => {
-          assert(varHighZeroBits(getRep(lhs)) == varHighZeroBits(getRep(rhs)))
-          a.lhs = lhs.copy(irType = BitVecType(varHighZeroBits(getRep(lhs))))
-          a.rhs = rhs.copy(irType = BitVecType(varHighZeroBits(getRep(rhs))))
-          // if (varHighZeroBits(getRep(lhs)) == varHighZeroBits(getRep(rhs))) {
-          // } else if (varHighZeroBits(lhs) < varHighZeroBits(rhs)) {
-          //   a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(lhs)))
-          //   a.rhs = Extract(varHighZeroBits(lhs), 0, rhs.copy(irType=BitVecType(varHighZeroBits(rhs))))
-          // } else {
-          //   // lhs > rhs
-          //   a.lhs = lhs.copy(irType=BitVecType(varHighZeroBits(lhs)))
-          //   a.rhs = ZeroExtend(varHighZeroBits(lhs) - varHighZeroBits(rhs),rhs.copy(irType=BitVecType(varHighZeroBits(rhs))))
-          // }
-          SkipChildren()
-        }
-        case a @ Assign(lhs: LocalVar, SignExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals
-              .contains(lhs)) => {
-          // assert(varHighZeroBits(lhs) == sz)
-          val varsize = varHighZeroBits(getRep(lhs))
-          a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
-          a.rhs = rhs
-          assert(size(a.lhs).get == size(a.rhs).get)
-          DoChildren()
-        }
         case a @ Assign(lhs: LocalVar, ZeroExtend(sz, rhs), _)
-            if size(lhs).isDefined && varHighZeroBits.get(getRep(lhs)).contains(size(rhs).get) && !(formals
-              .contains(lhs)) => {
-          val varsize = varHighZeroBits(getRep(lhs))
-          a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
+            if size(lhs).isDefined && varHighZeroBits.contains(lhs) => {
+          assert(varHighZeroBits(lhs) == sz)
+          a.lhs = LocalVar(lhs.name, BitVecType(size(lhs).get - varHighZeroBits(lhs)))
           a.rhs = rhs
-          assert(size(a.lhs).get == size(a.rhs).get)
-          DoChildren()
-        }
-        case a @ Assign(lhs: LocalVar, rhs, _)
-            if size(lhs).isDefined && varHighZeroBits.contains(getRep(lhs)) && !(formals.contains(lhs)) => {
-          // promote extract to the definition
-          val varsize = varHighZeroBits(getRep(lhs))
-          a.lhs = LocalVar(lhs.varName, BitVecType(varsize), lhs.index)
-          a.rhs = Extract(varsize, 0, rhs)
-          assert(size(a.lhs).get == size(a.rhs).get, s"${size(a.lhs).get} != ${size(a.rhs).get}")
           DoChildren()
         }
         case _ => DoChildren()
       }
     }
   }
-
   visit_proc(ReplaceAlwaysSlicedVars(toSmallen), p)
-
 }
 
+
 def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
 
   /** Get all assign statements which define a variable never used, assuming ssa form and proc parameters so that
@@ -690,19 +455,12 @@ def copypropTransform(p: Procedure) = {
   visit_proc(AlgebraicSimplifications, p)
   visit_proc(AlgebraicSimplifications, p)
   ir.eval.cleanupSimplify(p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
-  // visit_proc(AlgebraicSimplifications, p)
+  ir.eval.cleanupSimplify(p)
   // Logger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
   val sipm = t.checkPoint("algebraic simp")
 
   // Logger.info("[!] Simplify :: RemoveSlices")
-  // removeSlices(p)
+  removeSlices(p)
   visit_proc(AlgebraicSimplifications, p)
 
 }

From a7d07548ce8788645363aed1ea2d281fbbe2082b Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 7 Nov 2024 17:14:13 +1000
Subject: [PATCH 095/127] cleanup

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 130 +++++++---------------
 src/main/scala/ir/transforms/Simp.scala   |   1 -
 2 files changed, 40 insertions(+), 91 deletions(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 29d49bd4f..92c05dab9 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -145,7 +145,7 @@ class VarNameNormalise() extends CILVisitor {
 
   def rename(v: Variable, newName: String) = {
     v match {
-      case LocalVar(n, t)  => LocalVar(newName, t)
+      case l: LocalVar  => LocalVar(newName, l.irType)
       case Register(n, sz) => Register(newName, sz)
     }
   }
@@ -385,25 +385,28 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       BinaryExpr(BoolAND, BinaryExpr(BVULT, x1, UnaryExpr(BVNEG, y1)), BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y3neg)))
     }
 
-    //case BinaryExpr(
-    //      BVEQ,
-    //      ZeroExtend(exts, orig @ BinaryExpr(BVADD, x1, y1)),
-    //      BinaryExpr(BVADD, ZeroExtend(ext1, BinaryExpr(BVADD, x2, y3neg)), y4neg)
-    //    )
-    //    if size(x1).get >= 8
-    //      && exts == ext1
-    //      && AlgebraicSimplifications(UnaryExpr(BVNEG, y1))
-    //        == AlgebraicSimplifications(BinaryExpr(BVADD, UnaryExpr(BVNEG, y3neg), UnaryExpr(BVNEG,  Extract(size(y4neg).get - exts, 0, y4neg))))
-    //        && AlgebraicSimplifications(ZeroExtend(exts, Extract(size(y4neg).get - exts, 0, y4neg))) == y4neg
-    //          // negation definitely overflows
-    //        && AlgebraicSimplifications(BinaryExpr(BVULE, y1, UnaryExpr(BVNEG, y1))) == FalseLiteral
-    //      && x1 == x2 =>
-    //      {
-    //      Logger.error("HIT CASE")
-    //      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, y1))
-    //}
 
     /* generic comparison simplification */
+    // redundant inequality
+    // x < y && x != z when z <= y
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs: BitVecLiteral)),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
+        )
+        if (ineqToStrict.contains(op) || strictIneq.contains(op)) && AlgebraicSimplifications(
+          BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
+        ) == TrueLiteral
+          && lhs == lhs2 => {
+      l
+    }
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs)),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))
+        ) if strictIneq.contains(op) && rhs == rhs2 && lhs == lhs2 => {
+      l
+    }
 
     // weak to strict inequality
     // x >= 0 && x != 0 ===> x > 0
@@ -427,10 +430,6 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       )
     }
 
-    //case BinaryExpr(BoolOR, a @ BinaryExpr(BoolAND, BinaryExpr(o1,_,_), b @ BinaryExpr(o2, _, _)), d @ BinaryExpr(BVEQ, _, _)) => {
-    //  BinaryExpr(BoolAND, BinaryExpr(BoolOR, a , d), BinaryExpr(BoolOR, b, d))
-    //}
-
     case BinaryExpr(BoolEQ, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => BinaryExpr(BoolEQ, x, y)
     case BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
       BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r))
@@ -442,39 +441,12 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       UnaryExpr(BoolNOT, BinaryExpr(BoolOR, x, y))
     }
 
-    // redundant inequality
-    case BinaryExpr(
-          BoolAND,
-          l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs)),
-          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))
-        ) if strictIneq.contains(op) && rhs == rhs2 && lhs == lhs2 => {
-      l
-    }
-    case BinaryExpr(
-          BoolAND,
-          l @ BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), _),
-          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))
-        ) if strictIneq.contains(op) && rhs == rhs2 && lhs == lhs2 => {
-      l
-    }
 
     case BinaryExpr(BoolOR, BinaryExpr(op, lhs, rhs), BinaryExpr(BVEQ, lhs2, rhs2))
         if strictToNonStrict.contains(op) && rhs == rhs2 && lhs == lhs2 => {
       BinaryExpr(strictToNonStrict(op), lhs, rhs)
     }
 
-    // x < y && x != z when z <= y
-    case BinaryExpr(
-          BoolAND,
-          l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs: BitVecLiteral)),
-          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
-        )
-        if (ineqToStrict.contains(op) || strictIneq.contains(op)) && AlgebraicSimplifications(
-          BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
-        ) == TrueLiteral
-          && lhs == lhs2 => {
-      l
-    }
 
     case BinaryExpr(BoolAND, lhs @ BinaryExpr(op, l, r), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, l2, r2))) if strictIneq.contains(op) && l == l2 && r == r2=> {
       lhs
@@ -500,18 +472,6 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
         AlgebraicSimplifications(BinaryExpr(BoolOR, r, d))
       )
     }
-    //case BinaryExpr(BoolAND, l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, BitVecLiteral(rhs, _))), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, BitVecLiteral(rhs2, _))))
-    //  if (op == BVULT || op == BVSLT) && rhs <= rhs2 && lhs == lhs2 => {
-    //  l
-    //}
-    //case BinaryExpr(BoolAND, l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, BitVecLiteral(rhs, _))), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, BitVecLiteral(rhs2, _))))
-    //  if (op == BVUGE || op == BVSGE) && rhs > rhs2 && lhs == lhs2 => {
-    //  l
-    //}
-    //case BinaryExpr(BoolAND, l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, BitVecLiteral(rhs, _))), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, BitVecLiteral(rhs2, _))))
-    //  if (op == BVUGT || op == BVSGT) && rhs >= rhs2 && lhs == lhs2 => {
-    //  l
-    //}
 
     case BinaryExpr(
           BoolAND,
@@ -621,17 +581,6 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       BinaryExpr(BVULT, x, z)
     }
 
-    // TODO; we can generalise
-    // below is wrong obviously; would be good to have a better 'in-interval' notion
-    //case BinaryExpr(BoolOR, l @ BinaryExpr(op, lhs, rhs: BitVecLiteral), BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
-    //    if isIneq(op) && AlgebraicSimplifications(
-    //      BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
-    //    ) == TrueLiteral
-    //      && lhs == lhs2 => {
-    //  l
-    //}
-
-
     case o => {
       didAnything = false
       o
@@ -707,6 +656,7 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
       BinaryExpr(BVSUB, x, eval.BitVectorEval.smt_bvneg(b))
     }
 
+
     // redundant extends
     // extract extended zero part
     case Extract(ed, bg, ZeroExtend(x, expr)) if (bg > size(expr).get) => BitVecLiteral(0, ed - bg)
@@ -780,15 +730,20 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
   val simped = e match {
     // constant folding
     // const + (expr + const) -> expr + (const + const)
+    //
+    //
+    // (comp (comp x y) 1) = (comp x y)
+    case BinaryExpr(
+          BVEQ,
+          BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
+          BitVecLiteral(1, 1)
+        ) =>
+      BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1))
 
     case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral)
         if !body.isInstanceOf[Literal] =>
       BinaryExpr(BVADD, (body), (BinaryExpr(BVADD, r, l)))
 
-    //case BinaryExpr(BVADD, BinaryExpr(BVADD, body1, r1: BitVecLiteral), BinaryExpr(BVADD, body2, r2)) => {
-    //  BinaryExpr(BVADD, BinaryExpr(BVADD, body1, body2), BinaryExpr(BVADD, r1, r2))
-    //}
-
     case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
       BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), (body))
 
@@ -803,12 +758,12 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     // make all comparisons positive so double negatives can be cleaned up
     case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
       UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, (x), (y)), BitVecLiteral(1, 1)))
-    case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (l), BitVecLiteral(1, 1)))
     case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
       BinaryExpr(BVEQ, (e1), (e2))
+
     case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
       UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+
     case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
 
     case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
@@ -830,11 +785,16 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
 
     case BinaryExpr(BVADD, UnaryExpr(BVNEG, x), BitVecLiteral(1, _)) => UnaryExpr(BVNOT, x)
     case BinaryExpr(BVADD, BitVecLiteral(1, _), UnaryExpr(BVNEG, x)) => UnaryExpr(BVNOT, x)
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, _)) 
+      if (eval.BitVectorEval.isNegative(y)) => BinaryExpr(BVEQ, x, eval.BitVectorEval.smt_bvneg(y))
 
     /*
      * Simplify BVop to Bool ops in a boolean context.
      */
 
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, (body))
+
     /* intro bool2bv */
     case BinaryExpr(
           BVCOMP,
@@ -861,6 +821,8 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
 
     case UnaryExpr(BVNOT, UnaryExpr(BoolToBV1, arg)) =>
       bool2bv1(UnaryExpr(BoolNOT, arg))
+    case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
+      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (l), BitVecLiteral(1, 1)))
 
     /* remove bool2bv in boolean context */
     case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1))  => body
@@ -898,22 +860,10 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => TrueLiteral
 
 
-    // (comp (comp x y) 1) = (comp x y)
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
-      UnaryExpr(BVNOT, (body))
-    case BinaryExpr(
-          BVEQ,
-          BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
-          BitVecLiteral(1, 1)
-        ) =>
-      BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1))
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
 
     case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)) => BinaryExpr(BVEQ, x, y)
-    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, _)) 
-      if (eval.BitVectorEval.isNegative(y)) => BinaryExpr(BVEQ, x, eval.BitVectorEval.smt_bvneg(y))
 
     case r => {
       didAnything = false
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 98718347a..591eb148b 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -1157,5 +1157,4 @@ class Simplify(
     block = b
     DoChildren()
   }
-
 }

From 80491cb532271a1843dd9dc56f5acb49ccbfe35e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 8 Nov 2024 17:55:07 +1000
Subject: [PATCH 096/127] validate and improve condition reduction

---
 src/main/scala/ir/eval/ExprEval.scala         |  25 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     | 937 +++++++++++-------
 src/main/scala/ir/transforms/Simp.scala       |  17 +-
 src/main/scala/translating/IRExpToSMT2.scala  |   1 +
 .../clang/arrays_simple.expected              |  53 +-
 .../clang/arrays_simple_gtirb.expected        |  53 +-
 .../clang/basic_arrays_read.expected          |  50 +-
 .../clang/basic_arrays_read_gtirb.expected    |  50 +-
 .../clang_pic/basic_arrays_read.expected      |  54 +-
 .../basic_arrays_read_gtirb.expected          |  54 +-
 .../gcc/basic_arrays_read.expected            |  42 +-
 .../gcc/basic_arrays_read_gtirb.expected      |  42 +-
 .../gcc_pic/basic_arrays_read.expected        |  48 +-
 .../gcc_pic/basic_arrays_read_gtirb.expected  |  48 +-
 .../clang/basic_arrays_write.expected         |  56 +-
 .../clang/basic_arrays_write_gtirb.expected   |  56 +-
 .../clang_O2/basic_arrays_write.expected      |  46 +-
 .../basic_arrays_write_gtirb.expected         |  46 +-
 .../clang_pic/basic_arrays_write.expected     |  59 +-
 .../basic_arrays_write_gtirb.expected         |  59 +-
 .../gcc/basic_arrays_write.expected           |  54 +-
 .../gcc/basic_arrays_write_gtirb.expected     |  54 +-
 .../gcc_O2/basic_arrays_write.expected        |  46 +-
 .../gcc_O2/basic_arrays_write_gtirb.expected  |  46 +-
 .../gcc_pic/basic_arrays_write.expected       |  57 +-
 .../gcc_pic/basic_arrays_write_gtirb.expected |  57 +-
 .../clang/basic_assign_assign.expected        |  41 +-
 .../clang/basic_assign_assign_gtirb.expected  |  41 +-
 .../clang_pic/basic_assign_assign.expected    |  45 +-
 .../basic_assign_assign_gtirb.expected        |  45 +-
 .../gcc/basic_assign_assign.expected          |  40 +-
 .../gcc/basic_assign_assign_gtirb.expected    |  40 +-
 .../gcc_O2/basic_assign_assign.expected       |  41 +-
 .../gcc_O2/basic_assign_assign_gtirb.expected |  41 +-
 .../gcc_pic/basic_assign_assign.expected      |  43 +-
 .../basic_assign_assign_gtirb.expected        |  43 +-
 .../clang/basic_assign_increment.expected     |  48 +-
 .../basic_assign_increment_gtirb.expected     |  48 +-
 .../clang_pic/basic_assign_increment.expected |  52 +-
 .../basic_assign_increment_gtirb.expected     |  52 +-
 .../gcc/basic_assign_increment.expected       |  49 +-
 .../gcc/basic_assign_increment_gtirb.expected |  49 +-
 .../gcc_O2/basic_assign_increment.expected    |  48 +-
 .../basic_assign_increment_gtirb.expected     |  48 +-
 .../gcc_pic/basic_assign_increment.expected   |  55 +-
 .../basic_assign_increment_gtirb.expected     |  55 +-
 .../clang/basic_function_call_caller.expected | 119 +--
 .../basic_function_call_caller_gtirb.expected | 119 +--
 .../basic_function_call_caller.expected       |  58 +-
 .../basic_function_call_caller_gtirb.expected |  58 +-
 .../basic_function_call_caller.expected       | 127 ++-
 .../basic_function_call_caller_gtirb.expected | 127 ++-
 .../gcc/basic_function_call_caller.expected   | 120 ++-
 .../basic_function_call_caller_gtirb.expected | 120 ++-
 .../basic_function_call_caller.expected       |  58 +-
 .../basic_function_call_caller_gtirb.expected |  58 +-
 .../basic_function_call_caller.expected       | 126 +--
 .../basic_function_call_caller_gtirb.expected | 126 +--
 .../clang/basic_function_call_reader.expected | 142 +--
 .../basic_function_call_reader_gtirb.expected | 153 ++-
 .../basic_function_call_reader.expected       |  80 +-
 .../basic_function_call_reader_gtirb.expected |  71 +-
 .../basic_function_call_reader.expected       | 150 ++-
 .../basic_function_call_reader_gtirb.expected | 161 ++-
 .../gcc/basic_function_call_reader.expected   | 101 +-
 .../basic_function_call_reader_gtirb.expected |  99 +-
 .../basic_function_call_reader.expected       |  47 +-
 .../basic_function_call_reader_gtirb.expected |  46 +-
 .../basic_function_call_reader.expected       | 107 +-
 .../basic_function_call_reader_gtirb.expected | 105 +-
 .../clang/basic_lock_read.expected            | 141 +--
 .../clang/basic_lock_read_gtirb.expected      | 152 ++-
 .../clang_O2/basic_lock_read.expected         |  71 +-
 .../clang_O2/basic_lock_read_gtirb.expected   |  68 +-
 .../clang_pic/basic_lock_read.expected        | 149 ++-
 .../clang_pic/basic_lock_read_gtirb.expected  | 160 ++-
 .../gcc/basic_lock_read.expected              | 107 +-
 .../gcc/basic_lock_read_gtirb.expected        | 105 +-
 .../gcc_O2/basic_lock_read.expected           |  66 +-
 .../gcc_O2/basic_lock_read_gtirb.expected     |  64 +-
 .../gcc_pic/basic_lock_read.expected          | 116 +--
 .../gcc_pic/basic_lock_read_gtirb.expected    | 114 +--
 .../clang/basic_lock_security_read.expected   | 134 +--
 .../basic_lock_security_read_gtirb.expected   | 145 ++-
 .../basic_lock_security_read.expected         |  77 +-
 .../basic_lock_security_read_gtirb.expected   |  68 +-
 .../basic_lock_security_read.expected         | 142 ++-
 .../basic_lock_security_read_gtirb.expected   | 153 ++-
 .../gcc/basic_lock_security_read.expected     |  98 +-
 .../basic_lock_security_read_gtirb.expected   |  96 +-
 .../gcc_O2/basic_lock_security_read.expected  |  51 +-
 .../basic_lock_security_read_gtirb.expected   |  49 +-
 .../gcc_pic/basic_lock_security_read.expected | 104 +-
 .../basic_lock_security_read_gtirb.expected   | 102 +-
 .../clang/basic_lock_security_write.expected  |  82 +-
 .../basic_lock_security_write_gtirb.expected  |  82 +-
 .../basic_lock_security_write.expected        |  90 +-
 .../basic_lock_security_write_gtirb.expected  |  90 +-
 .../gcc/basic_lock_security_write.expected    |  84 +-
 .../basic_lock_security_write_gtirb.expected  |  84 +-
 .../basic_lock_security_write.expected        |  96 +-
 .../basic_lock_security_write_gtirb.expected  |  96 +-
 .../clang/basic_lock_unlock.expected          |  47 +-
 .../clang/basic_lock_unlock_gtirb.expected    |  47 +-
 .../clang_pic/basic_lock_unlock.expected      |  55 +-
 .../basic_lock_unlock_gtirb.expected          |  55 +-
 .../gcc/basic_lock_unlock.expected            |  47 +-
 .../gcc/basic_lock_unlock_gtirb.expected      |  47 +-
 .../gcc_O2/basic_lock_unlock.expected         |  49 +-
 .../gcc_O2/basic_lock_unlock_gtirb.expected   |  49 +-
 .../gcc_pic/basic_lock_unlock.expected        |  53 +-
 .../gcc_pic/basic_lock_unlock_gtirb.expected  |  53 +-
 .../clang/basic_loop_assign.expected          |  41 +-
 .../clang/basic_loop_assign_gtirb.expected    |  41 +-
 .../clang_pic/basic_loop_assign.expected      |  45 +-
 .../basic_loop_assign_gtirb.expected          |  45 +-
 .../gcc/basic_loop_assign.expected            |  40 +-
 .../gcc/basic_loop_assign_gtirb.expected      |  40 +-
 .../gcc_O2/basic_loop_assign.expected         |  41 +-
 .../gcc_O2/basic_loop_assign_gtirb.expected   |  41 +-
 .../gcc_pic/basic_loop_assign.expected        |  43 +-
 .../gcc_pic/basic_loop_assign_gtirb.expected  |  43 +-
 .../clang/basic_operation_evaluation.expected | 183 ++--
 .../basic_operation_evaluation_gtirb.expected | 177 ++--
 .../gcc/basic_operation_evaluation.expected   | 154 +--
 .../basic_operation_evaluation_gtirb.expected | 147 +--
 .../clang/basic_sec_policy_read.expected      | 130 +--
 .../basic_sec_policy_read_gtirb.expected      | 145 ++-
 .../clang_O2/basic_sec_policy_read.expected   |  77 +-
 .../basic_sec_policy_read_gtirb.expected      |  68 +-
 .../clang_pic/basic_sec_policy_read.expected  | 138 +--
 .../basic_sec_policy_read_gtirb.expected      | 153 ++-
 .../gcc/basic_sec_policy_read.expected        |  98 +-
 .../gcc/basic_sec_policy_read_gtirb.expected  |  96 +-
 .../gcc_O2/basic_sec_policy_read.expected     |  51 +-
 .../basic_sec_policy_read_gtirb.expected      |  49 +-
 .../gcc_pic/basic_sec_policy_read.expected    | 104 +-
 .../basic_sec_policy_read_gtirb.expected      | 102 +-
 .../clang/basic_sec_policy_write.expected     |  83 +-
 .../basic_sec_policy_write_gtirb.expected     |  83 +-
 .../clang_pic/basic_sec_policy_write.expected |  91 +-
 .../basic_sec_policy_write_gtirb.expected     |  91 +-
 .../gcc/basic_sec_policy_write.expected       |  86 +-
 .../gcc/basic_sec_policy_write_gtirb.expected |  86 +-
 .../gcc_pic/basic_sec_policy_write.expected   |  98 +-
 .../basic_sec_policy_write_gtirb.expected     |  98 +-
 .../clang/basicassign_gamma0.expected         |  45 +-
 .../clang/basicassign_gamma0_gtirb.expected   |  45 +-
 .../clang_pic/basicassign_gamma0.expected     |  53 +-
 .../basicassign_gamma0_gtirb.expected         |  53 +-
 .../gcc/basicassign_gamma0.expected           |  45 +-
 .../gcc/basicassign_gamma0_gtirb.expected     |  45 +-
 .../gcc_O2/basicassign_gamma0.expected        |  45 +-
 .../gcc_O2/basicassign_gamma0_gtirb.expected  |  45 +-
 .../gcc_pic/basicassign_gamma0.expected       |  51 +-
 .../gcc_pic/basicassign_gamma0_gtirb.expected |  51 +-
 .../basicfree/clang/basicfree.expected        | 289 ++++--
 .../basicfree/clang/basicfree_gtirb.expected  | 397 ++++++--
 .../correct/basicfree/gcc/basicfree.expected  | 284 +++++-
 .../basicfree/gcc/basicfree_gtirb.expected    | 392 ++++++--
 src/test/correct/cjump/clang/cjump.expected   | 146 +--
 .../correct/cjump/clang/cjump_gtirb.expected  | 157 ++-
 .../correct/cjump/clang_pic/cjump.expected    | 162 ++-
 .../cjump/clang_pic/cjump_gtirb.expected      | 173 ++--
 src/test/correct/cjump/gcc/cjump.expected     | 109 +-
 .../correct/cjump/gcc/cjump_gtirb.expected    | 107 +-
 src/test/correct/cjump/gcc_pic/cjump.expected | 121 +--
 .../cjump/gcc_pic/cjump_gtirb.expected        | 119 +--
 .../clang/floatingpoint_gtirb.expected        | 304 +++---
 .../gcc/floatingpoint_gtirb.expected          | 299 +++---
 .../correct/function/clang/function.expected  | 104 +-
 .../function/clang/function_gtirb.expected    | 104 +-
 .../function/clang_pic/function.expected      | 112 +--
 .../clang_pic/function_gtirb.expected         | 112 +--
 .../correct/function/gcc/function.expected    | 108 +-
 .../function/gcc/function_gtirb.expected      | 108 +-
 .../function/gcc_pic/function.expected        | 114 ++-
 .../function/gcc_pic/function_gtirb.expected  | 114 ++-
 .../function1/clang/function1.expected        | 276 ++++--
 .../function1/clang/function1_gtirb.expected  | 315 ++++--
 .../function1/clang_O2/function1.expected     | 215 ++--
 .../clang_O2/function1_gtirb.expected         | 254 +++--
 .../correct/function1/gcc/function1.expected  | 288 ++++--
 .../function1/gcc/function1_gtirb.expected    | 323 ++++--
 .../function1/gcc_O2/function1.expected       | 213 ++--
 .../function1/gcc_O2/function1_gtirb.expected | 248 +++--
 .../clang/functionpointer_gtirb.expected      | 403 ++++----
 .../clang_pic/functionpointer_gtirb.expected  | 427 ++++----
 .../gcc/functionpointer_gtirb.expected        | 298 ++----
 .../gcc_O2/functionpointer_gtirb.expected     | 167 ++--
 .../gcc_pic/functionpointer_gtirb.expected    | 319 +++---
 .../clang/functions_with_params.expected      | 122 ++-
 .../functions_with_params_gtirb.expected      | 122 ++-
 .../gcc/functions_with_params.expected        | 117 ++-
 .../gcc/functions_with_params_gtirb.expected  | 117 ++-
 .../ifbranches/clang/ifbranches.expected      | 159 ++-
 .../clang/ifbranches_gtirb.expected           | 170 ++--
 .../ifbranches/clang_O2/ifbranches.expected   |  65 +-
 .../clang_O2/ifbranches_gtirb.expected        |  56 +-
 .../ifbranches/gcc/ifbranches.expected        | 125 +--
 .../ifbranches/gcc/ifbranches_gtirb.expected  | 123 +--
 .../ifbranches/gcc_O2/ifbranches.expected     |  64 +-
 .../gcc_O2/ifbranches_gtirb.expected          |  56 +-
 .../correct/ifglobal/clang/ifglobal.expected  | 138 +--
 .../ifglobal/clang/ifglobal_gtirb.expected    | 149 ++-
 .../ifglobal/clang_O2/ifglobal.expected       |  71 +-
 .../ifglobal/clang_O2/ifglobal_gtirb.expected |  68 +-
 .../ifglobal/clang_pic/ifglobal.expected      | 146 ++-
 .../clang_pic/ifglobal_gtirb.expected         | 157 ++-
 .../correct/ifglobal/gcc/ifglobal.expected    |  92 +-
 .../ifglobal/gcc/ifglobal_gtirb.expected      |  90 +-
 .../correct/ifglobal/gcc_O2/ifglobal.expected |  67 +-
 .../ifglobal/gcc_O2/ifglobal_gtirb.expected   |  65 +-
 .../ifglobal/gcc_pic/ifglobal.expected        |  98 +-
 .../ifglobal/gcc_pic/ifglobal_gtirb.expected  |  96 +-
 .../clang/indirect_call_gtirb.expected        | 298 ++++--
 .../clang_pic/indirect_call_gtirb.expected    | 301 ++++--
 .../gcc/indirect_call_gtirb.expected          | 271 +++--
 .../gcc_pic/indirect_call_gtirb.expected      | 274 +++--
 .../clang/initialisation.expected             | 125 ++-
 .../clang/initialisation_gtirb.expected       | 127 ++-
 .../clang_O2/initialisation.expected          | 111 ++-
 .../clang_O2/initialisation_gtirb.expected    | 113 ++-
 .../clang_pic/initialisation.expected         | 137 +--
 .../clang_pic/initialisation_gtirb.expected   | 139 +--
 .../gcc/initialisation.expected               | 112 ++-
 .../gcc/initialisation_gtirb.expected         | 114 ++-
 .../gcc_O2/initialisation.expected            | 104 +-
 .../gcc_O2/initialisation_gtirb.expected      | 106 +-
 .../gcc_pic/initialisation.expected           | 136 ++-
 .../gcc_pic/initialisation_gtirb.expected     | 138 ++-
 .../clang/jumptable2_gtirb.expected           | 194 ++--
 .../clang_O2/jumptable2_gtirb.expected        | 155 ++-
 .../clang_pic/jumptable2_gtirb.expected       | 208 ++--
 .../jumptable2/gcc/jumptable2_gtirb.expected  | 159 ++-
 .../gcc_O2/jumptable2_gtirb.expected          | 153 ++-
 .../gcc_pic/jumptable2_gtirb.expected         | 180 ++--
 .../clang/malloc_with_local.expected          | 692 +++++++++++--
 .../clang/malloc_with_local_gtirb.expected    | 637 +++++++++---
 .../clang_O2/malloc_with_local.expected       | 331 ++++++-
 .../clang_O2/malloc_with_local_gtirb.expected | 242 +++--
 .../gcc/malloc_with_local.expected            | 685 +++++++++++--
 .../gcc/malloc_with_local_gtirb.expected      | 621 +++++++++---
 .../gcc_O2/malloc_with_local.expected         | 334 +++++--
 .../gcc_O2/malloc_with_local_gtirb.expected   | 247 +++--
 .../clang/malloc_with_local2.expected         | 786 ++++++++++++---
 .../clang/malloc_with_local2_gtirb.expected   | 660 +++++++++---
 .../gcc/malloc_with_local2.expected           | 765 ++++++++++++--
 .../gcc/malloc_with_local2_gtirb.expected     | 641 +++++++++---
 .../clang/malloc_with_local3.expected         | 902 ++++++++++++++---
 .../clang/malloc_with_local3_gtirb.expected   | 725 ++++++++++----
 .../gcc/malloc_with_local3.expected           | 887 ++++++++++++++---
 .../gcc/malloc_with_local3_gtirb.expected     | 708 +++++++++----
 .../gcc_O2/malloc_with_local3.expected        | 592 +++++++++--
 .../gcc_O2/malloc_with_local3_gtirb.expected  | 613 +++++++++---
 .../multi_malloc/clang/multi_malloc.expected  | 614 ++++++++++--
 .../clang/multi_malloc_gtirb.expected         | 617 +++++++++---
 .../multi_malloc/gcc/multi_malloc.expected    | 607 ++++++++++--
 .../gcc/multi_malloc_gtirb.expected           | 612 +++++++++---
 .../clang/no_interference_update_x.expected   |  41 +-
 .../no_interference_update_x_gtirb.expected   |  41 +-
 .../no_interference_update_x.expected         |  45 +-
 .../no_interference_update_x_gtirb.expected   |  45 +-
 .../gcc/no_interference_update_x.expected     |  40 +-
 .../no_interference_update_x_gtirb.expected   |  40 +-
 .../gcc_O2/no_interference_update_x.expected  |  41 +-
 .../no_interference_update_x_gtirb.expected   |  41 +-
 .../gcc_pic/no_interference_update_x.expected |  43 +-
 .../no_interference_update_x_gtirb.expected   |  43 +-
 .../clang/no_interference_update_y.expected   |  41 +-
 .../no_interference_update_y_gtirb.expected   |  41 +-
 .../no_interference_update_y.expected         |  45 +-
 .../no_interference_update_y_gtirb.expected   |  45 +-
 .../gcc/no_interference_update_y.expected     |  40 +-
 .../no_interference_update_y_gtirb.expected   |  40 +-
 .../gcc_O2/no_interference_update_y.expected  |  41 +-
 .../no_interference_update_y_gtirb.expected   |  41 +-
 .../gcc_pic/no_interference_update_y.expected |  43 +-
 .../no_interference_update_y_gtirb.expected   |  43 +-
 .../secret_write/clang/secret_write.expected  |  94 +-
 .../clang/secret_write_gtirb.expected         |  94 +-
 .../clang_O2/secret_write.expected            |  53 +-
 .../clang_O2/secret_write_gtirb.expected      |  53 +-
 .../clang_pic/secret_write.expected           | 106 +-
 .../clang_pic/secret_write_gtirb.expected     | 106 +-
 .../secret_write/gcc/secret_write.expected    | 103 +-
 .../gcc/secret_write_gtirb.expected           | 103 +-
 .../secret_write/gcc_O2/secret_write.expected |  53 +-
 .../gcc_O2/secret_write_gtirb.expected        |  53 +-
 .../gcc_pic/secret_write.expected             | 127 ++-
 .../gcc_pic/secret_write_gtirb.expected       | 127 ++-
 src/test/correct/switch/clang/switch.expected | 195 ++--
 .../switch/clang/switch_gtirb.expected        | 222 ++---
 .../correct/switch/clang_O2/switch.expected   |   8 +-
 .../switch/clang_O2/switch_gtirb.expected     |   8 +-
 src/test/correct/switch/gcc/switch.expected   | 134 +--
 .../correct/switch/gcc/switch_gtirb.expected  | 135 +--
 .../correct/switch/gcc_O2/switch.expected     |   8 +-
 .../switch/gcc_O2/switch_gtirb.expected       |   8 +-
 .../correct/syscall/clang/syscall.expected    | 213 +++-
 .../syscall/clang/syscall_gtirb.expected      | 244 +++--
 .../syscall/clang_O2/syscall_gtirb.expected   | 158 ++-
 src/test/correct/syscall/gcc/syscall.expected | 207 +++-
 .../syscall/gcc/syscall_gtirb.expected        | 238 +++--
 .../correct/syscall/gcc_O2/syscall.expected   |   2 +-
 .../syscall/gcc_O2/syscall_gtirb.expected     | 158 ++-
 .../clang/using_gamma_conditional.expected    | 131 +--
 .../using_gamma_conditional_gtirb.expected    | 142 ++-
 .../clang_O2/using_gamma_conditional.expected |  67 +-
 .../using_gamma_conditional_gtirb.expected    |  58 +-
 .../using_gamma_conditional.expected          | 135 +--
 .../using_gamma_conditional_gtirb.expected    | 146 ++-
 .../gcc/using_gamma_conditional.expected      |  67 +-
 .../using_gamma_conditional_gtirb.expected    |  65 +-
 .../gcc_pic/using_gamma_conditional.expected  |  70 +-
 .../using_gamma_conditional_gtirb.expected    |  68 +-
 .../clang/using_gamma_write_z.expected        |  43 +-
 .../clang/using_gamma_write_z_gtirb.expected  |  43 +-
 .../clang_pic/using_gamma_write_z.expected    |  47 +-
 .../using_gamma_write_z_gtirb.expected        |  47 +-
 .../gcc/using_gamma_write_z.expected          |  42 +-
 .../gcc/using_gamma_write_z_gtirb.expected    |  42 +-
 .../gcc_O2/using_gamma_write_z.expected       |  43 +-
 .../gcc_O2/using_gamma_write_z_gtirb.expected |  43 +-
 .../gcc_pic/using_gamma_write_z.expected      |  45 +-
 .../using_gamma_write_z_gtirb.expected        |  45 +-
 .../basicassign/clang/basicassign.expected    |  82 +-
 .../clang/basicassign_gtirb.expected          |  82 +-
 .../basicassign/clang_O2/basicassign.expected |  53 +-
 .../clang_O2/basicassign_gtirb.expected       |  53 +-
 .../clang_pic/basicassign.expected            |  94 +-
 .../clang_pic/basicassign_gtirb.expected      |  94 +-
 .../basicassign/gcc/basicassign.expected      |  91 +-
 .../gcc/basicassign_gtirb.expected            | 118 ++-
 .../basicassign/gcc_O2/basicassign.expected   |  53 +-
 .../gcc_O2/basicassign_gtirb.expected         |  56 +-
 .../basicassign/gcc_pic/basicassign.expected  | 118 ++-
 .../gcc_pic/basicassign_gtirb.expected        | 118 ++-
 .../basicassign1/clang/basicassign1.expected  |  79 +-
 .../clang/basicassign1_gtirb.expected         |  79 +-
 .../clang_O2/basicassign1.expected            |  45 +-
 .../clang_O2/basicassign1_gtirb.expected      |  45 +-
 .../clang_pic/basicassign1.expected           |  87 +-
 .../clang_pic/basicassign1_gtirb.expected     |  87 +-
 .../basicassign1/gcc/basicassign1.expected    |  81 +-
 .../gcc/basicassign1_gtirb.expected           |  93 +-
 .../basicassign1/gcc_O2/basicassign1.expected |  45 +-
 .../gcc_O2/basicassign1_gtirb.expected        |  48 +-
 .../gcc_pic/basicassign1.expected             |  93 +-
 .../gcc_pic/basicassign1_gtirb.expected       |  93 +-
 .../basicassign2/clang/basicassign2.expected  |  79 +-
 .../clang/basicassign2_gtirb.expected         |  79 +-
 .../clang_O2/basicassign2.expected            |  45 +-
 .../clang_O2/basicassign2_gtirb.expected      |  45 +-
 .../clang_pic/basicassign2.expected           |  87 +-
 .../clang_pic/basicassign2_gtirb.expected     |  87 +-
 .../basicassign2/gcc/basicassign2.expected    |  81 +-
 .../gcc/basicassign2_gtirb.expected           |  93 +-
 .../basicassign2/gcc_O2/basicassign2.expected |  45 +-
 .../gcc_O2/basicassign2_gtirb.expected        |  48 +-
 .../gcc_pic/basicassign2.expected             |  93 +-
 .../gcc_pic/basicassign2_gtirb.expected       |  93 +-
 .../basicassign3/clang/basicassign3.expected  |  64 +-
 .../clang/basicassign3_gtirb.expected         |  67 +-
 .../clang_O2/basicassign3.expected            |  30 +-
 .../clang_O2/basicassign3_gtirb.expected      |  33 +-
 .../clang_pic/basicassign3.expected           |  72 +-
 .../clang_pic/basicassign3_gtirb.expected     |  75 +-
 .../basicassign3/gcc/basicassign3.expected    |  66 +-
 .../gcc/basicassign3_gtirb.expected           |  81 +-
 .../basicassign3/gcc_O2/basicassign3.expected |  30 +-
 .../gcc_O2/basicassign3_gtirb.expected        |  36 +-
 .../gcc_pic/basicassign3.expected             |  78 +-
 .../gcc_pic/basicassign3_gtirb.expected       |  81 +-
 .../incorrect/iflocal/clang/iflocal.expected  | 136 +--
 .../iflocal/clang/iflocal_gtirb.expected      | 171 ++--
 .../incorrect/iflocal/gcc/iflocal.expected    |  96 +-
 .../iflocal/gcc/iflocal_gtirb.expected        | 103 +-
 .../clang/nestedifglobal.expected             | 273 ++---
 .../clang/nestedifglobal_gtirb.expected       | 401 ++++----
 .../clang_pic/nestedifglobal.expected         | 296 +++---
 .../clang_pic/nestedifglobal_gtirb.expected   | 428 ++++----
 .../gcc/nestedifglobal.expected               | 179 ++--
 .../gcc/nestedifglobal_gtirb.expected         | 225 ++---
 .../gcc_pic/nestedifglobal.expected           | 191 ++--
 .../gcc_pic/nestedifglobal_gtirb.expected     | 225 ++---
 386 files changed, 30478 insertions(+), 21083 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index e84792626..522d0a342 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -153,28 +153,27 @@ def fastPartialEvalExpr(exp: Expr): (Expr, Boolean) = {
   /*
    * Ignore substitutions and parital eval
    */
+
   var didAnything = true
   val r = exp match {
-    case f: UninterpretedFunction  => f
-    case UnaryExpr(op, l: Literal) => evalUnOp(op, l)
-    case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType.isInstanceOf[BitVecType] =>
-      evalBVBinExpr(op, l, r)
+    case UnaryExpr(op, l: Literal) => logSimp(exp, evalUnOp(op, l))
+    case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType.isInstanceOf[BitVecType] => logSimp(exp, evalBVBinExpr(op, l, r))
     case BinaryExpr(op: IntBinOp, l: IntLiteral, r: IntLiteral) if exp.getType == IntType =>
-      IntLiteral(evalIntBinExpr(op, l.value, r.value))
+      logSimp(exp, IntLiteral(evalIntBinExpr(op, l.value, r.value)))
     case BinaryExpr(op: IntBinOp, l: IntLiteral, r: IntLiteral) if exp.getType == BoolType =>
-      if evalIntLogBinExpr(op, l.value, r.value) then TrueLiteral else FalseLiteral
+      logSimp(exp, if evalIntLogBinExpr(op, l.value, r.value) then TrueLiteral else FalseLiteral)
     case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType == BoolType =>
-      if evalBVLogBinExpr(op, l, r) then TrueLiteral else FalseLiteral
+      logSimp(exp, if evalBVLogBinExpr(op, l, r) then TrueLiteral else FalseLiteral)
     case BinaryExpr(op: BoolBinOp, l: BoolLit, r: BoolLit) =>
-      if (evalBoolLogBinExpr(op, l.value, r.value)) then TrueLiteral else FalseLiteral
-    case ZeroExtend(e, l: BitVecLiteral) => BitVectorEval.smt_zero_extend(e, l)
-    case SignExtend(e, l: BitVecLiteral) => BitVectorEval.smt_sign_extend(e, l)
-    case Extract(e, b, l: BitVecLiteral) => BitVectorEval.boogie_extract(e, b, l)
+      logSimp(exp, if (evalBoolLogBinExpr(op, l.value, r.value)) then TrueLiteral else FalseLiteral)
+    case ZeroExtend(e, l: BitVecLiteral) => logSimp(exp, BitVectorEval.smt_zero_extend(e, l))
+    case SignExtend(e, l: BitVecLiteral) => logSimp(exp, BitVectorEval.smt_sign_extend(e, l))
+    case Extract(e, b, l: BitVecLiteral) => logSimp(exp, BitVectorEval.boogie_extract(e, b, l))
     case Repeat(reps, b: BitVecLiteral) => {
       assert(reps > 0)
-      if (reps == 1) b
+      if (reps == 1) logSimp(exp, b)
       else {
-        (2 to reps).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b))
+        logSimp(exp, (2 to reps).foldLeft(b)((acc, r) => BitVectorEval.smt_concat(acc, b)))
       }
     }
     case o => {
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 92c05dab9..f8f9b4a69 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -1,6 +1,7 @@
 package ir.eval
 import ir.*
 import util.Logger
+import sourcecode.Line, sourcecode.FileName
 import scala.collection.mutable
 
 import java.io.{BufferedWriter}
@@ -9,39 +10,111 @@ import ir.cilvisitor.*
 val assocOps: Set[BinOp] =
   Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
 
-object AlgebraicSimplifications extends CILVisitor {
-  override def vexpr(e: Expr) = ChangeDoChildrenPost(e, eval.simplifyExprFixpoint(true))
+class SimpExpr(simplifier: Expr => (Expr, Boolean)) extends CILVisitor {
+  var changedAnything = false
+  var count = 0
+  override def vexpr(e: Expr) =
+    ChangeDoChildrenPost(
+      e,
+      e => {
+        val one = e
+        val (ne, c) = simplifier(e)
+        changedAnything = changedAnything || c
+        ne
+      }
+    )
 
   def apply(e: Expr) = {
-    visit_expr(this, e)
+    changedAnything = false
+    count = 0
+    val ne = visit_expr(this, e)
+    (ne, changedAnything)
   }
 }
 
-def cleanupSimplify(p: Procedure) = {
+def sequenceSimp(a: Expr => (Expr, Boolean), b: Expr => (Expr, Boolean))(e: Expr): (Expr, Boolean) = {
+  val (ne1, changed1) = a(e)
+  if (ne1 == e && changed1) {
+    throw Exception("No simp")
+  }
+  val (ne2, changed2) = b(ne1)
+  if (ne2 == ne1 && changed2) {
+    throw Exception("No simp")
+  }
+  if (ne2 == e && (changed1 || changed2)) {
+    throw Exception(s"No simp $e \n  -> $ne1\n  -> $ne2")
+  }
+  (ne2, changed1 || changed2)
+}
 
-  class Simplify extends CILVisitor {
-    override def vexpr(e: Expr) =  {
-      ChangeDoChildrenPost(e, e => {
-        var (ne,changed) = cleanupExtends(e)
-        while (changed) {
-          val (ne2,changed2) = cleanupExtends(ne)
-          ne = ne2
-          changed = changed2
-        }
-        logSimp(e, ne)
-        ne
-      })
+def simpFixedPoint(s: Expr => (Expr, Boolean))(e: Expr): (Expr, Boolean) = {
+  var expr = e
+  var changed = true
+  var changedAny = false
+  var count = 0
+  while (changed) {
+    val (ne, ce) = s(expr)
+    count += 1
+    changedAny = changedAny || ce
+    if ((expr == ne) && ce) {
+      Logger.error("Rewrite trace:\n" + SimplifyValidation.debugTrace.map(x => "    " + x).mkString("\n"))
+      throw Exception(s"changed flag set but no change \n    $expr\n    $ne\n, ${s.getClass.getSimpleName}")
+    }
+    if (count > 100) {
+      Logger.error(ne)
+    }
+    changed = ne != expr
+    expr = ne
+  }
+  (expr, changedAny)
+}
 
+def simplifyExprVis = SimpExpr(simpFixedPoint(sequenceSimp(simplifyExpr, SimpExpr(fastPartialEvalExpr).apply)))
+def simplifyCondVis = SimpExpr(
+  simpFixedPoint(
+    sequenceSimp(
+      simplifyExprVis.apply,
+      SimpExpr(simplifyCmpInequalities).apply
+    )
+  )
+)
+def simplifyExprFixpoint = simplifyExprVis.apply
+def simplifyCondFixpoint = simplifyCondVis.apply
+
+object AssumeConditionSimplifications extends CILVisitor {
+  override def vstmt(s: Statement) = s match {
+    case a: Assert => {
+      a.body = simplifyCondFixpoint(a.body)._1
+      SkipChildren()
+    }
+    case a: Assume => {
+      Logger.debug(s"before : " + a.body)
+      a.body = simplifyCondFixpoint(a.body)._1
+      Logger.debug("after : " + a.body)
+      SkipChildren()
     }
+
+    case _ => SkipChildren()
   }
 
-  visit_proc(Simplify(), p)
+  def apply(p: Procedure) = {
+    visit_proc(this, p)
+  }
+}
+
+def AlgebraicSimplifications(p: Procedure) = {
+  visit_proc(simplifyExprVis, p)
+  ()
+}
 
+def cleanupSimplify(p: Procedure) = {
+  visit_proc(SimpExpr(simpFixedPoint(cleanupExtends)), p)
 }
 
 object SimplifyValidation {
   var traceLog = mutable.LinkedHashSet[(Expr, Expr)]()
   var validate: Boolean = false
+  var debugTrace = mutable.ArrayBuffer[(Expr, Expr, sourcecode.Line, sourcecode.FileName, sourcecode.Name)]()
 
   def makeValidation(writer: BufferedWriter) = {
 
@@ -72,7 +145,23 @@ object SimplifyValidation {
   }
 }
 
-def logSimp(e: Expr, ne: Expr) = {
+def logSimp(e: Expr, ne: Expr, actual: Boolean = true)(implicit
+    line: sourcecode.Line,
+    file: sourcecode.FileName,
+    name: sourcecode.Name
+): Expr = {
+  if (!actual) {
+    return ne
+  }
+
+  if (SimplifyValidation.debugTrace.length > 50) {
+    SimplifyValidation.debugTrace.drop(SimplifyValidation.debugTrace.length - 50)
+  }
+  SimplifyValidation.debugTrace.append((e, ne, line, file, name))
+  if (e == ne) {
+    Logger.error(s"NOP simplification $e")(line, file, name)
+  }
+
   if (e != ne) {
     val normer = VarNameNormalise()
     val a = visit_expr(normer, e)
@@ -80,72 +169,72 @@ def logSimp(e: Expr, ne: Expr) = {
 
     SimplifyValidation.traceLog.add((a, b))
   }
-}
-
-def simplifyExprFixpoint(conditions: Boolean = false)(e: Expr): Expr = {
-  val begin = e
-  var pe = e
-  var count = 0
-  var ne = e
-  var changedAny = false
-  var changed = true
-  while (changed) {
-    {
-      val (x, didAnything) = simplifyExpr(ne)
-      ne = x
-      changed = didAnything
-    }
-
-    if (conditions) {
-      val p = ne
-      val (cx, didConds) = simplifyCmpInequalities(ne)
-      changed = changed || didConds
-      ne = cx
-
-      if (SimplifyValidation.validate) {
-        // normalise to deduplicate log entries
-        // logSimp(p, ne)
-      }
-
-    }
-
-    class peevis extends CILVisitor {
-      override def vexpr(e: Expr) = ChangeDoChildrenPost(
-        e,
-        e => {
-          val (per, didpe) = ir.eval.fastPartialEvalExpr(e)
-          changed = changed || didpe
-          per
-        }
-      )
-    }
-
-    changedAny = changedAny || changed
-    count += 1
-
-    try {
-      ne = visit_expr(peevis(), ne)
-    } catch {
-      case ex => {
-        Logger.error(ne)
-        throw ex
-      }
-    }
-
-  }
-  if (changed) {
-    Logger.error(s"stopping simp before fixed point: there is likely a simplificatinon loop: $pe !=== $ne")
-  }
   ne
 }
 
+//def simplifyExprFixpoint(conditions: Boolean = false)(e: Expr): Expr = {
+//  val begin = e
+//  var pe = e
+//  var count = 0
+//  var ne = e
+//  var changedAny = false
+//  var changed = true
+//  while (changed) {
+//    {
+//      val (x, didAnything) = simplifyExpr(ne)
+//      ne = x
+//      changed = didAnything
+//    }
+//
+//    if (conditions) {
+//      val p = ne
+//      val (cx, didConds) = simplifyCmpInequalities(ne)
+//      changed = changed || didConds
+//      ne = cx
+//
+//      if (SimplifyValidation.validate) {
+//        // normalise to deduplicate log entries
+//        // logSimp(p, ne)
+//      }
+//    }
+//
+//    class peevis extends CILVisitor {
+//      override def vexpr(e: Expr) = ChangeDoChildrenPost(
+//        e,
+//        e => {
+//          val (per, didpe) = ir.eval.fastPartialEvalExpr(e)
+//          changed = changed || didpe
+//          per
+//        }
+//      )
+//    }
+//
+//    changedAny = changedAny || changed
+//    count += 1
+//
+//    try {
+//      ne = visit_expr(peevis(), ne)
+//    } catch {
+//      case ex => {
+//        Logger.error(ne)
+//        throw ex
+//      }
+//    }
+//
+//  }
+//  if (changed) {
+//    Logger.error(s"stopping simp before fixed point: there is likely a simplificatinon loop: $pe !=== $ne")
+//  }
+//  ne
+//}
+
 class VarNameNormalise() extends CILVisitor {
   var count = 1
   val assigned = mutable.Map[Variable, Variable]()
 
   def rename(v: Variable, newName: String) = {
     v match {
-      case l: LocalVar  => LocalVar(newName, l.irType)
+      case l: LocalVar     => LocalVar(newName, l.irType)
       case Register(n, sz) => Register(newName, sz)
     }
   }
@@ -171,12 +260,145 @@ class VarNameNormalise() extends CILVisitor {
     ne
   }
 }
+def bvLogOpToBoolOp = Map[BinOp, BinOp](
+  // logical ops when bv1
+  BVAND -> BoolAND,
+  BVOR -> BoolOR
+)
 
 def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
 
   var didAnything = true
+  def simplifyCond(e: Expr): Expr = {
+    simplifyCondFixpoint(e)._1
+  }
 
   val r = e match {
+    /** canonicalising to boolean operations */
+    /* remove bool2bv in boolean context */
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1))  => logSimp(e, body)
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => logSimp(e, BinaryExpr(BoolEQ, (l), (r)))
+
+    case BinaryExpr(BVADD, l @ UnaryExpr(BVNEG, x), r) if !r.isInstanceOf[Literal] => BinaryExpr(BVADD, r, l)
+
+    /* intro bool2bv */
+    case BinaryExpr(
+          BVCOMP,
+          l,
+          r
+        ) => {
+      logSimp(e, bool2bv1(BinaryExpr(BVEQ, l, r)))
+    }
+    /* push bool2bv upwards */
+    case BinaryExpr(
+          bop,
+          BitVecLiteral(x, 1),
+          UnaryExpr(BoolToBV1, r)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      val l = if x == 1 then TrueLiteral else FalseLiteral
+      logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
+    }
+
+    case BinaryExpr(
+          bop,
+          UnaryExpr(BoolToBV1, l),
+          BitVecLiteral(x, 1)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      val r = if x == 1 then TrueLiteral else FalseLiteral
+      logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
+    }
+    case BinaryExpr(
+          bop,
+          UnaryExpr(BoolToBV1, l),
+          UnaryExpr(BoolToBV1, r)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
+    }
+    case BinaryExpr(
+          bop,
+          UnaryExpr(BoolToBV1, l),
+          UnaryExpr(BoolToBV1, r)
+        ) if bvLogOpToBoolOp.contains(bop) => {
+      logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
+    }
+
+    // tautologies
+    case BinaryExpr(BVUGT, x, t @ BitVecLiteral(y, s)) if t == BitVectorEval.smt_bvnot(BitVecLiteral(0, s)) =>
+      logSimp(e, FalseLiteral)
+    case BinaryExpr(BVULT, x, BitVecLiteral(0, s)) => logSimp(e, FalseLiteral)
+
+    // subsume constant bound
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVUGE, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral))
+        if x == x2 && y2.value >= y.value => {
+      logSimp(e, l)
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVULE, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral))
+        if x == x2 && y2.value <= y.value => {
+      logSimp(e, l)
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVUGT, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral))
+        if x == x2 && y2.value > y.value => {
+      logSimp(e, l)
+    }
+    case BinaryExpr(BoolOR, l @ BinaryExpr(BVULT, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral))
+        if x == x2 && y2.value < y.value => {
+      logSimp(e, l)
+    }
+
+    // relax bound by 1
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        if x == x2 && y.value == z.value => {
+      logSimp(e, BinaryExpr(BVULE, x, z))
+    }
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        if x == x2 && y.value + 1 == z.value => {
+      logSimp(e, BinaryExpr(BVULE, x, z))
+    }
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        if x == x2 && y.value == z.value => {
+      logSimp(e, BinaryExpr(BVUGE, x, z))
+    }
+    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        if x == x2 && y.value - 1 == z.value => {
+      logSimp(e, BinaryExpr(BVULE, x, z))
+    }
+
+    // tighten bound by 1
+    case e @ BinaryExpr(
+          BoolAND,
+          BinaryExpr(BVUGT, x, y: BitVecLiteral),
+          UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        ) if x == x2 && z.value == y.value + 1 => {
+      logSimp(e, BinaryExpr(BVUGT, x, z))
+    }
+    case e @ BinaryExpr(
+          BoolAND,
+          BinaryExpr(BVULT, x, y: BitVecLiteral),
+          UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        ) if x == x2 && z.value == y.value - 1 => {
+      logSimp(e, BinaryExpr(BVULT, x, z))
+    }
+    case e @ BinaryExpr(
+          BoolAND,
+          BinaryExpr(BVUGE, x, y: BitVecLiteral),
+          UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        ) if x == x2 && z.value == y.value + 1 => {
+      logSimp(e, BinaryExpr(BVUGT, x, z))
+    }
+    case e @ BinaryExpr(
+          BoolAND,
+          BinaryExpr(BVULE, x, y: BitVecLiteral),
+          UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        ) if x == x2 && z.value == y.value - 1 => {
+      logSimp(e, BinaryExpr(BVULT, x, z))
+    }
+    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y), BitVecLiteral(0, _)) =>
+      logSimp(e, BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y)))
+
+    case UnaryExpr(BVNOT, UnaryExpr(BoolToBV1, arg)) => {
+      logSimp(e, bool2bv1(UnaryExpr(BoolNOT, arg)))
+    }
+
     /*  COMPARISON FLAG HANDLING
      *
      * We quite precisely pattern match ASLp's output for C and V,
@@ -185,22 +407,22 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
 
     // NF check on expr
     case Extract(upper, lower, b) if size(b).contains(upper) && (upper == (lower + 1)) && size(b).get >= 8 => {
-      bool2bv1(BinaryExpr(BVSLT, (b), BitVecLiteral(0, size(b).get)))
+      logSimp(e, bool2bv1(BinaryExpr(BVSLT, (b), BitVecLiteral(0, size(b).get))))
     }
     // sliced negative
     case Extract(upper, lower, b)
         if lower == upper - 1 && (upper % 8) == 0 && size(b).get % upper == 0 && size(b).get > upper => {
-      bool2bv1(BinaryExpr(BVSLT, Extract(upper, 0, b), BitVecLiteral(0, upper)))
+      logSimp(e, bool2bv1(BinaryExpr(BVSLT, Extract(upper, 0, b), BitVecLiteral(0, upper))))
     }
 
     /** https://developer.arm.com/documentation/dui0801/l/Condition-Codes/Condition-code-suffixes-and-related-flags
       *
       * match NF == VF
       *
-      * (declare-const Var2 (_ BitVec 64))
-      * (declare-const Var3 (_ BitVec 64))
-      * (assert (! (not (= (= (bvslt (bvadd Var2 Var3) (_ bv0 64)) (not (= (concat ((_ extract 63 63) (bvadd Var2 Var3)) (bvadd Var2 Var3)) (bvadd (concat ((_ extract 63 63) Var2) Var2) (concat ((_ extract 63 63) Var3) Var3))))) (bvsgt Var2 (bvnot Var3)))) :named simp105))
-      *
+      * (declare-const Var2 (_ BitVec 64)) (declare-const Var3 (_ BitVec 64)) (assert (! (not (= (= (bvslt (bvadd Var2
+      * Var3) (_ bv0 64)) (not (= (concat ((_ extract 63 63) (bvadd Var2 Var3)) (bvadd Var2 Var3)) (bvadd (concat ((_
+      * extract 63 63) Var2) Var2) (concat ((_ extract 63 63) Var3) Var3))))) (bvsgt Var2 (bvnot Var3)))) :named
+      * simp105))
       */
     case BinaryExpr(
           // add case
@@ -218,11 +440,30 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           )
         )
         if sz > 1 && lhs == orig
-          && AlgebraicSimplifications(SignExtend(exts, x1)) == x2
-          && AlgebraicSimplifications(SignExtend(exts, y1)) == y2 => {
-      val n = BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1))
-      logSimp(e, n)
-      n
+          && simplifyCond(SignExtend(exts, x1)) == x2
+          && simplifyCond(SignExtend(exts, y1)) == y2 => {
+      logSimp(e, BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, y1)))
+    }
+    case BinaryExpr(
+          // add case
+          BoolEQ,
+          // N set
+          (BinaryExpr(BVSLT, BinaryExpr(BVADD, UnaryExpr(BVNEG, x0), y0), BitVecLiteral(0, sz))),
+          // V set
+          UnaryExpr(
+            BoolNOT,
+            BinaryExpr(
+              BVEQ,
+              SignExtend(exts, orig @ BinaryExpr(BVADD, UnaryExpr(BVNEG, x1), y1)),
+              compar @ BinaryExpr(BVADD, UnaryExpr(BVNEG, x2), y2)
+            ) // high precision op
+          )
+        )
+        if sz > 1
+          && x0 == x1 && y0 == y1
+          && simplifyCond(SignExtend(exts, x1)) == x2
+          && simplifyCond(SignExtend(exts, y1)) == y2 => {
+      logSimp(e, BinaryExpr(BVSGE, y0, x0), true)
     }
 
     // special case for collapsed cmp 0 x
@@ -240,14 +481,10 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
               compar @ BinaryExpr(BVADD, SignExtend(_, UnaryExpr(BVNOT, x3)), BitVecLiteral(2, _))
             ) // high precision op
           )
-        )
-        if sz >= 8 && lhs == orig && x2 == x3
-          => {
-      val n = BinaryExpr(BVSLE, BitVecLiteral(0, sz), x2)
-      n
+        ) if sz >= 8 && lhs == orig && x2 == x3 => {
+      logSimp(e, BinaryExpr(BVSLE, BitVecLiteral(0, sz), x2))
     }
 
-
     case BinaryExpr(
           // sub case (with two args)
           BoolEQ,
@@ -268,7 +505,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && x2 == x1
           && y2 == y1 => {
 
-      BinaryExpr(BVSGE, x1, y1)
+      logSimp(e, BinaryExpr(BVSGE, x1, y1))
     }
 
     // NF == VF
@@ -288,34 +525,42 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           )
         )
         if sz >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD && (lhs) == (orig)
-          && AlgebraicSimplifications(x2) == AlgebraicSimplifications(SignExtend(exts, x1))
-          && AlgebraicSimplifications(y2) == AlgebraicSimplifications(SignExtend(exts, y1))
-          && AlgebraicSimplifications(z2) == AlgebraicSimplifications(SignExtend(exts, z1)) => {
-      BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1)))
+          && simplifyCond(x2) == simplifyCond(SignExtend(exts, x1))
+          && simplifyCond(y2) == simplifyCond(SignExtend(exts, y1))
+          && simplifyCond(z2) == simplifyCond(SignExtend(exts, z1)) => {
+      logSimp(e, BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1))))
     }
 
-    // CF Unsigned Overflow
     case BinaryExpr(
           BVEQ,
           ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
           compar @ BinaryExpr(o2, x2, y2)
         )
         if size(x1).get > 1 && (o1 == o2) && o1 == BVADD
-          && AlgebraicSimplifications(x2) == AlgebraicSimplifications(ZeroExtend(exts, x1))
-          && AlgebraicSimplifications(y2) == AlgebraicSimplifications(ZeroExtend(exts, y1)) => {
+          && simplifyCond(x2) == simplifyCond(ZeroExtend(exts, x1))
+          && simplifyCond(y2) == simplifyCond(ZeroExtend(exts, y1)) => {
       // C not Set
-      val n = UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, y1)))
-      // logSimp(e, n)
-      n
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, y1))))
     }
 
-    case BinaryExpr(BVEQ, ZeroExtend(sz, v), 
-        BinaryExpr(BVADD, ZeroExtend(sz2, v2), BitVecLiteral(mv, _))) 
-      if sz == sz2 && v == v2 && mv == BigInt(2).pow(size(v).get)  => {
+    case BinaryExpr(
+          BVEQ,
+          ZeroExtend(exts, BinaryExpr(BVADD, UnaryExpr(BVNEG, x1), y1)),
+          BinaryExpr(BVADD, ZeroExtend(sz, UnaryExpr(BVNOT, x2)), z2)
+        )
+        if size(x1).get > 1
+          && exts == sz && x1 == x2
+          && simplifyCond(BinaryExpr(BVSUB, z2, BitVecLiteral(1, size(z2).get))) == simplifyCond(
+            ZeroExtend(exts, y1)
+          ) => {
+      // C not Set
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGE, y1, x1)), true)
+    }
+
+    case BinaryExpr(BVEQ, ZeroExtend(sz, v), BinaryExpr(BVADD, ZeroExtend(sz2, v2), BitVecLiteral(mv, _)))
+        if sz == sz2 && v == v2 && mv == BigInt(2).pow(size(v).get) => {
       // special case for comparison collapsed cmp 0 - v
-      val ne = UnaryExpr(BoolNOT, BinaryExpr(BVUGT, v, UnaryExpr(BVNEG, BitVecLiteral(1, size(v).get))))
-      // logSimp(e, ne)
-      ne
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGT, v, UnaryExpr(BVNEG, BitVecLiteral(1, size(v).get)))))
     }
 
     case BinaryExpr(
@@ -330,7 +575,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       // C not Set
       // TODO: dead
       Logger.error("HIT1")
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, BinaryExpr(BVADD, y1, z1))))
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, BinaryExpr(BVADD, y1, z1)))))
     }
 
     case BinaryExpr(
@@ -339,12 +584,12 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           BinaryExpr(o2, compar @ ZeroExtend(ext2, BinaryExpr(o4, x2, y2)), z2)
         )
         if exts == ext2 && size(x1).get >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD
-          && AlgebraicSimplifications(BinaryExpr(o1, ZeroExtend(exts, x1), ZeroExtend(exts, z1)))
-          == AlgebraicSimplifications(
+          && simplifyCond(BinaryExpr(o1, ZeroExtend(exts, x1), ZeroExtend(exts, z1)))
+          == simplifyCond(
             BinaryExpr(BVADD, ZeroExtend(exts, x2), (BinaryExpr(BVADD, ZeroExtend(exts, y2), z2)))
           ) => {
       // C not Set
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, z1)))
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, z1))))
     }
 
     case BinaryExpr(
@@ -360,7 +605,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           && exts == ext1 && exts == ext2
           && x1 == x2 && y1 == y2 => {
       // C not Set
-      UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, y1))
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGE, x1, y1)))
     }
 
     case BinaryExpr(
@@ -370,22 +615,24 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
         )
         if size(x1).get >= 8
           && exts == ext1
-          && AlgebraicSimplifications(UnaryExpr(BVNEG, y1))
-          == AlgebraicSimplifications(
+          && simplifyCond(UnaryExpr(BVNEG, y1))
+          == simplifyCond(
             BinaryExpr(BVADD, UnaryExpr(BVNEG, y3neg), UnaryExpr(BVNEG, Extract(size(y4neg).get - exts, 0, y4neg)))
           )
-          && AlgebraicSimplifications(ZeroExtend(exts, Extract(size(y4neg).get - exts, 0, y4neg))) == y4neg
+          && simplifyCond(ZeroExtend(exts, Extract(size(y4neg).get - exts, 0, y4neg))) == y4neg
           && {
-            val l = AlgebraicSimplifications(BinaryExpr(BVSUB, UnaryExpr(BVNEG, y1), UnaryExpr(BVNEG, (y3neg))))
-            val r = AlgebraicSimplifications(UnaryExpr(BVNEG, Extract(size(y4neg).get - exts, 0, y4neg)))
+            val l = simplifyCond(BinaryExpr(BVSUB, UnaryExpr(BVNEG, y1), UnaryExpr(BVNEG, (y3neg))))
+            val r = simplifyCond(UnaryExpr(BVNEG, Extract(size(y4neg).get - exts, 0, y4neg)))
             l == r
           }
           && x1 == x2 => {
       // somehow we get three-way inequality
-      BinaryExpr(BoolAND, BinaryExpr(BVULT, x1, UnaryExpr(BVNEG, y1)), BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y3neg)))
+      logSimp(
+        e,
+        BinaryExpr(BoolAND, BinaryExpr(BVULT, x1, UnaryExpr(BVNEG, y1)), BinaryExpr(BVUGE, x1, UnaryExpr(BVNEG, y3neg)))
+      )
     }
 
-
     /* generic comparison simplification */
     // redundant inequality
     // x < y && x != z when z <= y
@@ -394,62 +641,94 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs: BitVecLiteral)),
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
         )
-        if (ineqToStrict.contains(op) || strictIneq.contains(op)) && AlgebraicSimplifications(
+        if (ineqToStrict.contains(op) || strictIneq.contains(op)) && simplifyCond(
           BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
         ) == TrueLiteral
           && lhs == lhs2 => {
-      l
+      logSimp(e, l)
     }
     case BinaryExpr(
           BoolAND,
           l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs)),
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))
         ) if strictIneq.contains(op) && rhs == rhs2 && lhs == lhs2 => {
-      l
+      logSimp(e, l)
+    }
+
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGT, lhs, UnaryExpr(BVNOT, rhs)),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, nrhs @ UnaryExpr(BVNEG, rhs2)))
+        ) if  rhs == rhs2 && lhs == lhs2 => {
+      logSimp(e, BinaryExpr(BVUGT, lhs, nrhs))
     }
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVULT, lhs, UnaryExpr(BVNEG, rhs)),
+          UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, nrhs @ UnaryExpr(BVNOT, rhs2)))
+        ) if  rhs == rhs2 && lhs == lhs2 => {
+      logSimp(e, BinaryExpr(BVULT, lhs, nrhs))
+    }
+
 
     // weak to strict inequality
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
         if ineqToStrict.contains(op) &&
-          size(lhs).isDefined && (AlgebraicSimplifications(
+          size(lhs).isDefined && (simplifyCond(
             BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))
           ) == rhs) => {
-      BinaryExpr(ineqToStrict(op), lhs, BitVecLiteral(0, size(lhs).get))
+      logSimp(e, BinaryExpr(ineqToStrict(op), lhs, BitVecLiteral(0, size(lhs).get)))
     }
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2)))
         if ineqToStrict.contains(op) &&
-          lhs == lhs2 && (AlgebraicSimplifications(UnaryExpr(BVNEG, rhs)) == AlgebraicSimplifications(rhs2)) => {
-      BinaryExpr(ineqToStrict(op), lhs, rhs)
+          lhs == lhs2 && (simplifyCond(UnaryExpr(BVNEG, rhs)) == simplifyCond(rhs2)) => {
+      logSimp(e, BinaryExpr(ineqToStrict(op), lhs, rhs))
     }
     case BinaryExpr(BoolAND, l @ BinaryExpr(BoolOR, a, b), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))) => {
-      BinaryExpr(
-        BoolAND,
-        AlgebraicSimplifications(BinaryExpr(BoolAND, a, r)),
-        AlgebraicSimplifications(BinaryExpr(BoolAND, b, r))
+      logSimp(
+        e,
+        BinaryExpr(
+          BoolAND,
+          simplifyCond(BinaryExpr(BoolAND, a, r)),
+          simplifyCond(BinaryExpr(BoolAND, b, r))
+        )
       )
     }
 
-    case BinaryExpr(BoolEQ, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => BinaryExpr(BoolEQ, x, y)
+    case BinaryExpr(BoolEQ, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => logSimp(e, BinaryExpr(BoolEQ, x, y))
+
+    case BinaryExpr(BoolOR, BinaryExpr(strictOp, x, y), r @ BinaryExpr(BVEQ, a, b))
+        if x == a && y == b && strictToNonStrict.contains(strictOp) => {
+      logSimp(e, BinaryExpr(strictToNonStrict(strictOp), x, y))
+    }
+
+    case BinaryExpr(
+          BoolOR,
+          BinaryExpr(strictOp, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)),
+          r @ BinaryExpr(BVEQ, a, b)
+        ) if x == a && y == b && strictToNonStrict.contains(strictOp) => {
+      logSimp(e, BinaryExpr(strictToNonStrict(strictOp), x, y))
+    }
+
     case BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
-      BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r))
+      logSimp(e, BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r)))
     }
     case BinaryExpr(BoolOR, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
-      BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r))
+      logSimp(e, BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r)))
     }
     case BinaryExpr(BoolAND, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => {
-      UnaryExpr(BoolNOT, BinaryExpr(BoolOR, x, y))
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BoolOR, x, y)))
     }
 
-
     case BinaryExpr(BoolOR, BinaryExpr(op, lhs, rhs), BinaryExpr(BVEQ, lhs2, rhs2))
         if strictToNonStrict.contains(op) && rhs == rhs2 && lhs == lhs2 => {
-      BinaryExpr(strictToNonStrict(op), lhs, rhs)
+      logSimp(e, BinaryExpr(strictToNonStrict(op), lhs, rhs))
     }
 
-
-    case BinaryExpr(BoolAND, lhs @ BinaryExpr(op, l, r), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, l2, r2))) if strictIneq.contains(op) && l == l2 && r == r2=> {
-      lhs
+    case BinaryExpr(BoolAND, lhs @ BinaryExpr(op, l, r), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, l2, r2)))
+        if strictIneq.contains(op) && l == l2 && r == r2 => {
+      logSimp(e, lhs)
     }
 
     case BinaryExpr(
@@ -459,17 +738,20 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
         )
         if isIneq(op1) && isIneq(op2) && lhs1 == lhs2 && lhs3 == lhs2
           && {
-            val ls = AlgebraicSimplifications(BinaryExpr(BoolOR, l, d))
-            val rs = AlgebraicSimplifications(BinaryExpr(BoolOR, r, d))
+            val ls = simplifyCond(BinaryExpr(BoolOR, l, d))
+            val rs = simplifyCond(BinaryExpr(BoolOR, r, d))
             (ls, rs) match {
               case (BinaryExpr(_, l, r: Literal), BinaryExpr(_, ll, rr: Literal)) => true
               case _                                                              => false
             }
           } => {
-      BinaryExpr(
-        BoolAND,
-        AlgebraicSimplifications(BinaryExpr(BoolOR, l, d)),
-        AlgebraicSimplifications(BinaryExpr(BoolOR, r, d))
+      logSimp(
+        e,
+        BinaryExpr(
+          BoolAND,
+          simplifyCond(BinaryExpr(BoolOR, l, d)),
+          simplifyCond(BinaryExpr(BoolOR, r, d))
+        )
       )
     }
 
@@ -479,15 +761,15 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _)))
         )
         if ineqToStrict.contains(op) &&
-          rhs == rhs2 && (AlgebraicSimplifications(lhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, lhs2))) => {
-      BinaryExpr(ineqToStrict(op), lhs, rhs)
+          rhs == rhs2 && (simplifyCond(lhs) == simplifyCond(UnaryExpr(BVNEG, lhs2))) => {
+      logSimp(e, BinaryExpr(ineqToStrict(op), lhs, rhs))
     }
 
     // TODO: below are possibly redundant due to changed canonical form
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2)))
         if ineqToStrict.contains(op) &&
           lhs == lhs2 && rhs == rhs2 => {
-      BinaryExpr(ineqToStrict(op), lhs, rhs)
+      logSimp(e, BinaryExpr(ineqToStrict(op), lhs, rhs))
     }
     case BinaryExpr(
           BoolAND,
@@ -495,90 +777,38 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVADD, lhs2, rhs2), BitVecLiteral(0, _)))
         )
         if ineqToStrict.contains(op) &&
-          lhs == lhs2 && AlgebraicSimplifications(rhs) == AlgebraicSimplifications(UnaryExpr(BVNEG, rhs2)) => {
-      BinaryExpr(ineqToStrict(op), lhs, rhs)
+          lhs == lhs2 && simplifyCond(rhs) == simplifyCond(UnaryExpr(BVNEG, rhs2)) => {
+      logSimp(e, BinaryExpr(ineqToStrict(op), lhs, rhs))
     }
 
-    // inequality negation
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSLT, lhs, rhs)) => BinaryExpr(BVSGE, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSGT, lhs, rhs)) => BinaryExpr(BVSLE, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVULT, lhs, rhs)) => BinaryExpr(BVUGE, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVUGT, lhs, rhs)) => BinaryExpr(BVULE, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSLE, lhs, rhs)) => BinaryExpr(BVSGT, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSGE, lhs, rhs)) => BinaryExpr(BVSLT, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => BinaryExpr(BVUGT, lhs, rhs)
-    case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => BinaryExpr(BVULT, lhs, rhs)
-
     // tighten inequality bounds
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, z, y2))) if y == y2 => {
-      BinaryExpr(BVSLT, x, z)
+      logSimp(e, BinaryExpr(BVSLT, x, z))
     }
     case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y), (BinaryExpr(BVULT, z, y2))) if y == y2 => {
-      BinaryExpr(BVULT, x, z)
-    }
-    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y), (BinaryExpr(BVULT, x2, z))) if x == x2 => {
-      AlgebraicSimplifications(BinaryExpr(BVULT, y, z)) match {
-        case TrueLiteral  => BinaryExpr(BVULT, x, y)
-        case FalseLiteral => BinaryExpr(BVULT, x, z)
-        case _            => e
-      }
-    }
-    case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, x2, z))) if x == x2 => {
-      AlgebraicSimplifications(BinaryExpr(BVSLT, y, z)) match {
-        case TrueLiteral  => BinaryExpr(BVSLT, x, y)
-        case FalseLiteral => BinaryExpr(BVSLT, x, z)
-        case _            => e
-      }
-    }
-
-    // subsume constant bound
-    case BinaryExpr(BoolOR, l @ BinaryExpr(BVUGE, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value >= y.value => {
-      l
-    }
-    case BinaryExpr(BoolOR, l @ BinaryExpr(BVULE, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value <= y.value => {
-      l
+      logSimp(e, BinaryExpr(BVULT, x, z))
     }
-    case BinaryExpr(BoolOR, l @ BinaryExpr(BVUGT, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value > y.value => {
-      l
-    }
-    case BinaryExpr(BoolOR, l @ BinaryExpr(BVULT, x, y: BitVecLiteral), BinaryExpr(BVEQ, x2, y2: BitVecLiteral)) if x == x2 && y2.value < y.value => {
-      l
-    }
-
-    // relax bound by 1
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
-      if x == x2 && y.value == z.value => {
-      BinaryExpr(BVULE, x, z)
-    }
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
-      if x == x2 && y.value + 1 == z .value=> {
-      BinaryExpr(BVULE, x, z)
-    }
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
-      if x == x2 && y.value == z.value => {
-      BinaryExpr(BVUGE, x, z)
-    }
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral))) 
-      if x == x2 && y.value - 1 == z.value=> {
-      BinaryExpr(BVULE, x, z)
-    }
-
-    // tighten bound by 1
-    case e @ BinaryExpr(BoolAND, BinaryExpr(BVUGT, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
-      if x == x2 && z.value == y.value + 1 => {
-      BinaryExpr(BVUGT, x, z)
-    }
-    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
-      if x == x2 && z.value == y.value - 1 => {
-      BinaryExpr(BVULT, x, z)
-    }
-    case e @ BinaryExpr(BoolAND, BinaryExpr(BVUGE, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
-      if x == x2 && z.value == y.value + 1 => {
-      BinaryExpr(BVUGT, x, z)
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULT, x, y), (BinaryExpr(BVULT, x2, z)))
+        if x == x2 /* && simplifyCond(BinaryExpr(BVULT, y, z)).isInstanceOf[BoolLit] */ => {
+      logSimp(
+        e,
+        simplifyCond(BinaryExpr(BVULT, y, z)) match {
+          case TrueLiteral  => BinaryExpr(BVULT, x, y)
+          case FalseLiteral => BinaryExpr(BVULT, x, z)
+          case _            => e
+        }
+      )
     }
-    case e @ BinaryExpr(BoolAND, BinaryExpr(BVULE, x, y: BitVecLiteral), UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))) 
-      if x == x2 && z.value == y.value - 1 => {
-      BinaryExpr(BVULT, x, z)
+    case e @ BinaryExpr(BoolAND, BinaryExpr(BVSLT, x, y), (BinaryExpr(BVSLT, x2, z)))
+        if x == x2 /*&& simplifyCond(BinaryExpr(BVSLT, y, z)).isInstanceOf[BoolLit]*/ => {
+      logSimp(
+        e,
+        simplifyCond(BinaryExpr(BVSLT, y, z)) match {
+          case TrueLiteral  => BinaryExpr(BVSLT, x, y)
+          case FalseLiteral => BinaryExpr(BVSLT, x, z)
+          case _            => e
+        }
+      )
     }
 
     case o => {
@@ -623,14 +853,13 @@ val strictIneq = Set[BinOp](
   BVULT
 )
 
-
 def cleanupExtends(e: Expr): (Expr, Boolean) = {
   // this 'de-canonicalises' to some extent, but makes the resulting program simpler, so we perform as a post pass
 
   var changedAnything = true
 
   val res = e match {
-    case Extract(ed, 0, body) if size(body).get == ed                        => (body)
+    case Extract(ed, 0, body) if size(body).get == ed                                    => (body)
     case ZeroExtend(0, body)                                                             => (body)
     case SignExtend(0, body)                                                             => (body)
     case BinaryExpr(BVADD, body, BitVecLiteral(0, _))                                    => (body)
@@ -638,10 +867,11 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
     case Repeat(1, body)                                                                 => (body)
     case Extract(ed, 0, ZeroExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
     case Extract(ed, 0, SignExtend(extension, body)) if (body.getType == BitVecType(ed)) => (body)
-    case Extract(ed, 0, ZeroExtend(exts, body)) if exts + size(body).get >= ed  && ed > size(body).get    => ZeroExtend(ed - size(body).get, body)
+    case Extract(ed, 0, ZeroExtend(exts, body)) if exts + size(body).get >= ed && ed > size(body).get =>
+      ZeroExtend(ed - size(body).get, body)
 
-    case BinaryExpr(BVEQ, ZeroExtend(x, body), y: BitVecLiteral) 
-    if y.value <= BigInt(2).pow(size(body).get) - 1 => BinaryExpr(BVEQ, body, BitVecLiteral(y.value, size(body).get))
+    case BinaryExpr(BVEQ, ZeroExtend(x, body), y: BitVecLiteral) if y.value <= BigInt(2).pow(size(body).get) - 1 =>
+      BinaryExpr(BVEQ, body, BitVecLiteral(y.value, size(body).get))
 
     case BinaryExpr(BVEQ, ZeroExtend(sz, expr), BitVecLiteral(0, sz2)) =>
       BinaryExpr(BVEQ, expr, BitVecLiteral(0, size(expr).get))
@@ -652,10 +882,28 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
     case ZeroExtend(sz1, ZeroExtend(sz2, exp))      => ZeroExtend(sz1 + sz2, exp)
 
     // make subs more readable
-    case BinaryExpr(BVADD, x, b: BitVecLiteral) if eval.BitVectorEval.isNegative(b) => {
-      BinaryExpr(BVSUB, x, eval.BitVectorEval.smt_bvneg(b))
+    //case BinaryExpr(BVADD, x, b: BitVecLiteral) if eval.BitVectorEval.isNegative(b) => {
+    //  BinaryExpr(BVSUB, x, eval.BitVectorEval.smt_bvneg(b))
+    //}
+
+    // extract(hi, m+e, 0) ++ zeroextend(e, extract(m, 0, r0)) to  bitmask
+    case BinaryExpr(BVCONCAT, Extract(hi1, lo1, x1), ZeroExtend(ext, Extract(hi2, 0, x2))) if lo1 == ext + hi2 => {
+      val b = "1" * (hi1 - lo1) ++ ("0" * ext) ++ "1" * hi2
+      val n = BinaryExpr(BVAND, Extract(hi1, 0, x2), BitVecLiteral(BigInt(b, 2), hi1))
+      n
     }
 
+    // inequality negation
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
+      logSimp(e, UnaryExpr(BVNOT, (body)))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSLT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVULT, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVUGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVULE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSLE, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGT, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLT, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGT, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVULT, lhs, rhs))
 
     // redundant extends
     // extract extended zero part
@@ -667,30 +915,39 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVSHL, body, BitVecLiteral(n, _)) if size(body).get <= n => BitVecLiteral(0, size(body).get)
 
     // simplify convoluted bit test
-    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body), BitVecLiteral(n, _)), BitVecLiteral(0, _)) 
-      if n1 == n => {
-        BinaryExpr(BVEQ, body, BitVecLiteral(0, size(body).get))
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body), BitVecLiteral(n, _)), BitVecLiteral(0, _))
+        if n1 == n => {
+      BinaryExpr(BVEQ, body, BitVecLiteral(0, size(body).get))
     }
     //     assume (!(bvshl8(zero_extend6_2(R3_19[8:6]), 6bv8) == 128bv8));
-    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body @ Extract(hi, lo, v)), BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _)) 
-      if lo == n && cval >= BigInt(2).pow(lo + n.toInt) => {
-        BinaryExpr(BVEQ, body, Extract(hi + n.toInt, lo + n.toInt, c))
+    case BinaryExpr(
+          BVEQ,
+          BinaryExpr(BVSHL, ZeroExtend(n1, body @ Extract(hi, lo, v)), BitVecLiteral(n, _)),
+          c @ BitVecLiteral(cval, _)
+        ) if lo == n && cval >= BigInt(2).pow(lo + n.toInt) => {
+      BinaryExpr(BVEQ, body, Extract(hi + n.toInt, lo + n.toInt, c))
     }
     case BinaryExpr(BVEQ, BinaryExpr(BVSHL, b, BitVecLiteral(n, _)), c @ BitVecLiteral(0, _)) => {
-        // b low bits are all zero due to shift
-        BinaryExpr(BVEQ, b, BitVecLiteral(0, size(b).get))
+      // b low bits are all zero due to shift
+      BinaryExpr(BVEQ, b, BitVecLiteral(0, size(b).get))
     }
-    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, b, BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _)) 
-      if cval != 0 && cval < BigInt(2).pow(n.toInt) => {
-        // low bits are all zero due to shift, and cval low bits are not zero
-        FalseLiteral
+    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, b, BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _))
+        if cval != 0 && cval < BigInt(2).pow(n.toInt) => {
+      // low bits are all zero due to shift, and cval low bits are not zero
+      FalseLiteral
     }
-    case BinaryExpr(BVEQ, BinaryExpr(BVSHL, ZeroExtend(n1, body @ Extract(hi, lo, v)), BitVecLiteral(n, _)), c @ BitVecLiteral(cval, _)) 
-      if lo == n && cval >= BigInt(2).pow(n.toInt) => {
-        // extract the part of cval we are testing and remove the shift on the lhs operand
-        BinaryExpr(BVEQ, body, Extract((hi - lo) + n.toInt, n.toInt, c))
+    case BinaryExpr(
+          BVEQ,
+          BinaryExpr(BVSHL, ZeroExtend(n1, body @ Extract(hi, lo, v)), BitVecLiteral(n, _)),
+          c @ BitVecLiteral(cval, _)
+        ) if lo == n && cval >= BigInt(2).pow(n.toInt) => {
+      // extract the part of cval we are testing and remove the shift on the lhs operand
+      BinaryExpr(BVEQ, body, Extract((hi - lo) + n.toInt, n.toInt, c))
     }
 
+    // bvnot to bvneg
+    // case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => logSimp(e, UnaryExpr(BVNEG, x))
+
     case r => {
       changedAnything = false
       r
@@ -703,26 +960,6 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
 def simplifyExpr(e: Expr): (Expr, Boolean) = {
   // println((0 until indent).map(" ").mkString("") + e)
 
-  def pushExtend(e: Expr, extend: Expr => Expr): Expr = {
-    e match {
-      case BinaryExpr(op, lhs, rhs) if size(e).isDefined =>
-        BinaryExpr(op, pushExtend(lhs, extend), pushExtend(rhs, extend))
-      case UnaryExpr(op, v) if size(e).isDefined => UnaryExpr(op, pushExtend(v, extend))
-      case l: Literal if size(l).isDefined       => extend(l)
-      case v: Variable if size(v).isDefined      => extend(v)
-      case e: Extract                            => extend(e)
-      case e: SignExtend                         => extend(e)
-      case e: ZeroExtend                         => extend(e)
-      case o                                     => o
-    }
-  }
-
-  def bvLogOpToBoolOp = Map[BinOp, BinOp](
-    // logical ops when bv1
-    BVAND -> BoolAND,
-    BVOR -> BoolOR
-  )
-
   /** Apply the rewrite rules once. Note some rules expect a canonical form produced by other rules, and hence this is
     * more effective when applied iteratively until a fixed point.
     */
@@ -733,143 +970,137 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     //
     //
     // (comp (comp x y) 1) = (comp x y)
+    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1)) => logSimp(e, body)
     case BinaryExpr(
           BVEQ,
           BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)),
           BitVecLiteral(1, 1)
         ) =>
-      BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1))
+      logSimp(e, BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1)))
+
+    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2))))
 
     case BinaryExpr(BVADD, BinaryExpr(BVADD, body, l: BitVecLiteral), r: BitVecLiteral)
         if !body.isInstanceOf[Literal] =>
-      BinaryExpr(BVADD, (body), (BinaryExpr(BVADD, r, l)))
+      logSimp(e, BinaryExpr(BVADD, body, (BinaryExpr(BVADD, r, l))))
 
     case BinaryExpr(BVMUL, BinaryExpr(BVMUL, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), (body))
+      logSimp(e, BinaryExpr(BVMUL, BinaryExpr(BVMUL, l, r), (body)))
 
     case BinaryExpr(BVOR, BinaryExpr(BVOR, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), (body))
+      logSimp(e, BinaryExpr(BVOR, BinaryExpr(BVOR, l, r), (body)))
+
     case BinaryExpr(BVAND, BinaryExpr(BVAND, body, l: BitVecLiteral), r: BitVecLiteral) =>
-      BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), (body))
+      logSimp(e, BinaryExpr(BVAND, BinaryExpr(BVAND, l, r), (body)))
 
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral)) =>
-      BinaryExpr(BVADD, (BinaryExpr(BVADD, l, r)), (BinaryExpr(BVADD, lc, rc)))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, l, lc: BitVecLiteral), BinaryExpr(BVADD, r, rc: BitVecLiteral))
+        if !l.isInstanceOf[BitVecLiteral] =>
+      logSimp(e, BinaryExpr(BVADD, (BinaryExpr(BVADD, l, r)), (BinaryExpr(BVADD, lc, rc))))
     // normalise
     // make all comparisons positive so double negatives can be cleaned up
-    case BinaryExpr(BVEQ, UnaryExpr(BVNOT, BinaryExpr(BVCOMP, x, y)), BitVecLiteral(1, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, BinaryExpr(BVCOMP, (x), (y)), BitVecLiteral(1, 1)))
-    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
-      BinaryExpr(BVEQ, (e1), (e2))
 
-    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+    case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(1, 1)) =>
+      logSimp(e, BinaryExpr(BVEQ, (e1), (e2)))
 
-    case BinaryExpr(BVNEQ, e1, e2) => UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2)))
+    case BinaryExpr(BVNEQ, e1, e2) => logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2))))
 
     case BinaryExpr(op, BinaryExpr(op1, a, b: Literal), BinaryExpr(op2, c, d: Literal))
         if !a.isInstanceOf[Literal] && !c.isInstanceOf[Literal]
           && assocOps.contains(op) && op == op1 && op == op2 =>
-      BinaryExpr(op, BinaryExpr(op, a, c), BinaryExpr(op, b, d))
+      logSimp(e, BinaryExpr(op, BinaryExpr(op, a, c), BinaryExpr(op, b, d)))
 
     case BinaryExpr(op, x: Literal, y: Expr) if !y.isInstanceOf[Literal] && assocOps.contains(op) =>
-      BinaryExpr(op, (y), (x))
+      logSimp(e, BinaryExpr(op, (y), (x)))
 
-    case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
+    case BinaryExpr(BVADD, ed @ SignExtend(sz, UnaryExpr(BVNOT, x)), bo @ BitVecLiteral(bv, sz2))
+        if size(ed).contains(sz2) && !BitVectorEval.isNegative(bo) =>
+      logSimp(e, BinaryExpr(BVADD, UnaryExpr(BVNEG, SignExtend(sz, x)), BitVecLiteral(bv - 1, sz2)), actual = false)
 
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _))
-        if !(y.isInstanceOf[BitVecLiteral]) =>
-      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x))
-    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, ed @ SignExtend(sz, UnaryExpr(BVNOT, x))), BitVecLiteral(1, sz2))
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, ed @ UnaryExpr(BVNOT, x)), bo @ BitVecLiteral(off, sz2))
+        if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) && !BitVectorEval.isNegative(bo) =>
+      logSimp(
+        e,
+        BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x)), BitVecLiteral(off - 1, sz2)),
+        actual = false
+      )
+
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, ed @ SignExtend(sz, UnaryExpr(BVNOT, x))), BitVecLiteral(off, sz2))
         if size(ed).contains(sz2) && !(y.isInstanceOf[BitVecLiteral]) =>
-      BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x)))
+      logSimp(
+        e,
+        BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNEG, SignExtend(sz, x))), BitVecLiteral(off - 1, sz2)),
+        actual = false
+      )
 
-    case BinaryExpr(BVADD, UnaryExpr(BVNEG, x), BitVecLiteral(1, _)) => UnaryExpr(BVNOT, x)
-    case BinaryExpr(BVADD, BitVecLiteral(1, _), UnaryExpr(BVNEG, x)) => UnaryExpr(BVNOT, x)
-    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, _)) 
-      if (eval.BitVectorEval.isNegative(y)) => BinaryExpr(BVEQ, x, eval.BitVectorEval.smt_bvneg(y))
+    //case BinaryExpr(BVADD, UnaryExpr(BVNEG, x), BitVecLiteral(c, sz)) if c == BitVectorEval.smt_bvneg(BitVecLiteral(1, sz)).value => logSimp(e, UnaryExpr(BVNOT, x))
+    //case BinaryExpr(BVADD, BitVecLiteral(1, _), UnaryExpr(BVNEG, x)) => logSimp(e, UnaryExpr(BVNOT, x))
+    // case BinaryExpr(BVADD, UnaryExpr(BVNEG, x), BitVecLiteral(c, sz)) => logSimp(e, BinaryExpr(UnaryExpr(BVNOT, x), ))
+
+    case BinaryExpr(BVADD, UnaryExpr(BVNOT, x), BitVecLiteral(1, _)) => UnaryExpr(BVNEG, x)
+
+    //case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, _))
+    //    if (eval.BitVectorEval.isNegative(y)) =>
+    //  logSimp(e, BinaryExpr(BVEQ, x, eval.BitVectorEval.smt_bvneg(y)))
 
     /*
      * Simplify BVop to Bool ops in a boolean context.
      */
 
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => (body)
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) => UnaryExpr(BVNOT, (body))
-
-    /* intro bool2bv */
-    case BinaryExpr(
-          BVCOMP,
-          l,
-          r
-        ) => {
-      bool2bv1(BinaryExpr(BVEQ, l, r))
-    }
-    /* push bool2bv upwards */
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          UnaryExpr(BoolToBV1, r)
-        ) if bvLogOpToBoolOp.contains(bop) => {
-      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
-    }
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          UnaryExpr(BoolToBV1, r)
-        ) if bvLogOpToBoolOp.contains(bop) => {
-      bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r)))
-    }
-
-    case UnaryExpr(BVNOT, UnaryExpr(BoolToBV1, arg)) =>
-      bool2bv1(UnaryExpr(BoolNOT, arg))
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(1, 1)) => logSimp(e, body)
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
+      logSimp(e, UnaryExpr(BVNOT, (body)))
     case BinaryExpr(BVEQ, l, BitVecLiteral(0, 1)) =>
-      UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (l), BitVecLiteral(1, 1)))
+      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVEQ, l, BitVecLiteral(1, 1))))
 
-    /* remove bool2bv in boolean context */
-    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1))  => body
-    case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => BinaryExpr(BoolEQ, (l), (r))
-    case UnaryExpr(BoolToBV1, FalseLiteral)                                 => BitVecLiteral(0, 1)
-    case UnaryExpr(BoolToBV1, TrueLiteral)                                  => BitVecLiteral(1, 1)
-
-    case BinaryExpr(BoolAND, x, TrueLiteral)  => x
-    case BinaryExpr(BoolAND, x, FalseLiteral) => FalseLiteral
-    case BinaryExpr(BoolOR, x, FalseLiteral)  => x
-    case BinaryExpr(BoolOR, x, TrueLiteral)   => TrueLiteral
+    case BinaryExpr(BoolAND, x, TrueLiteral)  => logSimp(e, x)
+    case BinaryExpr(BoolAND, x, FalseLiteral) => logSimp(e, FalseLiteral)
+    case BinaryExpr(BoolOR, x, FalseLiteral)  => logSimp(e, x)
+    case BinaryExpr(BoolOR, x, TrueLiteral)   => logSimp(e, TrueLiteral)
 
-    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s)) =>
-      BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y))
-
-    case BinaryExpr(BVCONCAT, BitVecLiteral(0, sz), expr) => ZeroExtend(sz, expr)
+    case BinaryExpr(BVCONCAT, BitVecLiteral(0, sz), expr) => logSimp(e, ZeroExtend(sz, expr))
     case BinaryExpr(BVCONCAT, expr, BitVecLiteral(0, sz)) if (BigInt(2).pow(sz + size(expr).get) > sz) =>
-      BinaryExpr(BVSHL, ZeroExtend(sz, expr), BitVecLiteral(sz, sz + size(expr).get))
-
+      logSimp(e, BinaryExpr(BVSHL, ZeroExtend(sz, expr), BitVecLiteral(sz, sz + size(expr).get)))
 
     // identities
     case BinaryExpr(BVXOR, l, r) if l == r =>
-      e.getType match {
-        case BitVecType(sz) => BitVecLiteral(0, sz)
-        case _              => throw Exception("Type error (should be unreachable)")
-      }
-    case BinaryExpr(BoolEQ, x, FalseLiteral) => UnaryExpr(BoolNOT, x)
+      logSimp(
+        e,
+        e.getType match {
+          case BitVecType(sz) => BitVecLiteral(0, sz)
+          case _              => throw Exception("Type error (should be unreachable)")
+        }
+      )
+    case BinaryExpr(BoolEQ, x, FalseLiteral)       => logSimp(e, UnaryExpr(BoolNOT, x))
+    case BinaryExpr(BVADD, x, BitVecLiteral(0, _)) => logSimp(e, x)
 
     // double negation
-    case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => (body)
-    case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => (body)
-    case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => (body)
+    case UnaryExpr(BVNOT, UnaryExpr(BVNOT, body))     => logSimp(e, body)
+    case UnaryExpr(BVNEG, UnaryExpr(BVNEG, body))     => logSimp(e, body)
+    case UnaryExpr(BoolNOT, UnaryExpr(BoolNOT, body)) => logSimp(e, body)
 
     // syntactic equality
-    case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => TrueLiteral
+    case BinaryExpr(BVEQ, a, b) if a.loads.isEmpty && b.loads.isEmpty && a == b => logSimp(e, TrueLiteral)
 
+    case BinaryExpr(BVADD, BinaryExpr(BVADD, y, UnaryExpr(BVNOT, x)), BitVecLiteral(1, _))
+        if !(y.isInstanceOf[BitVecLiteral]) =>
+      logSimp(e, BinaryExpr(BVADD, y, UnaryExpr(BVNEG, x)))
 
+    //case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, y: BitVecLiteral), BitVecLiteral(0, s)) =>
+    //  logSimp(e, BinaryExpr(BVEQ, x, UnaryExpr(BVNEG, y)))
+    //
+    //case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)) =>
+    //  logSimp(e, BinaryExpr(BVEQ, x, y))
 
-    case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y))
+    //case BinaryExpr(op, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)) if strictIneq.contains(op) || op == BVEQ || ineqToStrict.contains(op) =>
+    //  logSimp(e, BinaryExpr(op, x, y))
 
-    case BinaryExpr(BVEQ, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)), BitVecLiteral(0, _)) => BinaryExpr(BVEQ, x, y)
+    case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => logSimp(e, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)))
 
     case r => {
       didAnything = false
       r
     }
   }
-
   (simped, didAnything)
 }
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 591eb148b..00983f357 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -3,6 +3,8 @@ import translating.serialiseIL
 
 import util.Logger
 import ir.eval.AlgebraicSimplifications
+import ir.eval.AssumeConditionSimplifications
+import ir.eval.simplifyExprFixpoint
 import ir.cilvisitor.*
 import ir.*
 import scala.collection.mutable
@@ -450,18 +452,17 @@ def copypropTransform(p: Procedure) = {
   t.checkPoint("redundant assignments")
   // Logger.info(s"    ${p.name} after dead var cleanup expr complexity ${ExprComplexity()(p)}")
 
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  visit_proc(AlgebraicSimplifications, p)
-  ir.eval.cleanupSimplify(p)
-  ir.eval.cleanupSimplify(p)
+  AlgebraicSimplifications(p)
+  AssumeConditionSimplifications(p)
+
+  AlgebraicSimplifications(p)
   // Logger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
   val sipm = t.checkPoint("algebraic simp")
 
   // Logger.info("[!] Simplify :: RemoveSlices")
   removeSlices(p)
-  visit_proc(AlgebraicSimplifications, p)
+  ir.eval.cleanupSimplify(p)
+  AlgebraicSimplifications(p)
 
 }
 
@@ -873,7 +874,7 @@ object CopyProp {
           )(e)
 
       // partial eval after prop
-      eval.simplifyExprFixpoint(false)(ne.getOrElse(e))
+      simplifyExprFixpoint(ne.getOrElse(e))._1
     }
 
     def propfp(e: Expr) = {
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 110fb2fd1..340def412 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -79,6 +79,7 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     val terms = list(sym("push"))::BasilIRToSMT2.extractDecls(e)
       ++ List(
         assert,
+        list(sym("set-option"), sym(":smt.timeout"), sym("1")),
         list(sym("echo"), sym("\"" + name.getOrElse("") + "  ::  " + e + "\"")),
         list(sym("check-sat")),
         list(sym("get-model")),
diff --git a/src/test/correct/arrays_simple/clang/arrays_simple.expected b/src/test/correct/arrays_simple/clang/arrays_simple.expected
index c24e7d31d..935475caa 100644
--- a/src/test/correct/arrays_simple/clang/arrays_simple.expected
+++ b/src/test/correct/arrays_simple/clang/arrays_simple.expected
@@ -1,22 +1,29 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1872bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -65,8 +72,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_stack, R0, R31, R8, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1872bv64) == 1bv8);
@@ -77,8 +84,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1872bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1873bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1874bv64) == 2bv8);
@@ -88,25 +93,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "%0000089b"} true;
-    R8, Gamma_R8 := 7bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R8);
-    assume {:captureState "%000008a8"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%000008b7"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 7bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_3[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := 0bv64, R31_in, R8_3;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := true, Gamma_R31_in, Gamma_R8_3;
     return;
 }
 
diff --git a/src/test/correct/arrays_simple/clang/arrays_simple_gtirb.expected b/src/test/correct/arrays_simple/clang/arrays_simple_gtirb.expected
index b58ac9c72..5750f6268 100644
--- a/src/test/correct/arrays_simple/clang/arrays_simple_gtirb.expected
+++ b/src/test/correct/arrays_simple/clang/arrays_simple_gtirb.expected
@@ -1,22 +1,29 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1872bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -65,8 +72,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_stack, R0, R31, R8, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1872bv64) == 1bv8);
@@ -77,8 +84,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1872bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1873bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1874bv64) == 2bv8);
@@ -88,25 +93,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   $main$__0__$hLpmd_ERQq2v3Sj7g4WZPA:
-    assume {:captureState "$main$__0__$hLpmd_ERQq2v3Sj7g4WZPA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "1820$0"} true;
-    R8, Gamma_R8 := 7bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 7bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_3[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := 0bv64, R31_in, R8_3;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := true, Gamma_R31_in, Gamma_R8_3;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/clang/basic_arrays_read.expected b/src/test/correct/basic_arrays_read/clang/basic_arrays_read.expected
index f4ac60347..716685b0b 100644
--- a/src/test/correct/basic_arrays_read/clang/basic_arrays_read.expected
+++ b/src/test/correct/basic_arrays_read/clang/basic_arrays_read.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R31, R8, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -90,8 +97,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1860bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1861bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1862bv64) == 2bv8);
@@ -101,25 +106,22 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R0_1: bool;
+  var R0_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002d1"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), true);
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert true;
-    assume {:captureState "%000002dd"} true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, 69632bv64;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, true;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/clang/basic_arrays_read_gtirb.expected b/src/test/correct/basic_arrays_read/clang/basic_arrays_read_gtirb.expected
index 8e4bac79d..74d0755c3 100644
--- a/src/test/correct/basic_arrays_read/clang/basic_arrays_read_gtirb.expected
+++ b/src/test/correct/basic_arrays_read/clang/basic_arrays_read_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R31, R8, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -90,8 +97,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1860bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1861bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1862bv64) == 2bv8);
@@ -101,25 +106,22 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R0_1: bool;
+  var R0_1: bv64;
   $main$__0__$nH8DWmocTJOsal3tXpRbMg:
-    assume {:captureState "$main$__0__$nH8DWmocTJOsal3tXpRbMg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), true);
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert true;
-    assume {:captureState "1824$0"} true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, 69632bv64;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, true;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read.expected b/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read.expected
index 736e8907d..792bc6066 100644
--- a/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read.expected
+++ b/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -83,8 +90,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R31, R8, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1928bv64) == 1bv8);
@@ -96,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69684bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1928bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1929bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1930bv64) == 2bv8);
@@ -108,27 +113,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 69684bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R0_1: bool;
+  var Gamma_R8_2: bool;
+  var R0_1: bv64;
+  var R8_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002d5"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4056bv64)) || L(mem, bvadd64(R8, 4056bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R8) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
+    assert (L(mem, R8_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 0bv32), gamma_store32(Gamma_mem, R8_2, true);
     assert true;
-    assume {:captureState "%000002e8"} true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(mem, R8_2)), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_2;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_2;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read_gtirb.expected b/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read_gtirb.expected
index e65df320f..56818db04 100644
--- a/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read_gtirb.expected
+++ b/src/test/correct/basic_arrays_read/clang_pic/basic_arrays_read_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -83,8 +90,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R31, R8, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1928bv64) == 1bv8);
@@ -96,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69684bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1928bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1929bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1930bv64) == 2bv8);
@@ -108,27 +113,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 69684bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R0_1: bool;
+  var Gamma_R8_2: bool;
+  var R0_1: bv64;
+  var R8_2: bv64;
   $main$__0__$CGPwXKgfQxikvfXy7SP7PQ:
-    assume {:captureState "$main$__0__$CGPwXKgfQxikvfXy7SP7PQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4056bv64)) || L(mem, bvadd64(R8, 4056bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R8) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
+    assert (L(mem, R8_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 0bv32), gamma_store32(Gamma_mem, R8_2, true);
     assert true;
-    assume {:captureState "1892$0"} true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(mem, R8_2)), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_2;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_2;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/gcc/basic_arrays_read.expected b/src/test/correct/basic_arrays_read/gcc/basic_arrays_read.expected
index cbb6c5f36..06ed110fa 100644
--- a/src/test/correct/basic_arrays_read/gcc/basic_arrays_read.expected
+++ b/src/test/correct/basic_arrays_read/gcc/basic_arrays_read.expected
@@ -1,6 +1,4 @@
-var {:extern} Gamma_R0: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69656bv64);
@@ -9,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -72,8 +83,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_mem, R0, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -93,24 +104,21 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
+  var Gamma_R0_6: bool;
+  var R0_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert true;
-    assume {:captureState "%000002d6"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
+    R0_6, Gamma_R0_6 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_6;
+    Gamma_R0_out := Gamma_R0_6;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/gcc/basic_arrays_read_gtirb.expected b/src/test/correct/basic_arrays_read/gcc/basic_arrays_read_gtirb.expected
index 5a1213e87..ad7c2f46a 100644
--- a/src/test/correct/basic_arrays_read/gcc/basic_arrays_read_gtirb.expected
+++ b/src/test/correct/basic_arrays_read/gcc/basic_arrays_read_gtirb.expected
@@ -1,6 +1,4 @@
-var {:extern} Gamma_R0: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69656bv64);
@@ -9,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -72,8 +83,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_mem, R0, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -93,24 +104,21 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
+  var Gamma_R0_6: bool;
+  var R0_6: bv64;
   $main$__0__$LzETjB03RAicd22wmYTXcg:
-    assume {:captureState "$main$__0__$LzETjB03RAicd22wmYTXcg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert true;
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
+    R0_6, Gamma_R0_6 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_6;
+    Gamma_R0_out := Gamma_R0_6;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read.expected b/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read.expected
index 67045570e..d2d8c7995 100644
--- a/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read.expected
+++ b/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read.expected
@@ -1,6 +1,4 @@
-var {:extern} Gamma_R0: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69656bv64);
@@ -9,6 +7,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -18,7 +25,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +88,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_mem, R0, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1924bv64) == 1bv8);
@@ -100,26 +111,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    assert (L(mem, R0_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 0bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert true;
-    assume {:captureState "%000002d7"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
+    R0_6, Gamma_R0_6 := zero_extend32_32(memory_load32_le(mem, R0_5)), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_6;
+    Gamma_R0_out := Gamma_R0_6;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read_gtirb.expected b/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read_gtirb.expected
index 1cb1a7c77..02345e659 100644
--- a/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read_gtirb.expected
+++ b/src/test/correct/basic_arrays_read/gcc_pic/basic_arrays_read_gtirb.expected
@@ -1,6 +1,4 @@
-var {:extern} Gamma_R0: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69656bv64);
@@ -9,6 +7,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -18,7 +25,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +88,8 @@ implementation {:extern} guarantee_reflexive()
   assert true;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_mem, R0, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1924bv64) == 1bv8);
@@ -100,26 +111,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
   $main$__0__$H8IsYbn_SQGlYyUfKVFdig:
-    assume {:captureState "$main$__0__$H8IsYbn_SQGlYyUfKVFdig"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    assert (L(mem, R0_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 0bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert true;
-    assume {:captureState "1884$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
+    R0_6, Gamma_R0_6 := zero_extend32_32(memory_load32_le(mem, R0_5)), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_6;
+    Gamma_R0_out := Gamma_R0_6;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/clang/basic_arrays_write.expected b/src/test/correct/basic_arrays_write/clang/basic_arrays_write.expected
index 61947ed82..7dfbd5004 100644
--- a/src/test/correct/basic_arrays_write/clang/basic_arrays_write.expected
+++ b/src/test/correct/basic_arrays_write/clang/basic_arrays_write.expected
@@ -1,13 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -17,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,9 +85,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -93,8 +98,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1868bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1869bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1870bv64) == 2bv8);
@@ -104,28 +107,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
+  var R8_1: bv64;
   var arr$0_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R9, Gamma_R9 := 69632bv64, true;
-    R9, Gamma_R9 := bvadd64(R9, 52bv64), Gamma_R9;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002e5"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "%000002f4"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := 0bv64, R31_in, R8_1, 69684bv64;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R31_in, Gamma_R8_1, true;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/clang/basic_arrays_write_gtirb.expected b/src/test/correct/basic_arrays_write/clang/basic_arrays_write_gtirb.expected
index e8ee268ce..fa3b94a80 100644
--- a/src/test/correct/basic_arrays_write/clang/basic_arrays_write_gtirb.expected
+++ b/src/test/correct/basic_arrays_write/clang/basic_arrays_write_gtirb.expected
@@ -1,13 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -17,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,9 +85,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -93,8 +98,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1868bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1869bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1870bv64) == 2bv8);
@@ -104,28 +107,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
+  var R8_1: bv64;
   var arr$0_old: bv32;
   $main$__0__$pfAb81AKR8CuFLyGhCrxEg:
-    assume {:captureState "$main$__0__$pfAb81AKR8CuFLyGhCrxEg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R9, Gamma_R9 := 69632bv64, true;
-    R9, Gamma_R9 := bvadd64(R9, 52bv64), Gamma_R9;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1824$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := 0bv64, R31_in, R8_1, 69684bv64;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R31_in, Gamma_R8_1, true;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write.expected b/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write.expected
index a86300943..8b2b7f93c 100644
--- a/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write.expected
+++ b/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69684bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -72,9 +79,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1852bv64) == 1bv8);
@@ -94,23 +101,22 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
+  var R8_1: bv64;
   var arr$0_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
+    R8_1, Gamma_R8_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "%000002d4"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_1, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_1, true;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write_gtirb.expected b/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write_gtirb.expected
index 4e59a1e8e..5e9987b5e 100644
--- a/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write_gtirb.expected
+++ b/src/test/correct/basic_arrays_write/clang_O2/basic_arrays_write_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69684bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -72,9 +79,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1852bv64) == 1bv8);
@@ -94,23 +101,22 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
+  var R8_1: bv64;
   var arr$0_old: bv32;
   $main$__0__$9B_32roeToOuqgp1UmQUlw:
-    assume {:captureState "$main$__0__$9B_32roeToOuqgp1UmQUlw"} true;
-    R8, Gamma_R8 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
+    R8_1, Gamma_R8_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "1824$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_1, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_1, true;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write.expected b/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write.expected
index 228ad3272..013c01046 100644
--- a/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write.expected
+++ b/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write.expected
@@ -1,13 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -17,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -26,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -85,9 +90,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
@@ -99,8 +104,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69684bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1932bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1933bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -111,29 +114,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 69684bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
+  var Gamma_R9_2: bool;
+  var R8_1: bv64;
+  var R9_2: bv64;
   var arr$0_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4056bv64)) || L(mem, bvadd64(R9, 4056bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002e6"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
+    assert (L(mem, bvadd64(R9_2, 4bv64)) ==> Gamma_R8_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9_2, 4bv64), R8_1[32:0]), gamma_store32(Gamma_mem, bvadd64(R9_2, 4bv64), Gamma_R8_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "%000002f5"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := 0bv64, R31_in, R8_1, R9_2;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R31_in, Gamma_R8_1, Gamma_R9_2;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write_gtirb.expected b/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write_gtirb.expected
index d89eb58c2..69bd5368f 100644
--- a/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write_gtirb.expected
+++ b/src/test/correct/basic_arrays_write/clang_pic/basic_arrays_write_gtirb.expected
@@ -1,13 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -17,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -26,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -85,9 +90,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
@@ -99,8 +104,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69684bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1932bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1933bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -111,29 +114,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 69684bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
+  var Gamma_R9_2: bool;
+  var R8_1: bv64;
+  var R9_2: bv64;
   var arr$0_old: bv32;
   $main$__0__$QhI~JImIRPKZUYP_OR5sGw:
-    assume {:captureState "$main$__0__$QhI~JImIRPKZUYP_OR5sGw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4056bv64)) || L(mem, bvadd64(R9, 4056bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1888$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
+    assert (L(mem, bvadd64(R9_2, 4bv64)) ==> Gamma_R8_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9_2, 4bv64), R8_1[32:0]), gamma_store32(Gamma_mem, bvadd64(R9_2, 4bv64), Gamma_R8_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := 0bv64, R31_in, R8_1, R9_2;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R31_in, Gamma_R8_1, Gamma_R9_2;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/gcc/basic_arrays_write.expected b/src/test/correct/basic_arrays_write/gcc/basic_arrays_write.expected
index 0dcd266ac..fe3cdb5ca 100644
--- a/src/test/correct/basic_arrays_write/gcc/basic_arrays_write.expected
+++ b/src/test/correct/basic_arrays_write/gcc/basic_arrays_write.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -78,9 +85,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -91,8 +98,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1868bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1869bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1870bv64) == 2bv8);
@@ -102,28 +107,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R1_1: bool;
+  var R1_1: bv64;
   var arr$0_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002da"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
+    assert (L(mem, 69660bv64) ==> Gamma_R1_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69660bv64, R1_1[32:0]), gamma_store32(Gamma_mem, 69660bv64, Gamma_R1_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "%000002f4"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_1, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_1, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/gcc/basic_arrays_write_gtirb.expected b/src/test/correct/basic_arrays_write/gcc/basic_arrays_write_gtirb.expected
index db3755058..435ad2ea0 100644
--- a/src/test/correct/basic_arrays_write/gcc/basic_arrays_write_gtirb.expected
+++ b/src/test/correct/basic_arrays_write/gcc/basic_arrays_write_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -78,9 +85,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -91,8 +98,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1868bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1869bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1870bv64) == 2bv8);
@@ -102,28 +107,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R1_1: bool;
+  var R1_1: bv64;
   var arr$0_old: bv32;
   $main$__0__$xPJOAvxpQvOT0IITWVjgKA:
-    assume {:captureState "$main$__0__$xPJOAvxpQvOT0IITWVjgKA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
+    assert (L(mem, 69660bv64) ==> Gamma_R1_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69660bv64, R1_1[32:0]), gamma_store32(Gamma_mem, 69660bv64, Gamma_R1_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_1, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_1, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write.expected b/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write.expected
index 8f533dbc6..9656cb4d9 100644
--- a/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write.expected
+++ b/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69656bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -72,9 +79,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -94,23 +101,22 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_1: bool;
+  var R2_1: bv64;
   var arr$0_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
+    R2_1, Gamma_R2_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R1, 28bv64)) ==> Gamma_R2);
+    assert (L(mem, 69660bv64) ==> Gamma_R2_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 28bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 28bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69660bv64, R2_1[32:0]), gamma_store32(Gamma_mem, 69660bv64, Gamma_R2_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "%000001be"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_1;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_1;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write_gtirb.expected b/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write_gtirb.expected
index b212ef9a6..85ead905b 100644
--- a/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write_gtirb.expected
+++ b/src/test/correct/basic_arrays_write/gcc_O2/basic_arrays_write_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
 axiom ($arr_addr == 69656bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -72,9 +79,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -94,23 +101,22 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_1: bool;
+  var R2_1: bv64;
   var arr$0_old: bv32;
   $main$__0__$V~T77jbITpWbEe~BkyODXA:
-    assume {:captureState "$main$__0__$V~T77jbITpWbEe~BkyODXA"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
+    R2_1, Gamma_R2_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R1, 28bv64)) ==> Gamma_R2);
+    assert (L(mem, 69660bv64) ==> Gamma_R2_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 28bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 28bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69660bv64, R2_1[32:0]), gamma_store32(Gamma_mem, 69660bv64, Gamma_R2_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "1548$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_1;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_1;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write.expected b/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write.expected
index 40aa5a8db..b51522b29 100644
--- a/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write.expected
+++ b/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -83,9 +90,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
@@ -97,8 +104,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69616bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69008bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1932bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1933bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -109,29 +114,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R1_1: bool;
+  var R0_3: bv64;
+  var R1_1: bv64;
   var arr$0_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002da"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
+    assert (L(mem, bvadd64(R0_3, 4bv64)) ==> Gamma_R1_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0_3, 4bv64), R1_1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0_3, 4bv64), Gamma_R1_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "%000002f5"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_1, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_1, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write_gtirb.expected b/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write_gtirb.expected
index 76d4e4682..ecdb6d4cb 100644
--- a/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write_gtirb.expected
+++ b/src/test/correct/basic_arrays_write/gcc_pic/basic_arrays_write_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $arr_addr: bv64;
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -83,9 +90,9 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, bvadd64($arr_addr, 0bv64)) == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
@@ -97,8 +104,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69616bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69008bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1932bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1933bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -109,29 +114,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R1_1: bool;
+  var R0_3: bv64;
+  var R1_1: bv64;
   var arr$0_old: bv32;
   $main$__0__$QDmuMUDLRx6nO2lgyEhfoQ:
-    assume {:captureState "$main$__0__$QDmuMUDLRx6nO2lgyEhfoQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
+    assert (L(mem, bvadd64(R0_3, 4bv64)) ==> Gamma_R1_1);
     arr$0_old := memory_load32_le(mem, bvadd64($arr_addr, 0bv64));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0_3, 4bv64), R1_1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0_3, 4bv64), Gamma_R1_1);
     assert (arr$0_old == memory_load32_le(mem, bvadd64($arr_addr, 0bv64)));
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_1, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_1, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/clang/basic_assign_assign.expected b/src/test/correct/basic_assign_assign/clang/basic_assign_assign.expected
index ebed184a4..0b5491eaf 100644
--- a/src/test/correct/basic_assign_assign/clang/basic_assign_assign.expected
+++ b/src/test/correct/basic_assign_assign/clang/basic_assign_assign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +78,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -94,23 +101,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 5bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 5bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "%000002ce"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 5bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/clang/basic_assign_assign_gtirb.expected b/src/test/correct/basic_assign_assign/clang/basic_assign_assign_gtirb.expected
index ea5223b80..52e4aaa46 100644
--- a/src/test/correct/basic_assign_assign/clang/basic_assign_assign_gtirb.expected
+++ b/src/test/correct/basic_assign_assign/clang/basic_assign_assign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +78,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -94,23 +101,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   $main$__0__$Zdsp6UAuTvmVrSYb5TVuFA:
-    assume {:captureState "$main$__0__$Zdsp6UAuTvmVrSYb5TVuFA"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 5bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 5bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 5bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign.expected b/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign.expected
index e25b839d2..d2b7cab5f 100644
--- a/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign.expected
+++ b/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +83,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -101,25 +108,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 5bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 5bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 5bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign_gtirb.expected b/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign_gtirb.expected
index 014cfafa6..ca568449d 100644
--- a/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign_gtirb.expected
+++ b/src/test/correct/basic_assign_assign/clang_pic/basic_assign_assign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +83,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -101,25 +108,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var x_old: bv32;
   $main$__0__$Qq63bBfPSoWeSaa0hhOw6Q:
-    assume {:captureState "$main$__0__$Qq63bBfPSoWeSaa0hhOw6Q"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 5bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 5bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 5bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/gcc/basic_assign_assign.expected b/src/test/correct/basic_assign_assign/gcc/basic_assign_assign.expected
index 38c1cfa92..75c593799 100644
--- a/src/test/correct/basic_assign_assign/gcc/basic_assign_assign.expected
+++ b/src/test/correct/basic_assign_assign/gcc/basic_assign_assign.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -28,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -69,8 +78,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -92,24 +101,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 5bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 5bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "%000002d8"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 5bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/gcc/basic_assign_assign_gtirb.expected b/src/test/correct/basic_assign_assign/gcc/basic_assign_assign_gtirb.expected
index 1d976c8ea..a6b271526 100644
--- a/src/test/correct/basic_assign_assign/gcc/basic_assign_assign_gtirb.expected
+++ b/src/test/correct/basic_assign_assign/gcc/basic_assign_assign_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -28,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -69,8 +78,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -92,24 +101,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   $main$__0__$Wqz78H8dRsSZVuDqF6tLlA:
-    assume {:captureState "$main$__0__$Wqz78H8dRsSZVuDqF6tLlA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 5bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 5bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 5bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign.expected b/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign.expected
index 374ce9ba2..f23c212ef 100644
--- a/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign.expected
+++ b/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +78,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -94,23 +101,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 5bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 5bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "%000001bd"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 5bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign_gtirb.expected b/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign_gtirb.expected
index b19a1ad94..9ce6a0fca 100644
--- a/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign_gtirb.expected
+++ b/src/test/correct/basic_assign_assign/gcc_O2/basic_assign_assign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +7,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +37,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +78,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -94,23 +101,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var x_old: bv32;
   $main$__0__$0n7MZQ5WQm2ayeQrMFoqXw:
-    assume {:captureState "$main$__0__$0n7MZQ5WQm2ayeQrMFoqXw"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 5bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 5bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "1548$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 5bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign.expected b/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign.expected
index ef3087e5a..26ca46660 100644
--- a/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign.expected
+++ b/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -74,8 +83,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -99,25 +108,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 5bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 5bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 5bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign_gtirb.expected b/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign_gtirb.expected
index 97ff0a4b6..924710083 100644
--- a/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign_gtirb.expected
+++ b/src/test/correct/basic_assign_assign/gcc_pic/basic_assign_assign_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -74,8 +83,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 5bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -99,25 +108,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var x_old: bv32;
   $main$__0__$2duqIb9aRtKZChm_n6bdGQ:
-    assume {:captureState "$main$__0__$2duqIb9aRtKZChm_n6bdGQ"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 5bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 5bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert ((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 5bv32));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 5bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/clang/basic_assign_increment.expected b/src/test/correct/basic_assign_increment/clang/basic_assign_increment.expected
index a2e5ac8d9..70dd4c974 100644
--- a/src/test/correct/basic_assign_increment/clang/basic_assign_increment.expected
+++ b/src/test/correct/basic_assign_increment/clang/basic_assign_increment.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -14,12 +8,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -35,7 +42,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -100,25 +107,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var R8_2: bv32;
+  var R8_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_3, Gamma_R8_3 := zero_extend32_32(bvadd32(R8_2, 1bv32)), Gamma_R8_2;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> Gamma_R8_3);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R8_3);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "%000002da"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/clang/basic_assign_increment_gtirb.expected b/src/test/correct/basic_assign_increment/clang/basic_assign_increment_gtirb.expected
index 4b8981424..d6866b0c1 100644
--- a/src/test/correct/basic_assign_increment/clang/basic_assign_increment_gtirb.expected
+++ b/src/test/correct/basic_assign_increment/clang/basic_assign_increment_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -14,12 +8,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -35,7 +42,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -100,25 +107,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var R8_2: bv32;
+  var R8_3: bv64;
   var x_old: bv32;
   $main$__0__$H_EeiA6dR0KUx9b5mWQKhQ:
-    assume {:captureState "$main$__0__$H_EeiA6dR0KUx9b5mWQKhQ"} true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_3, Gamma_R8_3 := zero_extend32_32(bvadd32(R8_2, 1bv32)), Gamma_R8_2;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> Gamma_R8_3);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R8_3);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment.expected b/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment.expected
index ae5a4a00a..a4ff37e33 100644
--- a/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment.expected
+++ b/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -14,6 +8,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -23,7 +26,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -39,7 +46,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -82,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -107,27 +114,30 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R8_2: bv32;
+  var R8_3: bv64;
+  var R9_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_3, Gamma_R8_3 := zero_extend32_32(bvadd32(R8_2, 1bv32)), Gamma_R8_2;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> Gamma_R8_3);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_3[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_3);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "%000002e5"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment_gtirb.expected b/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment_gtirb.expected
index af0c7855a..85da19726 100644
--- a/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment_gtirb.expected
+++ b/src/test/correct/basic_assign_increment/clang_pic/basic_assign_increment_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -14,6 +8,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -23,7 +26,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -39,7 +46,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -82,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -107,27 +114,30 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R8_2: bv32;
+  var R8_3: bv64;
+  var R9_3: bv64;
   var x_old: bv32;
   $main$__0__$bZWV3u7ES1C1enASABiKYQ:
-    assume {:captureState "$main$__0__$bZWV3u7ES1C1enASABiKYQ"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_3, Gamma_R8_3 := zero_extend32_32(bvadd32(R8_2, 1bv32)), Gamma_R8_2;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> Gamma_R8_3);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_3[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_3);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/gcc/basic_assign_increment.expected b/src/test/correct/basic_assign_increment/gcc/basic_assign_increment.expected
index 1b156c659..6535907cc 100644
--- a/src/test/correct/basic_assign_increment/gcc/basic_assign_increment.expected
+++ b/src/test/correct/basic_assign_increment/gcc/basic_assign_increment.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -12,12 +8,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -33,7 +42,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -75,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -98,28 +107,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_4: bool;
+  var Gamma_R1_2: bool;
+  var R0_4: bv32;
+  var R1_2: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(bvadd32(R0_4, 1bv32)), Gamma_R0_4;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "%000002f7"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/gcc/basic_assign_increment_gtirb.expected b/src/test/correct/basic_assign_increment/gcc/basic_assign_increment_gtirb.expected
index 3130f1279..79fd4bff1 100644
--- a/src/test/correct/basic_assign_increment/gcc/basic_assign_increment_gtirb.expected
+++ b/src/test/correct/basic_assign_increment/gcc/basic_assign_increment_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -12,12 +8,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -33,7 +42,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -75,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -98,28 +107,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_4: bool;
+  var Gamma_R1_2: bool;
+  var R0_4: bv32;
+  var R1_2: bv64;
   var x_old: bv32;
   $main$__0__$wuKKiZcoTsun5X2agtHvyA:
-    assume {:captureState "$main$__0__$wuKKiZcoTsun5X2agtHvyA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(bvadd32(R0_4, 1bv32)), Gamma_R0_4;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment.expected b/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment.expected
index 695b9a5d7..2f7789a20 100644
--- a/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment.expected
+++ b/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -14,12 +8,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -35,7 +42,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -100,25 +107,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var R1_2: bv32;
+  var R1_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R2, Gamma_R2 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 20bv64)) || L(mem, bvadd64(R2, 20bv64)));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R1[32:0], 1bv32)), Gamma_R1;
+    R1_2, Gamma_R1_2 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_3, Gamma_R1_3 := zero_extend32_32(bvadd32(R1_2, 1bv32)), Gamma_R1_2;
     call rely();
-    assert (L(mem, bvadd64(R2, 20bv64)) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_3);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 20bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R2, 20bv64), Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_3[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_3);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "%000001c5"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, R1_3, 69632bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, Gamma_R1_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment_gtirb.expected b/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment_gtirb.expected
index fbd0b4264..27d7e495c 100644
--- a/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment_gtirb.expected
+++ b/src/test/correct/basic_assign_increment/gcc_O2/basic_assign_increment_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -14,12 +8,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -35,7 +42,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -100,25 +107,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var R1_2: bv32;
+  var R1_3: bv64;
   var x_old: bv32;
   $main$__0__$xDQgkCAvTRyzcNBtjizdZg:
-    assume {:captureState "$main$__0__$xDQgkCAvTRyzcNBtjizdZg"} true;
-    R2, Gamma_R2 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 20bv64)) || L(mem, bvadd64(R2, 20bv64)));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R1[32:0], 1bv32)), Gamma_R1;
+    R1_2, Gamma_R1_2 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_3, Gamma_R1_3 := zero_extend32_32(bvadd32(R1_2, 1bv32)), Gamma_R1_2;
     call rely();
-    assert (L(mem, bvadd64(R2, 20bv64)) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_3);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 20bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R2, 20bv64), Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_3[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_3);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "1552$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, R1_3, 69632bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, Gamma_R1_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment.expected b/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment.expected
index 284230f1f..96fe9112f 100644
--- a/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment.expected
+++ b/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -12,6 +8,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -21,7 +26,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -37,7 +46,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -105,30 +114,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_6: bv64;
+  var R1_2: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    R1_2, Gamma_R1_2 := zero_extend32_32(bvadd32(R0_4, 1bv32)), Gamma_R0_4;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_6) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, R1_2[32:0]), gamma_store32(Gamma_mem, R0_6, Gamma_R1_2);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "%000002f9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment_gtirb.expected b/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment_gtirb.expected
index eec10c1a0..bfdb7a2ec 100644
--- a/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment_gtirb.expected
+++ b/src/test/correct/basic_assign_increment/gcc_pic/basic_assign_increment_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -12,6 +8,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -21,7 +26,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -37,7 +46,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -105,30 +114,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_6: bv64;
+  var R1_2: bv64;
   var x_old: bv32;
   $main$__0__$x4rdl4IySJOtuvEUdyndvg:
-    assume {:captureState "$main$__0__$x4rdl4IySJOtuvEUdyndvg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    R1_2, Gamma_R1_2 := zero_extend32_32(bvadd32(R0_4, 1bv32)), Gamma_R0_4;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_6) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, R1_2[32:0]), gamma_store32(Gamma_mem, R0_6, Gamma_R1_2);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || (memory_load32_le(mem, $x_addr) == 1bv32)) || (memory_load32_le(mem, $x_addr) == 6bv32));
-    assume {:captureState "1900$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller.expected b/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller.expected
index f38be33df..fa1483921 100644
--- a/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller.expected
+++ b/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -102,9 +108,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -115,10 +121,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -128,64 +130,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_2: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_2: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000304"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%0000030a"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R0);
-    assume {:captureState "%00000318"} true;
-    R30, Gamma_R30 := 1840bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto l00000321;
   l00000321:
-    assume {:captureState "l00000321"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R0);
+    assert (L(mem, 69684bv64) ==> Gamma_R0_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R0);
-    assert ((bvadd64(R8, 52bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R0_2[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R0_2);
+    assert ((69684bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%0000032c"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R8_2, Gamma_R8_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assert ((bvadd64(R9, 56bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_2[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_2);
+    assert ((69688bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%00000340"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    #5, Gamma_#5 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_2, 69632bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_2, true;
     return;
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1897bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -194,7 +184,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -204,14 +194,13 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lzero:
-    assume {:captureState "lzero"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller_gtirb.expected b/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller_gtirb.expected
index 302d78df0..28aaa5b1e 100644
--- a/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller_gtirb.expected
+++ b/src/test/correct/basic_function_call_caller/clang/basic_function_call_caller_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -102,9 +108,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -115,10 +121,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -128,64 +130,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$6: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$6: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_2: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_2: bv64;
   var x_old: bv32;
   $main$__0__$cikrXZAWRXiUPK6lrh286g:
-    assume {:captureState "$main$__0__$cikrXZAWRXiUPK6lrh286g"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "1824$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "1824$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R0);
-    assume {:captureState "1832$0"} true;
-    R30, Gamma_R30 := 1840bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto $main$__1__$tUsSswMeSRWNOjHB4V55Fw;
   $main$__1__$tUsSswMeSRWNOjHB4V55Fw:
-    assume {:captureState "$main$__1__$tUsSswMeSRWNOjHB4V55Fw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R0);
+    assert (L(mem, 69684bv64) ==> Gamma_R0_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R0);
-    assert ((bvadd64(R8, 52bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R0_2[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R0_2);
+    assert ((69684bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1844$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R8_2, Gamma_R8_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assert ((bvadd64(R9, 56bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_2[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_2);
+    assert ((69688bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1856$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    Cse0__5$1$6, Gamma_Cse0__5$1$6 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$1$6), gamma_load64(Gamma_stack, Cse0__5$1$6);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$1$6, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$1$6, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_2, 69632bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_2, true;
     return;
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1897bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -194,7 +184,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -204,14 +194,13 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $zero$__0__$dXyEHeAuQ5WTjIZmtrK5_w:
-    assume {:captureState "$zero$__0__$dXyEHeAuQ5WTjIZmtrK5_w"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller.expected b/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller.expected
index 959449774..8cf4b9563 100644
--- a/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller.expected
+++ b/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -17,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,9 +89,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -106,37 +111,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
   var Gamma_y_old: bool;
+  var R8_1: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R10, Gamma_R10 := 69632bv64, true;
+    R8_1, Gamma_R8_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> true);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), true);
-    assert ((bvadd64(R9, 52bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%000002f2"} true;
     call rely();
-    assert (L(mem, bvadd64(R10, 56bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 56bv64), Gamma_R8);
-    assert ((bvadd64(R10, 56bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_1);
+    assert ((69688bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%000002fa"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, 69632bv64, R8_1, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R8_1, true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller_gtirb.expected b/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller_gtirb.expected
index 7368de672..0e7833cad 100644
--- a/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller_gtirb.expected
+++ b/src/test/correct/basic_function_call_caller/clang_O2/basic_function_call_caller_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -17,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,9 +89,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -106,37 +111,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_1: bool;
   var Gamma_y_old: bool;
+  var R8_1: bv64;
   var x_old: bv32;
   $main$__0__$R19aP0IbQWWtedSj9WMhiQ:
-    assume {:captureState "$main$__0__$R19aP0IbQWWtedSj9WMhiQ"} true;
-    R8, Gamma_R8 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R10, Gamma_R10 := 69632bv64, true;
+    R8_1, Gamma_R8_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> true);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), true);
-    assert ((bvadd64(R9, 52bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1836$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R10, 56bv64)) ==> Gamma_R8);
+    assert (L(mem, 69688bv64) ==> Gamma_R8_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 56bv64), Gamma_R8);
-    assert ((bvadd64(R10, 56bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_1);
+    assert ((69688bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1840$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, 69632bv64, R8_1, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R8_1, true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller.expected b/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller.expected
index dc1090bb5..363f296d5 100644
--- a/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller.expected
+++ b/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -104,9 +110,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
@@ -119,10 +125,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -134,68 +136,60 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%0000030c"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000312"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R0);
-    assume {:captureState "%00000320"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto l00000329;
   l00000329:
-    assume {:captureState "l00000329"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R0);
+    assert (L(mem, R8_2) ==> Gamma_R0_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R0[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R0);
-    assert ((R8 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, R0_2[32:0]), gamma_store32(Gamma_mem, R8_2, Gamma_R0_2);
+    assert ((R8_2 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%0000033b"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_2) ==> Gamma_R8_3);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, R8_3[32:0]), gamma_store32(Gamma_mem, R9_2, Gamma_R8_3);
+    assert ((R9_2 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%00000356"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    #5, Gamma_#5 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_3, R9_2;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_3, Gamma_R9_2;
     return;
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1969bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -206,7 +200,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -218,14 +212,13 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lzero:
-    assume {:captureState "lzero"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller_gtirb.expected b/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller_gtirb.expected
index fe88b304a..a62cbdeac 100644
--- a/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller_gtirb.expected
+++ b/src/test/correct/basic_function_call_caller/clang_pic/basic_function_call_caller_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -104,8 +110,7 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1969bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -116,7 +121,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -128,20 +133,19 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $zero$__0__$1fqyj6pOSBuFGojVzGfGVg:
-    assume {:captureState "$zero$__0__$1fqyj6pOSBuFGojVzGfGVg"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
@@ -154,10 +158,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -169,63 +169,56 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1884bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$8: bv64;
-  var Cse0__5$1$1: bv64;
-  var Gamma_Cse0__5$0$8: bool;
-  var Gamma_Cse0__5$1$1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   var x_old: bv32;
   $main$__0__$5CsLNppuR5eqRvmqjx~n_g:
-    assume {:captureState "$main$__0__$5CsLNppuR5eqRvmqjx~n_g"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    Cse0__5$1$1, Gamma_Cse0__5$1$1 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$1, R29), gamma_store64(Gamma_stack, Cse0__5$1$1, Gamma_R29);
-    assume {:captureState "1888$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$1, 8bv64), Gamma_R30);
-    assume {:captureState "1888$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R0);
-    assume {:captureState "1896$0"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto $main$__1__$kSn83H7yT_uMmQNkg3LR7w;
   $main$__1__$kSn83H7yT_uMmQNkg3LR7w:
-    assume {:captureState "$main$__1__$kSn83H7yT_uMmQNkg3LR7w"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R0);
+    assert (L(mem, R8_2) ==> Gamma_R0_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R0[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R0);
-    assert ((R8 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, R0_2[32:0]), gamma_store32(Gamma_mem, R8_2, Gamma_R0_2);
+    assert ((R8_2 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1912$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_2) ==> Gamma_R8_3);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, R8_3[32:0]), gamma_store32(Gamma_mem, R9_2, Gamma_R8_3);
+    assert ((R9_2 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    Cse0__5$0$8, Gamma_Cse0__5$0$8 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$0$8), gamma_load64(Gamma_stack, Cse0__5$0$8);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$0$8, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$0$8, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_3, R9_2;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_3, Gamma_R9_2;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller.expected b/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller.expected
index 4d6d47afc..c193dcca5 100644
--- a/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller.expected
+++ b/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -100,9 +108,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -113,10 +121,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -126,64 +130,55 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R1_1: bv32;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000302"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000308"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%0000031a"} true;
-    R30, Gamma_R30 := 1836bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto l00000323;
   l00000323:
-    assume {:captureState "l00000323"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_1, Gamma_R1_1 := R0_2[32:0], Gamma_R0_2;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_1), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_1);
+    assert ((69652bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%0000033a"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_2);
+    assert ((69656bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%00000354"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1901bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -192,7 +187,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -202,14 +197,13 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lzero:
-    assume {:captureState "lzero"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller_gtirb.expected b/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller_gtirb.expected
index aff11e014..d467dcfc8 100644
--- a/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller_gtirb.expected
+++ b/src/test/correct/basic_function_call_caller/gcc/basic_function_call_caller_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -100,9 +108,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -113,10 +121,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -126,64 +130,55 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R1_1: bv32;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   var x_old: bv32;
   $main$__0__$~dme1bffThCZlg_upQTe8w:
-    assume {:captureState "$main$__0__$~dme1bffThCZlg_upQTe8w"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "1820$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "1820$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    R30, Gamma_R30 := 1836bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto $main$__1__$4QSzcV2tT5urJoQQ7JLeVA;
   $main$__1__$4QSzcV2tT5urJoQQ7JLeVA:
-    assume {:captureState "$main$__1__$4QSzcV2tT5urJoQQ7JLeVA"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_1, Gamma_R1_1 := R0_2[32:0], Gamma_R0_2;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_1), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_1);
+    assert ((69652bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_2);
+    assert ((69656bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1864$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1901bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -192,7 +187,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -202,14 +197,13 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69616bv64) == 1820bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $zero$__0__$DyyShWZ6Q~qk7gwUxVGJdA:
-    assume {:captureState "$zero$__0__$DyyShWZ6Q~qk7gwUxVGJdA"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller.expected b/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller.expected
index d47bc54a9..0fca04a41 100644
--- a/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller.expected
+++ b/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -17,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,9 +89,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R2, R3, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -106,37 +111,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
+  var Gamma_R3_1: bool;
   var Gamma_y_old: bool;
+  var R3_1: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R3, Gamma_R3 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
+    R3_1, Gamma_R3_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), true);
-    assert ((bvadd64(R1, 20bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%000001d7"} true;
     call rely();
-    assert (L(mem, bvadd64(R2, 4bv64)) ==> Gamma_R3);
+    assert (L(mem, 69656bv64) ==> Gamma_R3_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 4bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R2, 4bv64), Gamma_R3);
-    assert ((bvadd64(R2, 4bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R3_1[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R3_1);
+    assert ((69656bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%000001df"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out := 0bv64, 69632bv64, 69652bv64, R3_1;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out := true, true, true, Gamma_R3_1;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller_gtirb.expected b/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller_gtirb.expected
index d6a304240..4767d9ef8 100644
--- a/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller_gtirb.expected
+++ b/src/test/correct/basic_function_call_caller/gcc_O2/basic_function_call_caller_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -17,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,9 +89,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R2, R3, mem;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -106,37 +111,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
+  var Gamma_R3_1: bool;
   var Gamma_y_old: bool;
+  var R3_1: bv64;
   var x_old: bv32;
   $main$__0__$dv_jMrrYTUatcbBqfNbC1Q:
-    assume {:captureState "$main$__0__$dv_jMrrYTUatcbBqfNbC1Q"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R3, Gamma_R3 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
+    R3_1, Gamma_R3_1 := zero_extend32_32(R0_in[32:0]), Gamma_R0_in;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), true);
-    assert ((bvadd64(R1, 20bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1552$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R2, 4bv64)) ==> Gamma_R3);
+    assert (L(mem, 69656bv64) ==> Gamma_R3_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 4bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R2, 4bv64), Gamma_R3);
-    assert ((bvadd64(R2, 4bv64) == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R3_1[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R3_1);
+    assert ((69656bv64 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1556$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out := 0bv64, 69632bv64, 69652bv64, R3_1;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out := true, true, true, Gamma_R3_1;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller.expected b/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller.expected
index 4928f00aa..432038392 100644
--- a/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller.expected
+++ b/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -102,9 +110,9 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -117,10 +125,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -132,66 +136,63 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R0_6: bv64;
+  var R1_1: bv32;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000302"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000308"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%0000031a"} true;
-    R30, Gamma_R30 := 1900bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto l00000323;
   l00000323:
-    assume {:captureState "l00000323"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_1, Gamma_R1_1 := R0_2[32:0], Gamma_R0_2;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_4, Gamma_R0_4 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_4) ==> Gamma_R1_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_4, R1_1), gamma_store32(Gamma_mem, R0_4, Gamma_R1_1);
+    assert ((R0_4 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%0000033b"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_6) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, R1_2[32:0]), gamma_store32(Gamma_mem, R0_6, Gamma_R1_2);
+    assert ((R0_6 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "%00000356"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1965bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -202,7 +203,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -214,14 +215,13 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lzero:
-    assume {:captureState "lzero"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller_gtirb.expected b/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller_gtirb.expected
index 81c0626c8..769731aa0 100644
--- a/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller_gtirb.expected
+++ b/src/test/correct/basic_function_call_caller/gcc_pic/basic_function_call_caller_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +58,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -102,8 +110,7 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $y_addr) ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
 }
 
-procedure zero();
-  modifies Gamma_R0, R0;
+procedure zero() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1965bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -114,7 +121,7 @@ procedure zero();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  ensures ((R0[32:0] == 0bv32) && Gamma_R0);
+  ensures ((R0_out[32:0] == 0bv32) && Gamma_R0_out);
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -126,20 +133,19 @@ procedure zero();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation zero()
+implementation zero() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $zero$__0__$nVyNTgcoQL~JpXdKnhkukw:
-    assume {:captureState "$zero$__0__$nVyNTgcoQL~JpXdKnhkukw"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto zero_basil_return;
   zero_basil_return:
-    assume {:captureState "zero_basil_return"} true;
+    R0_out := 0bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -152,10 +158,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -167,61 +169,59 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
   var Gamma_y_old: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R0_6: bv64;
+  var R1_1: bv32;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   var x_old: bv32;
   $main$__0__$iMp8MpTATOSyA~733MU0cQ:
-    assume {:captureState "$main$__0__$iMp8MpTATOSyA~733MU0cQ"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1884$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1884$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    R30, Gamma_R30 := 1900bv64, true;
-    call zero();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    call R0_2, Gamma_R0_2 := zero();
     goto $main$__1__$uwC_i~q7SI~k8CryvMw8eg;
   $main$__1__$uwC_i~q7SI~k8CryvMw8eg:
-    assume {:captureState "$main$__1__$uwC_i~q7SI~k8CryvMw8eg"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_1, Gamma_R1_1 := R0_2[32:0], Gamma_R0_2;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_4, Gamma_R0_4 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_4) ==> Gamma_R1_1);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_4, R1_1), gamma_store32(Gamma_mem, R0_4, Gamma_R1_1);
+    assert ((R0_4 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_6) ==> Gamma_R1_2);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_y_old := (gamma_load32(Gamma_mem, $y_addr) || L(mem, $y_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, R1_2[32:0]), gamma_store32(Gamma_mem, R0_6, Gamma_R1_2);
+    assert ((R0_6 == $x_addr) ==> (L(mem, $y_addr) ==> Gamma_y_old));
     assert ((x_old == 0bv32) ==> (memory_load32_le(mem, $x_addr) == 0bv32));
     assert (Gamma_y_old ==> ((memory_load32_le(mem, $x_addr) == 0bv32) || gamma_load32(Gamma_mem, $y_addr)));
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader.expected b/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader.expected
index fc411c73f..b8c57eaec 100644
--- a/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader.expected
+++ b/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1908bv64) == 1bv8);
@@ -112,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1908bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1909bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1910bv64) == 2bv8);
@@ -123,80 +112,57 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_2: bv32;
+  var R8_4: bv32;
+  var R8_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000301"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000315"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_2);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_4, Gamma_R8_4 := memory_load32_le(mem, 69688bv64), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    assert Gamma_R8_4;
     goto lmain_goto_l00000342, lmain_goto_l00000345;
-  l00000345:
-    assume {:captureState "l00000345"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000345:
+    assume (!(R8_4 == 0bv32));
+    R8_9, Gamma_R8_9 := 1bv64, true;
     goto l00000348;
-  l00000342:
-    assume {:captureState "l00000342"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000342:
+    assume (R8_4 == 0bv32);
+    R8_9, Gamma_R8_9 := 0bv64, true;
     goto l00000348;
   l00000348:
-    assume {:captureState "l00000348"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_9;
     goto l00000348_goto_l00000350, l00000348_goto_l0000037a;
-  l00000350:
-    assume {:captureState "l00000350"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%00000362"} true;
+  l00000348_goto_l0000037a:
+    assume (!(R8_9[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_12, Gamma_R8_12 := R8_9, Gamma_R8_9;
     goto l00000365;
-  l0000037a:
-    assume {:captureState "l0000037a"} true;
-    goto l0000037b;
-  l0000037b:
-    assume {:captureState "l0000037b"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000383"} true;
+  l00000348_goto_l00000350:
+    assume (R8_9[1:0] == 1bv1);
+    R8_11, Gamma_R8_11 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_11[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_11);
+    R8_12, Gamma_R8_12 := R8_11, Gamma_R8_11;
     goto l00000365;
   l00000365:
-    assume {:captureState "l00000365"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l00000342:
-    assume {:captureState "lmain_goto_l00000342"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000342;
-  lmain_goto_l00000345:
-    assume {:captureState "lmain_goto_l00000345"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000345;
-  l00000348_goto_l00000350:
-    assume {:captureState "l00000348_goto_l00000350"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000350;
-  l00000348_goto_l0000037a:
-    assume {:captureState "l00000348_goto_l0000037a"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000037a;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_12;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_12;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader_gtirb.expected b/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader_gtirb.expected
index 40693258f..07d1c2486 100644
--- a/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader_gtirb.expected
+++ b/src/test/correct/basic_function_call_reader/clang/basic_function_call_reader_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -98,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1908bv64) == 1bv8);
@@ -110,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1908bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1909bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1910bv64) == 2bv8);
@@ -121,72 +112,70 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$7: bv32;
-  var Gamma_Cse0__5$0$7: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_14: bv64;
+  var R8_2: bv32;
+  var R8_4: bv32;
   $main$__0__$p64I2ZUnTxGzbzeacDZqwg:
-    assume {:captureState "$main$__0__$p64I2ZUnTxGzbzeacDZqwg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_2);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    Cse0__5$0$7, Gamma_Cse0__5$0$7 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$7, Cse0__5$0$7)), Gamma_Cse0__5$0$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$7), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$7, 0bv32), Gamma_Cse0__5$0$7;
-    NF, Gamma_NF := Cse0__5$0$7[32:31], Gamma_Cse0__5$0$7;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$0$7), Gamma_Cse0__5$0$7;
-    assert Gamma_ZF;
+    R8_4, Gamma_R8_4 := memory_load32_le(mem, 69688bv64), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    assert Gamma_R8_4;
     goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0, $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1;
-  $main$__1__$bKbuo5TmTwOMb5a3DV3xHQ:
-    assume {:captureState "$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ"} true;
-    goto $main$__2__$aBEoJbwOSm2rHPYmBa6e_A;
-  $main$__2__$aBEoJbwOSm2rHPYmBa6e_A:
-    assume {:captureState "$main$__2__$aBEoJbwOSm2rHPYmBa6e_A"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1856$0"} true;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1:
+    assume (!(R8_4 == 0bv32));
+    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1_phi_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ, $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1_phi_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1_phi_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ:
+    R8_10, Gamma_R8_10 := 1bv64, true;
+    assert Gamma_R8_10;
+    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1_phi_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0:
+    assume (R8_4 == 0bv32);
+    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ, $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ:
+    assume (R8_12[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_13[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_13);
+    R8_14, Gamma_R8_14 := R8_13, Gamma_R8_13;
     goto $main$__4__$rZXVe~PNSWyDYBX4vnXb~w;
-  $main$__3__$NTeZmOi8Sy2TG2_DQEytfQ:
-    assume {:captureState "$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1868$0"} true;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0_phi_back_$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ:
+    R8_10, Gamma_R8_10 := 0bv64, true;
+    assert Gamma_R8_10;
+    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ;
+  $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ:
+    assume (!(R8_10[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_14, Gamma_R8_14 := R8_10, Gamma_R8_10;
     goto $main$__4__$rZXVe~PNSWyDYBX4vnXb~w;
   $main$__4__$rZXVe~PNSWyDYBX4vnXb~w:
-    assume {:captureState "$main$__4__$rZXVe~PNSWyDYBX4vnXb~w"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ:
-    assume {:captureState "$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$NTeZmOi8Sy2TG2_DQEytfQ;
-  $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ:
-    assume {:captureState "$main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$bKbuo5TmTwOMb5a3DV3xHQ;
-  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0:
-    assume {:captureState "$main$__0__$p64I2ZUnTxGzbzeacDZqwg$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ, $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ;
-  $main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1:
-    assume {:captureState "$main$__0__$p64I2ZUnTxGzbzeacDZqwg$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__3__$NTeZmOi8Sy2TG2_DQEytfQ, $main$__0__$p64I2ZUnTxGzbzeacDZqwg_goto_$main$__1__$bKbuo5TmTwOMb5a3DV3xHQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_14;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_14;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader.expected b/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader.expected
index 3ff9f7584..790fb2bbb 100644
--- a/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader.expected
+++ b/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader.expected
@@ -1,18 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -22,13 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -45,8 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -90,8 +68,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, R9, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -111,46 +89,40 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R0_1: bv64;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R8_3: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R9_3, Gamma_R9_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto lmain_goto_l000002f9, lmain_goto_l000002fd;
-  l000002fd:
-    assume {:captureState "l000002fd"} true;
-    R0, Gamma_R0 := zero_extend32_32(R9[32:0]), Gamma_R9;
+  lmain_goto_l000002fd:
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_1, Gamma_R0_1 := zero_extend32_32(R9_3[32:0]), Gamma_R9_3;
+    R0_2, Gamma_R0_2 := R0_1, Gamma_R0_1;
+    R0_4, Gamma_R0_4 := R0_2, Gamma_R0_2;
     goto l00000300;
-  l000002f9:
-    assume {:captureState "l000002f9"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002f9:
+    assume (R8_3[32:0] == 0bv32);
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto l00000300;
   l00000300:
-    assume {:captureState "l00000300"} true;
     goto main_basil_return;
-  lmain_goto_l000002f9:
-    assume {:captureState "lmain_goto_l000002f9"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000002f9;
-  lmain_goto_l000002fd:
-    assume {:captureState "lmain_goto_l000002fd"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000002fd;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := R0_4, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader_gtirb.expected b/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader_gtirb.expected
index 3b8806447..082a9b06c 100644
--- a/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader_gtirb.expected
+++ b/src/test/correct/basic_function_call_reader/clang_O2/basic_function_call_reader_gtirb.expected
@@ -1,18 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -22,12 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -44,7 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -88,8 +68,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, R9, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -109,37 +89,38 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$4: bv32;
-  var Gamma_Cse0__5$0$4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R0_1: bv64;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R8_3: bv64;
+  var R9_3: bv64;
   $main$__0__$ztKlXzTjTY~0ueqt2irBFw:
-    assume {:captureState "$main$__0__$ztKlXzTjTY~0ueqt2irBFw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    Cse0__5$0$4, Gamma_Cse0__5$0$4 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$4, Cse0__5$0$4)), Gamma_Cse0__5$0$4;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$4), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$4, 0bv32), Gamma_Cse0__5$0$4;
-    NF, Gamma_NF := Cse0__5$0$4[32:31], Gamma_Cse0__5$0$4;
-    assert Gamma_ZF;
+    R9_3, Gamma_R9_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto $main$__0__$ztKlXzTjTY~0ueqt2irBFw$__0, $main$__0__$ztKlXzTjTY~0ueqt2irBFw$__1;
-  $main$__0__$ztKlXzTjTY~0ueqt2irBFw$__0:
-    assume {:captureState "$main$__0__$ztKlXzTjTY~0ueqt2irBFw$__0"} true;
-    assume (ZF == 1bv1);
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   $main$__0__$ztKlXzTjTY~0ueqt2irBFw$__1:
-    assume {:captureState "$main$__0__$ztKlXzTjTY~0ueqt2irBFw$__1"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := zero_extend32_32(R9[32:0]), Gamma_R9;
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_1, Gamma_R0_1 := zero_extend32_32(R9_3[32:0]), Gamma_R9_3;
+    R0_2, Gamma_R0_2 := R0_1, Gamma_R0_1;
+    R0_4, Gamma_R0_4 := R0_2, Gamma_R0_2;
+    goto main_basil_return;
+  $main$__0__$ztKlXzTjTY~0ueqt2irBFw$__0:
+    assume (R8_3[32:0] == 0bv32);
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := R0_4, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader.expected b/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader.expected
index c739e16a6..7f5bbfec7 100644
--- a/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader.expected
+++ b/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -56,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -106,8 +97,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -120,8 +111,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -133,84 +122,65 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_14: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_5: bv64;
+  var R8_6: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000309"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000324"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_3);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_5, Gamma_R8_5 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, R8_5), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
+    assert Gamma_R8_6;
     goto lmain_goto_l00000358, lmain_goto_l0000035b;
-  l0000035b:
-    assume {:captureState "l0000035b"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000035b:
+    assume (!(R8_6 == 0bv32));
+    R8_11, Gamma_R8_11 := 1bv64, true;
     goto l0000035e;
-  l00000358:
-    assume {:captureState "l00000358"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000358:
+    assume (R8_6 == 0bv32);
+    R8_11, Gamma_R8_11 := 0bv64, true;
     goto l0000035e;
   l0000035e:
-    assume {:captureState "l0000035e"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_11;
     goto l0000035e_goto_l00000366, l0000035e_goto_l00000390;
-  l00000366:
-    assume {:captureState "l00000366"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%00000378"} true;
+  l0000035e_goto_l00000390:
+    assume (!(R8_11[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_14, Gamma_R8_14 := R8_11, Gamma_R8_11;
     goto l0000037b;
-  l00000390:
-    assume {:captureState "l00000390"} true;
-    goto l00000391;
-  l00000391:
-    assume {:captureState "l00000391"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000399"} true;
+  l0000035e_goto_l00000366:
+    assume (R8_11[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_13[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_13);
+    R8_14, Gamma_R8_14 := R8_13, Gamma_R8_13;
     goto l0000037b;
   l0000037b:
-    assume {:captureState "l0000037b"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l00000358:
-    assume {:captureState "lmain_goto_l00000358"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000358;
-  lmain_goto_l0000035b:
-    assume {:captureState "lmain_goto_l0000035b"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000035b;
-  l0000035e_goto_l00000366:
-    assume {:captureState "l0000035e_goto_l00000366"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000366;
-  l0000035e_goto_l00000390:
-    assume {:captureState "l0000035e_goto_l00000390"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000390;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_14;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_14;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader_gtirb.expected b/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader_gtirb.expected
index 18e1b94d5..10df7f41f 100644
--- a/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader_gtirb.expected
+++ b/src/test/correct/basic_function_call_reader/clang_pic/basic_function_call_reader_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -104,8 +97,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -118,8 +111,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -131,76 +122,78 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$4$9: bv32;
-  var Gamma_Cse0__5$4$9: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_16: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R0_1: bv64;
+  var R8_12: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_16: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_5: bv64;
+  var R8_6: bv32;
   $main$__0__$3bYHxhsFQt~mkKcsNIgm0w:
-    assume {:captureState "$main$__0__$3bYHxhsFQt~mkKcsNIgm0w"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1896$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_3);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_5, Gamma_R8_5 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$4$9, Gamma_Cse0__5$4$9 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$4$9, Cse0__5$4$9)), Gamma_Cse0__5$4$9;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$4$9), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$4$9);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$4$9, 0bv32), Gamma_Cse0__5$4$9;
-    NF, Gamma_NF := Cse0__5$4$9[32:31], Gamma_Cse0__5$4$9;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$4$9), Gamma_Cse0__5$4$9;
-    assert Gamma_ZF;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, R8_5), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
+    assert Gamma_R8_6;
     goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0, $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1;
-  $main$__1__$GliKhCDsS8OAMmKtmD1BCA:
-    assume {:captureState "$main$__1__$GliKhCDsS8OAMmKtmD1BCA"} true;
-    goto $main$__2__$ixbm2b9SSu2JGcfJ0RoL5A;
-  $main$__2__$ixbm2b9SSu2JGcfJ0RoL5A:
-    assume {:captureState "$main$__2__$ixbm2b9SSu2JGcfJ0RoL5A"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1928$0"} true;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1:
+    assume (!(R8_6 == 0bv32));
+    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1_phi_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw, $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1_phi_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1_phi_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1_phi_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw:
+    R8_14, Gamma_R8_14 := 1bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0:
+    assume (R8_6 == 0bv32);
+    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA, $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw:
+    R8_14, Gamma_R8_14 := 0bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw:
+    assume (R8_14[1:0] == 1bv1);
+    R8_15, Gamma_R8_15 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_15[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_15);
+    R8_16, Gamma_R8_16 := R8_15, Gamma_R8_15;
     goto $main$__4__$YaQJkGOMQVCrlScvBt8WoA;
-  $main$__3__$q8ChuC7qRLCKpfOONmUiBw:
-    assume {:captureState "$main$__3__$q8ChuC7qRLCKpfOONmUiBw"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1940$0"} true;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0_phi_back_$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA;
+  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA:
+    assume (!(R8_12[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_16, Gamma_R8_16 := R8_12, Gamma_R8_12;
     goto $main$__4__$YaQJkGOMQVCrlScvBt8WoA;
   $main$__4__$YaQJkGOMQVCrlScvBt8WoA:
-    assume {:captureState "$main$__4__$YaQJkGOMQVCrlScvBt8WoA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw:
-    assume {:captureState "$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$q8ChuC7qRLCKpfOONmUiBw;
-  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA:
-    assume {:captureState "$main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$GliKhCDsS8OAMmKtmD1BCA;
-  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0:
-    assume {:captureState "$main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw, $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA;
-  $main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1:
-    assume {:captureState "$main$__0__$3bYHxhsFQt~mkKcsNIgm0w$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__3__$q8ChuC7qRLCKpfOONmUiBw, $main$__0__$3bYHxhsFQt~mkKcsNIgm0w_goto_$main$__1__$GliKhCDsS8OAMmKtmD1BCA;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_16;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_16;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader.expected b/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader.expected
index 874baad70..f95f8340c 100644
--- a/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader.expected
+++ b/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -98,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -110,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -121,52 +112,38 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var R0_10: bv64;
+  var R0_3: bv32;
+  var R0_6: bv32;
+  var R0_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000304"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_6;
     goto lmain_goto_l00000332, lmain_goto_l00000349;
-  l00000332:
-    assume {:captureState "l00000332"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+  lmain_goto_l00000349:
+    assume (R0_6 == 0bv32);
+    R0_10, Gamma_R0_10 := 0bv64, true;
     goto l0000033e;
-  l00000349:
-    assume {:captureState "l00000349"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l00000332:
+    assume (!(R0_6 == 0bv32));
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_10, Gamma_R0_10 := R0_9, Gamma_R0_9;
     goto l0000033e;
   l0000033e:
-    assume {:captureState "l0000033e"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  lmain_goto_l00000332:
-    assume {:captureState "lmain_goto_l00000332"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000332;
-  lmain_goto_l00000349:
-    assume {:captureState "lmain_goto_l00000349"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000349;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_10, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_10, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader_gtirb.expected b/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader_gtirb.expected
index 36c5088ff..fd4fa71a4 100644
--- a/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader_gtirb.expected
+++ b/src/test/correct/basic_function_call_reader/gcc/basic_function_call_reader_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -96,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -108,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -119,52 +112,38 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$3$8: bv32;
-  var Gamma_Cse0__5$3$8: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var R0_10: bv64;
+  var R0_3: bv32;
+  var R0_6: bv32;
+  var R0_9: bv64;
   $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w:
-    assume {:captureState "$main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$3$8, Gamma_Cse0__5$3$8 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$8, Cse0__5$3$8)), Gamma_Cse0__5$3$8;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$8), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$3$8);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$8, 0bv32), Gamma_Cse0__5$3$8;
-    NF, Gamma_NF := Cse0__5$3$8[32:31], Gamma_Cse0__5$3$8;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_6;
     goto $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__2__$MdKjK9_tS4CwsqOHpUajFA, $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__1__$HbG3EzSzT7SHv80IyKeGnw;
-  $main$__1__$HbG3EzSzT7SHv80IyKeGnw:
-    assume {:captureState "$main$__1__$HbG3EzSzT7SHv80IyKeGnw"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__1__$HbG3EzSzT7SHv80IyKeGnw:
+    assume (R0_6 == 0bv32);
+    R0_10, Gamma_R0_10 := 0bv64, true;
     goto $main$__3__$ArZKC0sNSe6_xTDy3J32hw;
-  $main$__2__$MdKjK9_tS4CwsqOHpUajFA:
-    assume {:captureState "$main$__2__$MdKjK9_tS4CwsqOHpUajFA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+  $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__2__$MdKjK9_tS4CwsqOHpUajFA:
+    assume (!(R0_6 == 0bv32));
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_10, Gamma_R0_10 := R0_9, Gamma_R0_9;
     goto $main$__3__$ArZKC0sNSe6_xTDy3J32hw;
   $main$__3__$ArZKC0sNSe6_xTDy3J32hw:
-    assume {:captureState "$main$__3__$ArZKC0sNSe6_xTDy3J32hw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__2__$MdKjK9_tS4CwsqOHpUajFA:
-    assume {:captureState "$main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__2__$MdKjK9_tS4CwsqOHpUajFA"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__2__$MdKjK9_tS4CwsqOHpUajFA;
-  $main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__1__$HbG3EzSzT7SHv80IyKeGnw:
-    assume {:captureState "$main$__0__$Ux0Q3SQCTAWbVjaRM4YV_w_goto_$main$__1__$HbG3EzSzT7SHv80IyKeGnw"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$HbG3EzSzT7SHv80IyKeGnw;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_10, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_10, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader.expected b/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader.expected
index daf05e75b..ed7b56d68 100644
--- a/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader.expected
+++ b/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,7 +9,6 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -73,8 +68,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -94,34 +89,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R0_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R0, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R0, 20bv64)) || L(mem, bvadd64(R0, 20bv64)));
-    assert Gamma_R0;
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_3;
     goto lmain_goto_l000001bc, lmain_goto_l00000398;
-  l00000398:
-    assume {:captureState "l00000398"} true;
+  lmain_goto_l00000398:
+    assume (!(R0_3[32:0] == 0bv32));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 4bv64)) || L(mem, bvadd64(R1, 4bv64)));
+    R0_4, Gamma_R0_4 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R0_6, Gamma_R0_6 := R0_4, Gamma_R0_4;
     goto l000001bc;
-  l000001bc:
-    assume {:captureState "l000001bc"} true;
-    goto main_basil_return;
   lmain_goto_l000001bc:
-    assume {:captureState "lmain_goto_l000001bc"} true;
-    assume (bvcomp32(R0[32:0], 0bv32) != 0bv1);
+    assume (R0_3[32:0] == 0bv32);
+    R0_6, Gamma_R0_6 := R0_3, Gamma_R0_3;
     goto l000001bc;
-  lmain_goto_l00000398:
-    assume {:captureState "lmain_goto_l00000398"} true;
-    assume (bvcomp32(R0[32:0], 0bv32) == 0bv1);
-    goto l00000398;
+  l000001bc:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := R0_6, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out := Gamma_R0_6, true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader_gtirb.expected b/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader_gtirb.expected
index 404c6e24c..9360fade4 100644
--- a/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader_gtirb.expected
+++ b/src/test/correct/basic_function_call_reader/gcc_O2/basic_function_call_reader_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -72,8 +68,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -93,34 +89,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R0_6: bv64;
   $main$__0__$dHiJQHnYTpm65oMaN9oFgA:
-    assume {:captureState "$main$__0__$dHiJQHnYTpm65oMaN9oFgA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R0, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R0, 20bv64)) || L(mem, bvadd64(R0, 20bv64)));
-    assert Gamma_R0;
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_3;
     goto $main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__2__$5XEKQ4igS9uTmAyY~2l26Q, $main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__1__$_i5~WMZiQtmSmwJkk1py6w;
-  $main$__1__$_i5~WMZiQtmSmwJkk1py6w:
-    assume {:captureState "$main$__1__$_i5~WMZiQtmSmwJkk1py6w"} true;
+  $main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__1__$_i5~WMZiQtmSmwJkk1py6w:
+    assume (!(R0_3[32:0] == 0bv32));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 4bv64)) || L(mem, bvadd64(R1, 4bv64)));
+    R0_4, Gamma_R0_4 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R0_6, Gamma_R0_6 := R0_4, Gamma_R0_4;
     goto $main$__2__$5XEKQ4igS9uTmAyY~2l26Q;
-  $main$__2__$5XEKQ4igS9uTmAyY~2l26Q:
-    assume {:captureState "$main$__2__$5XEKQ4igS9uTmAyY~2l26Q"} true;
-    goto main_basil_return;
   $main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__2__$5XEKQ4igS9uTmAyY~2l26Q:
-    assume {:captureState "$main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__2__$5XEKQ4igS9uTmAyY~2l26Q"} true;
-    assume (R0[32:0] == 0bv32);
+    assume (R0_3[32:0] == 0bv32);
+    R0_6, Gamma_R0_6 := R0_3, Gamma_R0_3;
     goto $main$__2__$5XEKQ4igS9uTmAyY~2l26Q;
-  $main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__1__$_i5~WMZiQtmSmwJkk1py6w:
-    assume {:captureState "$main$__0__$dHiJQHnYTpm65oMaN9oFgA_goto_$main$__1__$_i5~WMZiQtmSmwJkk1py6w"} true;
-    assume (!(R0[32:0] == 0bv32));
-    goto $main$__1__$_i5~WMZiQtmSmwJkk1py6w;
+  $main$__2__$5XEKQ4igS9uTmAyY~2l26Q:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := R0_6, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out := Gamma_R0_6, true;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader.expected b/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader.expected
index 4dee04924..ee3a6e29f 100644
--- a/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader.expected
+++ b/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -38,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -54,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -104,8 +97,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
@@ -118,8 +111,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -131,54 +122,46 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000305"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto lmain_goto_l00000334, lmain_goto_l0000034b;
-  l00000334:
-    assume {:captureState "l00000334"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+  lmain_goto_l0000034b:
+    assume (R0_6 == 0bv32);
+    R0_10, Gamma_R0_10 := 0bv64, true;
     goto l00000340;
-  l0000034b:
-    assume {:captureState "l0000034b"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l00000334:
+    assume (!(R0_6 == 0bv32));
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_10, Gamma_R0_10 := R0_9, Gamma_R0_9;
     goto l00000340;
   l00000340:
-    assume {:captureState "l00000340"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  lmain_goto_l00000334:
-    assume {:captureState "lmain_goto_l00000334"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000334;
-  lmain_goto_l0000034b:
-    assume {:captureState "lmain_goto_l0000034b"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000034b;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_10, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_10, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader_gtirb.expected b/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader_gtirb.expected
index 080e84267..8eb2aa73f 100644
--- a/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader_gtirb.expected
+++ b/src/test/correct/basic_function_call_reader/gcc_pic/basic_function_call_reader_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $y_addr) then (memory_load32_le(memory, $x_addr) == 1bv32) else (if (index == $x_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -102,8 +97,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
@@ -116,8 +111,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -129,54 +122,46 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$8: bv32;
-  var Gamma_Cse0__5$1$8: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_9: bv64;
   $main$__0__$XPSYuwk~QqCXXYlfch0U8A:
-    assume {:captureState "$main$__0__$XPSYuwk~QqCXXYlfch0U8A"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$1$8, Gamma_Cse0__5$1$8 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$8, Cse0__5$1$8)), Gamma_Cse0__5$1$8;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$8), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$1$8);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$8, 0bv32), Gamma_Cse0__5$1$8;
-    NF, Gamma_NF := Cse0__5$1$8[32:31], Gamma_Cse0__5$1$8;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto $main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__2__$YV9HrAzzRPueIlS9B6wdEg, $main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__1__$tezFaGT_RC6b4e~6~Bd7zA;
-  $main$__1__$tezFaGT_RC6b4e~6~Bd7zA:
-    assume {:captureState "$main$__1__$tezFaGT_RC6b4e~6~Bd7zA"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  $main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__1__$tezFaGT_RC6b4e~6~Bd7zA:
+    assume (R0_6 == 0bv32);
+    R0_10, Gamma_R0_10 := 0bv64, true;
     goto $main$__3__$BzeSfzsYQfagBIn19G60Ng;
-  $main$__2__$YV9HrAzzRPueIlS9B6wdEg:
-    assume {:captureState "$main$__2__$YV9HrAzzRPueIlS9B6wdEg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+  $main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__2__$YV9HrAzzRPueIlS9B6wdEg:
+    assume (!(R0_6 == 0bv32));
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_10, Gamma_R0_10 := R0_9, Gamma_R0_9;
     goto $main$__3__$BzeSfzsYQfagBIn19G60Ng;
   $main$__3__$BzeSfzsYQfagBIn19G60Ng:
-    assume {:captureState "$main$__3__$BzeSfzsYQfagBIn19G60Ng"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  $main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__2__$YV9HrAzzRPueIlS9B6wdEg:
-    assume {:captureState "$main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__2__$YV9HrAzzRPueIlS9B6wdEg"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__2__$YV9HrAzzRPueIlS9B6wdEg;
-  $main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__1__$tezFaGT_RC6b4e~6~Bd7zA:
-    assume {:captureState "$main$__0__$XPSYuwk~QqCXXYlfch0U8A_goto_$main$__1__$tezFaGT_RC6b4e~6~Bd7zA"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$tezFaGT_RC6b4e~6~Bd7zA;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_10, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_10, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/clang/basic_lock_read.expected b/src/test/correct/basic_lock_read/clang/basic_lock_read.expected
index 4b0e5107e..4d66cf94e 100644
--- a/src/test/correct/basic_lock_read/clang/basic_lock_read.expected
+++ b/src/test/correct/basic_lock_read/clang/basic_lock_read.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -96,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -108,9 +99,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -120,81 +109,59 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
+  var R8_9: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f9"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000300"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l0000032d, lmain_goto_l00000330;
-  l00000330:
-    assume {:captureState "l00000330"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000330:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l00000333;
-  l0000032d:
-    assume {:captureState "l0000032d"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000032d:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l00000333;
   l00000333:
-    assume {:captureState "l00000333"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l00000333_goto_l0000033b, l00000333_goto_l00000352;
-  l00000352:
-    assume {:captureState "l00000352"} true;
-    goto l00000353;
-  l00000353:
-    assume {:captureState "l00000353"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  l00000333_goto_l00000352:
+    assume (!(R8_7[1:0] == 1bv1));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "%00000360"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%0000036f"} true;
+    R8_9, Gamma_R8_9 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_9);
+    R8_11, Gamma_R8_11 := R8_9, Gamma_R8_9;
     goto l0000033b;
-  l0000033b:
-    assume {:captureState "l0000033b"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l0000032d:
-    assume {:captureState "lmain_goto_l0000032d"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l0000032d;
-  lmain_goto_l00000330:
-    assume {:captureState "lmain_goto_l00000330"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000330;
   l00000333_goto_l0000033b:
-    assume {:captureState "l00000333_goto_l0000033b"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_7[1:0] == 1bv1);
+    R8_11, Gamma_R8_11 := R8_7, Gamma_R8_7;
     goto l0000033b;
-  l00000333_goto_l00000352:
-    assume {:captureState "l00000333_goto_l00000352"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000352;
+  l0000033b:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_11;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_11;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/clang/basic_lock_read_gtirb.expected b/src/test/correct/basic_lock_read/clang/basic_lock_read_gtirb.expected
index 613afcdf3..87df30def 100644
--- a/src/test/correct/basic_lock_read/clang/basic_lock_read_gtirb.expected
+++ b/src/test/correct/basic_lock_read/clang/basic_lock_read_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -106,9 +99,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -118,73 +109,72 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$2$5: bv32;
-  var Gamma_Cse0__5$2$5: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_2: bv32;
+  var R8_8: bv64;
   var z_old: bv32;
   $main$__0__$rFLbTMieRHaXyRDy_WM9nA:
-    assume {:captureState "$main$__0__$rFLbTMieRHaXyRDy_WM9nA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1820$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$2$5, Gamma_Cse0__5$2$5 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$2$5, Cse0__5$2$5)), Gamma_Cse0__5$2$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$5), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$2$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$5, 0bv32), Gamma_Cse0__5$2$5;
-    NF, Gamma_NF := Cse0__5$2$5[32:31], Gamma_Cse0__5$2$5;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$2$5), Gamma_Cse0__5$2$5;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0, $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1;
-  $main$__1__$24kG8YkCTZOdLFRKQWWeuQ:
-    assume {:captureState "$main$__1__$24kG8YkCTZOdLFRKQWWeuQ"} true;
-    goto $main$__2__$Uq6ddtMrQtqVC9c4DWnGkw;
-  $main$__2__$Uq6ddtMrQtqVC9c4DWnGkw:
-    assume {:captureState "$main$__2__$Uq6ddtMrQtqVC9c4DWnGkw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1:
+    assume (!(R8_2 == 0bv32));
+    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1_phi_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q, $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1_phi_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1_phi_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ:
+    R8_8, Gamma_R8_8 := 1bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1_phi_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0:
+    assume (R8_2 == 0bv32);
+    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ, $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q:
+    assume (R8_12[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := R8_12, Gamma_R8_12;
+    goto $main$__3__$cw51Ok56RY~0vRv0O7D67Q;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0_phi_back_$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ:
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ;
+  $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "1852$0"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1860$0"} true;
+    R8_10, Gamma_R8_10 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_10[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_10);
+    R8_13, Gamma_R8_13 := R8_10, Gamma_R8_10;
     goto $main$__3__$cw51Ok56RY~0vRv0O7D67Q;
   $main$__3__$cw51Ok56RY~0vRv0O7D67Q:
-    assume {:captureState "$main$__3__$cw51Ok56RY~0vRv0O7D67Q"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
-  $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q:
-    assume {:captureState "$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$cw51Ok56RY~0vRv0O7D67Q;
-  $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ:
-    assume {:captureState "$main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$24kG8YkCTZOdLFRKQWWeuQ;
-  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0:
-    assume {:captureState "$main$__0__$rFLbTMieRHaXyRDy_WM9nA$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q, $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ;
-  $main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1:
-    assume {:captureState "$main$__0__$rFLbTMieRHaXyRDy_WM9nA$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__3__$cw51Ok56RY~0vRv0O7D67Q, $main$__0__$rFLbTMieRHaXyRDy_WM9nA_goto_$main$__1__$24kG8YkCTZOdLFRKQWWeuQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_13;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/clang_O2/basic_lock_read.expected b/src/test/correct/basic_lock_read/clang_O2/basic_lock_read.expected
index 95305362e..5d574858b 100644
--- a/src/test/correct/basic_lock_read/clang_O2/basic_lock_read.expected
+++ b/src/test/correct/basic_lock_read/clang_O2/basic_lock_read.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -13,13 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -35,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_mem, R0, R8, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -89,7 +97,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures (R0[32:0] == 0bv32);
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1868bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1869bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1870bv64) == 2bv8);
@@ -99,41 +107,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var Gamma_R8_6: bool;
+  var R8_3: bv64;
+  var R8_6: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    assert Gamma_R8;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto lmain_goto_l000002dc, lmain_goto_l000002f7;
-  l000002dc:
-    assume {:captureState "l000002dc"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  lmain_goto_l000002f7:
+    assume (!(R8_3[32:0] == 0bv32));
+    R8_6, Gamma_R8_6 := R8_3, Gamma_R8_3;
+    goto main_basil_return;
+  lmain_goto_l000002dc:
+    assume (R8_3[32:0] == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "%000002eb"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
-  l000002f7:
-    assume {:captureState "l000002f7"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    R8_6, Gamma_R8_6 := 69632bv64, true;
     goto main_basil_return;
-  lmain_goto_l000002dc:
-    assume {:captureState "lmain_goto_l000002dc"} true;
-    assume (bvcomp32(R8[32:0], 0bv32) != 0bv1);
-    goto l000002dc;
-  lmain_goto_l000002f7:
-    assume {:captureState "lmain_goto_l000002f7"} true;
-    assume (bvcomp32(R8[32:0], 0bv32) == 0bv1);
-    goto l000002f7;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out := 0bv64, R8_6;
+    Gamma_R0_out, Gamma_R8_out := true, Gamma_R8_6;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/clang_O2/basic_lock_read_gtirb.expected b/src/test/correct/basic_lock_read/clang_O2/basic_lock_read_gtirb.expected
index 7d1102980..e62be1a55 100644
--- a/src/test/correct/basic_lock_read/clang_O2/basic_lock_read_gtirb.expected
+++ b/src/test/correct/basic_lock_read/clang_O2/basic_lock_read_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_mem, R0, R8, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -88,7 +97,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures (R0[32:0] == 0bv32);
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1868bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1869bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1870bv64) == 2bv8);
@@ -98,41 +107,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var Gamma_R8_6: bool;
+  var R8_3: bv64;
+  var R8_6: bv64;
   var z_old: bv32;
   $main$__0__$WS3unIRvQP~HMbu0zRO9Wg:
-    assume {:captureState "$main$__0__$WS3unIRvQP~HMbu0zRO9Wg"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    assert Gamma_R8;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto $main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__2__$lHXxwUQYROKiGyY65vpP1Q, $main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__1__$VRrOrprpRgq70GRGqvu1TQ;
-  $main$__1__$VRrOrprpRgq70GRGqvu1TQ:
-    assume {:captureState "$main$__1__$VRrOrprpRgq70GRGqvu1TQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  $main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__1__$VRrOrprpRgq70GRGqvu1TQ:
+    assume (!(R8_3[32:0] == 0bv32));
+    R8_6, Gamma_R8_6 := R8_3, Gamma_R8_3;
     goto main_basil_return;
-  $main$__2__$lHXxwUQYROKiGyY65vpP1Q:
-    assume {:captureState "$main$__2__$lHXxwUQYROKiGyY65vpP1Q"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  $main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__2__$lHXxwUQYROKiGyY65vpP1Q:
+    assume (R8_3[32:0] == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    R8_6, Gamma_R8_6 := 69632bv64, true;
     goto main_basil_return;
-  $main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__2__$lHXxwUQYROKiGyY65vpP1Q:
-    assume {:captureState "$main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__2__$lHXxwUQYROKiGyY65vpP1Q"} true;
-    assume (R8[32:0] == 0bv32);
-    goto $main$__2__$lHXxwUQYROKiGyY65vpP1Q;
-  $main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__1__$VRrOrprpRgq70GRGqvu1TQ:
-    assume {:captureState "$main$__0__$WS3unIRvQP~HMbu0zRO9Wg_goto_$main$__1__$VRrOrprpRgq70GRGqvu1TQ"} true;
-    assume (!(R8[32:0] == 0bv32));
-    goto $main$__1__$VRrOrprpRgq70GRGqvu1TQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out := 0bv64, R8_6;
+    Gamma_R0_out, Gamma_R8_out := true, Gamma_R8_6;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/clang_pic/basic_lock_read.expected b/src/test/correct/basic_lock_read/clang_pic/basic_lock_read.expected
index 6a6ad0a7b..426ccf12f 100644
--- a/src/test/correct/basic_lock_read/clang_pic/basic_lock_read.expected
+++ b/src/test/correct/basic_lock_read/clang_pic/basic_lock_read.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -56,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -102,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1972bv64) == 1bv8);
@@ -116,9 +107,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1972bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1973bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1974bv64) == 2bv8);
@@ -130,85 +119,67 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_8: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000301"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000308"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto lmain_goto_l0000033c, lmain_goto_l0000033f;
-  l0000033f:
-    assume {:captureState "l0000033f"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000033f:
+    assume (!(R8_3 == 0bv32));
+    R8_8, Gamma_R8_8 := 1bv64, true;
     goto l00000342;
-  l0000033c:
-    assume {:captureState "l0000033c"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000033c:
+    assume (R8_3 == 0bv32);
+    R8_8, Gamma_R8_8 := 0bv64, true;
     goto l00000342;
   l00000342:
-    assume {:captureState "l00000342"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_8;
     goto l00000342_goto_l0000034a, l00000342_goto_l00000361;
-  l00000361:
-    assume {:captureState "l00000361"} true;
-    goto l00000362;
-  l00000362:
-    assume {:captureState "l00000362"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  l00000342_goto_l00000361:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_10, Gamma_R8_10 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_10) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_10, 0bv32), gamma_store32(Gamma_mem, R8_10, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "%00000376"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000385"} true;
+    R8_11, Gamma_R8_11 := zero_extend32_32(memory_load32_le(mem, R8_10)), (gamma_load32(Gamma_mem, R8_10) || L(mem, R8_10));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_11[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_11);
+    R8_13, Gamma_R8_13 := R8_11, Gamma_R8_11;
     goto l0000034a;
-  l0000034a:
-    assume {:captureState "l0000034a"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l0000033c:
-    assume {:captureState "lmain_goto_l0000033c"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l0000033c;
-  lmain_goto_l0000033f:
-    assume {:captureState "lmain_goto_l0000033f"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000033f;
   l00000342_goto_l0000034a:
-    assume {:captureState "l00000342_goto_l0000034a"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_8[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := R8_8, Gamma_R8_8;
     goto l0000034a;
-  l00000342_goto_l00000361:
-    assume {:captureState "l00000342_goto_l00000361"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000361;
+  l0000034a:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_13;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/clang_pic/basic_lock_read_gtirb.expected b/src/test/correct/basic_lock_read/clang_pic/basic_lock_read_gtirb.expected
index de5c71aa8..147b4600b 100644
--- a/src/test/correct/basic_lock_read/clang_pic/basic_lock_read_gtirb.expected
+++ b/src/test/correct/basic_lock_read/clang_pic/basic_lock_read_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1972bv64) == 1bv8);
@@ -114,9 +107,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1972bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1973bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1974bv64) == 2bv8);
@@ -128,77 +119,80 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$2$6: bv32;
-  var Gamma_Cse0__5$2$6: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_9: bv64;
   var z_old: bv32;
   $main$__0__$sDgL5ErbRei_PI97mOM34Q:
-    assume {:captureState "$main$__0__$sDgL5ErbRei_PI97mOM34Q"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1884$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$2$6, Gamma_Cse0__5$2$6 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$2$6, Cse0__5$2$6)), Gamma_Cse0__5$2$6;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$6), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$2$6);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$6, 0bv32), Gamma_Cse0__5$2$6;
-    NF, Gamma_NF := Cse0__5$2$6[32:31], Gamma_Cse0__5$2$6;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$2$6), Gamma_Cse0__5$2$6;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0, $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1;
-  $main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ:
-    assume {:captureState "$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ"} true;
-    goto $main$__2__$gV96_A0qQxOx5WBiTMjRhw;
-  $main$__2__$gV96_A0qQxOx5WBiTMjRhw:
-    assume {:captureState "$main$__2__$gV96_A0qQxOx5WBiTMjRhw"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1:
+    assume (!(R8_3 == 0bv32));
+    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1_phi_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww, $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1_phi_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1_phi_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ:
+    R8_9, Gamma_R8_9 := 1bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1_phi_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww:
+    R8_14, Gamma_R8_14 := 1bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0:
+    assume (R8_3 == 0bv32);
+    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ, $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww:
+    R8_14, Gamma_R8_14 := 0bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww:
+    assume (R8_14[1:0] == 1bv1);
+    R8_15, Gamma_R8_15 := R8_14, Gamma_R8_14;
+    goto $main$__3__$txO5s~pWRamQAjZH4_ZIww;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0_phi_back_$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ:
+    R8_9, Gamma_R8_9 := 0bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ;
+  $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ:
+    assume (!(R8_9[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_11, Gamma_R8_11 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_11) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_11, 0bv32), gamma_store32(Gamma_mem, R8_11, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "1924$0"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1932$0"} true;
+    R8_12, Gamma_R8_12 := zero_extend32_32(memory_load32_le(mem, R8_11)), (gamma_load32(Gamma_mem, R8_11) || L(mem, R8_11));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_12[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_12);
+    R8_15, Gamma_R8_15 := R8_12, Gamma_R8_12;
     goto $main$__3__$txO5s~pWRamQAjZH4_ZIww;
   $main$__3__$txO5s~pWRamQAjZH4_ZIww:
-    assume {:captureState "$main$__3__$txO5s~pWRamQAjZH4_ZIww"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
-  $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww:
-    assume {:captureState "$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$txO5s~pWRamQAjZH4_ZIww;
-  $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ:
-    assume {:captureState "$main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ;
-  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__0:
-    assume {:captureState "$main$__0__$sDgL5ErbRei_PI97mOM34Q$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww, $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ;
-  $main$__0__$sDgL5ErbRei_PI97mOM34Q$__1:
-    assume {:captureState "$main$__0__$sDgL5ErbRei_PI97mOM34Q$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__3__$txO5s~pWRamQAjZH4_ZIww, $main$__0__$sDgL5ErbRei_PI97mOM34Q_goto_$main$__1__$Fh8Bafn_SSyRCR_S9MtmNQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_15;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_15;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/gcc/basic_lock_read.expected b/src/test/correct/basic_lock_read/gcc/basic_lock_read.expected
index a99b5a5e3..99cab38e4 100644
--- a/src/test/correct/basic_lock_read/gcc/basic_lock_read.expected
+++ b/src/test/correct/basic_lock_read/gcc/basic_lock_read.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -106,9 +99,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -118,59 +109,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var R0_3: bv32;
+  var R0_8: bv32;
+  var R0_9: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f9"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    assert Gamma_R0_3;
     goto lmain_goto_l00000327, lmain_goto_l0000033e;
-  l0000033e:
-    assume {:captureState "l0000033e"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+  lmain_goto_l0000033e:
+    assume (R0_3 == 0bv32);
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "%0000034e"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000368"} true;
+    R0_8, Gamma_R0_8 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
     goto l00000327;
-  l00000327:
-    assume {:captureState "l00000327"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l00000327:
-    assume {:captureState "lmain_goto_l00000327"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_3 == 0bv32));
     goto l00000327;
-  lmain_goto_l0000033e:
-    assume {:captureState "lmain_goto_l0000033e"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000033e;
+  l00000327:
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_9, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_9, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/gcc/basic_lock_read_gtirb.expected b/src/test/correct/basic_lock_read/gcc/basic_lock_read_gtirb.expected
index e7c5751a8..a29da722d 100644
--- a/src/test/correct/basic_lock_read/gcc/basic_lock_read_gtirb.expected
+++ b/src/test/correct/basic_lock_read/gcc/basic_lock_read_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -92,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -104,9 +99,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1900bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1901bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -116,59 +109,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$5: bv32;
-  var Gamma_Cse0__5$0$5: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var R0_3: bv32;
+  var R0_8: bv32;
+  var R0_9: bv64;
   var z_old: bv32;
   $main$__0__$CCtRsxbhQvGXpnMRl7qS2g:
-    assume {:captureState "$main$__0__$CCtRsxbhQvGXpnMRl7qS2g"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$0$5, Gamma_Cse0__5$0$5 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$5, Cse0__5$0$5)), Gamma_Cse0__5$0$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$5, 0bv32), Gamma_Cse0__5$0$5;
-    NF, Gamma_NF := Cse0__5$0$5[32:31], Gamma_Cse0__5$0$5;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    assert Gamma_R0_3;
     goto $main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__2__$4eAAAye2Sq21c9DcyPaaBA, $main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__1__$h_~YJv9RRmGHTPS4vJZEVA;
-  $main$__1__$h_~YJv9RRmGHTPS4vJZEVA:
-    assume {:captureState "$main$__1__$h_~YJv9RRmGHTPS4vJZEVA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+  $main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__1__$h_~YJv9RRmGHTPS4vJZEVA:
+    assume (R0_3 == 0bv32);
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
+    R0_8, Gamma_R0_8 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
     goto $main$__2__$4eAAAye2Sq21c9DcyPaaBA;
-  $main$__2__$4eAAAye2Sq21c9DcyPaaBA:
-    assume {:captureState "$main$__2__$4eAAAye2Sq21c9DcyPaaBA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__2__$4eAAAye2Sq21c9DcyPaaBA:
-    assume {:captureState "$main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__2__$4eAAAye2Sq21c9DcyPaaBA"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_3 == 0bv32));
     goto $main$__2__$4eAAAye2Sq21c9DcyPaaBA;
-  $main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__1__$h_~YJv9RRmGHTPS4vJZEVA:
-    assume {:captureState "$main$__0__$CCtRsxbhQvGXpnMRl7qS2g_goto_$main$__1__$h_~YJv9RRmGHTPS4vJZEVA"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$h_~YJv9RRmGHTPS4vJZEVA;
+  $main$__2__$4eAAAye2Sq21c9DcyPaaBA:
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_9, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_9, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read.expected b/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read.expected
index d2727ac66..909a32d75 100644
--- a/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read.expected
+++ b/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -13,14 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,10 +43,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -78,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -90,7 +96,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures (R0[32:0] == 0bv32);
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -100,40 +106,32 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R0, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R0, 20bv64)) || L(mem, bvadd64(R0, 20bv64)));
-    assert Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_3;
     goto lmain_goto_l000001bd, lmain_goto_l0000039c;
-  l0000039c:
-    assume {:captureState "l0000039c"} true;
+  lmain_goto_l0000039c:
+    assume (R0_3 == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R1, 4bv64)) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 4bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R1, 4bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "%000003a1"} true;
     goto l000001bd;
-  l000001bd:
-    assume {:captureState "l000001bd"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   lmain_goto_l000001bd:
-    assume {:captureState "lmain_goto_l000001bd"} true;
-    assume (bvnot1(bvcomp32(R0[32:0], 0bv32)) != 0bv1);
+    assume (!(R0_3 == 0bv32));
     goto l000001bd;
-  lmain_goto_l0000039c:
-    assume {:captureState "lmain_goto_l0000039c"} true;
-    assume (bvnot1(bvcomp32(R0[32:0], 0bv32)) == 0bv1);
-    goto l0000039c;
+  l000001bd:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read_gtirb.expected b/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read_gtirb.expected
index 748845185..3d5141499 100644
--- a/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read_gtirb.expected
+++ b/src/test/correct/basic_lock_read/gcc_O2/basic_lock_read_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,10 +43,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -76,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -88,7 +96,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures (R0[32:0] == 0bv32);
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -98,40 +106,32 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv32;
   var z_old: bv32;
   $main$__0__$FF2SjjvqSsOWEiG9v2p92Q:
-    assume {:captureState "$main$__0__$FF2SjjvqSsOWEiG9v2p92Q"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R0, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R0, 20bv64)) || L(mem, bvadd64(R0, 20bv64)));
-    assert Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_3;
     goto $main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__2__$MYSV1omOQM2b08Jj~q4Iuw, $main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__1__$5dIr9jyaTQaHqLa9MRdoFQ;
-  $main$__1__$5dIr9jyaTQaHqLa9MRdoFQ:
-    assume {:captureState "$main$__1__$5dIr9jyaTQaHqLa9MRdoFQ"} true;
+  $main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__1__$5dIr9jyaTQaHqLa9MRdoFQ:
+    assume (R0_3 == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R1, 4bv64)) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 4bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R1, 4bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "1552$0"} true;
     goto $main$__2__$MYSV1omOQM2b08Jj~q4Iuw;
-  $main$__2__$MYSV1omOQM2b08Jj~q4Iuw:
-    assume {:captureState "$main$__2__$MYSV1omOQM2b08Jj~q4Iuw"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   $main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__2__$MYSV1omOQM2b08Jj~q4Iuw:
-    assume {:captureState "$main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__2__$MYSV1omOQM2b08Jj~q4Iuw"} true;
-    assume ((R0[32:0] == 0bv32) == false);
+    assume (!(R0_3 == 0bv32));
     goto $main$__2__$MYSV1omOQM2b08Jj~q4Iuw;
-  $main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__1__$5dIr9jyaTQaHqLa9MRdoFQ:
-    assume {:captureState "$main$__0__$FF2SjjvqSsOWEiG9v2p92Q_goto_$main$__1__$5dIr9jyaTQaHqLa9MRdoFQ"} true;
-    assume (!((R0[32:0] == 0bv32) == false));
-    goto $main$__1__$5dIr9jyaTQaHqLa9MRdoFQ;
+  $main$__2__$MYSV1omOQM2b08Jj~q4Iuw:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read.expected b/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read.expected
index c8e365ec9..b2930d5a5 100644
--- a/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read.expected
+++ b/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -38,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -54,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -114,9 +107,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -128,62 +119,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv32;
+  var R0_9: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f9"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    assert Gamma_R0_3;
     goto lmain_goto_l00000328, lmain_goto_l0000033f;
-  l0000033f:
-    assume {:captureState "l0000033f"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  lmain_goto_l0000033f:
+    assume (R0_3 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_5) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, 0bv32), gamma_store32(Gamma_mem, R0_5, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "%00000350"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000036b"} true;
+    R0_8, Gamma_R0_8 := memory_load32_le(mem, R0_7), (gamma_load32(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
     goto l00000328;
-  l00000328:
-    assume {:captureState "l00000328"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l00000328:
-    assume {:captureState "lmain_goto_l00000328"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_3 == 0bv32));
     goto l00000328;
-  lmain_goto_l0000033f:
-    assume {:captureState "lmain_goto_l0000033f"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000033f;
+  l00000328:
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_9, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_9, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read_gtirb.expected b/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read_gtirb.expected
index 033884fa7..b1473873c 100644
--- a/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read_gtirb.expected
+++ b/src/test/correct/basic_lock_read/gcc_pic/basic_lock_read_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -98,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -112,9 +107,7 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  ensures (R0[32:0] == 0bv32);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
+  ensures (R0_out[32:0] == 0bv32);
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -126,62 +119,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$5: bv32;
-  var Gamma_Cse0__5$0$5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv32;
+  var R0_9: bv64;
   var z_old: bv32;
   $main$__0__$Gs_ZZWu2SiejIc_00eklZA:
-    assume {:captureState "$main$__0__$Gs_ZZWu2SiejIc_00eklZA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$0$5, Gamma_Cse0__5$0$5 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$5, Cse0__5$0$5)), Gamma_Cse0__5$0$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$5, 0bv32), Gamma_Cse0__5$0$5;
-    NF, Gamma_NF := Cse0__5$0$5[32:31], Gamma_Cse0__5$0$5;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    assert Gamma_R0_3;
     goto $main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg, $main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__1__$3vOWy9QvQo6ElHgnmXugdw;
-  $main$__1__$3vOWy9QvQo6ElHgnmXugdw:
-    assume {:captureState "$main$__1__$3vOWy9QvQo6ElHgnmXugdw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__1__$3vOWy9QvQo6ElHgnmXugdw:
+    assume (R0_3 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_5) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, 0bv32), gamma_store32(Gamma_mem, R0_5, true);
     assert (memory_load32_le(mem, $z_addr) == z_old);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1928$0"} true;
+    R0_8, Gamma_R0_8 := memory_load32_le(mem, R0_7), (gamma_load32(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
     goto $main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg;
-  $main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg:
-    assume {:captureState "$main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg:
-    assume {:captureState "$main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_3 == 0bv32));
     goto $main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg;
-  $main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__1__$3vOWy9QvQo6ElHgnmXugdw:
-    assume {:captureState "$main$__0__$Gs_ZZWu2SiejIc_00eklZA_goto_$main$__1__$3vOWy9QvQo6ElHgnmXugdw"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$3vOWy9QvQo6ElHgnmXugdw;
+  $main$__2__$zWtL6ov7R~OhQ~Y6jkCfIg:
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_9, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_9, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read.expected b/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read.expected
index 06964678d..f33d9854e 100644
--- a/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read.expected
+++ b/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -96,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -108,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -119,74 +108,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
+  var R8_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f5"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%000002fc"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l00000329, lmain_goto_l0000032c;
-  l0000032c:
-    assume {:captureState "l0000032c"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000032c:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l0000032f;
-  l00000329:
-    assume {:captureState "l00000329"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000329:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l0000032f;
   l0000032f:
-    assume {:captureState "l0000032f"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l0000032f_goto_l00000337, l0000032f_goto_l0000034e;
-  l0000034e:
-    assume {:captureState "l0000034e"} true;
-    goto l0000034f;
-  l0000034f:
-    assume {:captureState "l0000034f"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  l0000032f_goto_l0000034e:
+    assume (!(R8_7[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000364"} true;
+    R8_9, Gamma_R8_9 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_9);
+    R8_11, Gamma_R8_11 := R8_9, Gamma_R8_9;
     goto l00000337;
-  l00000337:
-    assume {:captureState "l00000337"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000329:
-    assume {:captureState "lmain_goto_l00000329"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000329;
-  lmain_goto_l0000032c:
-    assume {:captureState "lmain_goto_l0000032c"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000032c;
   l0000032f_goto_l00000337:
-    assume {:captureState "l0000032f_goto_l00000337"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_7[1:0] == 1bv1);
+    R8_11, Gamma_R8_11 := R8_7, Gamma_R8_7;
     goto l00000337;
-  l0000032f_goto_l0000034e:
-    assume {:captureState "l0000032f_goto_l0000034e"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000034e;
+  l00000337:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_11;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_11;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read_gtirb.expected b/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read_gtirb.expected
index c05516f99..622556a36 100644
--- a/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read_gtirb.expected
+++ b/src/test/correct/basic_lock_security_read/clang/basic_lock_security_read_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -106,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -117,66 +108,66 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$3$5: bv32;
-  var Gamma_Cse0__5$3$5: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_2: bv32;
+  var R8_8: bv64;
   $main$__0__$9r6UOwhWT0e4r_v5VvoQOg:
-    assume {:captureState "$main$__0__$9r6UOwhWT0e4r_v5VvoQOg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1820$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$3$5, Gamma_Cse0__5$3$5 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$5, Cse0__5$3$5)), Gamma_Cse0__5$3$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$5), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$3$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$5, 0bv32), Gamma_Cse0__5$3$5;
-    NF, Gamma_NF := Cse0__5$3$5[32:31], Gamma_Cse0__5$3$5;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$5), Gamma_Cse0__5$3$5;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0, $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1;
-  $main$__1__$cbw8VJ_4TNWMhitLYT_zHw:
-    assume {:captureState "$main$__1__$cbw8VJ_4TNWMhitLYT_zHw"} true;
-    goto $main$__2__$u39p8w6rTnOZAd6DunNDgQ;
-  $main$__2__$u39p8w6rTnOZAd6DunNDgQ:
-    assume {:captureState "$main$__2__$u39p8w6rTnOZAd6DunNDgQ"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1:
+    assume (!(R8_2 == 0bv32));
+    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1_phi_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ, $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1_phi_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1_phi_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw:
+    R8_8, Gamma_R8_8 := 1bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1_phi_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0:
+    assume (R8_2 == 0bv32);
+    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw, $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ:
+    assume (R8_12[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := R8_12, Gamma_R8_12;
+    goto $main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0_phi_back_$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw:
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw;
+  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1856$0"} true;
+    R8_10, Gamma_R8_10 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_10[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_10);
+    R8_13, Gamma_R8_13 := R8_10, Gamma_R8_10;
     goto $main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ;
   $main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ:
-    assume {:captureState "$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
-  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ:
-    assume {:captureState "$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ;
-  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw:
-    assume {:captureState "$main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$cbw8VJ_4TNWMhitLYT_zHw;
-  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0:
-    assume {:captureState "$main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ, $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw;
-  $main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1:
-    assume {:captureState "$main$__0__$9r6UOwhWT0e4r_v5VvoQOg$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__3__$hMq94Gt8Rsi1RNq0G5~fMQ, $main$__0__$9r6UOwhWT0e4r_v5VvoQOg_goto_$main$__1__$cbw8VJ_4TNWMhitLYT_zHw;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_13;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read.expected b/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read.expected
index ced4f97ac..426252116 100644
--- a/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read.expected
+++ b/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read.expected
@@ -1,18 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -22,13 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -45,8 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -86,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, R9, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -107,46 +85,37 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R8_3: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 56bv64)) || L(mem, bvadd64(R9, 56bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R9_3, Gamma_R9_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    assert Gamma_R8_3;
     goto lmain_goto_l000002fa, lmain_goto_l000002fd;
-  l000002fd:
-    assume {:captureState "l000002fd"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002fd:
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto l00000300;
-  l000002fa:
-    assume {:captureState "l000002fa"} true;
-    R0, Gamma_R0 := zero_extend32_32(R9[32:0]), Gamma_R9;
+  lmain_goto_l000002fa:
+    assume (R8_3[32:0] == 0bv32);
+    R0_3, Gamma_R0_3 := zero_extend32_32(R9_3[32:0]), Gamma_R9_3;
+    R0_4, Gamma_R0_4 := R0_3, Gamma_R0_3;
     goto l00000300;
   l00000300:
-    assume {:captureState "l00000300"} true;
     goto main_basil_return;
-  lmain_goto_l000002fa:
-    assume {:captureState "lmain_goto_l000002fa"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000002fa;
-  lmain_goto_l000002fd:
-    assume {:captureState "lmain_goto_l000002fd"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000002fd;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := R0_4, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read_gtirb.expected b/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read_gtirb.expected
index 98833ec9e..4deb36b20 100644
--- a/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read_gtirb.expected
+++ b/src/test/correct/basic_lock_security_read/clang_O2/basic_lock_security_read_gtirb.expected
@@ -1,18 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -22,12 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -44,7 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -84,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, R9, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -105,37 +85,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$4: bv32;
-  var Gamma_Cse0__5$0$4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R8_3: bv64;
+  var R9_3: bv64;
   $main$__0__$pquulxeLTn6ZdHAVNHAErw:
-    assume {:captureState "$main$__0__$pquulxeLTn6ZdHAVNHAErw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 56bv64)) || L(mem, bvadd64(R9, 56bv64)));
-    Cse0__5$0$4, Gamma_Cse0__5$0$4 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$4, Cse0__5$0$4)), Gamma_Cse0__5$0$4;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$4), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$4, 0bv32), Gamma_Cse0__5$0$4;
-    NF, Gamma_NF := Cse0__5$0$4[32:31], Gamma_Cse0__5$0$4;
-    assert Gamma_ZF;
+    R9_3, Gamma_R9_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    assert Gamma_R8_3;
     goto $main$__0__$pquulxeLTn6ZdHAVNHAErw$__0, $main$__0__$pquulxeLTn6ZdHAVNHAErw$__1;
-  $main$__0__$pquulxeLTn6ZdHAVNHAErw$__0:
-    assume {:captureState "$main$__0__$pquulxeLTn6ZdHAVNHAErw$__0"} true;
-    assume (ZF == 1bv1);
-    R0, Gamma_R0 := zero_extend32_32(R9[32:0]), Gamma_R9;
-    goto main_basil_return;
   $main$__0__$pquulxeLTn6ZdHAVNHAErw$__1:
-    assume {:captureState "$main$__0__$pquulxeLTn6ZdHAVNHAErw$__1"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := 0bv64, true;
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
+    goto main_basil_return;
+  $main$__0__$pquulxeLTn6ZdHAVNHAErw$__0:
+    assume (R8_3[32:0] == 0bv32);
+    R0_3, Gamma_R0_3 := zero_extend32_32(R9_3[32:0]), Gamma_R9_3;
+    R0_4, Gamma_R0_4 := R0_3, Gamma_R0_3;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := R0_4, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read.expected b/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read.expected
index 52fc57311..478c6f746 100644
--- a/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read.expected
+++ b/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -56,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -102,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
@@ -116,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -129,78 +118,61 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002fd"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000304"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto lmain_goto_l00000338, lmain_goto_l0000033b;
-  l0000033b:
-    assume {:captureState "l0000033b"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000033b:
+    assume (!(R8_3 == 0bv32));
+    R8_8, Gamma_R8_8 := 1bv64, true;
     goto l0000033e;
-  l00000338:
-    assume {:captureState "l00000338"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000338:
+    assume (R8_3 == 0bv32);
+    R8_8, Gamma_R8_8 := 0bv64, true;
     goto l0000033e;
   l0000033e:
-    assume {:captureState "l0000033e"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_8;
     goto l0000033e_goto_l00000346, l0000033e_goto_l0000035d;
-  l0000035d:
-    assume {:captureState "l0000035d"} true;
-    goto l0000035e;
-  l0000035e:
-    assume {:captureState "l0000035e"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  l0000033e_goto_l0000035d:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_10, Gamma_R8_10 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%0000037a"} true;
+    R8_11, Gamma_R8_11 := zero_extend32_32(memory_load32_le(mem, R8_10)), (gamma_load32(Gamma_mem, R8_10) || L(mem, R8_10));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_11[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_11);
+    R8_13, Gamma_R8_13 := R8_11, Gamma_R8_11;
     goto l00000346;
-  l00000346:
-    assume {:captureState "l00000346"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000338:
-    assume {:captureState "lmain_goto_l00000338"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000338;
-  lmain_goto_l0000033b:
-    assume {:captureState "lmain_goto_l0000033b"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000033b;
   l0000033e_goto_l00000346:
-    assume {:captureState "l0000033e_goto_l00000346"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_8[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := R8_8, Gamma_R8_8;
     goto l00000346;
-  l0000033e_goto_l0000035d:
-    assume {:captureState "l0000033e_goto_l0000035d"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000035d;
+  l00000346:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_13;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read_gtirb.expected b/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read_gtirb.expected
index 989c887b8..e32b4beda 100644
--- a/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read_gtirb.expected
+++ b/src/test/correct/basic_lock_security_read/clang_pic/basic_lock_security_read_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
@@ -114,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -127,70 +118,74 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$6: bv32;
-  var Gamma_Cse0__5$0$6: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_9: bv64;
   $main$__0__$GWWZBuKKQM26VofqjYL7Vw:
-    assume {:captureState "$main$__0__$GWWZBuKKQM26VofqjYL7Vw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1884$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$0$6, Gamma_Cse0__5$0$6 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$6, Cse0__5$0$6)), Gamma_Cse0__5$0$6;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$6), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$6);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$6, 0bv32), Gamma_Cse0__5$0$6;
-    NF, Gamma_NF := Cse0__5$0$6[32:31], Gamma_Cse0__5$0$6;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$0$6), Gamma_Cse0__5$0$6;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0, $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1;
-  $main$__1__$~AKjztrcRfKvIDu38BnCGQ:
-    assume {:captureState "$main$__1__$~AKjztrcRfKvIDu38BnCGQ"} true;
-    goto $main$__2__$baAsuX2xSiqbUG_8VReSNg;
-  $main$__2__$baAsuX2xSiqbUG_8VReSNg:
-    assume {:captureState "$main$__2__$baAsuX2xSiqbUG_8VReSNg"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1:
+    assume (!(R8_3 == 0bv32));
+    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1_phi_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg, $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1_phi_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1_phi_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ:
+    R8_9, Gamma_R8_9 := 1bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1_phi_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg:
+    R8_14, Gamma_R8_14 := 1bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0:
+    assume (R8_3 == 0bv32);
+    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ, $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg:
+    R8_14, Gamma_R8_14 := 0bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg:
+    assume (R8_14[1:0] == 1bv1);
+    R8_15, Gamma_R8_15 := R8_14, Gamma_R8_14;
+    goto $main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0_phi_back_$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ:
+    R8_9, Gamma_R8_9 := 0bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ;
+  $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ:
+    assume (!(R8_9[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_11, Gamma_R8_11 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1928$0"} true;
+    R8_12, Gamma_R8_12 := zero_extend32_32(memory_load32_le(mem, R8_11)), (gamma_load32(Gamma_mem, R8_11) || L(mem, R8_11));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_12[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_12);
+    R8_15, Gamma_R8_15 := R8_12, Gamma_R8_12;
     goto $main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg;
   $main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg:
-    assume {:captureState "$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
-  $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg:
-    assume {:captureState "$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg;
-  $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ:
-    assume {:captureState "$main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$~AKjztrcRfKvIDu38BnCGQ;
-  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0:
-    assume {:captureState "$main$__0__$GWWZBuKKQM26VofqjYL7Vw$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg, $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ;
-  $main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1:
-    assume {:captureState "$main$__0__$GWWZBuKKQM26VofqjYL7Vw$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__3__$Tg~76Xl4R9iLF7N7aFS1Lg, $main$__0__$GWWZBuKKQM26VofqjYL7Vw_goto_$main$__1__$~AKjztrcRfKvIDu38BnCGQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_15;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_15;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read.expected b/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read.expected
index 78970f6a4..ebc3781bb 100644
--- a/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read.expected
+++ b/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -106,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1888bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1889bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1890bv64) == 2bv8);
@@ -117,50 +108,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_3: bv32;
+  var R0_6: bv32;
+  var R0_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002ed"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    assert Gamma_R0_3;
     goto lmain_goto_l0000031b, lmain_goto_l00000332;
-  l00000332:
-    assume {:captureState "l00000332"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+  lmain_goto_l00000332:
+    assume (R0_3 == 0bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000034a"} true;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_6), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_6);
     goto l0000031b;
-  l0000031b:
-    assume {:captureState "l0000031b"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l0000031b:
-    assume {:captureState "lmain_goto_l0000031b"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_3 == 0bv32));
     goto l0000031b;
-  lmain_goto_l00000332:
-    assume {:captureState "lmain_goto_l00000332"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000332;
+  l0000031b:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read_gtirb.expected b/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read_gtirb.expected
index a85f2dc3f..a59e236eb 100644
--- a/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read_gtirb.expected
+++ b/src/test/correct/basic_lock_security_read/gcc/basic_lock_security_read_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -92,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -104,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1888bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1889bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1890bv64) == 2bv8);
@@ -115,50 +108,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$5: bv32;
-  var Gamma_Cse0__5$0$5: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_3: bv32;
+  var R0_6: bv32;
+  var R0_7: bv64;
   $main$__0__$A6BkCpHoRvCUlmC~AxLCrg:
-    assume {:captureState "$main$__0__$A6BkCpHoRvCUlmC~AxLCrg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$0$5, Gamma_Cse0__5$0$5 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$5, Cse0__5$0$5)), Gamma_Cse0__5$0$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$5, 0bv32), Gamma_Cse0__5$0$5;
-    NF, Gamma_NF := Cse0__5$0$5[32:31], Gamma_Cse0__5$0$5;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    assert Gamma_R0_3;
     goto $main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__2__$R75hxt8lSuS~GSZvHdnsxA, $main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__1__$iUKQJOs9SUeP0UPwnOWoOA;
-  $main$__1__$iUKQJOs9SUeP0UPwnOWoOA:
-    assume {:captureState "$main$__1__$iUKQJOs9SUeP0UPwnOWoOA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+  $main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__1__$iUKQJOs9SUeP0UPwnOWoOA:
+    assume (R0_3 == 0bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1852$0"} true;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_6), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_6);
     goto $main$__2__$R75hxt8lSuS~GSZvHdnsxA;
-  $main$__2__$R75hxt8lSuS~GSZvHdnsxA:
-    assume {:captureState "$main$__2__$R75hxt8lSuS~GSZvHdnsxA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__2__$R75hxt8lSuS~GSZvHdnsxA:
-    assume {:captureState "$main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__2__$R75hxt8lSuS~GSZvHdnsxA"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_3 == 0bv32));
     goto $main$__2__$R75hxt8lSuS~GSZvHdnsxA;
-  $main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__1__$iUKQJOs9SUeP0UPwnOWoOA:
-    assume {:captureState "$main$__0__$A6BkCpHoRvCUlmC~AxLCrg_goto_$main$__1__$iUKQJOs9SUeP0UPwnOWoOA"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$iUKQJOs9SUeP0UPwnOWoOA;
+  $main$__2__$R75hxt8lSuS~GSZvHdnsxA:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read.expected b/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read.expected
index 8c6b8310d..b0cc72aea 100644
--- a/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read.expected
+++ b/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -15,8 +9,6 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -72,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -93,35 +85,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1_3: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R1_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 20bv64)) || L(mem, bvadd64(R1, 20bv64)));
-    assert Gamma_R1;
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R1_3;
     goto lmain_goto_l000001c2, lmain_goto_l0000039c;
-  l0000039c:
-    assume {:captureState "l0000039c"} true;
+  lmain_goto_l0000039c:
+    assume (R1_3[32:0] == 0bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R0_4, Gamma_R0_4 := R0_2, Gamma_R0_2;
     goto l000001c2;
-  l000001c2:
-    assume {:captureState "l000001c2"} true;
-    goto main_basil_return;
   lmain_goto_l000001c2:
-    assume {:captureState "lmain_goto_l000001c2"} true;
-    assume (bvnot1(bvcomp32(R1[32:0], 0bv32)) != 0bv1);
+    assume (!(R1_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto l000001c2;
-  lmain_goto_l0000039c:
-    assume {:captureState "lmain_goto_l0000039c"} true;
-    assume (bvnot1(bvcomp32(R1[32:0], 0bv32)) == 0bv1);
-    goto l0000039c;
+  l000001c2:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := R0_4, R1_3, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := Gamma_R0_4, Gamma_R1_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read_gtirb.expected b/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read_gtirb.expected
index 82e9c9896..42dbf22e7 100644
--- a/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read_gtirb.expected
+++ b/src/test/correct/basic_lock_security_read/gcc_O2/basic_lock_security_read_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -70,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -91,35 +85,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1_3: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R1_3: bv64;
   $main$__0__$NPnP15ImRqqyNleAnPQz~w:
-    assume {:captureState "$main$__0__$NPnP15ImRqqyNleAnPQz~w"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 20bv64)) || L(mem, bvadd64(R1, 20bv64)));
-    assert Gamma_R1;
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R1_3;
     goto $main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg, $main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__1__$3ldkocbySLOQC5WZlsP7tA;
-  $main$__1__$3ldkocbySLOQC5WZlsP7tA:
-    assume {:captureState "$main$__1__$3ldkocbySLOQC5WZlsP7tA"} true;
+  $main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__1__$3ldkocbySLOQC5WZlsP7tA:
+    assume (R1_3[32:0] == 0bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R0_4, Gamma_R0_4 := R0_2, Gamma_R0_2;
     goto $main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg;
-  $main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg:
-    assume {:captureState "$main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg"} true;
-    goto main_basil_return;
   $main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg:
-    assume {:captureState "$main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg"} true;
-    assume ((R1[32:0] == 0bv32) == false);
+    assume (!(R1_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto $main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg;
-  $main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__1__$3ldkocbySLOQC5WZlsP7tA:
-    assume {:captureState "$main$__0__$NPnP15ImRqqyNleAnPQz~w_goto_$main$__1__$3ldkocbySLOQC5WZlsP7tA"} true;
-    assume (!((R1[32:0] == 0bv32) == false));
-    goto $main$__1__$3ldkocbySLOQC5WZlsP7tA;
+  $main$__2__$OHqj~6C8Tc6ePz3jNp~0Hg:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := R0_4, R1_3, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := Gamma_R0_4, Gamma_R1_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read.expected b/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read.expected
index e509b20d8..6781e2135 100644
--- a/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read.expected
+++ b/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -38,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -54,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1952bv64) == 1bv8);
@@ -114,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1952bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1953bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1954bv64) == 2bv8);
@@ -127,52 +118,43 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002ed"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    assert Gamma_R0_3;
     goto lmain_goto_l0000031c, lmain_goto_l00000333;
-  l00000333:
-    assume {:captureState "l00000333"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  lmain_goto_l00000333:
+    assume (R0_3 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000034c"} true;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_6), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_6);
     goto l0000031c;
-  l0000031c:
-    assume {:captureState "l0000031c"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l0000031c:
-    assume {:captureState "lmain_goto_l0000031c"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_3 == 0bv32));
     goto l0000031c;
-  lmain_goto_l00000333:
-    assume {:captureState "lmain_goto_l00000333"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000333;
+  l0000031c:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read_gtirb.expected b/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read_gtirb.expected
index edf6b0af5..497d6028d 100644
--- a/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read_gtirb.expected
+++ b/src/test/correct/basic_lock_security_read/gcc_pic/basic_lock_security_read_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else (if (index == $z_addr) then true else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -98,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)) && (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1952bv64) == 1bv8);
@@ -112,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1952bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1953bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1954bv64) == 2bv8);
@@ -125,52 +118,43 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$2$5: bv32;
-  var Gamma_Cse0__5$2$5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_7: bv64;
   $main$__0__$kxbde5aJTTep7x_NHw4tDw:
-    assume {:captureState "$main$__0__$kxbde5aJTTep7x_NHw4tDw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$2$5, Gamma_Cse0__5$2$5 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$2$5, Cse0__5$2$5)), Gamma_Cse0__5$2$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$2$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$5, 0bv32), Gamma_Cse0__5$2$5;
-    NF, Gamma_NF := Cse0__5$2$5[32:31], Gamma_Cse0__5$2$5;
-    assert Gamma_ZF;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    assert Gamma_R0_3;
     goto $main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__2__$ENOb69xvTsOc7YJFk65Gug, $main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__1__$MrPOp6w3Rd2CG29w9Oykog;
-  $main$__1__$MrPOp6w3Rd2CG29w9Oykog:
-    assume {:captureState "$main$__1__$MrPOp6w3Rd2CG29w9Oykog"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__1__$MrPOp6w3Rd2CG29w9Oykog:
+    assume (R0_3 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1916$0"} true;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_6), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_6);
     goto $main$__2__$ENOb69xvTsOc7YJFk65Gug;
-  $main$__2__$ENOb69xvTsOc7YJFk65Gug:
-    assume {:captureState "$main$__2__$ENOb69xvTsOc7YJFk65Gug"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__2__$ENOb69xvTsOc7YJFk65Gug:
-    assume {:captureState "$main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__2__$ENOb69xvTsOc7YJFk65Gug"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_3 == 0bv32));
     goto $main$__2__$ENOb69xvTsOc7YJFk65Gug;
-  $main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__1__$MrPOp6w3Rd2CG29w9Oykog:
-    assume {:captureState "$main$__0__$kxbde5aJTTep7x_NHw4tDw_goto_$main$__1__$MrPOp6w3Rd2CG29w9Oykog"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$MrPOp6w3Rd2CG29w9Oykog;
+  $main$__2__$ENOb69xvTsOc7YJFk65Gug:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write.expected b/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write.expected
index 18d97f346..059c8e972 100644
--- a/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write.expected
+++ b/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,10 +87,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1884bv64) == 1bv8);
@@ -98,8 +101,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1884bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1885bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -109,61 +110,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002ea"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assert ((bvadd64(R8, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002fc"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R10);
+    assert (L(mem, 69688bv64) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R10);
-    assert ((bvadd64(R9, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_1);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000310"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), true);
-    assert ((bvadd64(R9, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%0000031c"} true;
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> true);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), true);
-    assert ((bvadd64(R8, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000323"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write_gtirb.expected b/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write_gtirb.expected
index 02034dd80..d156e24e3 100644
--- a/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write_gtirb.expected
+++ b/src/test/correct/basic_lock_security_write/clang/basic_lock_security_write_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,10 +87,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1884bv64) == 1bv8);
@@ -98,8 +101,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1884bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1885bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -109,61 +110,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$FB2GGPd7Q9mrOdXSs0peag:
-    assume {:captureState "$main$__0__$FB2GGPd7Q9mrOdXSs0peag"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assert ((bvadd64(R8, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1828$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R10);
+    assert (L(mem, 69688bv64) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R10);
-    assert ((bvadd64(R9, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_1);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1840$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), true);
-    assert ((bvadd64(R9, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1848$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> true);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), true);
-    assert ((bvadd64(R8, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1852$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write.expected b/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write.expected
index a161c995d..728a7ae92 100644
--- a/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write.expected
+++ b/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -90,10 +93,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
@@ -106,8 +109,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -119,65 +120,60 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_3: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R9_3: bv64;
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002f2"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R9, Gamma_R9 := 1bv64, true;
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
+    assert (L(mem, R8_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 1bv32), gamma_store32(Gamma_mem, R8_2, true);
+    assert ((R8_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%0000030b"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R10[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R10);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R10_1[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R10_1);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000326"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, R9) ==> true);
+    assert (L(mem, R9_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, 0bv32), gamma_store32(Gamma_mem, R9, true);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 0bv32), gamma_store32(Gamma_mem, R9_3, true);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000332"} true;
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 0bv32), gamma_store32(Gamma_mem, R8_2, true);
+    assert ((R8_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000339"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_2, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_2, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write_gtirb.expected b/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write_gtirb.expected
index 151193748..77b115794 100644
--- a/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write_gtirb.expected
+++ b/src/test/correct/basic_lock_security_write/clang_pic/basic_lock_security_write_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -90,10 +93,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
@@ -106,8 +109,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -119,65 +120,60 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_3: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R9_3: bv64;
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$cNrtTmfQST221cdIXFneVA:
-    assume {:captureState "$main$__0__$cNrtTmfQST221cdIXFneVA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R9, Gamma_R9 := 1bv64, true;
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
+    assert (L(mem, R8_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 1bv32), gamma_store32(Gamma_mem, R8_2, true);
+    assert ((R8_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1896$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R10[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R10);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R10_1[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R10_1);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, R9) ==> true);
+    assert (L(mem, R9_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, 0bv32), gamma_store32(Gamma_mem, R9, true);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 0bv32), gamma_store32(Gamma_mem, R9_3, true);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1920$0"} true;
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 0bv32), gamma_store32(Gamma_mem, R8_2, true);
+    assert ((R8_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1924$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_2, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_2, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write.expected b/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write.expected
index 58316b080..0b55ea73c 100644
--- a/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write.expected
+++ b/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,10 +87,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1908bv64) == 1bv8);
@@ -94,8 +101,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1908bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1909bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1910bv64) == 2bv8);
@@ -105,67 +110,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R1_2: bv64;
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000302"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%0000031a"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000334"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000346"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000358"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write_gtirb.expected b/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write_gtirb.expected
index b09f64f99..37eb25a58 100644
--- a/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write_gtirb.expected
+++ b/src/test/correct/basic_lock_security_write/gcc/basic_lock_security_write_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,10 +87,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1908bv64) == 1bv8);
@@ -94,8 +101,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1908bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1909bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1910bv64) == 2bv8);
@@ -105,67 +110,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R1_2: bv64;
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$XOlsS5A6TQOpBXsOQtuFIA:
-    assume {:captureState "$main$__0__$XOlsS5A6TQOpBXsOQtuFIA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1860$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1872$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write.expected b/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write.expected
index e9c34ead8..72b354a05 100644
--- a/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write.expected
+++ b/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -26,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -86,10 +93,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1972bv64) == 1bv8);
@@ -102,8 +109,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1972bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1973bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1974bv64) == 2bv8);
@@ -115,71 +120,68 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv64;
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000302"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%0000031b"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    assert ((R0_5 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000336"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_7) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
+    assert ((R0_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%00000349"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_9) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_9, 0bv32), gamma_store32(Gamma_mem, R0_9, true);
+    assert ((R0_9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%0000035c"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write_gtirb.expected b/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write_gtirb.expected
index b955f39f5..e0a0dc41f 100644
--- a/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write_gtirb.expected
+++ b/src/test/correct/basic_lock_security_write/gcc_pic/basic_lock_security_write_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -26,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -86,10 +93,10 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (memory_load32_le(mem, $z_addr) != 0bv32);
-  requires (Gamma_R0 == false);
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1972bv64) == 1bv8);
@@ -102,8 +109,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1972bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1973bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1974bv64) == 2bv8);
@@ -115,71 +120,68 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv64;
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$j~RmZ1FYSBm9ctVNQYcBtw:
-    assume {:captureState "$main$__0__$j~RmZ1FYSBm9ctVNQYcBtw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    assert ((R0_5 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_7) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
+    assert ((R0_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1924$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_9) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_9, 0bv32), gamma_store32(Gamma_mem, R0_9, true);
+    assert ((R0_9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1936$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock.expected b/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock.expected
index de81ded1c..f06e0a147 100644
--- a/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock.expected
+++ b/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -95,33 +102,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002d6"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002e7"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock_gtirb.expected b/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock_gtirb.expected
index 06d4ae629..a580b1b3c 100644
--- a/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock_gtirb.expected
+++ b/src/test/correct/basic_lock_unlock/clang/basic_lock_unlock_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -95,33 +102,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$coGSV8OXQlKjGr7fs6hIYw:
-    assume {:captureState "$main$__0__$coGSV8OXQlKjGr7fs6hIYw"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1820$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1832$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock.expected b/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock.expected
index 652cd6a09..63d9058f6 100644
--- a/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock.expected
+++ b/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -79,8 +86,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -105,37 +112,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_4: bool;
+  var Gamma_R9_3: bool;
+  var R8_4: bv64;
+  var R9_3: bv64;
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002e5"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R0, Gamma_R0 := 0bv64, true;
+    R8_4, Gamma_R8_4 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_4) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_4, 0bv32), gamma_store32(Gamma_mem, R8_4, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002fd"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock_gtirb.expected b/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock_gtirb.expected
index 923456543..3edecb5a7 100644
--- a/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock_gtirb.expected
+++ b/src/test/correct/basic_lock_unlock/clang_pic/basic_lock_unlock_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -79,8 +86,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -105,37 +112,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_4: bool;
+  var Gamma_R9_3: bool;
+  var R8_4: bv64;
+  var R9_3: bv64;
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$o1i8tH7ZQJKzGeXslZGxww:
-    assume {:captureState "$main$__0__$o1i8tH7ZQJKzGeXslZGxww"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1888$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R0, Gamma_R0 := 0bv64, true;
+    R8_4, Gamma_R8_4 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_4) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_4, 0bv32), gamma_store32(Gamma_mem, R8_4, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1904$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock.expected b/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock.expected
index a65434ffb..b49481955 100644
--- a/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock.expected
+++ b/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -93,35 +102,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002e4"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002f6"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock_gtirb.expected b/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock_gtirb.expected
index dd838e366..5b96b742c 100644
--- a/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock_gtirb.expected
+++ b/src/test/correct/basic_lock_unlock/gcc/basic_lock_unlock_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -93,35 +102,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$Rto88S8uQGavFIfjSKtjNg:
-    assume {:captureState "$main$__0__$Rto88S8uQGavFIfjSKtjNg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock.expected b/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock.expected
index e05f293a4..159056e96 100644
--- a/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock.expected
+++ b/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -17,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -75,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R2, R3, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -97,33 +102,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R3, Gamma_R3 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R3);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R3);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000001c3"} true;
     call rely();
-    assert (L(mem, bvadd64(R2, 4bv64)) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 4bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R2, 4bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000001ca"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out := 0bv64, 69632bv64, 69652bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out := true, true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock_gtirb.expected b/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock_gtirb.expected
index 59bd7e039..702cdf96e 100644
--- a/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock_gtirb.expected
+++ b/src/test/correct/basic_lock_unlock/gcc_O2/basic_lock_unlock_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -17,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -75,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R2, R3, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -97,33 +102,27 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$THM0T_BARlWyFvHws4y5Sw:
-    assume {:captureState "$main$__0__$THM0T_BARlWyFvHws4y5Sw"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R3, Gamma_R3 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R3);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R3);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1552$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R2, 4bv64)) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 4bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R2, 4bv64), true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1556$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out := 0bv64, 69632bv64, 69652bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out := true, true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock.expected b/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock.expected
index 25a9043d3..c80bf993a 100644
--- a/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock.expected
+++ b/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +86,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -103,37 +112,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
   var x_old: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002e5"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_5) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, 0bv32), gamma_store32(Gamma_mem, R0_5, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "%000002f8"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock_gtirb.expected b/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock_gtirb.expected
index 94a34679d..b04de88e8 100644
--- a/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock_gtirb.expected
+++ b/src/test/correct/basic_lock_unlock/gcc_pic/basic_lock_unlock_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +86,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr))));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $z_addr) == 1bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -103,37 +112,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
   var x_old: bv32;
   var z_old: bv32;
   $main$__0__$hORBC0L8TymPxLxjwBXKWQ:
-    assume {:captureState "$main$__0__$hORBC0L8TymPxLxjwBXKWQ"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_5) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, 0bv32), gamma_store32(Gamma_mem, R0_5, true);
     assert ((z_old == 0bv32) ==> ((memory_load32_le(mem, $x_addr) == x_old) && (memory_load32_le(mem, $z_addr) == z_old)));
-    assume {:captureState "1900$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/clang/basic_loop_assign.expected b/src/test/correct/basic_loop_assign/clang/basic_loop_assign.expected
index 619574ba1..e65b0e38a 100644
--- a/src/test/correct/basic_loop_assign/clang/basic_loop_assign.expected
+++ b/src/test/correct/basic_loop_assign/clang/basic_loop_assign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,10 +7,23 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -96,23 +103,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 20bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 20bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "%000002ce"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 20bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/clang/basic_loop_assign_gtirb.expected b/src/test/correct/basic_loop_assign/clang/basic_loop_assign_gtirb.expected
index 09495b51b..f8dbb8758 100644
--- a/src/test/correct/basic_loop_assign/clang/basic_loop_assign_gtirb.expected
+++ b/src/test/correct/basic_loop_assign/clang/basic_loop_assign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,10 +7,23 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -96,23 +103,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   $main$__0__$L_e50MLRSa~d2P~wAEs2UA:
-    assume {:captureState "$main$__0__$L_e50MLRSa~d2P~wAEs2UA"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 20bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 20bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 20bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign.expected b/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign.expected
index 774f8bda5..1e15f00b4 100644
--- a/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign.expected
+++ b/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,14 +7,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -103,25 +110,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 20bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 20bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 20bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign_gtirb.expected b/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign_gtirb.expected
index bb96a23c0..7cd51fcf8 100644
--- a/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign_gtirb.expected
+++ b/src/test/correct/basic_loop_assign/clang_pic/basic_loop_assign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,14 +7,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -103,25 +110,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var x_old: bv32;
   $main$__0__$MX_GEJThQOiJAxGVoE4EUA:
-    assume {:captureState "$main$__0__$MX_GEJThQOiJAxGVoE4EUA"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 20bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 20bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 20bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/gcc/basic_loop_assign.expected b/src/test/correct/basic_loop_assign/gcc/basic_loop_assign.expected
index 03d3a3556..a05d312a5 100644
--- a/src/test/correct/basic_loop_assign/gcc/basic_loop_assign.expected
+++ b/src/test/correct/basic_loop_assign/gcc/basic_loop_assign.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,10 +7,23 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -94,24 +103,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 20bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 20bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "%000002d8"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 20bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/gcc/basic_loop_assign_gtirb.expected b/src/test/correct/basic_loop_assign/gcc/basic_loop_assign_gtirb.expected
index f01e436af..528330881 100644
--- a/src/test/correct/basic_loop_assign/gcc/basic_loop_assign_gtirb.expected
+++ b/src/test/correct/basic_loop_assign/gcc/basic_loop_assign_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,10 +7,23 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -94,24 +103,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   $main$__0__$p4UERrmhRwu7KcaoTRPNUg:
-    assume {:captureState "$main$__0__$p4UERrmhRwu7KcaoTRPNUg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 20bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 20bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 20bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign.expected b/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign.expected
index 3b2cc89e6..aeddf3d0e 100644
--- a/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign.expected
+++ b/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,10 +7,23 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -96,23 +103,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 20bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 20bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "%000001bd"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 20bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign_gtirb.expected b/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign_gtirb.expected
index 2b0945da1..59ace4afa 100644
--- a/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign_gtirb.expected
+++ b/src/test/correct/basic_loop_assign/gcc_O2/basic_loop_assign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,10 +7,23 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -96,23 +103,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var x_old: bv32;
   $main$__0__$tffdqh2YTRCyJnOTdD6cPQ:
-    assume {:captureState "$main$__0__$tffdqh2YTRCyJnOTdD6cPQ"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 20bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 20bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "1548$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 20bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign.expected b/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign.expected
index 026236fd8..dce72a965 100644
--- a/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign.expected
+++ b/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,14 +7,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -101,25 +110,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 20bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 20bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 20bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign_gtirb.expected b/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign_gtirb.expected
index 89072a4ba..6219f4716 100644
--- a/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign_gtirb.expected
+++ b/src/test/correct/basic_loop_assign/gcc_pic/basic_loop_assign_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,14 +7,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvslt"} bvslt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (memory_load32_le(mem, $x_addr) == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(memory_load32_le(mem, $x_addr), 10bv32)));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (memory_load32_le(mem, $x_addr) == 0bv32);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -101,25 +110,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var x_old: bv32;
   $main$__0__$~IFbIe1LSOiw4wk6mEI7Ig:
-    assume {:captureState "$main$__0__$~IFbIe1LSOiw4wk6mEI7Ig"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 20bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 20bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert (((memory_load32_le(mem, $x_addr) == x_old) || ((memory_load32_le(mem, $x_addr) == 20bv32) && (x_old == 0bv32))) || ((memory_load32_le(mem, $x_addr) == 20bv32) && bvsle32(x_old, 10bv32)));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 20bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation.expected b/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation.expected
index e2c00441a..aa0cbc1e6 100644
--- a/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation.expected
+++ b/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation.expected
@@ -1,50 +1,43 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1952bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot32(bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvneg"} bvneg32(bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvor"} bvor32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvsdiv"} bvsdiv33(bv33, bv33) returns (bv33);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
 function {:extern} {:bvbuiltin "bvxor"} bvxor32(bv32, bv32) returns (bv32);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -60,15 +53,14 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -99,8 +91,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R10, R31, R8, R9, VF, ZF, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1952bv64) == 1bv8);
@@ -111,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1952bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1953bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1954bv64) == 2bv8);
@@ -122,81 +112,72 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var R10_1: bv64;
+  var R8_1: bv32;
+  var R8_10: bv32;
+  var R8_13: bv64;
+  var R8_4: bv32;
+  var R8_5: bv32;
+  var R8_6: bv32;
+  var R8_7: bv32;
+  var R9_1: bv32;
+  var R9_2: bv32;
+  var R9_3: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    R8, Gamma_R8 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "%00000338"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R8);
-    assume {:captureState "%00000340"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "%00000348"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%00000355"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000362"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := zero_extend32_32(bvxor32(R8[32:0], R9[32:0])), (Gamma_R9 && Gamma_R8);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%0000037f"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    R8, Gamma_R8 := zero_extend32_32(bvor32(R8[32:0], R9[32:0])), (Gamma_R9 && Gamma_R8);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%0000039c"} true;
-    R8, Gamma_R8 := 30bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%000003a9"} true;
-    R8, Gamma_R8 := 17bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%000003b6"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    assert Gamma_R10;
+    R8_1, Gamma_R8_1 := R0_in[32:0], Gamma_R0_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R8_4, Gamma_R8_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R9_1, Gamma_R9_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    R8_5, Gamma_R8_5 := bvxor32(R8_4, R9_1), (Gamma_R9_1 && Gamma_R8_4);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), R8_5), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_R8_5);
+    R8_6, Gamma_R8_6 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R9_2, Gamma_R9_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    R8_7, Gamma_R8_7 := bvor32(R8_6, R9_2), (Gamma_R9_2 && Gamma_R8_6);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_7), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_7);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 30bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 17bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R8_10, Gamma_R8_10 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    assert Gamma_R10_1;
     goto lmain_goto_l000003c9, lmain_goto_l000003ce;
-  l000003ce:
-    assume {:captureState "l000003ce"} true;
-    R9, Gamma_R9 := zero_extend32_32(bvsdiv33(sign_extend1_32(R8[32:0]), sign_extend1_32(R10[32:0]))[32:0]), (Gamma_R10 && Gamma_R8);
+  lmain_goto_l000003ce:
+    assume (!(R10_1[32:0] == 0bv32));
+    R9_3, Gamma_R9_3 := zero_extend32_32(bvsdiv33(sign_extend1_32(R8_10), sign_extend1_32(R10_1[32:0]))[32:0]), (Gamma_R10_1 && Gamma_R8_10);
+    R9_6, Gamma_R9_6 := R9_3, Gamma_R9_3;
     goto l000003d1;
-  l000003c9:
-    assume {:captureState "l000003c9"} true;
-    R9, Gamma_R9 := 0bv64, true;
+  lmain_goto_l000003c9:
+    assume (R10_1[32:0] == 0bv32);
+    R9_6, Gamma_R9_6 := 0bv64, true;
     goto l000003d1;
   l000003d1:
-    assume {:captureState "l000003d1"} true;
-    R9, Gamma_R9 := zero_extend32_32(bvmul64(zero_extend32_32(R9[32:0]), zero_extend32_32(R10[32:0]))[32:0]), (Gamma_R10 && Gamma_R9);
-    #4, Gamma_#4 := bvnot32(R9[32:0]), Gamma_R9;
-    #5, Gamma_#5 := bvadd32(R8[32:0], bvnot32(R9[32:0])), (Gamma_R9 && Gamma_R8);
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(bvadd33(sign_extend1_32(R8[32:0]), sign_extend1_32(#4)), 1bv33))), (Gamma_#4 && (Gamma_R8 && Gamma_#5));
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(bvadd33(zero_extend1_32(R8[32:0]), zero_extend1_32(#4)), 1bv33))), (Gamma_#4 && (Gamma_R8 && Gamma_#5));
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#5, 1bv32)), Gamma_#5;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%00000407"} true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R9_7, Gamma_R9_7 := zero_extend32_32(bvmul64(zero_extend32_32(R9_6[32:0]), zero_extend32_32(R10_1[32:0]))[32:0]), (Gamma_R10_1 && Gamma_R9_6);
+    R8_13, Gamma_R8_13 := zero_extend32_32(bvadd32(R8_10, bvneg32(R9_7[32:0]))), (Gamma_R9_7 && Gamma_R8_10);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), R8_13[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_R8_13);
     goto main_basil_return;
-  lmain_goto_l000003c9:
-    assume {:captureState "lmain_goto_l000003c9"} true;
-    assume (bvcomp32(R10[32:0], 0bv32) != 0bv1);
-    goto l000003c9;
-  lmain_goto_l000003ce:
-    assume {:captureState "lmain_goto_l000003ce"} true;
-    assume (bvcomp32(R10[32:0], 0bv32) == 0bv1);
-    goto l000003ce;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_13, R9_7;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_13, Gamma_R9_7;
     return;
 }
 
diff --git a/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation_gtirb.expected b/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation_gtirb.expected
index bd0a36ae5..260c708bd 100644
--- a/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation_gtirb.expected
+++ b/src/test/correct/basic_operation_evaluation/clang/basic_operation_evaluation_gtirb.expected
@@ -1,50 +1,43 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1952bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot32(bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvneg"} bvneg32(bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvor"} bvor32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvsdiv"} bvsdiv33(bv33, bv33) returns (bv33);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
 function {:extern} {:bvbuiltin "bvxor"} bvxor32(bv32, bv32) returns (bv32);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -60,15 +53,14 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -99,8 +91,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R10, R31, R8, R9, VF, ZF, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1952bv64) == 1bv8);
@@ -111,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1952bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1953bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1954bv64) == 2bv8);
@@ -122,75 +112,72 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$26: bv32;
-  var Cse2__5$0$26: bv32;
-  var Gamma_Cse0__5$0$26: bool;
-  var Gamma_Cse2__5$0$26: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var R10_1: bv64;
+  var R8_1: bv32;
+  var R8_10: bv32;
+  var R8_13: bv64;
+  var R8_4: bv32;
+  var R8_5: bv32;
+  var R8_6: bv32;
+  var R8_7: bv32;
+  var R9_1: bv32;
+  var R9_2: bv32;
+  var R9_3: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
   $main$__0__$f_18rgXZQX6Lj31g4VI6BQ:
-    assume {:captureState "$main$__0__$f_18rgXZQX6Lj31g4VI6BQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    R8, Gamma_R8 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "1824$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "1832$0"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1840$0"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1848$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := zero_extend32_32(bvxor32(R8[32:0], R9[32:0])), (Gamma_R9 && Gamma_R8);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1864$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    R8, Gamma_R8 := zero_extend32_32(bvor32(R8[32:0], R9[32:0])), (Gamma_R9 && Gamma_R8);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 30bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1888$0"} true;
-    R8, Gamma_R8 := 17bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1896$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    assert Gamma_R10;
+    R8_1, Gamma_R8_1 := R0_in[32:0], Gamma_R0_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R8_4, Gamma_R8_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R9_1, Gamma_R9_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    R8_5, Gamma_R8_5 := bvxor32(R8_4, R9_1), (Gamma_R9_1 && Gamma_R8_4);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), R8_5), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_R8_5);
+    R8_6, Gamma_R8_6 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R9_2, Gamma_R9_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    R8_7, Gamma_R8_7 := bvor32(R8_6, R9_2), (Gamma_R9_2 && Gamma_R8_6);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_7), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_7);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 30bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 17bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R8_10, Gamma_R8_10 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    assert Gamma_R10_1;
     goto $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__0, $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__1;
-  $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__0:
-    assume {:captureState "$main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__0"} true;
-    assume (R10[32:0] == 0bv32);
-    R9, Gamma_R9 := 0bv64, true;
-    goto $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__2;
   $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__1:
-    assume {:captureState "$main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__1"} true;
-    assume (!(R10[32:0] == 0bv32));
-    R9, Gamma_R9 := zero_extend32_32(bvsdiv33(sign_extend1_32(R8[32:0]), sign_extend1_32(R10[32:0]))[32:0]), (Gamma_R10 && Gamma_R8);
+    assume (!(R10_1[32:0] == 0bv32));
+    R9_3, Gamma_R9_3 := zero_extend32_32(bvsdiv33(sign_extend1_32(R8_10), sign_extend1_32(R10_1[32:0]))[32:0]), (Gamma_R10_1 && Gamma_R8_10);
+    R9_6, Gamma_R9_6 := R9_3, Gamma_R9_3;
+    goto $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__2;
+  $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__0:
+    assume (R10_1[32:0] == 0bv32);
+    R9_6, Gamma_R9_6 := 0bv64, true;
     goto $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__2;
   $main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__2:
-    assume {:captureState "$main$__0__$f_18rgXZQX6Lj31g4VI6BQ$__2"} true;
-    R9, Gamma_R9 := zero_extend32_32(bvmul64(zero_extend32_32(R9[32:0]), zero_extend32_32(R10[32:0]))[32:0]), (Gamma_R10 && Gamma_R9);
-    Cse2__5$0$26, Gamma_Cse2__5$0$26 := bvnot32(R9[32:0]), Gamma_R9;
-    Cse0__5$0$26, Gamma_Cse0__5$0$26 := bvadd32(R8[32:0], bvnot32(R9[32:0])), (Gamma_R9 && Gamma_R8);
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(Cse0__5$0$26, 1bv32)), bvadd33(bvadd33(sign_extend1_32(R8[32:0]), sign_extend1_32(Cse2__5$0$26)), 1bv33))), (Gamma_Cse2__5$0$26 && (Gamma_R8 && Gamma_Cse0__5$0$26));
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(Cse0__5$0$26, 1bv32)), bvadd33(bvadd33(zero_extend1_32(R8[32:0]), zero_extend1_32(Cse2__5$0$26)), 1bv33))), (Gamma_Cse2__5$0$26 && (Gamma_R8 && Gamma_Cse0__5$0$26));
-    ZF, Gamma_ZF := bvcomp32(bvadd32(Cse0__5$0$26, 1bv32), 0bv32), Gamma_Cse0__5$0$26;
-    NF, Gamma_NF := bvadd32(Cse0__5$0$26, 1bv32)[32:31], Gamma_Cse0__5$0$26;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(Cse0__5$0$26, 1bv32)), Gamma_Cse0__5$0$26;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1920$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R9_7, Gamma_R9_7 := zero_extend32_32(bvmul64(zero_extend32_32(R9_6[32:0]), zero_extend32_32(R10_1[32:0]))[32:0]), (Gamma_R10_1 && Gamma_R9_6);
+    R8_13, Gamma_R8_13 := zero_extend32_32(bvadd32(R8_10, bvneg32(R9_7[32:0]))), (Gamma_R9_7 && Gamma_R8_10);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), R8_13[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_R8_13);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_13, R9_7;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_13, Gamma_R9_7;
     return;
 }
 
diff --git a/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation.expected b/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation.expected
index c51655fb8..9ec8ec7de 100644
--- a/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation.expected
+++ b/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation.expected
@@ -1,35 +1,43 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1948bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvnot"} bvnot32(bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvneg"} bvneg32(bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvor"} bvor32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvsdiv"} bvsdiv33(bv33, bv33) returns (bv33);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
 function {:extern} {:bvbuiltin "bvxor"} bvxor32(bv32, bv32) returns (bv32);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -45,11 +53,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
@@ -83,8 +91,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R31, Gamma_stack, R0, R1, R2, R31, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1948bv64) == 1bv8);
@@ -95,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1948bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1949bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1950bv64) == 2bv8);
@@ -106,69 +112,71 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_4: bool;
+  var R0_10: bv32;
+  var R0_13: bv32;
+  var R0_4: bv32;
+  var R0_5: bv32;
+  var R0_6: bv32;
+  var R0_7: bv32;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv32;
+  var R1_5: bv32;
+  var R1_6: bv64;
+  var R2_1: bv64;
+  var R2_4: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000032a"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R1), gamma_store64(Gamma_stack, R31, Gamma_R1);
-    assume {:captureState "%00000332"} true;
-    R0, Gamma_R0 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R0);
-    assume {:captureState "%0000033f"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%0000034c"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvxor32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000369"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvor32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000386"} true;
-    R0, Gamma_R0 := 30bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R0);
-    assume {:captureState "%00000393"} true;
-    R0, Gamma_R0 := 17bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%000003a0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    assert Gamma_R1;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R1_2, Gamma_R1_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    R0_4, Gamma_R0_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_5, Gamma_R0_5 := bvxor32(R1_2, R0_4), (Gamma_R0_4 && Gamma_R1_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_5), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_5);
+    R1_3, Gamma_R1_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    R0_6, Gamma_R0_6 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_7, Gamma_R0_7 := bvor32(R1_3, R0_6), (Gamma_R0_6 && Gamma_R1_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_7), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_7);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 30bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 17bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_10, Gamma_R0_10 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    R1_4, Gamma_R1_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R1_4;
     goto lmain_goto_l000003b3, lmain_goto_l000003b8;
-  l000003b8:
-    assume {:captureState "l000003b8"} true;
-    R2, Gamma_R2 := zero_extend32_32(bvsdiv33(sign_extend1_32(R0[32:0]), sign_extend1_32(R1[32:0]))[32:0]), (Gamma_R1 && Gamma_R0);
+  lmain_goto_l000003b8:
+    assume (!(R1_4 == 0bv32));
+    R2_1, Gamma_R2_1 := zero_extend32_32(bvsdiv33(sign_extend1_32(R0_10), sign_extend1_32(R1_4))[32:0]), (Gamma_R1_4 && Gamma_R0_10);
+    R2_4, Gamma_R2_4 := R2_1, Gamma_R2_1;
     goto l000003bb;
-  l000003b3:
-    assume {:captureState "l000003b3"} true;
-    R2, Gamma_R2 := 0bv64, true;
+  lmain_goto_l000003b3:
+    assume (R1_4 == 0bv32);
+    R2_4, Gamma_R2_4 := 0bv64, true;
     goto l000003bb;
   l000003bb:
-    assume {:captureState "l000003bb"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R1, Gamma_R1 := zero_extend32_32(bvmul64(zero_extend32_32(R2[32:0]), zero_extend32_32(R1[32:0]))[32:0]), (Gamma_R1 && Gamma_R2);
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(bvadd32(R0[32:0], bvnot32(R1[32:0])), 1bv32)), (Gamma_R1 && Gamma_R0);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%000003dc"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R1_5, Gamma_R1_5 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R1_6, Gamma_R1_6 := zero_extend32_32(bvmul64(zero_extend32_32(R2_4[32:0]), zero_extend32_32(R1_5))[32:0]), (Gamma_R1_5 && Gamma_R2_4);
+    R0_13, Gamma_R0_13 := bvadd32(R0_10, bvneg32(R1_6[32:0])), (Gamma_R1_6 && Gamma_R0_10);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_13), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_13);
     goto main_basil_return;
-  lmain_goto_l000003b3:
-    assume {:captureState "lmain_goto_l000003b3"} true;
-    assume (bvcomp32(R1[32:0], 0bv32) != 0bv1);
-    goto l000003b3;
-  lmain_goto_l000003b8:
-    assume {:captureState "lmain_goto_l000003b8"} true;
-    assume (bvcomp32(R1[32:0], 0bv32) == 0bv1);
-    goto l000003b8;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R31_out := 0bv64, R1_6, R2_4, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R31_out := true, Gamma_R1_6, Gamma_R2_4, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation_gtirb.expected b/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation_gtirb.expected
index c85b41e05..89d96ae52 100644
--- a/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation_gtirb.expected
+++ b/src/test/correct/basic_operation_evaluation/gcc/basic_operation_evaluation_gtirb.expected
@@ -1,34 +1,43 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1948bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvnot"} bvnot32(bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvneg"} bvneg32(bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvor"} bvor32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvsdiv"} bvsdiv33(bv33, bv33) returns (bv33);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
 function {:extern} {:bvbuiltin "bvxor"} bvxor32(bv32, bv32) returns (bv32);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -44,11 +53,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
@@ -82,8 +91,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R31, Gamma_stack, R0, R1, R2, R31, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1948bv64) == 1bv8);
@@ -94,8 +103,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1948bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1949bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1950bv64) == 2bv8);
@@ -105,63 +112,71 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_4: bool;
+  var R0_10: bv32;
+  var R0_13: bv32;
+  var R0_4: bv32;
+  var R0_5: bv32;
+  var R0_6: bv32;
+  var R0_7: bv32;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv32;
+  var R1_5: bv32;
+  var R1_6: bv64;
+  var R2_1: bv64;
+  var R2_4: bv64;
   $main$__0__$B9tkaGtQRX6xFjqGS87lEw:
-    assume {:captureState "$main$__0__$B9tkaGtQRX6xFjqGS87lEw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R1), gamma_store64(Gamma_stack, R31, Gamma_R1);
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1836$0"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvxor32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1852$0"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvor32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1868$0"} true;
-    R0, Gamma_R0 := 30bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R0);
-    assume {:captureState "1876$0"} true;
-    R0, Gamma_R0 := 17bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1884$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    assert Gamma_R1;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R1_2, Gamma_R1_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    R0_4, Gamma_R0_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_5, Gamma_R0_5 := bvxor32(R1_2, R0_4), (Gamma_R0_4 && Gamma_R1_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_5), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_5);
+    R1_3, Gamma_R1_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    R0_6, Gamma_R0_6 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_7, Gamma_R0_7 := bvor32(R1_3, R0_6), (Gamma_R0_6 && Gamma_R1_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_7), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_7);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 30bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 17bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_10, Gamma_R0_10 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    R1_4, Gamma_R1_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R1_4;
     goto $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__0, $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__1;
-  $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__0:
-    assume {:captureState "$main$__0__$B9tkaGtQRX6xFjqGS87lEw$__0"} true;
-    assume (R1[32:0] == 0bv32);
-    R2, Gamma_R2 := 0bv64, true;
-    goto $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__2;
   $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__1:
-    assume {:captureState "$main$__0__$B9tkaGtQRX6xFjqGS87lEw$__1"} true;
-    assume (!(R1[32:0] == 0bv32));
-    R2, Gamma_R2 := zero_extend32_32(bvsdiv33(sign_extend1_32(R0[32:0]), sign_extend1_32(R1[32:0]))[32:0]), (Gamma_R1 && Gamma_R0);
+    assume (!(R1_4 == 0bv32));
+    R2_1, Gamma_R2_1 := zero_extend32_32(bvsdiv33(sign_extend1_32(R0_10), sign_extend1_32(R1_4))[32:0]), (Gamma_R1_4 && Gamma_R0_10);
+    R2_4, Gamma_R2_4 := R2_1, Gamma_R2_1;
+    goto $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__2;
+  $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__0:
+    assume (R1_4 == 0bv32);
+    R2_4, Gamma_R2_4 := 0bv64, true;
     goto $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__2;
   $main$__0__$B9tkaGtQRX6xFjqGS87lEw$__2:
-    assume {:captureState "$main$__0__$B9tkaGtQRX6xFjqGS87lEw$__2"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R1, Gamma_R1 := zero_extend32_32(bvmul64(zero_extend32_32(R2[32:0]), zero_extend32_32(R1[32:0]))[32:0]), (Gamma_R1 && Gamma_R2);
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(bvadd32(R0[32:0], bvnot32(R1[32:0])), 1bv32)), (Gamma_R1 && Gamma_R0);
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R1_5, Gamma_R1_5 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R1_6, Gamma_R1_6 := zero_extend32_32(bvmul64(zero_extend32_32(R2_4[32:0]), zero_extend32_32(R1_5))[32:0]), (Gamma_R1_5 && Gamma_R2_4);
+    R0_13, Gamma_R0_13 := bvadd32(R0_10, bvneg32(R1_6[32:0])), (Gamma_R1_6 && Gamma_R0_10);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_13), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_13);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R31_out := 0bv64, R1_6, R2_4, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R31_out := true, Gamma_R1_6, Gamma_R2_4, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read.expected b/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read.expected
index 461154d55..6007195eb 100644
--- a/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read.expected
+++ b/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -96,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -108,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -119,74 +108,49 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_2: bv32;
+  var R8_4: bv32;
+  var R8_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f5"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000309"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_2);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_4, Gamma_R8_4 := memory_load32_le(mem, 69688bv64), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    assert Gamma_R8_4;
     goto lmain_goto_l00000336, lmain_goto_l00000339;
-  l00000339:
-    assume {:captureState "l00000339"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000339:
+    assume (R8_4 == 0bv32);
+    R8_9, Gamma_R8_9 := 1bv64, true;
     goto l0000033c;
-  l00000336:
-    assume {:captureState "l00000336"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000336:
+    assume (!(R8_4 == 0bv32));
+    R8_9, Gamma_R8_9 := 0bv64, true;
     goto l0000033c;
   l0000033c:
-    assume {:captureState "l0000033c"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_9;
     goto l0000033c_goto_l00000344, l0000033c_goto_l0000035b;
-  l0000035b:
-    assume {:captureState "l0000035b"} true;
-    goto l0000035c;
-  l0000035c:
-    assume {:captureState "l0000035c"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000364"} true;
+  l0000033c_goto_l0000035b:
+    assume (!(R8_9[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto l00000344;
-  l00000344:
-    assume {:captureState "l00000344"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000336:
-    assume {:captureState "lmain_goto_l00000336"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000336;
-  lmain_goto_l00000339:
-    assume {:captureState "lmain_goto_l00000339"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000339;
   l0000033c_goto_l00000344:
-    assume {:captureState "l0000033c_goto_l00000344"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_9[1:0] == 1bv1);
     goto l00000344;
-  l0000033c_goto_l0000035b:
-    assume {:captureState "l0000033c_goto_l0000035b"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000035b;
+  l00000344:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_9;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_9;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read_gtirb.expected b/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read_gtirb.expected
index 818a0a62d..51cd6dc62 100644
--- a/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_read/clang/basic_sec_policy_read_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -106,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -117,66 +108,66 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$1$7: bv32;
-  var Gamma_Cse0__5$1$7: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_2: bv32;
+  var R8_4: bv32;
   $main$__0__$WzLWYelmQTqUhds6mh5VTA:
-    assume {:captureState "$main$__0__$WzLWYelmQTqUhds6mh5VTA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_2);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    Cse0__5$1$7, Gamma_Cse0__5$1$7 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$7, Cse0__5$1$7)), Gamma_Cse0__5$1$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$7), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$1$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$7, 0bv32), Gamma_Cse0__5$1$7;
-    NF, Gamma_NF := Cse0__5$1$7[32:31], Gamma_Cse0__5$1$7;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$1$7), Gamma_Cse0__5$1$7;
-    assert Gamma_ZF;
+    R8_4, Gamma_R8_4 := memory_load32_le(mem, 69688bv64), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    assert Gamma_R8_4;
     goto $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0, $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1;
-  $main$__1__$dD2JwdxOSPSFx54LfUM9kw:
-    assume {:captureState "$main$__1__$dD2JwdxOSPSFx54LfUM9kw"} true;
-    goto $main$__2__$7JWI5TAPT9~RSSH4jlqpjg;
-  $main$__2__$7JWI5TAPT9~RSSH4jlqpjg:
-    assume {:captureState "$main$__2__$7JWI5TAPT9~RSSH4jlqpjg"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1856$0"} true;
-    goto $main$__3__$UK2k~hvfRbmxHh2j_afrRg;
-  $main$__3__$UK2k~hvfRbmxHh2j_afrRg:
-    assume {:captureState "$main$__3__$UK2k~hvfRbmxHh2j_afrRg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
+  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1:
+    assume (R8_4 == 0bv32);
+    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1_phi_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg, $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1_phi_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw;
+  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1_phi_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw:
+    R8_10, Gamma_R8_10 := 1bv64, true;
+    assert Gamma_R8_10;
+    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw;
+  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1_phi_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg;
+  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0:
+    assume (!(R8_4 == 0bv32));
+    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw, $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg;
+  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg;
   $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg:
-    assume {:captureState "$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg"} true;
-    assume (R8[1:0] == 1bv1);
+    assume (R8_12[1:0] == 1bv1);
+    R8_13, Gamma_R8_13 := R8_12, Gamma_R8_12;
     goto $main$__3__$UK2k~hvfRbmxHh2j_afrRg;
+  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0_phi_back_$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw:
+    R8_10, Gamma_R8_10 := 0bv64, true;
+    assert Gamma_R8_10;
+    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw;
   $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw:
-    assume {:captureState "$main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$dD2JwdxOSPSFx54LfUM9kw;
-  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__0:
-    assume {:captureState "$main$__0__$WzLWYelmQTqUhds6mh5VTA$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg, $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw;
-  $main$__0__$WzLWYelmQTqUhds6mh5VTA$__1:
-    assume {:captureState "$main$__0__$WzLWYelmQTqUhds6mh5VTA$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__3__$UK2k~hvfRbmxHh2j_afrRg, $main$__0__$WzLWYelmQTqUhds6mh5VTA_goto_$main$__1__$dD2JwdxOSPSFx54LfUM9kw;
+    assume (!(R8_10[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_13, Gamma_R8_13 := R8_10, Gamma_R8_10;
+    goto $main$__3__$UK2k~hvfRbmxHh2j_afrRg;
+  $main$__3__$UK2k~hvfRbmxHh2j_afrRg:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_13;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read.expected b/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read.expected
index d45dc06e1..11e000649 100644
--- a/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read.expected
+++ b/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read.expected
@@ -1,18 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -22,13 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -45,8 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -86,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, R9, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -107,46 +85,37 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R8_3: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R9_3, Gamma_R9_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto lmain_goto_l000002fa, lmain_goto_l000002fd;
-  l000002fd:
-    assume {:captureState "l000002fd"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002fd:
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto l00000300;
-  l000002fa:
-    assume {:captureState "l000002fa"} true;
-    R0, Gamma_R0 := zero_extend32_32(R9[32:0]), Gamma_R9;
+  lmain_goto_l000002fa:
+    assume (R8_3[32:0] == 0bv32);
+    R0_3, Gamma_R0_3 := zero_extend32_32(R9_3[32:0]), Gamma_R9_3;
+    R0_4, Gamma_R0_4 := R0_3, Gamma_R0_3;
     goto l00000300;
   l00000300:
-    assume {:captureState "l00000300"} true;
     goto main_basil_return;
-  lmain_goto_l000002fa:
-    assume {:captureState "lmain_goto_l000002fa"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000002fa;
-  lmain_goto_l000002fd:
-    assume {:captureState "lmain_goto_l000002fd"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000002fd;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := R0_4, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read_gtirb.expected b/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read_gtirb.expected
index 95b1fe31e..88664c0f7 100644
--- a/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_read/clang_O2/basic_sec_policy_read_gtirb.expected
@@ -1,18 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -22,12 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -44,7 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -84,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, R9, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1860bv64) == 1bv8);
@@ -105,37 +85,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$4: bv32;
-  var Gamma_Cse0__5$0$4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_3: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R8_3: bv64;
+  var R9_3: bv64;
   $main$__0__$a~U4vJBkTaO8Xfm888rzkw:
-    assume {:captureState "$main$__0__$a~U4vJBkTaO8Xfm888rzkw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    Cse0__5$0$4, Gamma_Cse0__5$0$4 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$4, Cse0__5$0$4)), Gamma_Cse0__5$0$4;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$4), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$4, 0bv32), Gamma_Cse0__5$0$4;
-    NF, Gamma_NF := Cse0__5$0$4[32:31], Gamma_Cse0__5$0$4;
-    assert Gamma_ZF;
+    R9_3, Gamma_R9_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto $main$__0__$a~U4vJBkTaO8Xfm888rzkw$__0, $main$__0__$a~U4vJBkTaO8Xfm888rzkw$__1;
-  $main$__0__$a~U4vJBkTaO8Xfm888rzkw$__0:
-    assume {:captureState "$main$__0__$a~U4vJBkTaO8Xfm888rzkw$__0"} true;
-    assume (ZF == 1bv1);
-    R0, Gamma_R0 := zero_extend32_32(R9[32:0]), Gamma_R9;
-    goto main_basil_return;
   $main$__0__$a~U4vJBkTaO8Xfm888rzkw$__1:
-    assume {:captureState "$main$__0__$a~U4vJBkTaO8Xfm888rzkw$__1"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := 0bv64, true;
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
+    goto main_basil_return;
+  $main$__0__$a~U4vJBkTaO8Xfm888rzkw$__0:
+    assume (R8_3[32:0] == 0bv32);
+    R0_3, Gamma_R0_3 := zero_extend32_32(R9_3[32:0]), Gamma_R9_3;
+    R0_4, Gamma_R0_4 := R0_3, Gamma_R0_3;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := R0_4, R8_3, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read.expected b/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read.expected
index cf1f9fc9c..d094da2f1 100644
--- a/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read.expected
+++ b/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -56,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -102,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
@@ -116,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -129,78 +118,57 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_5: bv64;
+  var R8_6: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002fd"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000318"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_3);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_5, Gamma_R8_5 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, R8_5), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
+    assert Gamma_R8_6;
     goto lmain_goto_l0000034c, lmain_goto_l0000034f;
-  l0000034f:
-    assume {:captureState "l0000034f"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000034f:
+    assume (R8_6 == 0bv32);
+    R8_11, Gamma_R8_11 := 1bv64, true;
     goto l00000352;
-  l0000034c:
-    assume {:captureState "l0000034c"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000034c:
+    assume (!(R8_6 == 0bv32));
+    R8_11, Gamma_R8_11 := 0bv64, true;
     goto l00000352;
   l00000352:
-    assume {:captureState "l00000352"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_11;
     goto l00000352_goto_l0000035a, l00000352_goto_l00000371;
-  l00000371:
-    assume {:captureState "l00000371"} true;
-    goto l00000372;
-  l00000372:
-    assume {:captureState "l00000372"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%0000037a"} true;
+  l00000352_goto_l00000371:
+    assume (!(R8_11[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto l0000035a;
-  l0000035a:
-    assume {:captureState "l0000035a"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l0000034c:
-    assume {:captureState "lmain_goto_l0000034c"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l0000034c;
-  lmain_goto_l0000034f:
-    assume {:captureState "lmain_goto_l0000034f"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000034f;
   l00000352_goto_l0000035a:
-    assume {:captureState "l00000352_goto_l0000035a"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_11[1:0] == 1bv1);
     goto l0000035a;
-  l00000352_goto_l00000371:
-    assume {:captureState "l00000352_goto_l00000371"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000371;
+  l0000035a:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_11;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_11;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read_gtirb.expected b/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read_gtirb.expected
index d74b467e4..dfe4f901c 100644
--- a/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_read/clang_pic/basic_sec_policy_read_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1968bv64) == 1bv8);
@@ -114,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1968bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1969bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1970bv64) == 2bv8);
@@ -127,70 +118,74 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$3$9: bv32;
-  var Gamma_Cse0__5$3$9: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R0_1: bv64;
+  var R8_12: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_5: bv64;
+  var R8_6: bv32;
   $main$__0__$_zy4nZRRQ4202Be_0Qr3jw:
-    assume {:captureState "$main$__0__$_zy4nZRRQ4202Be_0Qr3jw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1896$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_3);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_5, Gamma_R8_5 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$3$9, Gamma_Cse0__5$3$9 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$9, Cse0__5$3$9)), Gamma_Cse0__5$3$9;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$9), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$3$9);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$9, 0bv32), Gamma_Cse0__5$3$9;
-    NF, Gamma_NF := Cse0__5$3$9[32:31], Gamma_Cse0__5$3$9;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$9), Gamma_Cse0__5$3$9;
-    assert Gamma_ZF;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, R8_5), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
+    assert Gamma_R8_6;
     goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0, $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1;
-  $main$__1__$rmVyzzfSSQeYVjuxiNU3PA:
-    assume {:captureState "$main$__1__$rmVyzzfSSQeYVjuxiNU3PA"} true;
-    goto $main$__2__$nmt_XUHDT5eyVHAHshN3ww;
-  $main$__2__$nmt_XUHDT5eyVHAHshN3ww:
-    assume {:captureState "$main$__2__$nmt_XUHDT5eyVHAHshN3ww"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1928$0"} true;
-    goto $main$__3__$LP5ka6yvSFWP2kjw23G57g;
-  $main$__3__$LP5ka6yvSFWP2kjw23G57g:
-    assume {:captureState "$main$__3__$LP5ka6yvSFWP2kjw23G57g"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
+  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1:
+    assume (R8_6 == 0bv32);
+    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1_phi_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g, $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1_phi_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA;
+  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1_phi_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA;
+  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1_phi_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g:
+    R8_14, Gamma_R8_14 := 1bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g;
+  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0:
+    assume (!(R8_6 == 0bv32));
+    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA, $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g;
+  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g:
+    R8_14, Gamma_R8_14 := 0bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g;
   $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g:
-    assume {:captureState "$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g"} true;
-    assume (R8[1:0] == 1bv1);
+    assume (R8_14[1:0] == 1bv1);
+    R8_15, Gamma_R8_15 := R8_14, Gamma_R8_14;
     goto $main$__3__$LP5ka6yvSFWP2kjw23G57g;
+  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0_phi_back_$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA;
   $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA:
-    assume {:captureState "$main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$rmVyzzfSSQeYVjuxiNU3PA;
-  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0:
-    assume {:captureState "$main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g, $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA;
-  $main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1:
-    assume {:captureState "$main$__0__$_zy4nZRRQ4202Be_0Qr3jw$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__3__$LP5ka6yvSFWP2kjw23G57g, $main$__0__$_zy4nZRRQ4202Be_0Qr3jw_goto_$main$__1__$rmVyzzfSSQeYVjuxiNU3PA;
+    assume (!(R8_12[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_15, Gamma_R8_15 := R8_12, Gamma_R8_12;
+    goto $main$__3__$LP5ka6yvSFWP2kjw23G57g;
+  $main$__3__$LP5ka6yvSFWP2kjw23G57g:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_15;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_15;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read.expected b/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read.expected
index d4870579e..0d4b53b94 100644
--- a/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read.expected
+++ b/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -106,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1888bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1889bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1890bv64) == 2bv8);
@@ -117,50 +108,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_3: bv32;
+  var R0_6: bv32;
+  var R0_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000300"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    assert Gamma_R0_6;
     goto lmain_goto_l0000032e, lmain_goto_l00000345;
-  l00000345:
-    assume {:captureState "l00000345"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%0000034a"} true;
+  lmain_goto_l00000345:
+    assume (!(R0_6 == 0bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     goto l0000032e;
-  l0000032e:
-    assume {:captureState "l0000032e"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l0000032e:
-    assume {:captureState "lmain_goto_l0000032e"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
+    assume (R0_6 == 0bv32);
     goto l0000032e;
-  lmain_goto_l00000345:
-    assume {:captureState "lmain_goto_l00000345"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000345;
+  l0000032e:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read_gtirb.expected b/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read_gtirb.expected
index fa9e9fab6..59536899b 100644
--- a/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_read/gcc/basic_sec_policy_read_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -92,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -104,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1888bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1889bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1890bv64) == 2bv8);
@@ -115,50 +108,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$8: bv32;
-  var Gamma_Cse0__5$0$8: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_3: bv32;
+  var R0_6: bv32;
+  var R0_7: bv64;
   $main$__0__$qLy9TrC9QH2pk7NWiim55Q:
-    assume {:captureState "$main$__0__$qLy9TrC9QH2pk7NWiim55Q"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$0$8, Gamma_Cse0__5$0$8 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$8, Cse0__5$0$8)), Gamma_Cse0__5$0$8;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$8), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$8);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$8, 0bv32), Gamma_Cse0__5$0$8;
-    NF, Gamma_NF := Cse0__5$0$8[32:31], Gamma_Cse0__5$0$8;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    assert Gamma_R0_6;
     goto $main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__2__$w_2v0dVvQ2~CbK2pWb20GA, $main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__1__$_azgQEK1R4ujBoxU5Olnyw;
-  $main$__1__$_azgQEK1R4ujBoxU5Olnyw:
-    assume {:captureState "$main$__1__$_azgQEK1R4ujBoxU5Olnyw"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1852$0"} true;
+  $main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__1__$_azgQEK1R4ujBoxU5Olnyw:
+    assume (!(R0_6 == 0bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     goto $main$__2__$w_2v0dVvQ2~CbK2pWb20GA;
-  $main$__2__$w_2v0dVvQ2~CbK2pWb20GA:
-    assume {:captureState "$main$__2__$w_2v0dVvQ2~CbK2pWb20GA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__2__$w_2v0dVvQ2~CbK2pWb20GA:
-    assume {:captureState "$main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__2__$w_2v0dVvQ2~CbK2pWb20GA"} true;
-    assume (ZF == 1bv1);
+    assume (R0_6 == 0bv32);
     goto $main$__2__$w_2v0dVvQ2~CbK2pWb20GA;
-  $main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__1__$_azgQEK1R4ujBoxU5Olnyw:
-    assume {:captureState "$main$__0__$qLy9TrC9QH2pk7NWiim55Q_goto_$main$__1__$_azgQEK1R4ujBoxU5Olnyw"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$_azgQEK1R4ujBoxU5Olnyw;
+  $main$__2__$w_2v0dVvQ2~CbK2pWb20GA:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read.expected b/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read.expected
index 62e0c7e6d..4d26970d7 100644
--- a/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read.expected
+++ b/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -15,8 +9,6 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -72,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -93,35 +85,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1_3: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R1_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 20bv64)) || L(mem, bvadd64(R1, 20bv64)));
-    assert Gamma_R1;
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R1_3;
     goto lmain_goto_l000001c2, lmain_goto_l0000039c;
-  l0000039c:
-    assume {:captureState "l0000039c"} true;
+  lmain_goto_l0000039c:
+    assume (R1_3[32:0] == 0bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R0_4, Gamma_R0_4 := R0_2, Gamma_R0_2;
     goto l000001c2;
-  l000001c2:
-    assume {:captureState "l000001c2"} true;
-    goto main_basil_return;
   lmain_goto_l000001c2:
-    assume {:captureState "lmain_goto_l000001c2"} true;
-    assume (bvnot1(bvcomp32(R1[32:0], 0bv32)) != 0bv1);
+    assume (!(R1_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto l000001c2;
-  lmain_goto_l0000039c:
-    assume {:captureState "lmain_goto_l0000039c"} true;
-    assume (bvnot1(bvcomp32(R1[32:0], 0bv32)) == 0bv1);
-    goto l0000039c;
+  l000001c2:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := R0_4, R1_3, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := Gamma_R0_4, Gamma_R1_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read_gtirb.expected b/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read_gtirb.expected
index a4f5cbd03..b79bcae5c 100644
--- a/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_read/gcc_O2/basic_sec_policy_read_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -70,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -91,35 +85,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1_3: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R1_3: bv64;
   $main$__0__$iALoIb4ETM23Kc4pUOH9GQ:
-    assume {:captureState "$main$__0__$iALoIb4ETM23Kc4pUOH9GQ"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 20bv64)) || L(mem, bvadd64(R1, 20bv64)));
-    assert Gamma_R1;
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R1_3;
     goto $main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__2__$Y~6LIazeTTCtbeZ37_HdXQ, $main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__1__$Jddk5YHLSfKVviyVawKy~g;
-  $main$__1__$Jddk5YHLSfKVviyVawKy~g:
-    assume {:captureState "$main$__1__$Jddk5YHLSfKVviyVawKy~g"} true;
+  $main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__1__$Jddk5YHLSfKVviyVawKy~g:
+    assume (R1_3[32:0] == 0bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R0_4, Gamma_R0_4 := R0_2, Gamma_R0_2;
     goto $main$__2__$Y~6LIazeTTCtbeZ37_HdXQ;
-  $main$__2__$Y~6LIazeTTCtbeZ37_HdXQ:
-    assume {:captureState "$main$__2__$Y~6LIazeTTCtbeZ37_HdXQ"} true;
-    goto main_basil_return;
   $main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__2__$Y~6LIazeTTCtbeZ37_HdXQ:
-    assume {:captureState "$main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__2__$Y~6LIazeTTCtbeZ37_HdXQ"} true;
-    assume ((R1[32:0] == 0bv32) == false);
+    assume (!(R1_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto $main$__2__$Y~6LIazeTTCtbeZ37_HdXQ;
-  $main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__1__$Jddk5YHLSfKVviyVawKy~g:
-    assume {:captureState "$main$__0__$iALoIb4ETM23Kc4pUOH9GQ_goto_$main$__1__$Jddk5YHLSfKVviyVawKy~g"} true;
-    assume (!((R1[32:0] == 0bv32) == false));
-    goto $main$__1__$Jddk5YHLSfKVviyVawKy~g;
+  $main$__2__$Y~6LIazeTTCtbeZ37_HdXQ:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := R0_4, R1_3, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := Gamma_R0_4, Gamma_R1_3, true;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read.expected b/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read.expected
index 5c536f15f..0935e02d6 100644
--- a/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read.expected
+++ b/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -38,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -54,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -100,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1952bv64) == 1bv8);
@@ -114,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1952bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1953bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1954bv64) == 2bv8);
@@ -127,52 +118,43 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000301"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto lmain_goto_l00000330, lmain_goto_l00000347;
-  l00000347:
-    assume {:captureState "l00000347"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%0000034c"} true;
+  lmain_goto_l00000347:
+    assume (!(R0_6 == 0bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     goto l00000330;
-  l00000330:
-    assume {:captureState "l00000330"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l00000330:
-    assume {:captureState "lmain_goto_l00000330"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
+    assume (R0_6 == 0bv32);
     goto l00000330;
-  lmain_goto_l00000347:
-    assume {:captureState "lmain_goto_l00000347"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000347;
+  l00000330:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read_gtirb.expected b/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read_gtirb.expected
index 9f286dc48..dd90a9c41 100644
--- a/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_read/gcc_pic/basic_sec_policy_read_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -22,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -98,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1952bv64) == 1bv8);
@@ -112,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1952bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1953bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1954bv64) == 2bv8);
@@ -125,52 +118,43 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$8: bv32;
-  var Gamma_Cse0__5$1$8: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_7: bv64;
   $main$__0__$c_xQDd7dTMmXdcuFG3bPhA:
-    assume {:captureState "$main$__0__$c_xQDd7dTMmXdcuFG3bPhA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$1$8, Gamma_Cse0__5$1$8 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$8, Cse0__5$1$8)), Gamma_Cse0__5$1$8;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$8), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$1$8);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$8, 0bv32), Gamma_Cse0__5$1$8;
-    NF, Gamma_NF := Cse0__5$1$8[32:31], Gamma_Cse0__5$1$8;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto $main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__2__$GiBIfuJeR2SduseX6HGFYw, $main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__1__$kAMxpbl8Q2GFrZSNGYpqAA;
-  $main$__1__$kAMxpbl8Q2GFrZSNGYpqAA:
-    assume {:captureState "$main$__1__$kAMxpbl8Q2GFrZSNGYpqAA"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1916$0"} true;
+  $main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__1__$kAMxpbl8Q2GFrZSNGYpqAA:
+    assume (!(R0_6 == 0bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     goto $main$__2__$GiBIfuJeR2SduseX6HGFYw;
-  $main$__2__$GiBIfuJeR2SduseX6HGFYw:
-    assume {:captureState "$main$__2__$GiBIfuJeR2SduseX6HGFYw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__2__$GiBIfuJeR2SduseX6HGFYw:
-    assume {:captureState "$main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__2__$GiBIfuJeR2SduseX6HGFYw"} true;
-    assume (ZF == 1bv1);
+    assume (R0_6 == 0bv32);
     goto $main$__2__$GiBIfuJeR2SduseX6HGFYw;
-  $main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__1__$kAMxpbl8Q2GFrZSNGYpqAA:
-    assume {:captureState "$main$__0__$c_xQDd7dTMmXdcuFG3bPhA_goto_$main$__1__$kAMxpbl8Q2GFrZSNGYpqAA"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$kAMxpbl8Q2GFrZSNGYpqAA;
+  $main$__2__$GiBIfuJeR2SduseX6HGFYw:
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write.expected b/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write.expected
index 87caaee9d..99c421ef2 100644
--- a/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write.expected
+++ b/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,9 +87,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -97,8 +100,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1888bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1889bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1890bv64) == 2bv8);
@@ -108,57 +109,47 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002ee"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000300"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R8, Gamma_R8 := 69632bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R10);
+    assert (L(mem, 69688bv64) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R10);
-    assert ((bvadd64(R8, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_1);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000314"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
-    assert ((bvadd64(R8, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000320"} true;
-    R8, Gamma_R8 := 2bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 2bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000032d"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, 2bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write_gtirb.expected b/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write_gtirb.expected
index 57ae9842b..b3aa50ba6 100644
--- a/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_write/clang/basic_sec_policy_write_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,9 +87,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -97,8 +100,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1888bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1889bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1890bv64) == 2bv8);
@@ -108,57 +109,47 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
   var z_old: bv32;
   $main$__0__$GQL0b5TkRWCLhw9luiQEHw:
-    assume {:captureState "$main$__0__$GQL0b5TkRWCLhw9luiQEHw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1828$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R8, Gamma_R8 := 69632bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R10);
+    assert (L(mem, 69688bv64) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R10);
-    assert ((bvadd64(R8, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_1);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1840$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
+    assert (L(mem, 69688bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
-    assert ((bvadd64(R8, 56bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    assert ((69688bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1848$0"} true;
-    R8, Gamma_R8 := 2bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 2bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1856$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, 2bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, true, true;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write.expected b/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write.expected
index 89f6dc312..d63c541b0 100644
--- a/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write.expected
+++ b/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -90,9 +93,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
@@ -105,8 +108,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1960bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1961bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -118,61 +119,55 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002f6"} true;
-    R9, Gamma_R9 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    assert ((R9_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000030f"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R8, Gamma_R8 := 65536bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R10);
+    assert (L(mem, R8_3) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R10[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R10);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R10_1[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R10_1);
+    assert ((R8_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000032a"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, 0bv32), gamma_store32(Gamma_mem, R8_3, true);
+    assert ((R8_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000336"} true;
-    R8, Gamma_R8 := 2bv64, true;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 2bv32), gamma_store32(Gamma_mem, R9_2, true);
+    assert ((R9_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000343"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, 2bv64, R9_2;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, true, Gamma_R9_2;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write_gtirb.expected b/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write_gtirb.expected
index 4f2b3c6e1..a84f9ca3b 100644
--- a/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_write/clang_pic/basic_sec_policy_write_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -90,9 +93,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
@@ -105,8 +108,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1960bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1961bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -118,61 +119,55 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
   var Gamma_x_old: bool;
+  var R10_1: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   var z_old: bv32;
   $main$__0__$7yoZTp0aQWOcm6Iu3MMmPw:
-    assume {:captureState "$main$__0__$7yoZTp0aQWOcm6Iu3MMmPw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    R9, Gamma_R9 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    assert ((R9_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1896$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R8, Gamma_R8 := 65536bv64, true;
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R10);
+    assert (L(mem, R8_3) ==> Gamma_R10_1);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R10[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R10);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R10_1[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R10_1);
+    assert ((R8_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, 0bv32), gamma_store32(Gamma_mem, R8_3, true);
+    assert ((R8_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1920$0"} true;
-    R8, Gamma_R8 := 2bv64, true;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_2) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 2bv32), gamma_store32(Gamma_mem, R9_2, true);
+    assert ((R9_2 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1928$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, 2bv64, R9_2;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, true, Gamma_R9_2;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write.expected b/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write.expected
index d0a626a88..aaad6a02f 100644
--- a/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write.expected
+++ b/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -80,9 +86,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1912bv64) == 1bv8);
@@ -93,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1912bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1913bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -104,63 +108,47 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R1_2: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000306"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000031e"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R1_2, Gamma_R1_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000338"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000034a"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 2bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 2bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000362"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, 2bv64, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, true, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write_gtirb.expected b/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write_gtirb.expected
index c3e3810f0..158420cf3 100644
--- a/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_write/gcc/basic_sec_policy_write_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -80,9 +86,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1912bv64) == 1bv8);
@@ -93,8 +99,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1912bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1913bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -104,63 +108,47 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R1_2: bv32;
   var z_old: bv32;
   $main$__0__$5B4s2Td8TWOj0raIcjCjQg:
-    assume {:captureState "$main$__0__$5B4s2Td8TWOj0raIcjCjQg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R1_2, Gamma_R1_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1860$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 2bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 2bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1876$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, 2bv64, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, true, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write.expected b/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write.expected
index bddbe8673..6dc7cf729 100644
--- a/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write.expected
+++ b/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -26,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -86,9 +92,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1976bv64) == 1bv8);
@@ -101,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1976bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1977bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1978bv64) == 2bv8);
@@ -114,67 +118,63 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv32;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000306"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000031f"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    R1_2, Gamma_R1_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    assert ((R0_5 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000033a"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_7) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
+    assert ((R0_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%0000034d"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 2bv64, true;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_9) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_9, 2bv32), gamma_store32(Gamma_mem, R0_9, true);
+    assert ((R0_9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "%00000366"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, 2bv64, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, true, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write_gtirb.expected b/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write_gtirb.expected
index fec869bf6..52c3d0fa8 100644
--- a/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write_gtirb.expected
+++ b/src/test/correct/basic_sec_policy_write/gcc_pic/basic_sec_policy_write_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -17,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -26,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -86,9 +92,9 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $z_addr) != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
-  requires (Gamma_R0 == false);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1976bv64) == 1bv8);
@@ -101,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1976bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1977bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1978bv64) == 2bv8);
@@ -114,67 +118,63 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
   var Gamma_x_old: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv32;
   var z_old: bv32;
   $main$__0__$Rd6PFSFeTgqYLa9US2ew9w:
-    assume {:captureState "$main$__0__$Rd6PFSFeTgqYLa9US2ew9w"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    R1_2, Gamma_R1_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    assert ((R0_5 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_7) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
+    assert ((R0_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1924$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 2bv64, true;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_9) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_9, 2bv32), gamma_store32(Gamma_mem, R0_9, true);
+    assert ((R0_9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert ((z_old != 0bv32) ==> (memory_load32_le(mem, $z_addr) != 0bv32));
-    assume {:captureState "1940$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, 2bv64, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, true, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0.expected b/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0.expected
index 90c2af906..472bc1cb7 100644
--- a/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0.expected
+++ b/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +80,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -95,22 +102,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    R9, Gamma_R9 := 69632bv64, true;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0_gtirb.expected b/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0_gtirb.expected
index 84d1b7a26..6ecb1f802 100644
--- a/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0_gtirb.expected
+++ b/src/test/correct/basicassign_gamma0/clang/basicassign_gamma0_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +80,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -95,22 +102,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   $main$__0__$z8gjj~niR~us0mMf~~CgEA:
-    assume {:captureState "$main$__0__$z8gjj~niR~us0mMf~~CgEA"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    R9, Gamma_R9 := 69632bv64, true;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0.expected b/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0.expected
index c6b1cbea4..40c461c35 100644
--- a/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0.expected
+++ b/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -79,8 +86,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -105,26 +112,28 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_3: bool;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R9, Gamma_R9 := 65536bv64, true;
+    R8_4, Gamma_R8_4 := zero_extend32_32(memory_load32_le(mem, R8_3)), (gamma_load32(Gamma_mem, R8_3) || L(mem, R8_3));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000002ef"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_4[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0_gtirb.expected b/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0_gtirb.expected
index e8be112ec..abefd580f 100644
--- a/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0_gtirb.expected
+++ b/src/test/correct/basicassign_gamma0/clang_pic/basicassign_gamma0_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -79,8 +86,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -105,26 +112,28 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_3: bool;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_3: bv64;
   $main$__0__$F4R_psC2T4y6sYXDzaadXQ:
-    assume {:captureState "$main$__0__$F4R_psC2T4y6sYXDzaadXQ"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R9, Gamma_R9 := 65536bv64, true;
+    R8_4, Gamma_R8_4 := zero_extend32_32(memory_load32_le(mem, R8_3)), (gamma_load32(Gamma_mem, R8_3) || L(mem, R8_3));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_4[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0.expected b/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0.expected
index da167b58a..8deac4459 100644
--- a/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0.expected
+++ b/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69656bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -71,8 +80,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -93,24 +102,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000002ed"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0_gtirb.expected b/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0_gtirb.expected
index f94eea40c..5f0b25505 100644
--- a/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0_gtirb.expected
+++ b/src/test/correct/basicassign_gamma0/gcc/basicassign_gamma0_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69656bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -71,8 +80,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -93,24 +102,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var R1_2: bv64;
   $main$__0__$M0T7btlSRzGIu2yXb8baZw:
-    assume {:captureState "$main$__0__$M0T7btlSRzGIu2yXb8baZw"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0.expected b/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0.expected
index 23e72c990..50a4ffeed 100644
--- a/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0.expected
+++ b/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69656bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +80,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -95,22 +102,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R2_3, Gamma_R2_3 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
-    assume {:captureState "%000001c5"} true;
+    assert (L(mem, 69652bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R2_3[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0_gtirb.expected b/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0_gtirb.expected
index 20b34ec43..e14f70a9c 100644
--- a/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0_gtirb.expected
+++ b/src/test/correct/basicassign_gamma0/gcc_O2/basicassign_gamma0_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69656bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +80,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -95,22 +102,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   $main$__0__$ZeApiS~BRSG296M3kaSCnQ:
-    assume {:captureState "$main$__0__$ZeApiS~BRSG296M3kaSCnQ"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R2_3, Gamma_R2_3 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
-    assume {:captureState "1552$0"} true;
+    assert (L(mem, 69652bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R2_3[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0.expected b/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0.expected
index 5465e2352..55025dceb 100644
--- a/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0.expected
+++ b/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69656bv64);
@@ -13,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -22,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +86,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -103,26 +112,28 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, R0_3)), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000002ef"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0_gtirb.expected b/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0_gtirb.expected
index d66c514cb..0a07822bc 100644
--- a/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0_gtirb.expected
+++ b/src/test/correct/basicassign_gamma0/gcc_pic/basicassign_gamma0_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69656bv64);
@@ -13,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -22,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +86,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $secret_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -103,26 +112,28 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R1_2: bv64;
   $main$__0__$WRy2wCdrSBWU_mSIGGNB5Q:
-    assume {:captureState "$main$__0__$WRy2wCdrSBWU_mSIGGNB5Q"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, R0_3)), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_2;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_2;
     return;
 }
 
diff --git a/src/test/correct/basicfree/clang/basicfree.expected b/src/test/correct/basicfree/clang/basicfree.expected
index b76efd72b..060eda80a 100644
--- a/src/test/correct/basicfree/clang/basicfree.expected
+++ b/src/test/correct/basicfree/clang/basicfree.expected
@@ -1,21 +1,9 @@
-var {:extern} Gamma_R0: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -25,16 +13,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -46,11 +52,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -82,7 +88,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
@@ -101,8 +107,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69688bv64) == 69688bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69680bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69688bv64) == 69688bv64);
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
@@ -113,10 +119,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1920bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free requires (memory_load64_le(mem, 69688bv64) == 69688bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2080bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2081bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -126,52 +128,225 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69688bv64) == 69688bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_6: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_6: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_3: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002f2"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002f8"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2024bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(4bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 2024bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l0000030d;
   l0000030d:
-    assume {:captureState "l0000030d"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%00000313"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 8bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 8bv64), Gamma_R0_2);
+    R9_2, Gamma_R9_2 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000327"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R30, Gamma_R30 := 2048bv64, true;
-    call #free();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    R0_3, Gamma_R0_3 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := #free(R0_3, Gamma_R0_3, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2048bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, 1bv64, true, R9_2, Gamma_R9_2);
     goto l00000338;
   l00000338:
-    assume {:captureState "l00000338"} true;
-    #5, Gamma_#5 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_5, Gamma_R29_5 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
+    R30_6, Gamma_R30_6 := memory_load64_le(stack, bvadd64(R31_4, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 24bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_4, R29_5, R30_6, bvadd64(R31_4, 32bv64), R8_3, R9_3;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_4, Gamma_R29_5, Gamma_R30_6, Gamma_R31_4, Gamma_R8_3, Gamma_R9_3;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
diff --git a/src/test/correct/basicfree/clang/basicfree_gtirb.expected b/src/test/correct/basicfree/clang/basicfree_gtirb.expected
index 0afab7180..41eccabb0 100644
--- a/src/test/correct/basicfree/clang/basicfree_gtirb.expected
+++ b/src/test/correct/basicfree/clang/basicfree_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -25,16 +9,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -46,11 +48,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -82,8 +84,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_650();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -101,20 +103,143 @@ procedure FUN_650();
   free ensures (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69688bv64) == 69688bv64);
 
-implementation FUN_650()
+implementation FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_650$__0__$sjc2rj6TThubVCNZDv8wdw:
-    assume {:captureState "$FUN_650$__0__$sjc2rj6TThubVCNZDv8wdw"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -132,20 +257,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69688bv64) == 69688bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$cp70h48_Qy2QShRHYpYqzw:
-    assume {:captureState "$FUN_680$__0__$cp70h48_Qy2QShRHYpYqzw"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 40bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 40bv64)) || L(mem, bvadd64(R16, 40bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 40bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69672bv64), (gamma_load64(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69672bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69680bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69688bv64) == 69688bv64);
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
@@ -156,10 +404,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1920bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free requires (memory_load64_le(mem, 69688bv64) == 69688bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2080bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2081bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -169,52 +413,51 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69688bv64) == 69688bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R9_1: bool;
+  var R0_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R9_1: bv64;
   $main$__0__$AaLXFLvRTeKg3QkcY_Eoyw:
-    assume {:captureState "$main$__0__$AaLXFLvRTeKg3QkcY_Eoyw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "2008$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "2008$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2024bv64, true;
-    call FUN_650();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_650(R16, Gamma_R16);
     goto $main$__1__$sf~3otWHTPClXjl5_L1xPQ;
   $main$__1__$sf~3otWHTPClXjl5_L1xPQ:
-    assume {:captureState "$main$__1__$sf~3otWHTPClXjl5_L1xPQ"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "2024$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2036$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R30, Gamma_R30 := 2048bv64, true;
-    call FUN_680();
+    assert (L(mem, R9_1) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_1, 1bv32), gamma_store32(Gamma_mem, R9_1, true);
+    R0_2, Gamma_R0_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$GmXGrcwFTMKJEOfTLmGTjg;
   $main$__2__$GmXGrcwFTMKJEOfTLmGTjg:
-    assume {:captureState "$main$__2__$GmXGrcwFTMKJEOfTLmGTjg"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$1$0), gamma_load64(Gamma_stack, Cse0__5$1$0);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$1$0, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_2, R16_2, R17_2, R29_3, R30_4, R31_in, 1bv64, R9_1;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R16_2, Gamma_R17_2, Gamma_R29_3, Gamma_R30_4, Gamma_R31_in, true, Gamma_R9_1;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -232,7 +475,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69688bv64) == 69688bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
diff --git a/src/test/correct/basicfree/gcc/basicfree.expected b/src/test/correct/basicfree/gcc/basicfree.expected
index ef418f173..fda5c7b80 100644
--- a/src/test/correct/basicfree/gcc/basicfree.expected
+++ b/src/test/correct/basicfree/gcc/basicfree.expected
@@ -1,19 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,16 +13,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -44,11 +52,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -80,7 +88,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2077bv64) == 0bv8);
@@ -99,8 +107,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
@@ -111,10 +119,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1920bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2076bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2077bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2078bv64) == 2bv8);
@@ -124,49 +128,225 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_6: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R1_1: bv64;
+  var R1_3: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_6: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002e8"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002ee"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2020bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(4bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R2, Gamma_R2, 2020bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000307;
   l00000307:
-    assume {:captureState "l00000307"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%0000030d"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 24bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 24bv64), Gamma_R0_2);
+    R0_3, Gamma_R0_3 := memory_load64_le(stack, bvadd64(R31_3, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 24bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000321"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 2044bv64, true;
-    call #free();
+    assert (L(mem, R0_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    R0_4, Gamma_R0_4 := memory_load64_le(stack, bvadd64(R31_3, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 24bv64));
+    call R0_5, Gamma_R0_5, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_3, Gamma_R1_3, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := #free(R0_4, Gamma_R0_4, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, 1bv64, true, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2044bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l00000332;
   l00000332:
-    assume {:captureState "l00000332"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_5, Gamma_R29_5 := memory_load64_le(stack, R31_4), gamma_load64(Gamma_stack, R31_4);
+    R30_6, Gamma_R30_6 := memory_load64_le(stack, bvadd64(R31_4, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := R0_5, R1_3, R29_5, R30_6, bvadd64(R31_4, 32bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := Gamma_R0_5, Gamma_R1_3, Gamma_R29_5, Gamma_R30_6, Gamma_R31_4;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2077bv64) == 0bv8);
diff --git a/src/test/correct/basicfree/gcc/basicfree_gtirb.expected b/src/test/correct/basicfree/gcc/basicfree_gtirb.expected
index 9b75b6fd3..0059a2b19 100644
--- a/src/test/correct/basicfree/gcc/basicfree_gtirb.expected
+++ b/src/test/correct/basicfree/gcc/basicfree_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,16 +9,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -44,11 +48,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -80,8 +84,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2077bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2078bv64) == 2bv8);
@@ -99,20 +103,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$Munhgh3nShysDJa~x_gpnQ:
-    assume {:captureState "$FUN_680$__0__$Munhgh3nShysDJa~x_gpnQ"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
@@ -123,10 +250,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1920bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2076bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2077bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2078bv64) == 2bv8);
@@ -136,50 +259,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
   $main$__0__$SVwwAKxIQmqlA4JVB4NRNA:
-    assume {:captureState "$main$__0__$SVwwAKxIQmqlA4JVB4NRNA"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "2004$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "2004$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2020bv64, true;
-    call FUN_650();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_650(R16, Gamma_R16);
     goto $main$__1__$9qt6Bm68Rve4QS0F_cEB3w;
   $main$__1__$9qt6Bm68Rve4QS0F_cEB3w:
-    assume {:captureState "$main$__1__$9qt6Bm68Rve4QS0F_cEB3w"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "2020$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_2, Gamma_R0_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2032$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 2044bv64, true;
-    call FUN_680();
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_2, 1bv32), gamma_store32(Gamma_mem, R0_2, true);
+    R0_3, Gamma_R0_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$JmJ8ydmEQ0KG2aqp3uFiQw;
   $main$__2__$JmJ8ydmEQ0KG2aqp3uFiQw:
-    assume {:captureState "$main$__2__$JmJ8ydmEQ0KG2aqp3uFiQw"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out := R0_3, R16_2, R17_2, 1bv64, R29_3, R30_4, R31_in;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := Gamma_R0_3, Gamma_R16_2, Gamma_R17_2, true, Gamma_R29_3, Gamma_R30_4, Gamma_R31_in;
     return;
 }
 
-procedure FUN_650();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2077bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2078bv64) == 2bv8);
@@ -197,19 +322,142 @@ procedure FUN_650();
   free ensures (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_650()
+implementation FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_650$__0__$6QXyVlMjT_e0YItUboXIPw:
-    assume {:captureState "$FUN_650$__0__$6QXyVlMjT_e0YItUboXIPw"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4016bv64)) || L(mem, bvadd64(R16, 4016bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4016bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69552bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2077bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2078bv64) == 2bv8);
@@ -227,7 +475,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2004bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2076bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2077bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2078bv64) == 2bv8);
diff --git a/src/test/correct/cjump/clang/cjump.expected b/src/test/correct/cjump/clang/cjump.expected
index bdc139149..d8152a685 100644
--- a/src/test/correct/cjump/clang/cjump.expected
+++ b/src/test/correct/cjump/clang/cjump.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -26,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -54,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -89,8 +78,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -103,8 +92,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -114,87 +101,56 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000309"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assume {:captureState "%0000031b"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l00000343, lmain_goto_l00000346;
-  l00000346:
-    assume {:captureState "l00000346"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000346:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l00000349;
-  l00000343:
-    assume {:captureState "l00000343"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000343:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l00000349;
   l00000349:
-    assume {:captureState "l00000349"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l00000349_goto_l00000351, l00000349_goto_l0000037e;
-  l00000351:
-    assume {:captureState "l00000351"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 2bv64, true;
+  l00000349_goto_l0000037e:
+    assume (!(R8_7[1:0] == 1bv1));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%00000366"} true;
+    assert (L(mem, 69688bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 3bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    R8_11, Gamma_R8_11 := 3bv64, true;
     goto l00000369;
-  l0000037e:
-    assume {:captureState "l0000037e"} true;
-    goto l0000037f;
-  l0000037f:
-    assume {:captureState "l0000037f"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
+  l00000349_goto_l00000351:
+    assume (R8_7[1:0] == 1bv1);
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%00000392"} true;
+    assert (L(mem, 69688bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 2bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    R8_11, Gamma_R8_11 := 2bv64, true;
     goto l00000369;
   l00000369:
-    assume {:captureState "l00000369"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l00000343:
-    assume {:captureState "lmain_goto_l00000343"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000343;
-  lmain_goto_l00000346:
-    assume {:captureState "lmain_goto_l00000346"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000346;
-  l00000349_goto_l00000351:
-    assume {:captureState "l00000349_goto_l00000351"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000351;
-  l00000349_goto_l0000037e:
-    assume {:captureState "l00000349_goto_l0000037e"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000037e;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_11, 69632bv64;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_11, true;
     return;
 }
 
diff --git a/src/test/correct/cjump/clang/cjump_gtirb.expected b/src/test/correct/cjump/clang/cjump_gtirb.expected
index 46eff7f81..45629f845 100644
--- a/src/test/correct/cjump/clang/cjump_gtirb.expected
+++ b/src/test/correct/cjump/clang/cjump_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -26,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -87,8 +78,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -101,8 +92,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -112,79 +101,69 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$6: bv32;
-  var Gamma_Cse0__5$0$6: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_2: bv32;
+  var R8_8: bv64;
   $main$__0__$PnDIl5cyR4GGh5gDIaWl6w:
-    assume {:captureState "$main$__0__$PnDIl5cyR4GGh5gDIaWl6w"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assume {:captureState "1828$0"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$0$6, Gamma_Cse0__5$0$6 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$6, Cse0__5$0$6)), Gamma_Cse0__5$0$6;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$6), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$6);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$6, 0bv32), Gamma_Cse0__5$0$6;
-    NF, Gamma_NF := Cse0__5$0$6[32:31], Gamma_Cse0__5$0$6;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$0$6), Gamma_Cse0__5$0$6;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0, $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1;
-  $main$__1__$QUCiZ1czSk63UIuy~Dy6Bg:
-    assume {:captureState "$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg"} true;
-    goto $main$__2__$5gUE9BicSVSdDO98Zitx1A;
-  $main$__2__$5gUE9BicSVSdDO98Zitx1A:
-    assume {:captureState "$main$__2__$5gUE9BicSVSdDO98Zitx1A"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1:
+    assume (R8_2 == 0bv32);
+    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1_phi_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ, $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1_phi_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1_phi_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg:
+    R8_8, Gamma_R8_8 := 1bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1_phi_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ:
+    R8_11, Gamma_R8_11 := 1bv64, true;
+    assert Gamma_R8_11;
+    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0:
+    assume (!(R8_2 == 0bv32));
+    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg, $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ:
+    R8_11, Gamma_R8_11 := 0bv64, true;
+    assert Gamma_R8_11;
+    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ:
+    assume (R8_11[1:0] == 1bv1);
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1860$0"} true;
+    assert (L(mem, 69688bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 2bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    R8_13, Gamma_R8_13 := 2bv64, true;
     goto $main$__4__$yxwH2dUnQdipf4xbcLk77w;
-  $main$__3__$I4nigOnuRzaYmG2czUcPqQ:
-    assume {:captureState "$main$__3__$I4nigOnuRzaYmG2czUcPqQ"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 2bv64, true;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0_phi_back_$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg:
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg;
+  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1876$0"} true;
+    assert (L(mem, 69688bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 3bv32), gamma_store32(Gamma_mem, 69688bv64, true);
+    R8_13, Gamma_R8_13 := 3bv64, true;
     goto $main$__4__$yxwH2dUnQdipf4xbcLk77w;
   $main$__4__$yxwH2dUnQdipf4xbcLk77w:
-    assume {:captureState "$main$__4__$yxwH2dUnQdipf4xbcLk77w"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ:
-    assume {:captureState "$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$I4nigOnuRzaYmG2czUcPqQ;
-  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg:
-    assume {:captureState "$main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$QUCiZ1czSk63UIuy~Dy6Bg;
-  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0:
-    assume {:captureState "$main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ, $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg;
-  $main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1:
-    assume {:captureState "$main$__0__$PnDIl5cyR4GGh5gDIaWl6w$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__3__$I4nigOnuRzaYmG2czUcPqQ, $main$__0__$PnDIl5cyR4GGh5gDIaWl6w_goto_$main$__1__$QUCiZ1czSk63UIuy~Dy6Bg;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_13, 69632bv64;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13, true;
     return;
 }
 
diff --git a/src/test/correct/cjump/clang_pic/cjump.expected b/src/test/correct/cjump/clang_pic/cjump.expected
index 57808849f..a903bb07c 100644
--- a/src/test/correct/cjump/clang_pic/cjump.expected
+++ b/src/test/correct/cjump/clang_pic/cjump.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -26,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -42,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -58,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -95,8 +84,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -111,8 +100,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1992bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1993bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1994bv64) == 2bv8);
@@ -124,93 +111,72 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var R0_1: bv64;
+  var R8_12: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_8: bv64;
+  var R9_3: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000315"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R9, Gamma_R9 := 1bv64, true;
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assume {:captureState "%0000032e"} true;
+    assert (L(mem, R8_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 1bv32), gamma_store32(Gamma_mem, R8_2, true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto lmain_goto_l00000356, lmain_goto_l00000359;
-  l00000359:
-    assume {:captureState "l00000359"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000359:
+    assume (R8_3 == 0bv32);
+    R8_8, Gamma_R8_8 := 1bv64, true;
     goto l0000035c;
-  l00000356:
-    assume {:captureState "l00000356"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000356:
+    assume (!(R8_3 == 0bv32));
+    R8_8, Gamma_R8_8 := 0bv64, true;
     goto l0000035c;
   l0000035c:
-    assume {:captureState "l0000035c"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_8;
     goto l0000035c_goto_l00000364, l0000035c_goto_l00000398;
-  l00000364:
-    assume {:captureState "l00000364"} true;
-    R9, Gamma_R9 := 65536bv64, true;
+  l0000035c_goto_l00000398:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
-    R8, Gamma_R8 := 2bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000380"} true;
+    assert (L(mem, R9_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 3bv32), gamma_store32(Gamma_mem, R9_3, true);
+    R9_7, Gamma_R9_7 := R9_3, Gamma_R9_3;
+    R8_12, Gamma_R8_12 := 3bv64, true;
     goto l00000383;
-  l00000398:
-    assume {:captureState "l00000398"} true;
-    goto l00000399;
-  l00000399:
-    assume {:captureState "l00000399"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    R9, Gamma_R9 := 65536bv64, true;
+  l0000035c_goto_l00000364:
+    assume (R8_8[1:0] == 1bv1);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
+    R9_6, Gamma_R9_6 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000003b3"} true;
+    assert (L(mem, R9_6) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_6, 2bv32), gamma_store32(Gamma_mem, R9_6, true);
+    R9_7, Gamma_R9_7 := R9_6, Gamma_R9_6;
+    R8_12, Gamma_R8_12 := 2bv64, true;
     goto l00000383;
   l00000383:
-    assume {:captureState "l00000383"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l00000356:
-    assume {:captureState "lmain_goto_l00000356"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000356;
-  lmain_goto_l00000359:
-    assume {:captureState "lmain_goto_l00000359"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000359;
-  l0000035c_goto_l00000364:
-    assume {:captureState "l0000035c_goto_l00000364"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000364;
-  l0000035c_goto_l00000398:
-    assume {:captureState "l0000035c_goto_l00000398"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000398;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_12, R9_7;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_12, Gamma_R9_7;
     return;
 }
 
diff --git a/src/test/correct/cjump/clang_pic/cjump_gtirb.expected b/src/test/correct/cjump/clang_pic/cjump_gtirb.expected
index efb0e4ac5..444b2dd54 100644
--- a/src/test/correct/cjump/clang_pic/cjump_gtirb.expected
+++ b/src/test/correct/cjump/clang_pic/cjump_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -26,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -57,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -93,8 +84,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -109,8 +100,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1992bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1993bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1994bv64) == 2bv8);
@@ -122,85 +111,85 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$4$7: bv32;
-  var Gamma_Cse0__5$4$7: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var R0_1: bv64;
+  var R8_12: bv64;
+  var R8_14: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_9: bv64;
+  var R9_3: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
   $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg:
-    assume {:captureState "$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R9, Gamma_R9 := 1bv64, true;
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assume {:captureState "1896$0"} true;
+    assert (L(mem, R8_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, 1bv32), gamma_store32(Gamma_mem, R8_2, true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$4$7, Gamma_Cse0__5$4$7 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$4$7, Cse0__5$4$7)), Gamma_Cse0__5$4$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$4$7), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$4$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$4$7, 0bv32), Gamma_Cse0__5$4$7;
-    NF, Gamma_NF := Cse0__5$4$7[32:31], Gamma_Cse0__5$4$7;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$4$7), Gamma_Cse0__5$4$7;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0, $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1;
-  $main$__1__$5SdYH~vURDuHuVGzlLv_ow:
-    assume {:captureState "$main$__1__$5SdYH~vURDuHuVGzlLv_ow"} true;
-    goto $main$__2__$mQXc6EwUQvuLoeh2D_PNVA;
-  $main$__2__$mQXc6EwUQvuLoeh2D_PNVA:
-    assume {:captureState "$main$__2__$mQXc6EwUQvuLoeh2D_PNVA"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    R9, Gamma_R9 := 65536bv64, true;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1:
+    assume (R8_3 == 0bv32);
+    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1_phi_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw, $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1_phi_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1_phi_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow:
+    R8_9, Gamma_R8_9 := 1bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1_phi_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0:
+    assume (!(R8_3 == 0bv32));
+    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow, $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw:
+    assume (R8_12[1:0] == 1bv1);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
+    R9_6, Gamma_R9_6 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1932$0"} true;
+    assert (L(mem, R9_6) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_6, 2bv32), gamma_store32(Gamma_mem, R9_6, true);
+    R9_7, Gamma_R9_7 := R9_6, Gamma_R9_6;
+    R8_14, Gamma_R8_14 := 2bv64, true;
     goto $main$__4__$7LOsLwE1R4Kli011Bz8Pqw;
-  $main$__3__$lxnj6lMASh2SOnwbX1sHQw:
-    assume {:captureState "$main$__3__$lxnj6lMASh2SOnwbX1sHQw"} true;
-    R9, Gamma_R9 := 65536bv64, true;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0_phi_back_$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow:
+    R8_9, Gamma_R8_9 := 0bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow;
+  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow:
+    assume (!(R8_9[1:0] == 1bv1));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
-    R8, Gamma_R8 := 2bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1952$0"} true;
+    assert (L(mem, R9_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 3bv32), gamma_store32(Gamma_mem, R9_3, true);
+    R9_7, Gamma_R9_7 := R9_3, Gamma_R9_3;
+    R8_14, Gamma_R8_14 := 3bv64, true;
     goto $main$__4__$7LOsLwE1R4Kli011Bz8Pqw;
   $main$__4__$7LOsLwE1R4Kli011Bz8Pqw:
-    assume {:captureState "$main$__4__$7LOsLwE1R4Kli011Bz8Pqw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw:
-    assume {:captureState "$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$lxnj6lMASh2SOnwbX1sHQw;
-  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow:
-    assume {:captureState "$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$5SdYH~vURDuHuVGzlLv_ow;
-  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0:
-    assume {:captureState "$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw, $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow;
-  $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1:
-    assume {:captureState "$main$__0__$ryTsqXUlQyOWNh8Q~a~WOg$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__3__$lxnj6lMASh2SOnwbX1sHQw, $main$__0__$ryTsqXUlQyOWNh8Q~a~WOg_goto_$main$__1__$5SdYH~vURDuHuVGzlLv_ow;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_14, R9_7;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_14, Gamma_R9_7;
     return;
 }
 
diff --git a/src/test/correct/cjump/gcc/cjump.expected b/src/test/correct/cjump/gcc/cjump.expected
index 870950bb8..ab5386692 100644
--- a/src/test/correct/cjump/gcc/cjump.expected
+++ b/src/test/correct/cjump/gcc/cjump.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -20,19 +8,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -48,12 +43,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -83,8 +75,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -106,64 +98,39 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_6: bool;
+  var R0_6: bv32;
+  var R1_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000310"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_6;
     goto lmain_goto_l0000033e, lmain_goto_l00000365;
-  l0000033e:
-    assume {:captureState "l0000033e"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 2bv64, true;
+  lmain_goto_l00000365:
+    assume (!(R0_6 == 0bv32));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000359"} true;
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 3bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    R1_6, Gamma_R1_6 := 3bv64, true;
     goto l0000035b;
-  l00000365:
-    assume {:captureState "l00000365"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 3bv64, true;
+  lmain_goto_l0000033e:
+    assume (R0_6 == 0bv32);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000037b"} true;
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 2bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    R1_6, Gamma_R1_6 := 2bv64, true;
     goto l0000035b;
   l0000035b:
-    assume {:captureState "l0000035b"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
-  lmain_goto_l0000033e:
-    assume {:captureState "lmain_goto_l0000033e"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l0000033e;
-  lmain_goto_l00000365:
-    assume {:captureState "lmain_goto_l00000365"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000365;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_6;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_6;
     return;
 }
 
diff --git a/src/test/correct/cjump/gcc/cjump_gtirb.expected b/src/test/correct/cjump/gcc/cjump_gtirb.expected
index 6a1713dfe..d0fbd5a10 100644
--- a/src/test/correct/cjump/gcc/cjump_gtirb.expected
+++ b/src/test/correct/cjump/gcc/cjump_gtirb.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -20,18 +8,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -47,11 +43,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -81,8 +75,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -104,64 +98,39 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var Cse0__5$3$7: bv32;
-  var Gamma_Cse0__5$3$7: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_6: bool;
+  var R0_6: bv32;
+  var R1_6: bv64;
   $main$__0__$YwDxm6NpRSaYnJwZf~bgAg:
-    assume {:captureState "$main$__0__$YwDxm6NpRSaYnJwZf~bgAg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$3$7, Gamma_Cse0__5$3$7 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$7, Cse0__5$3$7)), Gamma_Cse0__5$3$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$7), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$3$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$7, 0bv32), Gamma_Cse0__5$3$7;
-    NF, Gamma_NF := Cse0__5$3$7[32:31], Gamma_Cse0__5$3$7;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_6;
     goto $main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ, $main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__1__$YoxtYzmmTLarbLScWy3SCQ;
-  $main$__1__$YoxtYzmmTLarbLScWy3SCQ:
-    assume {:captureState "$main$__1__$YoxtYzmmTLarbLScWy3SCQ"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 3bv64, true;
+  $main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__1__$YoxtYzmmTLarbLScWy3SCQ:
+    assume (!(R0_6 == 0bv32));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1860$0"} true;
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 3bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    R1_6, Gamma_R1_6 := 3bv64, true;
     goto $main$__3__$RpUJmfB5RPyIGv0DK5At_g;
-  $main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ:
-    assume {:captureState "$main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 2bv64, true;
+  $main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ:
+    assume (R0_6 == 0bv32);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1880$0"} true;
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 2bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    R1_6, Gamma_R1_6 := 2bv64, true;
     goto $main$__3__$RpUJmfB5RPyIGv0DK5At_g;
   $main$__3__$RpUJmfB5RPyIGv0DK5At_g:
-    assume {:captureState "$main$__3__$RpUJmfB5RPyIGv0DK5At_g"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
-  $main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ:
-    assume {:captureState "$main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ"} true;
-    assume (ZF == 1bv1);
-    goto $main$__2__$WXfzVKBzTQ2pcN9SDnwGAQ;
-  $main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__1__$YoxtYzmmTLarbLScWy3SCQ:
-    assume {:captureState "$main$__0__$YwDxm6NpRSaYnJwZf~bgAg_goto_$main$__1__$YoxtYzmmTLarbLScWy3SCQ"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$YoxtYzmmTLarbLScWy3SCQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_6;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_6;
     return;
 }
 
diff --git a/src/test/correct/cjump/gcc_pic/cjump.expected b/src/test/correct/cjump/gcc_pic/cjump.expected
index 1ea46d0bc..43cc714ed 100644
--- a/src/test/correct/cjump/gcc_pic/cjump.expected
+++ b/src/test/correct/cjump/gcc_pic/cjump.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -20,13 +8,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -36,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,12 +47,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -89,8 +81,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -116,68 +108,55 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_6: bool;
+  var R0_10: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_8: bv64;
+  var R1_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000311"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto lmain_goto_l00000340, lmain_goto_l00000368;
-  l00000340:
-    assume {:captureState "l00000340"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  lmain_goto_l00000368:
+    assume (!(R0_6 == 0bv32));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := 2bv64, true;
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000035c"} true;
+    assert (L(mem, R0_8) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_8, 3bv32), gamma_store32(Gamma_mem, R0_8, true);
+    R1_6, Gamma_R1_6 := 3bv64, true;
     goto l0000035e;
-  l00000368:
-    assume {:captureState "l00000368"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  lmain_goto_l00000340:
+    assume (R0_6 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := 3bv64, true;
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000037f"} true;
+    assert (L(mem, R0_10) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_10, 2bv32), gamma_store32(Gamma_mem, R0_10, true);
+    R1_6, Gamma_R1_6 := 2bv64, true;
     goto l0000035e;
   l0000035e:
-    assume {:captureState "l0000035e"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
-  lmain_goto_l00000340:
-    assume {:captureState "lmain_goto_l00000340"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000340;
-  lmain_goto_l00000368:
-    assume {:captureState "lmain_goto_l00000368"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000368;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_6;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_6;
     return;
 }
 
diff --git a/src/test/correct/cjump/gcc_pic/cjump_gtirb.expected b/src/test/correct/cjump/gcc_pic/cjump_gtirb.expected
index 7f8c66615..e49ae6369 100644
--- a/src/test/correct/cjump/gcc_pic/cjump_gtirb.expected
+++ b/src/test/correct/cjump/gcc_pic/cjump_gtirb.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -20,12 +8,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -35,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,11 +47,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -87,8 +81,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == false);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -114,68 +108,55 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var Cse0__5$2$7: bv32;
-  var Gamma_Cse0__5$2$7: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_6: bool;
+  var R0_10: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_8: bv64;
+  var R1_6: bv64;
   $main$__0__$odan6iejSaiIvyv2xbxX2Q:
-    assume {:captureState "$main$__0__$odan6iejSaiIvyv2xbxX2Q"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$2$7, Gamma_Cse0__5$2$7 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$2$7, Cse0__5$2$7)), Gamma_Cse0__5$2$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$7), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$2$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$7, 0bv32), Gamma_Cse0__5$2$7;
-    NF, Gamma_NF := Cse0__5$2$7[32:31], Gamma_Cse0__5$2$7;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto $main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__2__$7OQ5GMtLT3i738Ax4kb9lg, $main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__1__$MCUkhZcpTE24flHPahs6NA;
-  $main$__1__$MCUkhZcpTE24flHPahs6NA:
-    assume {:captureState "$main$__1__$MCUkhZcpTE24flHPahs6NA"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__1__$MCUkhZcpTE24flHPahs6NA:
+    assume (!(R0_6 == 0bv32));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := 3bv64, true;
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1924$0"} true;
+    assert (L(mem, R0_8) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_8, 3bv32), gamma_store32(Gamma_mem, R0_8, true);
+    R1_6, Gamma_R1_6 := 3bv64, true;
     goto $main$__3__$bH6WR9krRFGfL0jcN6MCWA;
-  $main$__2__$7OQ5GMtLT3i738Ax4kb9lg:
-    assume {:captureState "$main$__2__$7OQ5GMtLT3i738Ax4kb9lg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__2__$7OQ5GMtLT3i738Ax4kb9lg:
+    assume (R0_6 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := 2bv64, true;
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1944$0"} true;
+    assert (L(mem, R0_10) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_10, 2bv32), gamma_store32(Gamma_mem, R0_10, true);
+    R1_6, Gamma_R1_6 := 2bv64, true;
     goto $main$__3__$bH6WR9krRFGfL0jcN6MCWA;
   $main$__3__$bH6WR9krRFGfL0jcN6MCWA:
-    assume {:captureState "$main$__3__$bH6WR9krRFGfL0jcN6MCWA"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
-  $main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__2__$7OQ5GMtLT3i738Ax4kb9lg:
-    assume {:captureState "$main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__2__$7OQ5GMtLT3i738Ax4kb9lg"} true;
-    assume (ZF == 1bv1);
-    goto $main$__2__$7OQ5GMtLT3i738Ax4kb9lg;
-  $main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__1__$MCUkhZcpTE24flHPahs6NA:
-    assume {:captureState "$main$__0__$odan6iejSaiIvyv2xbxX2Q_goto_$main$__1__$MCUkhZcpTE24flHPahs6NA"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$MCUkhZcpTE24flHPahs6NA;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_6;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_6;
     return;
 }
 
diff --git a/src/test/correct/floatingpoint/clang/floatingpoint_gtirb.expected b/src/test/correct/floatingpoint/clang/floatingpoint_gtirb.expected
index eb7ad317b..2b88f0ddd 100644
--- a/src/test/correct/floatingpoint/clang/floatingpoint_gtirb.expected
+++ b/src/test/correct/floatingpoint/clang/floatingpoint_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} FPCR: bv32;
-var {:extern} Gamma_FPCR: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_V0: bool;
-var {:extern} Gamma_V1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} V0: bv128;
-var {:extern} V1: bv128;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -34,6 +20,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -43,11 +43,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -59,14 +63,13 @@ function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv6
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_2(bv2) returns (bv3);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 function {:extern} {:bvbuiltin "zero_extend 64"} zero_extend64_64(bv64) returns (bv128);
 function {:extern} {:bvbuiltin "zero_extend 96"} zero_extend96_32(bv32) returns (bv128);
@@ -97,8 +100,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_V0, Gamma_V1, Gamma_mem, Gamma_stack, R0, R31, R8, V0, V1, mem, stack;
+procedure main(FPCR_in: bv32, Gamma_FPCR_in: bool, R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 2088bv64) == 131073bv64);
@@ -107,8 +110,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2088bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2096bv64) == 4767034467667331754bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1808bv64);
@@ -116,146 +117,133 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(FPCR_in: bv32, Gamma_FPCR_in: bool, R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Exp10__6$0$33: bv64;
-  var Exp10__6$0$38: bv64;
-  var Exp10__6$0$43: bv64;
-  var Exp10__6$0$48: bv64;
-  var Exp10__6$0$52: bv32;
-  var Exp10__6$0$55: bv64;
-  var Exp7__5$0$58: bv32;
-  var Exp9__5$0$14: bv32;
-  var Exp9__5$0$18: bv32;
-  var Exp9__5$0$22: bv32;
-  var Exp9__5$0$26: bv32;
-  var Exp9__5$0$34: bv64;
-  var Exp9__5$0$39: bv64;
-  var Exp9__5$0$44: bv64;
-  var Exp9__5$0$49: bv64;
-  var FPDecodeRounding8__7: bv3;
-  var Gamma_Exp10__6$0$33: bool;
-  var Gamma_Exp10__6$0$38: bool;
-  var Gamma_Exp10__6$0$43: bool;
-  var Gamma_Exp10__6$0$48: bool;
-  var Gamma_Exp10__6$0$52: bool;
-  var Gamma_Exp10__6$0$55: bool;
-  var Gamma_Exp7__5$0$58: bool;
-  var Gamma_Exp9__5$0$14: bool;
-  var Gamma_Exp9__5$0$18: bool;
-  var Gamma_Exp9__5$0$22: bool;
-  var Gamma_Exp9__5$0$26: bool;
-  var Gamma_Exp9__5$0$34: bool;
-  var Gamma_Exp9__5$0$39: bool;
-  var Gamma_Exp9__5$0$44: bool;
-  var Gamma_Exp9__5$0$49: bool;
-  var Gamma_FPDecodeRounding8__7: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_V0_1: bool;
+  var Gamma_V0_10: bool;
+  var Gamma_V0_11: bool;
+  var Gamma_V0_12: bool;
+  var Gamma_V0_13: bool;
+  var Gamma_V0_14: bool;
+  var Gamma_V0_15: bool;
+  var Gamma_V0_16: bool;
+  var Gamma_V0_17: bool;
+  var Gamma_V0_18: bool;
+  var Gamma_V0_19: bool;
+  var Gamma_V0_2: bool;
+  var Gamma_V0_20: bool;
+  var Gamma_V0_21: bool;
+  var Gamma_V0_22: bool;
+  var Gamma_V0_23: bool;
+  var Gamma_V0_24: bool;
+  var Gamma_V0_3: bool;
+  var Gamma_V0_4: bool;
+  var Gamma_V0_5: bool;
+  var Gamma_V0_6: bool;
+  var Gamma_V0_7: bool;
+  var Gamma_V0_8: bool;
+  var Gamma_V0_9: bool;
+  var Gamma_V1_1: bool;
+  var Gamma_V1_11: bool;
+  var Gamma_V1_2: bool;
+  var Gamma_V1_3: bool;
+  var Gamma_V1_4: bool;
+  var Gamma_V1_5: bool;
+  var Gamma_V1_7: bool;
+  var Gamma_V1_9: bool;
+  var R0_2: bv64;
+  var R8_6: bv64;
+  var V0_1: bv128;
+  var V0_10: bv128;
+  var V0_11: bv128;
+  var V0_12: bv128;
+  var V0_13: bv128;
+  var V0_14: bv128;
+  var V0_15: bv128;
+  var V0_16: bv128;
+  var V0_17: bv128;
+  var V0_18: bv128;
+  var V0_19: bv128;
+  var V0_2: bv128;
+  var V0_20: bv128;
+  var V0_21: bv128;
+  var V0_22: bv128;
+  var V0_23: bv128;
+  var V0_24: bv128;
+  var V0_3: bv128;
+  var V0_4: bv128;
+  var V0_5: bv128;
+  var V0_6: bv128;
+  var V0_7: bv128;
+  var V0_8: bv128;
+  var V0_9: bv128;
+  var V1_1: bv128;
+  var V1_11: bv128;
+  var V1_2: bv128;
+  var V1_3: bv128;
+  var V1_4: bv128;
+  var V1_5: bv128;
+  var V1_7: bv128;
+  var V1_9: bv128;
   $main$__0__$b3UZxKKWTIWwuKGd8CuBtA:
-    assume {:captureState "$main$__0__$b3UZxKKWTIWwuKGd8CuBtA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551552bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 60bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 60bv64), true);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 56bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 56bv64), Gamma_R0);
-    assume {:captureState "1820$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 48bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 48bv64), Gamma_R1);
-    assume {:captureState "1824$0"} true;
-    R8, Gamma_R8 := 45941bv64, true;
-    R8, Gamma_R8 := zero_extend32_32((16680bv16 ++ R8[16:0])), Gamma_R8;
-    V0, Gamma_V0 := zero_extend96_32(R8[32:0]), Gamma_R8;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 44bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 44bv64), Gamma_V0);
-    assume {:captureState "1840$0"} true;
-    R8, Gamma_R8 := 23254bv64, true;
-    R8, Gamma_R8 := zero_extend32_32((16470bv16 ++ R8[16:0])), Gamma_R8;
-    V0, Gamma_V0 := zero_extend96_32(R8[32:0]), Gamma_R8;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 40bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 40bv64), Gamma_V0);
-    assume {:captureState "1856$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 44bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    Exp9__5$0$14, Gamma_Exp9__5$0$14 := FPMul$32(V0[32:0], V1[32:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$14), Gamma_Exp9__5$0$14;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_V0);
-    assume {:captureState "1872$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 44bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    Exp9__5$0$18, Gamma_Exp9__5$0$18 := FPDiv$32(V0[32:0], V1[32:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$18), Gamma_Exp9__5$0$18;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_V0);
-    assume {:captureState "1888$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 44bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    Exp9__5$0$22, Gamma_Exp9__5$0$22 := FPSub$32(V0[32:0], V1[32:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$22), Gamma_Exp9__5$0$22;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_V0);
-    assume {:captureState "1904$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 44bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    Exp9__5$0$26, Gamma_Exp9__5$0$26 := FPAdd$32(V0[32:0], V1[32:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$26), Gamma_Exp9__5$0$26;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_V0);
-    assume {:captureState "1920$0"} true;
-    R8, Gamma_R8 := 0bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
+    V0_1, Gamma_V0_1 := 1093186421bv128, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), V0_1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_V0_1);
+    V0_2, Gamma_V0_2 := 1079401174bv128, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), V0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_V0_2);
+    V0_3, Gamma_V0_3 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    V1_1, Gamma_V1_1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_4, Gamma_V0_4 := zero_extend96_32(FPMul$32(V0_3[32:0], V1_1[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_1 && Gamma_V0_3));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), V0_4[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_V0_4);
+    V0_5, Gamma_V0_5 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    V1_2, Gamma_V1_2 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_6, Gamma_V0_6 := zero_extend96_32(FPDiv$32(V0_5[32:0], V1_2[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_2 && Gamma_V0_5));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), V0_6[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_V0_6);
+    V0_7, Gamma_V0_7 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    V1_3, Gamma_V1_3 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_8, Gamma_V0_8 := zero_extend96_32(FPSub$32(V0_7[32:0], V1_3[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_3 && Gamma_V0_7));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), V0_8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_V0_8);
+    V0_9, Gamma_V0_9 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    V1_4, Gamma_V1_4 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_10, Gamma_V0_10 := zero_extend96_32(FPAdd$32(V0_9[32:0], V1_4[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_4 && Gamma_V0_9));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), V0_10[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_V0_10);
     call rely();
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(mem, bvadd64(R8, 2096bv64))), (gamma_load64(Gamma_mem, bvadd64(R8, 2096bv64)) || L(mem, bvadd64(R8, 2096bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_V0);
-    assume {:captureState "1932$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 24bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$33, Gamma_Exp10__6$0$33 := FPConvert$64$32(V1[32:0], FPCR), (Gamma_FPCR && Gamma_V1);
-    V1, Gamma_V1 := zero_extend64_64(Exp10__6$0$33), Gamma_Exp10__6$0$33;
-    Exp9__5$0$34, Gamma_Exp9__5$0$34 := FPMul$64(V0[64:0], V1[64:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$34), Gamma_Exp9__5$0$34;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_V0);
-    assume {:captureState "1952$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 24bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$38, Gamma_Exp10__6$0$38 := FPConvert$64$32(V1[32:0], FPCR), (Gamma_FPCR && Gamma_V1);
-    V1, Gamma_V1 := zero_extend64_64(Exp10__6$0$38), Gamma_Exp10__6$0$38;
-    Exp9__5$0$39, Gamma_Exp9__5$0$39 := FPSub$64(V0[64:0], V1[64:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$39), Gamma_Exp9__5$0$39;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_V0);
-    assume {:captureState "1972$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 24bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$43, Gamma_Exp10__6$0$43 := FPConvert$64$32(V1[32:0], FPCR), (Gamma_FPCR && Gamma_V1);
-    V1, Gamma_V1 := zero_extend64_64(Exp10__6$0$43), Gamma_Exp10__6$0$43;
-    Exp9__5$0$44, Gamma_Exp9__5$0$44 := FPAdd$64(V0[64:0], V1[64:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$44), Gamma_Exp9__5$0$44;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_V0);
-    assume {:captureState "1992$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 24bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$48, Gamma_Exp10__6$0$48 := FPConvert$64$32(V1[32:0], FPCR), (Gamma_FPCR && Gamma_V1);
-    V1, Gamma_V1 := zero_extend64_64(Exp10__6$0$48), Gamma_Exp10__6$0$48;
-    Exp9__5$0$49, Gamma_Exp9__5$0$49 := FPDiv$64(V0[64:0], V1[64:0], FPCR), (Gamma_FPCR && (Gamma_V1 && Gamma_V0));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$49), Gamma_Exp9__5$0$49;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_V0);
-    assume {:captureState "2012$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 16bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$52, Gamma_Exp10__6$0$52 := FPConvert$32$64(V0[64:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend96_32(Exp10__6$0$52), Gamma_Exp10__6$0$52;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 44bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 44bv64), Gamma_V0);
-    assume {:captureState "2024$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 40bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 40bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$55, Gamma_Exp10__6$0$55 := FPConvert$64$32(V0[32:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend64_64(Exp10__6$0$55), Gamma_Exp10__6$0$55;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_V0);
-    assume {:captureState "2036$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 16bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    Exp7__5$0$58, Gamma_Exp7__5$0$58 := FPToFixed$32$64(V0[64:0], 0, false, FPCR, 3), (Gamma_FPCR && Gamma_V0);
-    R8, Gamma_R8 := zero_extend32_32(Exp7__5$0$58), Gamma_Exp7__5$0$58;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "2048$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 64bv64), Gamma_R31;
+    V0_11, Gamma_V0_11 := zero_extend64_64(memory_load64_le(mem, 2096bv64)), (gamma_load64(Gamma_mem, 2096bv64) || L(mem, 2096bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), V0_11[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_V0_11);
+    V0_12, Gamma_V0_12 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    V1_5, Gamma_V1_5 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_13, Gamma_V0_13 := zero_extend64_64(FPMul$64(V0_12[64:0], FPConvert$64$32(V1_5[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_5 && Gamma_V0_12));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), V0_13[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_V0_13);
+    V0_14, Gamma_V0_14 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    V1_7, Gamma_V1_7 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_15, Gamma_V0_15 := zero_extend64_64(FPSub$64(V0_14[64:0], FPConvert$64$32(V1_7[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_7 && Gamma_V0_14));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), V0_15[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_V0_15);
+    V0_16, Gamma_V0_16 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    V1_9, Gamma_V1_9 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_17, Gamma_V0_17 := zero_extend64_64(FPAdd$64(V0_16[64:0], FPConvert$64$32(V1_9[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_9 && Gamma_V0_16));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), V0_17[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_V0_17);
+    V0_18, Gamma_V0_18 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    V1_11, Gamma_V1_11 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_19, Gamma_V0_19 := zero_extend64_64(FPDiv$64(V0_18[64:0], FPConvert$64$32(V1_11[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V1_11 && Gamma_V0_18));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), V0_19[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_V0_19);
+    V0_20, Gamma_V0_20 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    V0_21, Gamma_V0_21 := zero_extend96_32(FPConvert$32$64(V0_20[64:0], FPCR_in)), (Gamma_FPCR_in && Gamma_V0_20);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), V0_21[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_V0_21);
+    V0_22, Gamma_V0_22 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    V0_23, Gamma_V0_23 := zero_extend64_64(FPConvert$64$32(V0_22[32:0], FPCR_in)), (Gamma_FPCR_in && Gamma_V0_22);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), V0_23[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_V0_23);
+    V0_24, Gamma_V0_24 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    R8_6, Gamma_R8_6 := zero_extend32_32(FPToFixed$32$64(V0_24[64:0], 0, false, FPCR_in, 3)), (Gamma_FPCR_in && Gamma_V0_24);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551564bv64), R8_6[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551564bv64), Gamma_R8_6);
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551564bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551564bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_2, R31_in, R8_6;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_2, Gamma_R31_in, Gamma_R8_6;
     return;
 }
 
diff --git a/src/test/correct/floatingpoint/gcc/floatingpoint_gtirb.expected b/src/test/correct/floatingpoint/gcc/floatingpoint_gtirb.expected
index 065a70ac3..baa123e73 100644
--- a/src/test/correct/floatingpoint/gcc/floatingpoint_gtirb.expected
+++ b/src/test/correct/floatingpoint/gcc/floatingpoint_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} FPCR: bv32;
-var {:extern} Gamma_FPCR: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_V0: bool;
-var {:extern} Gamma_V1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} V0: bv128;
-var {:extern} V1: bv128;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -32,6 +20,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,11 +43,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -57,14 +63,13 @@ function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv6
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_2(bv2) returns (bv3);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 function {:extern} {:bvbuiltin "zero_extend 64"} zero_extend64_64(bv64) returns (bv128);
 function {:extern} {:bvbuiltin "zero_extend 96"} zero_extend96_32(bv32) returns (bv128);
@@ -95,8 +100,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R31, Gamma_V0, Gamma_V1, Gamma_mem, Gamma_stack, R0, R31, V0, V1, mem, stack;
+procedure main(FPCR_in: bv32, Gamma_FPCR_in: bool, R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2080bv64) == 131073bv64);
@@ -105,8 +110,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2080bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2088bv64) == 4767034467667331754bv64);
   free ensures (memory_load64_le(mem, 69016bv64) == 1808bv64);
@@ -114,144 +117,132 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(FPCR_in: bv32, Gamma_FPCR_in: bool, R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Exp10__6$0$31: bv64;
-  var Exp10__6$0$36: bv64;
-  var Exp10__6$0$41: bv64;
-  var Exp10__6$0$46: bv64;
-  var Exp10__6$0$51: bv32;
-  var Exp10__6$0$54: bv64;
-  var Exp7__5$0$57: bv32;
-  var Exp9__5$0$13: bv32;
-  var Exp9__5$0$17: bv32;
-  var Exp9__5$0$21: bv32;
-  var Exp9__5$0$25: bv32;
-  var Exp9__5$0$33: bv64;
-  var Exp9__5$0$38: bv64;
-  var Exp9__5$0$43: bv64;
-  var Exp9__5$0$48: bv64;
-  var FPDecodeRounding8__7: bv3;
-  var Gamma_Exp10__6$0$31: bool;
-  var Gamma_Exp10__6$0$36: bool;
-  var Gamma_Exp10__6$0$41: bool;
-  var Gamma_Exp10__6$0$46: bool;
-  var Gamma_Exp10__6$0$51: bool;
-  var Gamma_Exp10__6$0$54: bool;
-  var Gamma_Exp7__5$0$57: bool;
-  var Gamma_Exp9__5$0$13: bool;
-  var Gamma_Exp9__5$0$17: bool;
-  var Gamma_Exp9__5$0$21: bool;
-  var Gamma_Exp9__5$0$25: bool;
-  var Gamma_Exp9__5$0$33: bool;
-  var Gamma_Exp9__5$0$38: bool;
-  var Gamma_Exp9__5$0$43: bool;
-  var Gamma_Exp9__5$0$48: bool;
-  var Gamma_FPDecodeRounding8__7: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_V0_1: bool;
+  var Gamma_V0_10: bool;
+  var Gamma_V0_11: bool;
+  var Gamma_V0_12: bool;
+  var Gamma_V0_14: bool;
+  var Gamma_V0_15: bool;
+  var Gamma_V0_17: bool;
+  var Gamma_V0_18: bool;
+  var Gamma_V0_2: bool;
+  var Gamma_V0_20: bool;
+  var Gamma_V0_21: bool;
+  var Gamma_V0_23: bool;
+  var Gamma_V0_24: bool;
+  var Gamma_V0_25: bool;
+  var Gamma_V0_26: bool;
+  var Gamma_V0_27: bool;
+  var Gamma_V0_28: bool;
+  var Gamma_V0_3: bool;
+  var Gamma_V0_4: bool;
+  var Gamma_V0_5: bool;
+  var Gamma_V0_6: bool;
+  var Gamma_V0_7: bool;
+  var Gamma_V0_8: bool;
+  var Gamma_V0_9: bool;
+  var Gamma_V1_1: bool;
+  var Gamma_V1_2: bool;
+  var Gamma_V1_3: bool;
+  var Gamma_V1_4: bool;
+  var Gamma_V1_5: bool;
+  var Gamma_V1_6: bool;
+  var Gamma_V1_7: bool;
+  var Gamma_V1_8: bool;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var V0_1: bv128;
+  var V0_10: bv128;
+  var V0_11: bv128;
+  var V0_12: bv128;
+  var V0_14: bv128;
+  var V0_15: bv128;
+  var V0_17: bv128;
+  var V0_18: bv128;
+  var V0_2: bv128;
+  var V0_20: bv128;
+  var V0_21: bv128;
+  var V0_23: bv128;
+  var V0_24: bv128;
+  var V0_25: bv128;
+  var V0_26: bv128;
+  var V0_27: bv128;
+  var V0_28: bv128;
+  var V0_3: bv128;
+  var V0_4: bv128;
+  var V0_5: bv128;
+  var V0_6: bv128;
+  var V0_7: bv128;
+  var V0_8: bv128;
+  var V0_9: bv128;
+  var V1_1: bv128;
+  var V1_2: bv128;
+  var V1_3: bv128;
+  var V1_4: bv128;
+  var V1_5: bv128;
+  var V1_6: bv128;
+  var V1_7: bv128;
+  var V1_8: bv128;
   $main$__0__$ApY~zz48QdCDKl~J0XWxTA:
-    assume {:captureState "$main$__0__$ApY~zz48QdCDKl~J0XWxTA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R1), gamma_store64(Gamma_stack, R31, Gamma_R1);
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 45941bv64, true;
-    R0, Gamma_R0 := zero_extend32_32((16680bv16 ++ R0[16:0])), Gamma_R0;
-    V0, Gamma_V0 := zero_extend96_32(R0[32:0]), Gamma_R0;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 16bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 16bv64), Gamma_V0);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 23254bv64, true;
-    R0, Gamma_R0 := zero_extend32_32((16470bv16 ++ R0[16:0])), Gamma_R0;
-    V0, Gamma_V0 := zero_extend96_32(R0[32:0]), Gamma_R0;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_V0);
-    assume {:captureState "1852$0"} true;
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 16bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 16bv64));
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    Exp9__5$0$13, Gamma_Exp9__5$0$13 := FPMul$32(V1[32:0], V0[32:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$13), Gamma_Exp9__5$0$13;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_V0);
-    assume {:captureState "1868$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 16bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 16bv64));
-    Exp9__5$0$17, Gamma_Exp9__5$0$17 := FPDiv$32(V1[32:0], V0[32:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$17), Gamma_Exp9__5$0$17;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_V0);
-    assume {:captureState "1884$0"} true;
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 16bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 16bv64));
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    Exp9__5$0$21, Gamma_Exp9__5$0$21 := FPSub$32(V1[32:0], V0[32:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$21), Gamma_Exp9__5$0$21;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_V0);
-    assume {:captureState "1900$0"} true;
-    V1, Gamma_V1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 16bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 16bv64));
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    Exp9__5$0$25, Gamma_Exp9__5$0$25 := FPAdd$32(V1[32:0], V0[32:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend96_32(Exp9__5$0$25), Gamma_Exp9__5$0$25;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_V0);
-    assume {:captureState "1916$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R1_in);
+    V0_1, Gamma_V0_1 := 1093186421bv128, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551584bv64), V0_1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_V0_1);
+    V0_2, Gamma_V0_2 := 1079401174bv128, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), V0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), Gamma_V0_2);
+    V1_1, Gamma_V1_1 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551584bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    V0_3, Gamma_V0_3 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V0_4, Gamma_V0_4 := zero_extend96_32(FPMul$32(V1_1[32:0], V0_3[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_3 && Gamma_V1_1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), V0_4[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_V0_4);
+    V0_5, Gamma_V0_5 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V1_2, Gamma_V1_2 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551584bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    V0_6, Gamma_V0_6 := zero_extend96_32(FPDiv$32(V1_2[32:0], V0_5[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_5 && Gamma_V1_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), V0_6[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_V0_6);
+    V1_3, Gamma_V1_3 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551584bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    V0_7, Gamma_V0_7 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V0_8, Gamma_V0_8 := zero_extend96_32(FPSub$32(V1_3[32:0], V0_7[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_7 && Gamma_V1_3));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), V0_8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_V0_8);
+    V1_4, Gamma_V1_4 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551584bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    V0_9, Gamma_V0_9 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V0_10, Gamma_V0_10 := zero_extend96_32(FPAdd$32(V1_4[32:0], V0_9[32:0], FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_9 && Gamma_V1_4));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), V0_10[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_V0_10);
     call rely();
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(mem, bvadd64(R0, 2088bv64))), (gamma_load64(Gamma_mem, bvadd64(R0, 2088bv64)) || L(mem, bvadd64(R0, 2088bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_V0);
-    assume {:captureState "1928$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$31, Gamma_Exp10__6$0$31 := FPConvert$64$32(V0[32:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend64_64(Exp10__6$0$31), Gamma_Exp10__6$0$31;
-    V1, Gamma_V1 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 32bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    Exp9__5$0$33, Gamma_Exp9__5$0$33 := FPMul$64(V1[64:0], V0[64:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$33), Gamma_Exp9__5$0$33;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_V0);
-    assume {:captureState "1948$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$36, Gamma_Exp10__6$0$36 := FPConvert$64$32(V0[32:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend64_64(Exp10__6$0$36), Gamma_Exp10__6$0$36;
-    V1, Gamma_V1 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 32bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    Exp9__5$0$38, Gamma_Exp9__5$0$38 := FPSub$64(V1[64:0], V0[64:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$38), Gamma_Exp9__5$0$38;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_V0);
-    assume {:captureState "1968$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$41, Gamma_Exp10__6$0$41 := FPConvert$64$32(V0[32:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend64_64(Exp10__6$0$41), Gamma_Exp10__6$0$41;
-    V1, Gamma_V1 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 32bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    Exp9__5$0$43, Gamma_Exp9__5$0$43 := FPAdd$64(V1[64:0], V0[64:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$43), Gamma_Exp9__5$0$43;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_V0);
-    assume {:captureState "1988$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$46, Gamma_Exp10__6$0$46 := FPConvert$64$32(V0[32:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend64_64(Exp10__6$0$46), Gamma_Exp10__6$0$46;
-    V1, Gamma_V1 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 32bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    Exp9__5$0$48, Gamma_Exp9__5$0$48 := FPDiv$64(V1[64:0], V0[64:0], FPCR), (Gamma_FPCR && (Gamma_V0 && Gamma_V1));
-    V0, Gamma_V0 := zero_extend64_64(Exp9__5$0$48), Gamma_Exp9__5$0$48;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_V0);
-    assume {:captureState "2008$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 40bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$51, Gamma_Exp10__6$0$51 := FPConvert$32$64(V0[64:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend96_32(Exp10__6$0$51), Gamma_Exp10__6$0$51;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 16bv64), V0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 16bv64), Gamma_V0);
-    assume {:captureState "2020$0"} true;
-    V0, Gamma_V0 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    FPDecodeRounding8__7, Gamma_FPDecodeRounding8__7 := zero_extend1_2(FPCR[24:22]), Gamma_FPCR;
-    Exp10__6$0$54, Gamma_Exp10__6$0$54 := FPConvert$64$32(V0[32:0], FPCR), (Gamma_FPCR && Gamma_V0);
-    V0, Gamma_V0 := zero_extend64_64(Exp10__6$0$54), Gamma_Exp10__6$0$54;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), V0[64:0]), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_V0);
-    assume {:captureState "2032$0"} true;
-    V0, Gamma_V0 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31, 40bv64))), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    Exp7__5$0$57, Gamma_Exp7__5$0$57 := FPToFixed$32$64(V0[64:0], 0, false, FPCR, 3), (Gamma_FPCR && Gamma_V0);
-    R0, Gamma_R0 := zero_extend32_32(Exp7__5$0$57), Gamma_Exp7__5$0$57;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "2044$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    V0_11, Gamma_V0_11 := zero_extend64_64(memory_load64_le(mem, 2088bv64)), (gamma_load64(Gamma_mem, 2088bv64) || L(mem, 2088bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), V0_11[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_V0_11);
+    V0_12, Gamma_V0_12 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V1_5, Gamma_V1_5 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    V0_14, Gamma_V0_14 := zero_extend64_64(FPMul$64(V1_5[64:0], FPConvert$64$32(V0_12[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_12 && Gamma_V1_5));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), V0_14[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_V0_14);
+    V0_15, Gamma_V0_15 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V1_6, Gamma_V1_6 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    V0_17, Gamma_V0_17 := zero_extend64_64(FPSub$64(V1_6[64:0], FPConvert$64$32(V0_15[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_15 && Gamma_V1_6));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), V0_17[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_V0_17);
+    V0_18, Gamma_V0_18 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V1_7, Gamma_V1_7 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    V0_20, Gamma_V0_20 := zero_extend64_64(FPAdd$64(V1_7[64:0], FPConvert$64$32(V0_18[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_18 && Gamma_V1_7));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), V0_20[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_V0_20);
+    V0_21, Gamma_V0_21 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V1_8, Gamma_V1_8 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    V0_23, Gamma_V0_23 := zero_extend64_64(FPDiv$64(V1_8[64:0], FPConvert$64$32(V0_21[32:0], FPCR_in), FPCR_in)), (Gamma_FPCR_in && (Gamma_V0_21 && Gamma_V1_8));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), V0_23[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_V0_23);
+    V0_24, Gamma_V0_24 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    V0_25, Gamma_V0_25 := zero_extend96_32(FPConvert$32$64(V0_24[64:0], FPCR_in)), (Gamma_FPCR_in && Gamma_V0_24);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551584bv64), V0_25[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_V0_25);
+    V0_26, Gamma_V0_26 := zero_extend96_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551588bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64));
+    V0_27, Gamma_V0_27 := zero_extend64_64(FPConvert$64$32(V0_26[32:0], FPCR_in)), (Gamma_FPCR_in && Gamma_V0_26);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), V0_27[64:0]), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_V0_27);
+    V0_28, Gamma_V0_28 := zero_extend64_64(memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_7, Gamma_R0_7 := zero_extend32_32(FPToFixed$32$64(V0_28[64:0], 0, false, FPCR_in, 3)), (Gamma_FPCR_in && Gamma_V0_28);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_7[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_7);
+    R0_8, Gamma_R0_8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_8, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_8, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/function/clang/function.expected b/src/test/correct/function/clang/function.expected
index c1e865cdf..8548505a0 100644
--- a/src/test/correct/function/clang/function.expected
+++ b/src/test/correct/function/clang/function.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -48,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -84,8 +90,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1884bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1885bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -94,7 +99,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1884bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1885bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -104,19 +109,18 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lget_two:
-    assume {:captureState "lget_two"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -129,10 +133,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1884bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1885bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -142,42 +142,32 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000008db"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000008e1"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "%000008fd"} true;
-    R30, Gamma_R30 := 1836bv64, true;
-    call get_two();
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    call R0_1, Gamma_R0_1 := get_two();
     goto l00000910;
   l00000910:
-    assume {:captureState "l00000910"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R0);
-    assume {:captureState "%0000091b"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69688bv64) ==> Gamma_R0_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R0_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R0_1);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, true, true;
     return;
 }
 
diff --git a/src/test/correct/function/clang/function_gtirb.expected b/src/test/correct/function/clang/function_gtirb.expected
index a72ab33b0..ac588414f 100644
--- a/src/test/correct/function/clang/function_gtirb.expected
+++ b/src/test/correct/function/clang/function_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -48,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -84,8 +90,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -98,10 +104,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1884bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1885bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -111,47 +113,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$EOZN5uSLQQqIXnLhnZHeWA:
-    assume {:captureState "$main$__0__$EOZN5uSLQQqIXnLhnZHeWA"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1812$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1812$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    R30, Gamma_R30 := 1836bv64, true;
-    call get_two();
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    call R0_1, Gamma_R0_1 := get_two();
     goto $main$__1__$Q55zdQssRl~zLCCVlSDCuw;
   $main$__1__$Q55zdQssRl~zLCCVlSDCuw:
-    assume {:captureState "$main$__1__$Q55zdQssRl~zLCCVlSDCuw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R0);
-    assume {:captureState "1840$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69688bv64) ==> Gamma_R0_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R0_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R0_1);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, true, true;
     return;
 }
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1884bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1885bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -160,7 +151,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1884bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1885bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1886bv64) == 2bv8);
@@ -170,14 +161,13 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $get_two$__0__$1qmWzVjSR9iAETCu0c0vYw:
-    assume {:captureState "$get_two$__0__$1qmWzVjSR9iAETCu0c0vYw"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/function/clang_pic/function.expected b/src/test/correct/function/clang_pic/function.expected
index 9ee11f3e1..738380c17 100644
--- a/src/test/correct/function/clang_pic/function.expected
+++ b/src/test/correct/function/clang_pic/function.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -48,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -86,8 +92,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1957bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -98,7 +103,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -110,19 +115,18 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lget_two:
-    assume {:captureState "lget_two"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -137,10 +141,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -152,46 +152,40 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
+  var R0_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002f0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002f6"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R9, Gamma_R9 := 65536bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000319"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call get_two();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    call R0_1, Gamma_R0_1 := get_two();
     goto l0000032c;
   l0000032c:
-    assume {:captureState "l0000032c"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R0[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R0);
-    assume {:captureState "%0000033e"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R8_3) ==> Gamma_R0_1);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R0_1[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R0_1);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_3, R9_2;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_3, Gamma_R9_2;
     return;
 }
 
diff --git a/src/test/correct/function/clang_pic/function_gtirb.expected b/src/test/correct/function/clang_pic/function_gtirb.expected
index e594fca30..eff74f3ff 100644
--- a/src/test/correct/function/clang_pic/function_gtirb.expected
+++ b/src/test/correct/function/clang_pic/function_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -23,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -48,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -86,8 +92,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
@@ -102,10 +108,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -117,51 +119,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
+  var R0_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   $main$__0__$NmMrnPbhSNuHmxHjD8po9A:
-    assume {:captureState "$main$__0__$NmMrnPbhSNuHmxHjD8po9A"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1876$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1876$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R9, Gamma_R9 := 65536bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1896$0"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call get_two();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    call R0_1, Gamma_R0_1 := get_two();
     goto $main$__1__$tJ_OTc5AS_~oGm8pJbb5Ew;
   $main$__1__$tJ_OTc5AS_~oGm8pJbb5Ew:
-    assume {:captureState "$main$__1__$tJ_OTc5AS_~oGm8pJbb5Ew"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R0[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R0);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R8_3) ==> Gamma_R0_1);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R0_1[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R0_1);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_3, R9_2;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_3, Gamma_R9_2;
     return;
 }
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1957bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -172,7 +167,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69568bv64) == 69684bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -184,14 +179,13 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $get_two$__0__$FEI1g2gcQAqE4UEurbd17A:
-    assume {:captureState "$get_two$__0__$FEI1g2gcQAqE4UEurbd17A"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/function/gcc/function.expected b/src/test/correct/function/gcc/function.expected
index beb93a1bf..2b315b9b9 100644
--- a/src/test/correct/function/gcc/function.expected
+++ b/src/test/correct/function/gcc/function.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -46,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -83,8 +91,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1897bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -93,7 +100,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -103,19 +110,18 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lget_two:
-    assume {:captureState "lget_two"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -128,10 +134,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -141,45 +143,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_3: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%0000090b"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000911"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000933"} true;
-    R30, Gamma_R30 := 1840bv64, true;
-    call get_two();
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    call R0_3, Gamma_R0_3 := get_two();
     goto l00000946;
   l00000946:
-    assume {:captureState "l00000946"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_2, Gamma_R1_2 := zero_extend32_32(R0_3[32:0]), Gamma_R0_3;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000095d"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_2);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/function/gcc/function_gtirb.expected b/src/test/correct/function/gcc/function_gtirb.expected
index ee39081b8..708a5e9b0 100644
--- a/src/test/correct/function/gcc/function_gtirb.expected
+++ b/src/test/correct/function/gcc/function_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -46,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -83,8 +91,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1897bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -93,7 +100,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -103,19 +110,18 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $get_two$__0__$lT8LeRkcS4eNr99yLhlABA:
-    assume {:captureState "$get_two$__0__$lT8LeRkcS4eNr99yLhlABA"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -128,10 +134,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -141,45 +143,35 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_3: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$Hr_crFnzTBCWNR~lsvKo~A:
-    assume {:captureState "$main$__0__$Hr_crFnzTBCWNR~lsvKo~A"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1812$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1812$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1832$0"} true;
-    R30, Gamma_R30 := 1840bv64, true;
-    call get_two();
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    call R0_3, Gamma_R0_3 := get_two();
     goto $main$__1__$Js1exVANQd~fHOhEeBDuvw;
   $main$__1__$Js1exVANQd~fHOhEeBDuvw:
-    assume {:captureState "$main$__1__$Js1exVANQd~fHOhEeBDuvw"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_2, Gamma_R1_2 := zero_extend32_32(R0_3[32:0]), Gamma_R0_3;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1852$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_2);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/function/gcc_pic/function.expected b/src/test/correct/function/gcc_pic/function.expected
index 46be66a06..f202f43ac 100644
--- a/src/test/correct/function/gcc_pic/function.expected
+++ b/src/test/correct/function/gcc_pic/function.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -46,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -85,8 +93,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1961bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -97,7 +104,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1960bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1961bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -109,19 +116,18 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   lget_two:
-    assume {:captureState "lget_two"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -136,10 +142,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1960bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1961bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -151,47 +153,43 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002f4"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002fa"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000031d"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call get_two();
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_2, 1bv32), gamma_store32(Gamma_mem, R0_2, true);
+    call R0_3, Gamma_R0_3 := get_two();
     goto l00000330;
   l00000330:
-    assume {:captureState "l00000330"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend32_32(R0_3[32:0]), Gamma_R0_3;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000348"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/function/gcc_pic/function_gtirb.expected b/src/test/correct/function/gcc_pic/function_gtirb.expected
index 9c9a51a5d..6fe2752a9 100644
--- a/src/test/correct/function/gcc_pic/function_gtirb.expected
+++ b/src/test/correct/function/gcc_pic/function_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -21,6 +11,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,11 +34,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -46,11 +54,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -85,8 +93,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $y_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
@@ -101,10 +109,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1960bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1961bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -116,52 +120,47 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$CDIUh9GHRvaZeUA_w4~N8g:
-    assume {:captureState "$main$__0__$CDIUh9GHRvaZeUA_w4~N8g"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1876$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1876$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1896$0"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call get_two();
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_2, 1bv32), gamma_store32(Gamma_mem, R0_2, true);
+    call R0_3, Gamma_R0_3 := get_two();
     goto $main$__1__$ILFoiTaWSQyMZ9c2qMX3nA;
   $main$__1__$ILFoiTaWSQyMZ9c2qMX3nA:
-    assume {:captureState "$main$__1__$ILFoiTaWSQyMZ9c2qMX3nA"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend32_32(R0_3[32:0]), Gamma_R0_3;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1916$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
-procedure get_two();
-  modifies Gamma_R0, R0;
+procedure get_two() returns (R0_out: bv64, Gamma_R0_out: bool);
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1961bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -172,7 +171,7 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  ensures (Gamma_R0 == true);
+  ensures (Gamma_R0_out == true);
   free ensures (memory_load8_le(mem, 1960bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1961bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -184,14 +183,13 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation get_two()
+implementation get_two() returns (R0_out: bv64, Gamma_R0_out: bool)
 {
   $get_two$__0__$3vTRMgrHQjWHoxnq48nf0w:
-    assume {:captureState "$get_two$__0__$3vTRMgrHQjWHoxnq48nf0w"} true;
-    R0, Gamma_R0 := 2bv64, true;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out := 2bv64;
+    Gamma_R0_out := true;
     return;
 }
 
diff --git a/src/test/correct/function1/clang/function1.expected b/src/test/correct/function1/clang/function1.expected
index c99be706b..e2f9fea24 100644
--- a/src/test/correct/function1/clang/function1.expected
+++ b/src/test/correct/function1/clang/function1.expected
@@ -1,25 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -34,6 +18,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -47,17 +45,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -71,15 +73,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "sign_extend 32"} sign_extend32_32(bv32) returns (bv64);
@@ -111,47 +113,52 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_stack, R0, R31, R8, R9, stack;
+procedure get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation get_two()
+implementation get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_2: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_1: bv32;
+  var R9_2: bv32;
   lget_two:
-    assume {:captureState "lget_two"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "%00000336"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R1);
-    assume {:captureState "%0000033e"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R2), gamma_store64(Gamma_stack, R31, Gamma_R2);
-    assume {:captureState "%00000346"} true;
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R9, Gamma_R9 := zero_extend32_32(bvadd32(R8[32:0], R9[32:0])), (Gamma_R9 && Gamma_R8);
-    R8, Gamma_R8 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R8, Gamma_R8 := bvadd64(R8, sign_extend32_32(R9[32:0])), (Gamma_R9 && Gamma_R8);
-    R0, Gamma_R0 := zero_extend32_32(R8[32:0]), Gamma_R8;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_in[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R1_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R2_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R2_in);
+    R8_1, Gamma_R8_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
+    R9_1, Gamma_R9_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R9_2, Gamma_R9_2 := bvadd32(R8_1[32:0], R9_1), (Gamma_R9_1 && Gamma_R8_1);
+    R8_2, Gamma_R8_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R8_3, Gamma_R8_3 := bvadd64(R8_2, sign_extend32_32(R9_2)), (Gamma_R9_2 && Gamma_R8_2);
+    R0_2, Gamma_R0_2 := zero_extend32_32(R8_3[32:0]), Gamma_R8_3;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out, R31_out := R0_2, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_2, Gamma_R31_in;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
@@ -159,70 +166,163 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
+  var R0_2: bv64;
+  var R0_5: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_4: bv64;
+  var R3: bv64;
+  var R30_4: bv64;
+  var R30_5: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000386"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%0000038c"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R9, 60bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 60bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 60bv64), Gamma_R8);
-    assume {:captureState "%000003a8"} true;
-    R0, Gamma_R0 := 97bv64, true;
-    R1, Gamma_R1 := 10bv64, true;
-    R2, Gamma_R2 := 58368bv64, true;
-    R2, Gamma_R2 := (R2[64:32] ++ (21515bv16 ++ R2[16:0])), Gamma_R2;
-    R2, Gamma_R2 := (R2[64:48] ++ (2bv16 ++ R2[32:0])), Gamma_R2;
-    R30, Gamma_R30 := 1968bv64, true;
-    call get_two();
+    assert (L(mem, 69692bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 1bv32), gamma_store32(Gamma_mem, 69692bv64, true);
+    call R0_2, Gamma_R0_2, R31_3, Gamma_R31_3 := get_two(97bv64, true, 10bv64, true, 10000000000bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in);
     goto l000003ce;
   l000003ce:
-    assume {:captureState "l000003ce"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 64bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 64bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 64bv64), Gamma_R0);
-    assume {:captureState "%000003d9"} true;
+    assert (L(mem, 69696bv64) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69696bv64, R0_2[32:0]), gamma_store32(Gamma_mem, 69696bv64, Gamma_R0_2);
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 64bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 64bv64)) || L(mem, bvadd64(R8, 64bv64)));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2028bv64), Gamma_R0;
-    R30, Gamma_R30 := 1992bv64, true;
-    call printf();
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, 69696bv64)), (gamma_load32(Gamma_mem, 69696bv64) || L(mem, 69696bv64));
+    call R0_5, Gamma_R0_5, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_3, Gamma_R1_3, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_4, Gamma_R2_4, R30_4, Gamma_R30_4, R31_4, Gamma_R31_4, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_3, Gamma_R8_3, R9_2, Gamma_R9_2 := printf(2028bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1_2, Gamma_R1_2, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 10000000000bv64, true, 1992bv64, true, R31_3, Gamma_R31_3, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, 69632bv64, true, 69632bv64, true);
     goto l000003f5;
   l000003f5:
-    assume {:captureState "l000003f5"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, R31_4), gamma_load64(Gamma_stack, R31_4);
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_4, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R2_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R1_3, R29_4, R2_4, R30_5, bvadd64(R31_4, 16bv64), R8_3, R9_2;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R1_3, Gamma_R29_4, Gamma_R2_4, Gamma_R30_5, Gamma_R31_4, Gamma_R8_3, Gamma_R9_2;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
diff --git a/src/test/correct/function1/clang/function1_gtirb.expected b/src/test/correct/function1/clang/function1_gtirb.expected
index 6a09e1ad8..39a9fbb0e 100644
--- a/src/test/correct/function1/clang/function1_gtirb.expected
+++ b/src/test/correct/function1/clang/function1_gtirb.expected
@@ -1,25 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -34,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -47,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -71,20 +69,20 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "sign_extend 32"} sign_extend32_32(bv32) returns (bv64);
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -111,8 +109,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
@@ -120,71 +118,58 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var R0_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
   $main$__0__$KJRMRffwQj~dxGE4yyDNOg:
-    assume {:captureState "$main$__0__$KJRMRffwQj~dxGE4yyDNOg"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "1924$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "1924$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R9, 60bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 60bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 60bv64), Gamma_R8);
-    assume {:captureState "1940$0"} true;
-    R0, Gamma_R0 := 97bv64, true;
-    R1, Gamma_R1 := 10bv64, true;
-    R2, Gamma_R2 := 58368bv64, true;
-    R2, Gamma_R2 := (R2[64:32] ++ (21515bv16 ++ R2[16:0])), Gamma_R2;
-    R2, Gamma_R2 := (R2[64:48] ++ (2bv16 ++ R2[32:0])), Gamma_R2;
-    R30, Gamma_R30 := 1968bv64, true;
-    call get_two();
+    assert (L(mem, 69692bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 1bv32), gamma_store32(Gamma_mem, 69692bv64, true);
+    call R0_2, Gamma_R0_2, R31_3, Gamma_R31_3 := get_two(97bv64, true, 10bv64, true, 10000000000bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in);
     goto $main$__1__$YtzF~ruPSxeKxDQFuoMNCA;
   $main$__1__$YtzF~ruPSxeKxDQFuoMNCA:
-    assume {:captureState "$main$__1__$YtzF~ruPSxeKxDQFuoMNCA"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 64bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 64bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 64bv64), Gamma_R0);
-    assume {:captureState "1972$0"} true;
+    assert (L(mem, 69696bv64) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69696bv64, R0_2[32:0]), gamma_store32(Gamma_mem, 69696bv64, Gamma_R0_2);
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 64bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 64bv64)) || L(mem, bvadd64(R8, 64bv64)));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2028bv64), Gamma_R0;
-    R30, Gamma_R30 := 1992bv64, true;
-    call FUN_630();
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, 69696bv64)), (gamma_load32(Gamma_mem, 69696bv64) || L(mem, 69696bv64));
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto $main$__2__$CEYnN9k9SmuiVVhWQDVk8Q;
   $main$__2__$CEYnN9k9SmuiVVhWQDVk8Q:
-    assume {:captureState "$main$__2__$CEYnN9k9SmuiVVhWQDVk8Q"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R2_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R1_2, R29_3, 10000000000bv64, R30_4, bvadd64(R31_3, 16bv64), 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R1_2, Gamma_R29_3, true, Gamma_R30_4, Gamma_R31_3, true, true;
     return;
 }
 
-procedure FUN_630();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
@@ -196,58 +181,186 @@ procedure FUN_630();
   free ensures (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation FUN_630()
+implementation FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_630$__0__$NZBDTAx8S7uixhiUTM36gA:
-    assume {:captureState "$FUN_630$__0__$NZBDTAx8S7uixhiUTM36gA"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 32bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 32bv64)) || L(mem, bvadd64(R16, 32bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 32bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69664bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure get_two();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_stack, R0, R31, R8, R9, stack;
+procedure get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation get_two()
+implementation get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_2: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_1: bv32;
+  var R9_2: bv32;
   $get_two$__0__$p4Q_YT4qRRGcIyXB48MM3g:
-    assume {:captureState "$get_two$__0__$p4Q_YT4qRRGcIyXB48MM3g"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R1);
-    assume {:captureState "1884$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R2), gamma_store64(Gamma_stack, R31, Gamma_R2);
-    assume {:captureState "1888$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R9, Gamma_R9 := zero_extend32_32(bvadd32(R8[32:0], R9[32:0])), (Gamma_R9 && Gamma_R8);
-    R8, Gamma_R8 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R8, Gamma_R8 := bvadd64(R8, sign_extend32_32(R9[32:0])), (Gamma_R9 && Gamma_R8);
-    R0, Gamma_R0 := zero_extend32_32(R8[32:0]), Gamma_R8;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_in[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R1_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R2_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R2_in);
+    R8_1, Gamma_R8_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
+    R9_1, Gamma_R9_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R9_2, Gamma_R9_2 := bvadd32(R8_1[32:0], R9_1), (Gamma_R9_1 && Gamma_R8_1);
+    R8_2, Gamma_R8_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R8_3, Gamma_R8_3 := bvadd64(R8_2, sign_extend32_32(R9_2)), (Gamma_R9_2 && Gamma_R8_2);
+    R0_2, Gamma_R0_2 := zero_extend32_32(R8_3[32:0]), Gamma_R8_3;
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out, R31_out := R0_2, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_2, Gamma_R31_in;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2024bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
diff --git a/src/test/correct/function1/clang_O2/function1.expected b/src/test/correct/function1/clang_O2/function1.expected
index 721d20a89..1fefaaefe 100644
--- a/src/test/correct/function1/clang_O2/function1.expected
+++ b/src/test/correct/function1/clang_O2/function1.expected
@@ -1,27 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -35,16 +17,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -52,14 +52,13 @@ function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv6
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -86,8 +85,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R10, Gamma_R11, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R10, R11, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
@@ -95,62 +94,150 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1888bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1888bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_2: bool;
+  var R0_3: bv64;
+  var R10_2: bv64;
+  var R11_3: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_3: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8_2: bv64;
+  var R9_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000317"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%0000031d"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R11, Gamma_R11 := 58475bv64, true;
-    R1, Gamma_R1 := 58475bv64, true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 1bv64, true;
-    R10, Gamma_R10 := 69632bv64, true;
-    R11, Gamma_R11 := zero_extend32_32((21515bv16 ++ R11[16:0])), Gamma_R11;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1980bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((21515bv16 ++ R1[16:0])), Gamma_R1;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), Gamma_R9);
-    assume {:captureState "%0000035f"} true;
+    assert (L(mem, 69692bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 1bv32), gamma_store32(Gamma_mem, 69692bv64, true);
     call rely();
-    assert (L(mem, bvadd64(R10, 64bv64)) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 64bv64), R11[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 64bv64), Gamma_R11);
-    assume {:captureState "%00000367"} true;
-    R30, Gamma_R30 := 1944bv64, true;
-    call printf();
+    assert (L(mem, 69696bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69696bv64, 1410065515bv32), gamma_store32(Gamma_mem, 69696bv64, true);
+    call R0_3, Gamma_R0_3, R10_2, Gamma_R10_2, R11_3, Gamma_R11_3, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_3, Gamma_R1_3, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := printf(1980bv64, true, 69632bv64, true, 1410065515bv64, true, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, 1410065515bv64, true, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 1944bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, 69632bv64, true, 1bv64, true);
     goto l00000371;
   l00000371:
-    assume {:captureState "l00000371"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R10_2, R11_3, R1_3, R29_4, R30_4, bvadd64(R31_3, 16bv64), R8_2, R9_2;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_2, Gamma_R11_3, Gamma_R1_3, Gamma_R29_4, Gamma_R30_4, Gamma_R31_3, Gamma_R8_2, Gamma_R9_2;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
diff --git a/src/test/correct/function1/clang_O2/function1_gtirb.expected b/src/test/correct/function1/clang_O2/function1_gtirb.expected
index a6814f2c8..46f8db85d 100644
--- a/src/test/correct/function1/clang_O2/function1_gtirb.expected
+++ b/src/test/correct/function1/clang_O2/function1_gtirb.expected
@@ -1,27 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -35,16 +13,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -52,14 +48,13 @@ function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv6
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -86,8 +81,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_630();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
@@ -99,20 +94,143 @@ procedure FUN_630();
   free ensures (memory_load64_le(mem, 69592bv64) == 1888bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation FUN_630()
+implementation FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_630$__0__$9vg7iWSEQm2cjmXfKr4x1g:
-    assume {:captureState "$FUN_630$__0__$9vg7iWSEQm2cjmXfKr4x1g"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 32bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 32bv64)) || L(mem, bvadd64(R16, 32bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 32bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69664bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R10, Gamma_R11, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R10, R11, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
@@ -120,62 +238,46 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1888bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1888bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$~V6GfTEGRo6iegWvB8u~Ng:
-    assume {:captureState "$main$__0__$~V6GfTEGRo6iegWvB8u~Ng"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "1888$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "1888$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R11, Gamma_R11 := 58475bv64, true;
-    R1, Gamma_R1 := 58475bv64, true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 1bv64, true;
-    R10, Gamma_R10 := 69632bv64, true;
-    R11, Gamma_R11 := zero_extend32_32((21515bv16 ++ R11[16:0])), Gamma_R11;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1980bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((21515bv16 ++ R1[16:0])), Gamma_R1;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), Gamma_R9);
-    assume {:captureState "1932$0"} true;
+    assert (L(mem, 69692bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 1bv32), gamma_store32(Gamma_mem, 69692bv64, true);
     call rely();
-    assert (L(mem, bvadd64(R10, 64bv64)) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 64bv64), R11[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 64bv64), Gamma_R11);
-    assume {:captureState "1936$0"} true;
-    R30, Gamma_R30 := 1944bv64, true;
-    call FUN_630();
+    assert (L(mem, 69696bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69696bv64, 1410065515bv32), gamma_store32(Gamma_mem, 69696bv64, true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto $main$__1__$FJjmKBZVSk~WIQ57oU6MUA;
   $main$__1__$FJjmKBZVSk~WIQ57oU6MUA:
-    assume {:captureState "$main$__1__$FJjmKBZVSk~WIQ57oU6MUA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, 69632bv64, 1410065515bv64, R16_1, R17_1, 1410065515bv64, R29_3, R30_3, R31_in, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, true, true, Gamma_R16_1, Gamma_R17_1, true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, true, true;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 1976bv64) == 2924859843805185bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
diff --git a/src/test/correct/function1/gcc/function1.expected b/src/test/correct/function1/gcc/function1.expected
index f1e751c67..8243e2531 100644
--- a/src/test/correct/function1/gcc/function1.expected
+++ b/src/test/correct/function1/gcc/function1.expected
@@ -1,21 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -30,6 +18,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -43,17 +45,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -67,15 +73,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -110,8 +116,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure get_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_stack, R0, R1, R31, stack;
+procedure get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
   free requires (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -121,8 +127,6 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load8_le(mem, 2056bv64) == 37bv8);
   free ensures (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -133,32 +137,39 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation get_two()
+implementation get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var R0_2: bv32;
+  var R0_3: bv32;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R1_2: bv64;
+  var R1_3: bv32;
   lget_two:
-    assume {:captureState "lget_two"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "%0000034e"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R1);
-    assume {:captureState "%00000356"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R2), gamma_store64(Gamma_stack, R31, Gamma_R2);
-    assume {:captureState "%0000035e"} true;
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_in[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R1_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R2_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R2_in);
+    R1_2, Gamma_R1_2 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_3, Gamma_R0_3 := bvadd32(R1_2[32:0], R0_2), (Gamma_R0_2 && Gamma_R1_2);
+    R1_3, Gamma_R1_3 := R0_3, Gamma_R0_3;
+    R0_4, Gamma_R0_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R0_5, Gamma_R0_5 := zero_extend32_32(bvadd32(R1_3, R0_4[32:0])), (Gamma_R0_4 && Gamma_R1_3);
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out, R31_out := R0_5, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_5, Gamma_R31_in;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
@@ -170,10 +181,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load8_le(mem, 2056bv64) == 37bv8);
   free ensures (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -184,66 +191,167 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0_12: bv64;
+  var R0_4: bv64;
+  var R0_9: bv32;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_3: bv32;
+  var R1_4: bv64;
+  var R1_5: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_4: bv64;
+  var R3: bv64;
+  var R30_4: bv64;
+  var R30_5: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%0000039e"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000003a4"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003c6"} true;
-    R2, Gamma_R2 := 58368bv64, true;
-    R2, Gamma_R2 := (R2[64:32] ++ (21515bv16 ++ R2[16:0])), Gamma_R2;
-    R2, Gamma_R2 := (R2[64:48] ++ (2bv16 ++ R2[32:0])), Gamma_R2;
-    R1, Gamma_R1 := 10bv64, true;
-    R0, Gamma_R0 := 97bv64, true;
-    R30, Gamma_R30 := 1972bv64, true;
-    call get_two();
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    call R0_4, Gamma_R0_4, R31_3, Gamma_R31_3 := get_two(97bv64, true, 10bv64, true, 10000000000bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in);
     goto l000003ec;
   l000003ec:
-    assume {:captureState "l000003ec"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_3, Gamma_R1_3 := R0_4[32:0], Gamma_R0_4;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000403"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_3), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_3);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2056bv64), Gamma_R0;
-    R30, Gamma_R30 := 2016bv64, true;
-    call printf();
+    R0_9, Gamma_R0_9 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R1_4, Gamma_R1_4 := zero_extend32_32(R0_9), Gamma_R0_9;
+    call R0_12, Gamma_R0_12, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_5, Gamma_R1_5, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_4, Gamma_R2_4, R30_4, Gamma_R30_4, R31_4, Gamma_R31_4, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(2056bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1_4, Gamma_R1_4, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 10000000000bv64, true, 2016bv64, true, R31_3, Gamma_R31_3, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000430;
   l00000430:
-    assume {:captureState "l00000430"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, R31_4), gamma_load64(Gamma_stack, R31_4);
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_4, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R2_out, R30_out, R31_out := 0bv64, R1_5, R29_4, R2_4, R30_5, bvadd64(R31_4, 16bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_5, Gamma_R29_4, Gamma_R2_4, Gamma_R30_5, Gamma_R31_4;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
diff --git a/src/test/correct/function1/gcc/function1_gtirb.expected b/src/test/correct/function1/gcc/function1_gtirb.expected
index d659b4364..360c408af 100644
--- a/src/test/correct/function1/gcc/function1_gtirb.expected
+++ b/src/test/correct/function1/gcc/function1_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -30,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -43,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -67,19 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -110,8 +112,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_630();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
   free requires (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -131,20 +133,143 @@ procedure FUN_630();
   free ensures (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_630()
+implementation FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_630$__0__$NUvwqOE3TwyanEIZ0P7t5g:
-    assume {:captureState "$FUN_630$__0__$NUvwqOE3TwyanEIZ0P7t5g"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure get_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_stack, R0, R1, R31, stack;
+procedure get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
   free requires (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -154,8 +279,6 @@ procedure get_two();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load8_le(mem, 2056bv64) == 37bv8);
   free ensures (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -166,32 +289,39 @@ procedure get_two();
   free ensures (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation get_two()
+implementation get_two(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var R0_2: bv32;
+  var R0_3: bv32;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R1_2: bv64;
+  var R1_3: bv32;
   $get_two$__0__$lkvQp5JbQXmQ~jsXqPsRSw:
-    assume {:captureState "$get_two$__0__$lkvQp5JbQXmQ~jsXqPsRSw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R1);
-    assume {:captureState "1884$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R2), gamma_store64(Gamma_stack, R31, Gamma_R2);
-    assume {:captureState "1888$0"} true;
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R1[32:0], R0[32:0])), (Gamma_R0 && Gamma_R1);
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_in[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R1_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R2_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R2_in);
+    R1_2, Gamma_R1_2 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_3, Gamma_R0_3 := bvadd32(R1_2[32:0], R0_2), (Gamma_R0_2 && Gamma_R1_2);
+    R1_3, Gamma_R1_3 := R0_3, Gamma_R0_3;
+    R0_4, Gamma_R0_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R0_5, Gamma_R0_5 := zero_extend32_32(bvadd32(R1_3, R0_4[32:0])), (Gamma_R0_4 && Gamma_R1_3);
     goto get_two_basil_return;
   get_two_basil_return:
-    assume {:captureState "get_two_basil_return"} true;
+    R0_out, R31_out := R0_5, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_5, Gamma_R31_in;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
@@ -203,10 +333,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load8_le(mem, 2056bv64) == 37bv8);
   free ensures (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -217,66 +343,57 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1924bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var R0_4: bv64;
+  var R0_9: bv32;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R1_3: bv32;
+  var R1_4: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
   $main$__0__$esMR8CLvRH6F_3cHhuaI0Q:
-    assume {:captureState "$main$__0__$esMR8CLvRH6F_3cHhuaI0Q"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1924$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1924$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1944$0"} true;
-    R2, Gamma_R2 := 58368bv64, true;
-    R2, Gamma_R2 := (R2[64:32] ++ (21515bv16 ++ R2[16:0])), Gamma_R2;
-    R2, Gamma_R2 := (R2[64:48] ++ (2bv16 ++ R2[32:0])), Gamma_R2;
-    R1, Gamma_R1 := 10bv64, true;
-    R0, Gamma_R0 := 97bv64, true;
-    R30, Gamma_R30 := 1972bv64, true;
-    call get_two();
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    call R0_4, Gamma_R0_4, R31_3, Gamma_R31_3 := get_two(97bv64, true, 10bv64, true, 10000000000bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in);
     goto $main$__1__$zo98bL2YRTak5~76VWgMlQ;
   $main$__1__$zo98bL2YRTak5~76VWgMlQ:
-    assume {:captureState "$main$__1__$zo98bL2YRTak5~76VWgMlQ"} true;
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_3, Gamma_R1_3 := R0_4[32:0], Gamma_R0_4;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1984$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_3), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_3);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2056bv64), Gamma_R0;
-    R30, Gamma_R30 := 2016bv64, true;
-    call FUN_630();
+    R0_9, Gamma_R0_9 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R1_4, Gamma_R1_4 := zero_extend32_32(R0_9), Gamma_R0_9;
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto $main$__2__$gcXQRbmQRZq8EOqfqswOIw;
   $main$__2__$gcXQRbmQRZq8EOqfqswOIw:
-    assume {:captureState "$main$__2__$gcXQRbmQRZq8EOqfqswOIw"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R2_out, R30_out, R31_out := 0bv64, R16_1, R17_1, R1_4, R29_3, 10000000000bv64, R30_4, bvadd64(R31_3, 16bv64);
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_1, Gamma_R17_1, Gamma_R1_4, Gamma_R29_3, true, Gamma_R30_4, Gamma_R31_3;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
   free requires (memory_load8_le(mem, 2057bv64) == 100bv8);
diff --git a/src/test/correct/function1/gcc_O2/function1.expected b/src/test/correct/function1/gcc_O2/function1.expected
index ec235edf3..0f8e03fbf 100644
--- a/src/test/correct/function1/gcc_O2/function1.expected
+++ b/src/test/correct/function1/gcc_O2/function1.expected
@@ -1,23 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R3: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R3: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -31,16 +17,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -52,14 +56,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -90,7 +93,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure __printf_chk();
+procedure __printf_chk(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
@@ -111,8 +114,8 @@ procedure __printf_chk();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R3, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R3, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
@@ -124,10 +127,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1920bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load8_le(mem, 2056bv64) == 37bv8);
   free ensures (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -138,46 +137,144 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
-  var #1: bv64;
-  var Gamma_#1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0_2: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_4: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_3: bv64;
+  var R30_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
+  var R3_2: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #1, Gamma_#1 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #1, R29), gamma_store64(Gamma_stack, #1, Gamma_R29);
-    assume {:captureState "%000001ca"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#1, 8bv64), Gamma_R30);
-    assume {:captureState "%000001d0"} true;
-    R31, Gamma_R31 := #1, Gamma_#1;
-    R1, Gamma_R1 := 69632bv64, true;
-    R3, Gamma_R3 := bvadd64(R1, 20bv64), Gamma_R1;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R2, Gamma_R2 := 58475bv64, true;
-    R2, Gamma_R2 := zero_extend32_32((21515bv16 ++ R2[16:0])), Gamma_R2;
-    R0, Gamma_R0 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R0);
-    assume {:captureState "%000001fd"} true;
-    R1, Gamma_R1 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2056bv64), Gamma_R1;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     call rely();
-    assert (L(mem, bvadd64(R3, 4bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R3, 4bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R3, 4bv64), Gamma_R2);
-    assume {:captureState "%00000210"} true;
-    R30, Gamma_R30 := 1712bv64, true;
-    call __printf_chk();
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1410065515bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_4, Gamma_R1_4, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_3, Gamma_R2_3, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_2, Gamma_R3_2, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := __printf_chk(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, 2056bv64, true, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 1410065515bv64, true, 1712bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 69652bv64, true, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l0000021a;
   l0000021a:
-    assume {:captureState "l0000021a"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R2_out, R30_out, R31_out, R3_out := 0bv64, R1_4, R29_4, R2_3, R30_4, bvadd64(R31_3, 16bv64), R3_2;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R3_out := true, Gamma_R1_4, Gamma_R29_4, Gamma_R2_3, Gamma_R30_4, Gamma_R31_3, Gamma_R3_2;
     return;
 }
 
diff --git a/src/test/correct/function1/gcc_O2/function1_gtirb.expected b/src/test/correct/function1/gcc_O2/function1_gtirb.expected
index c6c0b7514..3bc2fc907 100644
--- a/src/test/correct/function1/gcc_O2/function1_gtirb.expected
+++ b/src/test/correct/function1/gcc_O2/function1_gtirb.expected
@@ -1,23 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R3: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R3: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -31,16 +13,34 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -52,14 +52,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -90,8 +89,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R3, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R3, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
@@ -103,10 +102,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1920bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load8_le(mem, 2056bv64) == 37bv8);
   free ensures (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -117,51 +112,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$SdgQNRc1S~eXoTDCYKgVbQ:
-    assume {:captureState "$main$__0__$SdgQNRc1S~eXoTDCYKgVbQ"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1664$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1664$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R1, Gamma_R1 := 69632bv64, true;
-    R3, Gamma_R3 := bvadd64(R1, 20bv64), Gamma_R1;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R2, Gamma_R2 := 58475bv64, true;
-    R2, Gamma_R2 := zero_extend32_32((21515bv16 ++ R2[16:0])), Gamma_R2;
-    R0, Gamma_R0 := 1bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R0);
-    assume {:captureState "1692$0"} true;
-    R1, Gamma_R1 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2056bv64), Gamma_R1;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     call rely();
-    assert (L(mem, bvadd64(R3, 4bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R3, 4bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R3, 4bv64), Gamma_R2);
-    assume {:captureState "1704$0"} true;
-    R30, Gamma_R30 := 1712bv64, true;
-    call FUN_620();
+    assert (L(mem, 69656bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1410065515bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_620(R16, Gamma_R16);
     goto $main$__1__$jvvJx~HNQlaw7eS3PvnGyQ;
   $main$__1__$jvvJx~HNQlaw7eS3PvnGyQ:
-    assume {:captureState "$main$__1__$jvvJx~HNQlaw7eS3PvnGyQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R2_out, R30_out, R31_out, R3_out := 0bv64, 2056bv64, R29_3, 1410065515bv64, R30_3, R31_in, 69652bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R3_out := true, true, Gamma_R29_3, true, Gamma_R30_3, Gamma_R31_in, true;
     return;
 }
 
-procedure FUN_620();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_620(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
   free requires (memory_load8_le(mem, 2057bv64) == 100bv8);
@@ -181,19 +166,142 @@ procedure FUN_620();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_620()
+implementation FUN_620(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_620$__0__$FzaZGObNRFyyU87ZY5JbcQ:
-    assume {:captureState "$FUN_620$__0__$FzaZGObNRFyyU87ZY5JbcQ"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4024bv64)) || L(mem, bvadd64(R16, 4024bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4024bv64), Gamma_R16;
-    call __printf_chk();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := __printf_chk(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69560bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure __printf_chk();
+procedure __printf_chk(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load8_le(mem, 2056bv64) == 37bv8);
   free requires (memory_load8_le(mem, 2057bv64) == 100bv8);
diff --git a/src/test/correct/functionpointer/clang/functionpointer_gtirb.expected b/src/test/correct/functionpointer/clang/functionpointer_gtirb.expected
index 47885be86..3695be6a5 100644
--- a/src/test/correct/functionpointer/clang/functionpointer_gtirb.expected
+++ b/src/test/correct/functionpointer/clang/functionpointer_gtirb.expected
@@ -1,37 +1,26 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,11 +30,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -61,16 +54,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -101,7 +91,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure set_seven();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -122,21 +112,16 @@ procedure set_seven();
 implementation set_seven()
 {
   $set_seven$__0__$GYdDLawJSPSwhQJx8RNe6g:
-    assume {:captureState "$set_seven$__0__$GYdDLawJSPSwhQJx8RNe6g"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 7bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "1852$0"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 7bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     goto set_seven_basil_return;
   set_seven_basil_return:
-    assume {:captureState "set_seven_basil_return"} true;
     return;
 }
 
 procedure set_six();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -157,21 +142,16 @@ procedure set_six();
 implementation set_six()
 {
   $set_six$__0__$TW~TmrKcRPK8KwdrX6QBgg:
-    assume {:captureState "$set_six$__0__$TW~TmrKcRPK8KwdrX6QBgg"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 6bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "1836$0"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 6bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     goto set_six_basil_return;
   set_six_basil_return:
-    assume {:captureState "set_six_basil_return"} true;
     return;
 }
 
 procedure set_two();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -192,22 +172,17 @@ procedure set_two();
 implementation set_two()
 {
   $set_two$__0__$ZGCFxZYOSZCYCnRYI0pW4w:
-    assume {:captureState "$set_two$__0__$ZGCFxZYOSZCYCnRYI0pW4w"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 2bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "1820$0"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 2bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     goto set_two_basil_return;
   set_two_basil_return:
-    assume {:captureState "set_two_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R29, R30, R31, R8, R9, VF, ZF, mem, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
@@ -218,10 +193,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1860bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2052bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2053bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -231,191 +202,157 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1860bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$1: bv32;
-  var Cse0__5$5$1: bv64;
-  var Cse0__5$7$1: bv32;
-  var Cse0__5$9$1: bv64;
-  var Cse0__5$9$7: bv32;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$5$1: bool;
-  var Gamma_Cse0__5$7$1: bool;
-  var Gamma_Cse0__5$9$1: bool;
-  var Gamma_Cse0__5$9$7: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_21: bool;
+  var Gamma_R8_24: bool;
+  var Gamma_R8_27: bool;
+  var Gamma_R8_30: bool;
+  var Gamma_R8_33: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9: bool;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_1: bv32;
+  var R8_14: bv64;
+  var R8_15: bv32;
+  var R8_21: bv64;
+  var R8_24: bv64;
+  var R8_27: bv64;
+  var R8_30: bv64;
+  var R8_33: bv64;
+  var R8_7: bv64;
+  var R8_8: bv32;
+  var R9: bv64;
   $main$__0__$rboiQVDCQyC6FKdIfNmCPw:
-    assume {:captureState "$main$__0__$rboiQVDCQyC6FKdIfNmCPw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$9$1, Gamma_Cse0__5$9$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$9$1, R29), gamma_store64(Gamma_stack, Cse0__5$9$1, Gamma_R29);
-    assume {:captureState "1864$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$9$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$9$1, 8bv64), Gamma_R30);
-    assume {:captureState "1864$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "1872$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551608bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R0);
-    assume {:captureState "1876$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1884$0"} true;
-    Cse0__5$9$7, Gamma_Cse0__5$9$7 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$9$7, Cse0__5$9$7)), Gamma_Cse0__5$9$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$9$7), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$9$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$9$7, 0bv32), Gamma_Cse0__5$9$7;
-    NF, Gamma_NF := Cse0__5$9$7[32:31], Gamma_Cse0__5$9$7;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$9$7), Gamma_Cse0__5$9$7;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), R8_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), Gamma_R8_1);
+    assert Gamma_R8_1;
     goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0, $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1;
-  $main$__1__$RQAiG6zTRPieGXtg8phNzg:
-    assume {:captureState "$main$__1__$RQAiG6zTRPieGXtg8phNzg"} true;
-    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA;
-  $main$__2__$AkRBc3htTB6hp_enLsE9xA:
-    assume {:captureState "$main$__2__$AkRBc3htTB6hp_enLsE9xA"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$7$1, Gamma_Cse0__5$7$1 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$7$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_Cse0__5$7$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$7$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_Cse0__5$7$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$7$1, 0bv32), Gamma_Cse0__5$7$1;
-    NF, Gamma_NF := Cse0__5$7$1[32:31], Gamma_Cse0__5$7$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$7$1), Gamma_Cse0__5$7$1;
-    assert Gamma_ZF;
-    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0, $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1;
-  $main$__3__$I8FZ352ZRO~IEf~R_0OuJQ:
-    assume {:captureState "$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ"} true;
-    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ;
-  $main$__4__$70RWhLkDTe~EhsDioLw8WQ:
-    assume {:captureState "$main$__4__$70RWhLkDTe~EhsDioLw8WQ"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd32(R8[32:0], 4294967294bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$0$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934590bv33))), (Gamma_R8 && Gamma_Cse0__5$0$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967294bv33))), (Gamma_R8 && Gamma_Cse0__5$0$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$1, 0bv32), Gamma_Cse0__5$0$1;
-    NF, Gamma_NF := Cse0__5$0$1[32:31], Gamma_Cse0__5$0$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$0$1), Gamma_Cse0__5$0$1;
-    assert Gamma_ZF;
-    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0, $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1;
-  $main$__5__$y41iXcMRRS60gPiNTMEqUA:
-    assume {:captureState "$main$__5__$y41iXcMRRS60gPiNTMEqUA"} true;
-    goto $main$__9__$AsLE5WYARJCWvKLiwF4hRQ;
-  $main$__6__$JHDryML5TjOA3hQf2kM0Cg:
-    assume {:captureState "$main$__6__$JHDryML5TjOA3hQf2kM0Cg"} true;
-    R8, Gamma_R8 := 0bv64, true;
-    R8, Gamma_R8 := bvadd64(R8, 1812bv64), Gamma_R8;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "1952$0"} true;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1:
+    assume (R8_1 == 0bv32);
+    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1_phi_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg, $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1_phi_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1_phi_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg:
+    R8_7, Gamma_R8_7 := 1bv64, true;
+    assert Gamma_R8_7;
+    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1_phi_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg:
+    R8_30, Gamma_R8_30 := 1bv64, true;
+    assert Gamma_R8_30;
+    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0:
+    assume (!(R8_1 == 0bv32));
+    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg, $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg:
+    R8_30, Gamma_R8_30 := 0bv64, true;
+    assert Gamma_R8_30;
+    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg:
+    assume (R8_30[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1812bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
     goto $main$__10__$97Y0dwDdTcSoq5o31slpCQ;
-  $main$__7__$esd5Zx0TR0e4D_8HsKRPlw:
-    assume {:captureState "$main$__7__$esd5Zx0TR0e4D_8HsKRPlw"} true;
-    R8, Gamma_R8 := 0bv64, true;
-    R8, Gamma_R8 := bvadd64(R8, 1828bv64), Gamma_R8;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "1968$0"} true;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0_phi_back_$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg:
+    R8_7, Gamma_R8_7 := 0bv64, true;
+    assert Gamma_R8_7;
+    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg;
+  $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg:
+    assume (!(R8_7[1:0] == 1bv1));
+    R8_8, Gamma_R8_8 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    assert Gamma_R8_8;
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0, $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1:
+    assume (R8_8 == 1bv32);
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1_phi_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw, $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1_phi_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1_phi_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ:
+    R8_14, Gamma_R8_14 := 1bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1_phi_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw:
+    R8_27, Gamma_R8_27 := 1bv64, true;
+    assert Gamma_R8_27;
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0:
+    assume (!(R8_8 == 1bv32));
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ, $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw:
+    R8_27, Gamma_R8_27 := 0bv64, true;
+    assert Gamma_R8_27;
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw:
+    assume (R8_27[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1828bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
     goto $main$__10__$97Y0dwDdTcSoq5o31slpCQ;
-  $main$__8__$5eLcB2fBTiuduOLFrI7HMQ:
-    assume {:captureState "$main$__8__$5eLcB2fBTiuduOLFrI7HMQ"} true;
-    R8, Gamma_R8 := 0bv64, true;
-    R8, Gamma_R8 := bvadd64(R8, 1844bv64), Gamma_R8;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "1984$0"} true;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0_phi_back_$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ:
+    R8_14, Gamma_R8_14 := 0bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ;
+  $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ:
+    assume (!(R8_14[1:0] == 1bv1));
+    R8_15, Gamma_R8_15 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    assert Gamma_R8_15;
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0, $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1:
+    assume (R8_15 == 2bv32);
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1_phi_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ, $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1_phi_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1_phi_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA:
+    R8_21, Gamma_R8_21 := 1bv64, true;
+    assert Gamma_R8_21;
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1_phi_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ:
+    R8_24, Gamma_R8_24 := 1bv64, true;
+    assert Gamma_R8_24;
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0:
+    assume (!(R8_15 == 2bv32));
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA, $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ:
+    R8_24, Gamma_R8_24 := 0bv64, true;
+    assert Gamma_R8_24;
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ:
+    assume (R8_24[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1844bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
     goto $main$__10__$97Y0dwDdTcSoq5o31slpCQ;
-  $main$__9__$AsLE5WYARJCWvKLiwF4hRQ:
-    assume {:captureState "$main$__9__$AsLE5WYARJCWvKLiwF4hRQ"} true;
-    R8, Gamma_R8 := 0bv64, true;
-    R8, Gamma_R8 := bvadd64(R8, 1812bv64), Gamma_R8;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "2000$0"} true;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0_phi_back_$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA:
+    R8_21, Gamma_R8_21 := 0bv64, true;
+    assert Gamma_R8_21;
+    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA;
+  $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA:
+    assume (!(R8_21[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1812bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
     goto $main$__10__$97Y0dwDdTcSoq5o31slpCQ;
   $main$__10__$97Y0dwDdTcSoq5o31slpCQ:
-    assume {:captureState "$main$__10__$97Y0dwDdTcSoq5o31slpCQ"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2016bv64, true;
+    R8_33, Gamma_R8_33 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
     goto $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_two, $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_six, $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_seven;
-  $main$__11__$jAHnJBxNS3WjIRJVHu5UsQ:
-    assume {:captureState "$main$__11__$jAHnJBxNS3WjIRJVHu5UsQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    Cse0__5$5$1, Gamma_Cse0__5$5$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$5$1), gamma_load64(Gamma_stack, Cse0__5$5$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$5$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$5$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
-    goto main_basil_return;
-  $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ:
-    assume {:captureState "$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__8__$5eLcB2fBTiuduOLFrI7HMQ;
-  $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA:
-    assume {:captureState "$main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__5__$y41iXcMRRS60gPiNTMEqUA;
-  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0:
-    assume {:captureState "$main$__4__$70RWhLkDTe~EhsDioLw8WQ$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ, $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA;
-  $main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1:
-    assume {:captureState "$main$__4__$70RWhLkDTe~EhsDioLw8WQ$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__8__$5eLcB2fBTiuduOLFrI7HMQ, $main$__4__$70RWhLkDTe~EhsDioLw8WQ_goto_$main$__5__$y41iXcMRRS60gPiNTMEqUA;
-  $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_two:
-    assume {:captureState "$main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_two"} true;
-    assume (R8 == 1812bv64);
-    call set_two();
+  $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_seven:
+    assume (R8_33 == 1844bv64);
+    call set_seven();
     goto $main$__11__$jAHnJBxNS3WjIRJVHu5UsQ;
   $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_six:
-    assume {:captureState "$main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_six"} true;
-    assume (R8 == 1828bv64);
+    assume (R8_33 == 1828bv64);
     call set_six();
     goto $main$__11__$jAHnJBxNS3WjIRJVHu5UsQ;
-  $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_seven:
-    assume {:captureState "$main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_seven"} true;
-    assume (R8 == 1844bv64);
-    call set_seven();
+  $main$__10__$97Y0dwDdTcSoq5o31slpCQ$set_two:
+    assume (R8_33 == 1812bv64);
+    call set_two();
     goto $main$__11__$jAHnJBxNS3WjIRJVHu5UsQ;
-  $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw:
-    assume {:captureState "$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__7__$esd5Zx0TR0e4D_8HsKRPlw;
-  $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ:
-    assume {:captureState "$main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__3__$I8FZ352ZRO~IEf~R_0OuJQ;
-  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__0:
-    assume {:captureState "$main$__2__$AkRBc3htTB6hp_enLsE9xA$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw, $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ;
-  $main$__2__$AkRBc3htTB6hp_enLsE9xA$__1:
-    assume {:captureState "$main$__2__$AkRBc3htTB6hp_enLsE9xA$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__7__$esd5Zx0TR0e4D_8HsKRPlw, $main$__2__$AkRBc3htTB6hp_enLsE9xA_goto_$main$__3__$I8FZ352ZRO~IEf~R_0OuJQ;
-  $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg:
-    assume {:captureState "$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__6__$JHDryML5TjOA3hQf2kM0Cg;
-  $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg:
-    assume {:captureState "$main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$RQAiG6zTRPieGXtg8phNzg;
-  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0:
-    assume {:captureState "$main$__0__$rboiQVDCQyC6FKdIfNmCPw$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg, $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg;
-  $main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1:
-    assume {:captureState "$main$__0__$rboiQVDCQyC6FKdIfNmCPw$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__6__$JHDryML5TjOA3hQf2kM0Cg, $main$__0__$rboiQVDCQyC6FKdIfNmCPw_goto_$main$__1__$RQAiG6zTRPieGXtg8phNzg;
+  $main$__11__$jAHnJBxNS3WjIRJVHu5UsQ:
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_33, R9;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_33, Gamma_R9;
     return;
 }
 
diff --git a/src/test/correct/functionpointer/clang_pic/functionpointer_gtirb.expected b/src/test/correct/functionpointer/clang_pic/functionpointer_gtirb.expected
index 6ab5da5b5..d1908f78a 100644
--- a/src/test/correct/functionpointer/clang_pic/functionpointer_gtirb.expected
+++ b/src/test/correct/functionpointer/clang_pic/functionpointer_gtirb.expected
@@ -1,37 +1,26 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,11 +30,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -61,16 +54,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -105,7 +95,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure set_seven();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2192bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2193bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2194bv64) == 2bv8);
@@ -133,24 +123,21 @@ procedure set_seven();
 
 implementation set_seven()
 {
+  var Gamma_R9_2: bool;
+  var R9_2: bv64;
   $set_seven$__0__$kTg_e3tbRpqCznoQ8obi7A:
-    assume {:captureState "$set_seven$__0__$kTg_e3tbRpqCznoQ8obi7A"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4016bv64)) || L(mem, bvadd64(R9, 4016bv64)));
-    R8, Gamma_R8 := 7bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1992$0"} true;
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 7bv32), gamma_store32(Gamma_mem, R9_2, true);
     goto set_seven_basil_return;
   set_seven_basil_return:
-    assume {:captureState "set_seven_basil_return"} true;
     return;
 }
 
 procedure set_six();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2192bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2193bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2194bv64) == 2bv8);
@@ -178,25 +165,22 @@ procedure set_six();
 
 implementation set_six()
 {
+  var Gamma_R9_2: bool;
+  var R9_2: bv64;
   $set_six$__0__$ciqx_PCBQwevaWTzDpNJDQ:
-    assume {:captureState "$set_six$__0__$ciqx_PCBQwevaWTzDpNJDQ"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4016bv64)) || L(mem, bvadd64(R9, 4016bv64)));
-    R8, Gamma_R8 := 6bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1972$0"} true;
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 6bv32), gamma_store32(Gamma_mem, R9_2, true);
     goto set_six_basil_return;
   set_six_basil_return:
-    assume {:captureState "set_six_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R29, R30, R31, R8, R9, VF, ZF, mem, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 2192bv64) == 1bv8);
@@ -211,10 +195,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 1940bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1980bv64);
   free requires (memory_load64_le(mem, 69032bv64) == 1936bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2192bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2193bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2194bv64) == 2bv8);
@@ -228,200 +208,178 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1980bv64);
   free ensures (memory_load64_le(mem, 69032bv64) == 1936bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$10$1: bv64;
-  var Cse0__5$5$1: bv32;
-  var Cse0__5$6$1: bv64;
-  var Cse0__5$6$7: bv32;
-  var Cse0__5$7$1: bv32;
-  var Gamma_Cse0__5$10$1: bool;
-  var Gamma_Cse0__5$5$1: bool;
-  var Gamma_Cse0__5$6$1: bool;
-  var Gamma_Cse0__5$6$7: bool;
-  var Gamma_Cse0__5$7$1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_21: bool;
+  var Gamma_R8_23: bool;
+  var Gamma_R8_24: bool;
+  var Gamma_R8_26: bool;
+  var Gamma_R8_27: bool;
+  var Gamma_R8_29: bool;
+  var Gamma_R8_30: bool;
+  var Gamma_R8_32: bool;
+  var Gamma_R8_33: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9: bool;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R8_1: bv32;
+  var R8_14: bv64;
+  var R8_15: bv32;
+  var R8_21: bv64;
+  var R8_23: bv64;
+  var R8_24: bv64;
+  var R8_26: bv64;
+  var R8_27: bv64;
+  var R8_29: bv64;
+  var R8_30: bv64;
+  var R8_32: bv64;
+  var R8_33: bv64;
+  var R8_7: bv64;
+  var R8_8: bv32;
+  var R9: bv64;
   $main$__0__$G_1Y6jALRC~8UvxN~Oh74A:
-    assume {:captureState "$main$__0__$G_1Y6jALRC~8UvxN~Oh74A"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$6$1, Gamma_Cse0__5$6$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$6$1, R29), gamma_store64(Gamma_stack, Cse0__5$6$1, Gamma_R29);
-    assume {:captureState "2004$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$6$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$6$1, 8bv64), Gamma_R30);
-    assume {:captureState "2004$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "2012$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551608bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R0);
-    assume {:captureState "2016$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "2024$0"} true;
-    Cse0__5$6$7, Gamma_Cse0__5$6$7 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$6$7, Cse0__5$6$7)), Gamma_Cse0__5$6$7;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$6$7), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$6$7);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$6$7, 0bv32), Gamma_Cse0__5$6$7;
-    NF, Gamma_NF := Cse0__5$6$7[32:31], Gamma_Cse0__5$6$7;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$6$7), Gamma_Cse0__5$6$7;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), R8_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), Gamma_R8_1);
+    assert Gamma_R8_1;
     goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0, $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1;
-  $main$__1__$9glsOoBtTsagmZpc7KXoEQ:
-    assume {:captureState "$main$__1__$9glsOoBtTsagmZpc7KXoEQ"} true;
-    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw;
-  $main$__2__$A0okiAJhRZaNrB4lOPZtTw:
-    assume {:captureState "$main$__2__$A0okiAJhRZaNrB4lOPZtTw"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$5$1, Gamma_Cse0__5$5$1 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$5$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_Cse0__5$5$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$5$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_Cse0__5$5$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$5$1, 0bv32), Gamma_Cse0__5$5$1;
-    NF, Gamma_NF := Cse0__5$5$1[32:31], Gamma_Cse0__5$5$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$5$1), Gamma_Cse0__5$5$1;
-    assert Gamma_ZF;
-    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0, $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1;
-  $main$__3__$BN0TEK1EQNeAY2qOwIEG5g:
-    assume {:captureState "$main$__3__$BN0TEK1EQNeAY2qOwIEG5g"} true;
-    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw;
-  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw:
-    assume {:captureState "$main$__4__$ZMwLE9GySQC4wAmL8es_Tw"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$7$1, Gamma_Cse0__5$7$1 := bvadd32(R8[32:0], 4294967294bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$7$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934590bv33))), (Gamma_R8 && Gamma_Cse0__5$7$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$7$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967294bv33))), (Gamma_R8 && Gamma_Cse0__5$7$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$7$1, 0bv32), Gamma_Cse0__5$7$1;
-    NF, Gamma_NF := Cse0__5$7$1[32:31], Gamma_Cse0__5$7$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$7$1), Gamma_Cse0__5$7$1;
-    assert Gamma_ZF;
-    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0, $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1;
-  $main$__5__$tQCpvwKrSeCFPREd7E8FUA:
-    assume {:captureState "$main$__5__$tQCpvwKrSeCFPREd7E8FUA"} true;
-    goto $main$__9__$zMmLxlHWR8mJqTkM1yPBaQ;
-  $main$__6__$f4nhHXxoReqZDuDK6zxsSQ:
-    assume {:captureState "$main$__6__$f4nhHXxoReqZDuDK6zxsSQ"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1:
+    assume (R8_1 == 0bv32);
+    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1_phi_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ, $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1_phi_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1_phi_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ:
+    R8_7, Gamma_R8_7 := 1bv64, true;
+    assert Gamma_R8_7;
+    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1_phi_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ:
+    R8_30, Gamma_R8_30 := 1bv64, true;
+    assert Gamma_R8_30;
+    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0:
+    assume (!(R8_1 == 0bv32));
+    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ, $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ:
+    R8_30, Gamma_R8_30 := 0bv64, true;
+    assert Gamma_R8_30;
+    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ:
+    assume (R8_30[1:0] == 1bv1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "2092$0"} true;
+    R8_32, Gamma_R8_32 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R8_32), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R8_32);
     goto $main$__10__$0TNylRK6RmS5UECtsNwwsA;
-  $main$__7__$WBIrr~FJQGaywM0EFL_~lQ:
-    assume {:captureState "$main$__7__$WBIrr~FJQGaywM0EFL_~lQ"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0_phi_back_$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ:
+    R8_7, Gamma_R8_7 := 0bv64, true;
+    assert Gamma_R8_7;
+    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ;
+  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ:
+    assume (!(R8_7[1:0] == 1bv1));
+    R8_8, Gamma_R8_8 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    assert Gamma_R8_8;
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0, $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1:
+    assume (R8_8 == 1bv32);
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1_phi_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ, $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1_phi_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1_phi_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g:
+    R8_14, Gamma_R8_14 := 1bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1_phi_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ:
+    R8_27, Gamma_R8_27 := 1bv64, true;
+    assert Gamma_R8_27;
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0:
+    assume (!(R8_8 == 1bv32));
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g, $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ:
+    R8_27, Gamma_R8_27 := 0bv64, true;
+    assert Gamma_R8_27;
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ:
+    assume (R8_27[1:0] == 1bv1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "2108$0"} true;
+    R8_29, Gamma_R8_29 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R8_29), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R8_29);
     goto $main$__10__$0TNylRK6RmS5UECtsNwwsA;
-  $main$__8__$MFGHilZOSS~y6mrYfWAhnQ:
-    assume {:captureState "$main$__8__$MFGHilZOSS~y6mrYfWAhnQ"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0_phi_back_$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g:
+    R8_14, Gamma_R8_14 := 0bv64, true;
+    assert Gamma_R8_14;
+    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g;
+  $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g:
+    assume (!(R8_14[1:0] == 1bv1));
+    R8_15, Gamma_R8_15 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    assert Gamma_R8_15;
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0, $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1:
+    assume (R8_15 == 2bv32);
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1_phi_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ, $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1_phi_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1_phi_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA:
+    R8_21, Gamma_R8_21 := 1bv64, true;
+    assert Gamma_R8_21;
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1_phi_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ:
+    R8_24, Gamma_R8_24 := 1bv64, true;
+    assert Gamma_R8_24;
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0:
+    assume (!(R8_15 == 2bv32));
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA, $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ:
+    R8_24, Gamma_R8_24 := 0bv64, true;
+    assert Gamma_R8_24;
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ:
+    assume (R8_24[1:0] == 1bv1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4056bv64)) || L(mem, bvadd64(R8, 4056bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "2124$0"} true;
+    R8_26, Gamma_R8_26 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R8_26), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R8_26);
     goto $main$__10__$0TNylRK6RmS5UECtsNwwsA;
-  $main$__9__$zMmLxlHWR8mJqTkM1yPBaQ:
-    assume {:captureState "$main$__9__$zMmLxlHWR8mJqTkM1yPBaQ"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0_phi_back_$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA:
+    R8_21, Gamma_R8_21 := 0bv64, true;
+    assert Gamma_R8_21;
+    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA;
+  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA:
+    assume (!(R8_21[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "2140$0"} true;
+    R8_23, Gamma_R8_23 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R8_23), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R8_23);
     goto $main$__10__$0TNylRK6RmS5UECtsNwwsA;
   $main$__10__$0TNylRK6RmS5UECtsNwwsA:
-    assume {:captureState "$main$__10__$0TNylRK6RmS5UECtsNwwsA"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2156bv64, true;
+    R8_33, Gamma_R8_33 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
     goto $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_six, $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_two, $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_seven;
-  $main$__11__$5RCauC7lSbWG2IsnALJTGg:
-    assume {:captureState "$main$__11__$5RCauC7lSbWG2IsnALJTGg"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    Cse0__5$10$1, Gamma_Cse0__5$10$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$10$1), gamma_load64(Gamma_stack, Cse0__5$10$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$10$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$10$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
-    goto main_basil_return;
-  $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_six:
-    assume {:captureState "$main$__10__$0TNylRK6RmS5UECtsNwwsA$set_six"} true;
-    assume (R8 == 1960bv64);
-    call set_six();
+  $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_seven:
+    assume (R8_33 == 1980bv64);
+    call set_seven();
     goto $main$__11__$5RCauC7lSbWG2IsnALJTGg;
   $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_two:
-    assume {:captureState "$main$__10__$0TNylRK6RmS5UECtsNwwsA$set_two"} true;
-    assume (R8 == 1940bv64);
+    assume (R8_33 == 1940bv64);
     call set_two();
     goto $main$__11__$5RCauC7lSbWG2IsnALJTGg;
-  $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_seven:
-    assume {:captureState "$main$__10__$0TNylRK6RmS5UECtsNwwsA$set_seven"} true;
-    assume (R8 == 1980bv64);
-    call set_seven();
+  $main$__10__$0TNylRK6RmS5UECtsNwwsA$set_six:
+    assume (R8_33 == 1960bv64);
+    call set_six();
     goto $main$__11__$5RCauC7lSbWG2IsnALJTGg;
-  $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ:
-    assume {:captureState "$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__7__$WBIrr~FJQGaywM0EFL_~lQ;
-  $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g:
-    assume {:captureState "$main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__3__$BN0TEK1EQNeAY2qOwIEG5g;
-  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0:
-    assume {:captureState "$main$__2__$A0okiAJhRZaNrB4lOPZtTw$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ, $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g;
-  $main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1:
-    assume {:captureState "$main$__2__$A0okiAJhRZaNrB4lOPZtTw$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__7__$WBIrr~FJQGaywM0EFL_~lQ, $main$__2__$A0okiAJhRZaNrB4lOPZtTw_goto_$main$__3__$BN0TEK1EQNeAY2qOwIEG5g;
-  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ:
-    assume {:captureState "$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__6__$f4nhHXxoReqZDuDK6zxsSQ;
-  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ:
-    assume {:captureState "$main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$9glsOoBtTsagmZpc7KXoEQ;
-  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0:
-    assume {:captureState "$main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ, $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ;
-  $main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1:
-    assume {:captureState "$main$__0__$G_1Y6jALRC~8UvxN~Oh74A$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__6__$f4nhHXxoReqZDuDK6zxsSQ, $main$__0__$G_1Y6jALRC~8UvxN~Oh74A_goto_$main$__1__$9glsOoBtTsagmZpc7KXoEQ;
-  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ:
-    assume {:captureState "$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__8__$MFGHilZOSS~y6mrYfWAhnQ;
-  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA:
-    assume {:captureState "$main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__5__$tQCpvwKrSeCFPREd7E8FUA;
-  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0:
-    assume {:captureState "$main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ, $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA;
-  $main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1:
-    assume {:captureState "$main$__4__$ZMwLE9GySQC4wAmL8es_Tw$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__8__$MFGHilZOSS~y6mrYfWAhnQ, $main$__4__$ZMwLE9GySQC4wAmL8es_Tw_goto_$main$__5__$tQCpvwKrSeCFPREd7E8FUA;
+  $main$__11__$5RCauC7lSbWG2IsnALJTGg:
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := 0bv64, R29_3, R30_3, R31_in, R8_33, R9;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in, Gamma_R8_33, Gamma_R9;
     return;
 }
 
 procedure set_two();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2192bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2193bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2194bv64) == 2bv8);
@@ -449,19 +407,16 @@ procedure set_two();
 
 implementation set_two()
 {
+  var Gamma_R9_2: bool;
+  var R9_2: bv64;
   $set_two$__0__$AzAVXZGMSrCSi1E8o7VxfQ:
-    assume {:captureState "$set_two$__0__$AzAVXZGMSrCSi1E8o7VxfQ"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4016bv64)) || L(mem, bvadd64(R9, 4016bv64)));
-    R8, Gamma_R8 := 2bv64, true;
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1952$0"} true;
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 2bv32), gamma_store32(Gamma_mem, R9_2, true);
     goto set_two_basil_return;
   set_two_basil_return:
-    assume {:captureState "set_two_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/functionpointer/gcc/functionpointer_gtirb.expected b/src/test/correct/functionpointer/gcc/functionpointer_gtirb.expected
index 1533649c5..f928ab1c2 100644
--- a/src/test/correct/functionpointer/gcc/functionpointer_gtirb.expected
+++ b/src/test/correct/functionpointer/gcc/functionpointer_gtirb.expected
@@ -1,35 +1,28 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsgt"} bvsgt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -59,16 +56,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -99,7 +93,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure set_six();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -120,23 +114,17 @@ procedure set_six();
 implementation set_six()
 {
   $set_six$__0__$fFBUlQZnQASntc8S7REItw:
-    assume {:captureState "$set_six$__0__$fFBUlQZnQASntc8S7REItw"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 6bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1848$0"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 6bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     goto set_six_basil_return;
   set_six_basil_return:
-    assume {:captureState "set_six_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R29, R30, R31, VF, ZF, mem, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
@@ -147,10 +135,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1884bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2052bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2053bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -160,164 +144,94 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1884bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$1: bv32;
-  var Cse0__5$1$1: bv32;
-  var Cse0__5$10$1: bv32;
-  var Cse0__5$3$0: bv64;
-  var Cse0__5$3$4: bv32;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$1: bool;
-  var Gamma_Cse0__5$10$1: bool;
-  var Gamma_Cse0__5$3$0: bool;
-  var Gamma_Cse0__5$3$4: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_14: bv64;
+  var R0_2: bv32;
+  var R0_3: bv32;
+  var R0_4: bv32;
+  var R0_5: bv32;
+  var R1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$_D9FajgJRbSw2iGYcpsBIw:
-    assume {:captureState "$main$__0__$_D9FajgJRbSw2iGYcpsBIw"} true;
-    Cse0__5$3$0, Gamma_Cse0__5$3$0 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$3$0, R29), gamma_store64(Gamma_stack, Cse0__5$3$0, Gamma_R29);
-    assume {:captureState "1884$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$3$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$3$0, 8bv64), Gamma_R30);
-    assume {:captureState "1884$2"} true;
-    R31, Gamma_R31 := Cse0__5$3$0, Gamma_Cse0__5$3$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$3$4, Gamma_Cse0__5$3$4 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$3$4), bvadd33(sign_extend1_32(R0[32:0]), 8589934590bv33))), (Gamma_R0 && Gamma_Cse0__5$3$4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$4), bvadd33(zero_extend1_32(R0[32:0]), 4294967294bv33))), (Gamma_R0 && Gamma_Cse0__5$3$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$4, 0bv32), Gamma_Cse0__5$3$4;
-    NF, Gamma_NF := Cse0__5$3$4[32:31], Gamma_Cse0__5$3$4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_2;
     goto $main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__7__$0vBHGw4KTwa~IJS_dHoKWg, $main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__1__$f9ntZhvlQY6oxTWcOq0JTg;
-  $main$__1__$f9ntZhvlQY6oxTWcOq0JTg:
-    assume {:captureState "$main$__1__$f9ntZhvlQY6oxTWcOq0JTg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$0$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934590bv33))), (Gamma_R0 && Gamma_Cse0__5$0$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967294bv33))), (Gamma_R0 && Gamma_Cse0__5$0$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$1, 0bv32), Gamma_Cse0__5$0$1;
-    NF, Gamma_NF := Cse0__5$0$1[32:31], Gamma_Cse0__5$0$1;
-    assert ((Gamma_NF && Gamma_VF) && Gamma_ZF);
+  $main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__1__$f9ntZhvlQY6oxTWcOq0JTg:
+    assume (!(R0_2 == 2bv32));
+    R0_3, Gamma_R0_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_3;
     goto $main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__8__$_yFfkL_NQBGG_4FltkEZPA, $main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ;
-  $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ:
-    assume {:captureState "$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$10$1, Gamma_Cse0__5$10$1 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$10$1, Cse0__5$10$1)), Gamma_Cse0__5$10$1;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$10$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$10$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$10$1, 0bv32), Gamma_Cse0__5$10$1;
-    NF, Gamma_NF := Cse0__5$10$1[32:31], Gamma_Cse0__5$10$1;
-    assert Gamma_ZF;
+  $main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ:
+    assume bvsle32(R0_3, 2bv32);
+    R0_4, Gamma_R0_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_4;
     goto $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__5__$3a21fgw4S6uXIwvw1rvH7A, $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w;
-  $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w:
-    assume {:captureState "$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$1$1, Gamma_Cse0__5$1$1 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$1$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_Cse0__5$1$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_Cse0__5$1$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$1, 0bv32), Gamma_Cse0__5$1$1;
-    NF, Gamma_NF := Cse0__5$1$1[32:31], Gamma_Cse0__5$1$1;
-    assert Gamma_ZF;
+  $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w:
+    assume (!(R0_4 == 0bv32));
+    R0_5, Gamma_R0_5 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_5;
     goto $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__6__$c0TNLKEPT3GkfwAOFWCdMw, $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__4__$3NbhKlSfRPah6thY7nGsGQ;
-  $main$__4__$3NbhKlSfRPah6thY7nGsGQ:
-    assume {:captureState "$main$__4__$3NbhKlSfRPah6thY7nGsGQ"} true;
+  $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__4__$3NbhKlSfRPah6thY7nGsGQ:
+    assume (!(R0_5 == 1bv32));
     goto $main$__8__$_yFfkL_NQBGG_4FltkEZPA;
-  $main$__5__$3a21fgw4S6uXIwvw1rvH7A:
-    assume {:captureState "$main$__5__$3a21fgw4S6uXIwvw1rvH7A"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1812bv64), Gamma_R0;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "1956$0"} true;
-    goto $main$__9__$N87MnmJ9SDqTYx5EXy~u6g;
-  $main$__6__$c0TNLKEPT3GkfwAOFWCdMw:
-    assume {:captureState "$main$__6__$c0TNLKEPT3GkfwAOFWCdMw"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1836bv64), Gamma_R0;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "1972$0"} true;
+  $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__6__$c0TNLKEPT3GkfwAOFWCdMw:
+    assume (R0_5 == 1bv32);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1836bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto $main$__9__$N87MnmJ9SDqTYx5EXy~u6g;
-  $main$__7__$0vBHGw4KTwa~IJS_dHoKWg:
-    assume {:captureState "$main$__7__$0vBHGw4KTwa~IJS_dHoKWg"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1860bv64), Gamma_R0;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "1988$0"} true;
+  $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__5__$3a21fgw4S6uXIwvw1rvH7A:
+    assume (R0_4 == 0bv32);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1812bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto $main$__9__$N87MnmJ9SDqTYx5EXy~u6g;
+  $main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__8__$_yFfkL_NQBGG_4FltkEZPA:
+    assume bvsgt32(R0_3, 2bv32);
+    goto $main$__8__$_yFfkL_NQBGG_4FltkEZPA;
   $main$__8__$_yFfkL_NQBGG_4FltkEZPA:
-    assume {:captureState "$main$__8__$_yFfkL_NQBGG_4FltkEZPA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1812bv64), Gamma_R0;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2004$0"} true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1812bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    goto $main$__9__$N87MnmJ9SDqTYx5EXy~u6g;
+  $main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__7__$0vBHGw4KTwa~IJS_dHoKWg:
+    assume (R0_2 == 2bv32);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1860bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto $main$__9__$N87MnmJ9SDqTYx5EXy~u6g;
   $main$__9__$N87MnmJ9SDqTYx5EXy~u6g:
-    assume {:captureState "$main$__9__$N87MnmJ9SDqTYx5EXy~u6g"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2020bv64, true;
+    R0_14, Gamma_R0_14 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_seven, $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_two, $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_six;
-  $main$__10__$Y1PxorE9TmC2XsQ0OMAzBg:
-    assume {:captureState "$main$__10__$Y1PxorE9TmC2XsQ0OMAzBg"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
-    goto main_basil_return;
-  $main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__8__$_yFfkL_NQBGG_4FltkEZPA:
-    assume {:captureState "$main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__8__$_yFfkL_NQBGG_4FltkEZPA"} true;
-    assume ((NF == VF) && (ZF == 0bv1));
-    goto $main$__8__$_yFfkL_NQBGG_4FltkEZPA;
-  $main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ:
-    assume {:captureState "$main$__1__$f9ntZhvlQY6oxTWcOq0JTg_goto_$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ"} true;
-    assume (!((NF == VF) && (ZF == 0bv1)));
-    goto $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ;
-  $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__6__$c0TNLKEPT3GkfwAOFWCdMw:
-    assume {:captureState "$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__6__$c0TNLKEPT3GkfwAOFWCdMw"} true;
-    assume (ZF == 1bv1);
-    goto $main$__6__$c0TNLKEPT3GkfwAOFWCdMw;
-  $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__4__$3NbhKlSfRPah6thY7nGsGQ:
-    assume {:captureState "$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w_goto_$main$__4__$3NbhKlSfRPah6thY7nGsGQ"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__4__$3NbhKlSfRPah6thY7nGsGQ;
-  $main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__7__$0vBHGw4KTwa~IJS_dHoKWg:
-    assume {:captureState "$main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__7__$0vBHGw4KTwa~IJS_dHoKWg"} true;
-    assume (ZF == 1bv1);
-    goto $main$__7__$0vBHGw4KTwa~IJS_dHoKWg;
-  $main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__1__$f9ntZhvlQY6oxTWcOq0JTg:
-    assume {:captureState "$main$__0__$_D9FajgJRbSw2iGYcpsBIw_goto_$main$__1__$f9ntZhvlQY6oxTWcOq0JTg"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$f9ntZhvlQY6oxTWcOq0JTg;
-  $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_seven:
-    assume {:captureState "$main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_seven"} true;
-    assume (R0 == 1860bv64);
-    call set_seven();
+  $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_six:
+    assume (R0_14 == 1836bv64);
+    call set_six();
     goto $main$__10__$Y1PxorE9TmC2XsQ0OMAzBg;
   $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_two:
-    assume {:captureState "$main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_two"} true;
-    assume (R0 == 1812bv64);
+    assume (R0_14 == 1812bv64);
     call set_two();
     goto $main$__10__$Y1PxorE9TmC2XsQ0OMAzBg;
-  $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_six:
-    assume {:captureState "$main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_six"} true;
-    assume (R0 == 1836bv64);
-    call set_six();
+  $main$__9__$N87MnmJ9SDqTYx5EXy~u6g$set_seven:
+    assume (R0_14 == 1860bv64);
+    call set_seven();
     goto $main$__10__$Y1PxorE9TmC2XsQ0OMAzBg;
-  $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__5__$3a21fgw4S6uXIwvw1rvH7A:
-    assume {:captureState "$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__5__$3a21fgw4S6uXIwvw1rvH7A"} true;
-    assume (ZF == 1bv1);
-    goto $main$__5__$3a21fgw4S6uXIwvw1rvH7A;
-  $main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w:
-    assume {:captureState "$main$__2__$DHZJ7cSQSna~nrpNXjA6pQ_goto_$main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__3__$Y~lfjyGjQ_WvS7i15Hyi6w;
+  $main$__10__$Y1PxorE9TmC2XsQ0OMAzBg:
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
 procedure set_seven();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -338,22 +252,16 @@ procedure set_seven();
 implementation set_seven()
 {
   $set_seven$__0__$N5CM0prJRzCc8vJXtN888g:
-    assume {:captureState "$set_seven$__0__$N5CM0prJRzCc8vJXtN888g"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 7bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1872$0"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 7bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     goto set_seven_basil_return;
   set_seven_basil_return:
-    assume {:captureState "set_seven_basil_return"} true;
     return;
 }
 
 procedure set_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -374,17 +282,11 @@ procedure set_two();
 implementation set_two()
 {
   $set_two$__0__$pAd9qDTFTLWR4Wy64dKK0A:
-    assume {:captureState "$set_two$__0__$pAd9qDTFTLWR4Wy64dKK0A"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 2bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1824$0"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 2bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     goto set_two_basil_return;
   set_two_basil_return:
-    assume {:captureState "set_two_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/functionpointer/gcc_O2/functionpointer_gtirb.expected b/src/test/correct/functionpointer/gcc_O2/functionpointer_gtirb.expected
index 617efea08..6daa3cf65 100644
--- a/src/test/correct/functionpointer/gcc_O2/functionpointer_gtirb.expected
+++ b/src/test/correct/functionpointer/gcc_O2/functionpointer_gtirb.expected
@@ -1,45 +1,40 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -51,15 +46,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -90,7 +83,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure set_six();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2020bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2021bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2022bv64) == 2bv8);
@@ -111,22 +104,17 @@ procedure set_six();
 implementation set_six()
 {
   $set_six$__0__$dX4gaI1OSUabhEuG9un0cA:
-    assume {:captureState "$set_six$__0__$dX4gaI1OSUabhEuG9un0cA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R1, Gamma_R1 := 6bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R0, 20bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 20bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 20bv64), Gamma_R1);
-    assume {:captureState "1976$0"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 6bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     goto set_six_basil_return;
   set_six_basil_return:
-    assume {:captureState "set_six_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R29, R30, R31, VF, ZF, mem, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2020bv64) == 1bv8);
@@ -137,10 +125,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2020bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2021bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2022bv64) == 2bv8);
@@ -150,80 +134,47 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Cse0__5$0$2: bv32;
-  var Cse0__5$1$0: bv32;
-  var Gamma_Cse0__5$0$0: bool;
-  var Gamma_Cse0__5$0$2: bool;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R1: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R1: bv64;
+  var R1_5: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$eOh8YVTlQnKonp~fpb5jKw:
-    assume {:captureState "$main$__0__$eOh8YVTlQnKonp~fpb5jKw"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1536$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1536$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    Cse0__5$0$2, Gamma_Cse0__5$0$2 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$0$2), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_Cse0__5$0$2);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$2), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_Cse0__5$0$2);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$2, 0bv32), Gamma_Cse0__5$0$2;
-    NF, Gamma_NF := Cse0__5$0$2[32:31], Gamma_Cse0__5$0$2;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    assert Gamma_R0_in;
     goto $main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__4__$S8383WrHT8i~O1Ieq4qHoA, $main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__1__$ca5W8ecrTdSh_xILQFKWFg;
-  $main$__1__$ca5W8ecrTdSh_xILQFKWFg:
-    assume {:captureState "$main$__1__$ca5W8ecrTdSh_xILQFKWFg"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$1$0), bvadd33(sign_extend1_32(R0[32:0]), 8589934590bv33))), (Gamma_R0 && Gamma_Cse0__5$1$0);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$0), bvadd33(zero_extend1_32(R0[32:0]), 4294967294bv33))), (Gamma_R0 && Gamma_Cse0__5$1$0);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$0, 0bv32), Gamma_Cse0__5$1$0;
-    NF, Gamma_NF := Cse0__5$1$0[32:31], Gamma_Cse0__5$1$0;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 1984bv64), Gamma_R1;
-    R0, Gamma_R0 := bvadd64(R0, 1952bv64), Gamma_R0;
-    assert Gamma_ZF;
+  $main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__1__$ca5W8ecrTdSh_xILQFKWFg:
+    assume (!(R0_in[32:0] == 1bv32));
+    assert Gamma_R0_in;
     goto $main$__1__$ca5W8ecrTdSh_xILQFKWFg$__0, $main$__1__$ca5W8ecrTdSh_xILQFKWFg$__1;
+  $main$__1__$ca5W8ecrTdSh_xILQFKWFg$__1:
+    assume (R0_in[32:0] == 2bv32);
+    R1_5, Gamma_R1_5 := 1984bv64, true;
+    goto $main$__2__$fEZ8GKsISKaOAJptXmofmg;
+  $main$__1__$ca5W8ecrTdSh_xILQFKWFg$__0:
+    assume (!(R0_in[32:0] == 2bv32));
+    R1_5, Gamma_R1_5 := 1984bv64, true;
+    goto $main$__2__$fEZ8GKsISKaOAJptXmofmg;
+  $main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__4__$S8383WrHT8i~O1Ieq4qHoA:
+    assume (R0_in[32:0] == 1bv32);
+    R1_5, Gamma_R1_5 := R1, Gamma_R1;
+    goto $main$__2__$fEZ8GKsISKaOAJptXmofmg;
   $main$__2__$fEZ8GKsISKaOAJptXmofmg:
-    assume {:captureState "$main$__2__$fEZ8GKsISKaOAJptXmofmg"} true;
-    R30, Gamma_R30 := 1580bv64, true;
     call set_six();
     goto $main$__3__$F~EXshFNSrygGBX5dfkWLg;
   $main$__3__$F~EXshFNSrygGBX5dfkWLg:
-    assume {:captureState "$main$__3__$F~EXshFNSrygGBX5dfkWLg"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
-  $main$__4__$S8383WrHT8i~O1Ieq4qHoA:
-    assume {:captureState "$main$__4__$S8383WrHT8i~O1Ieq4qHoA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1968bv64), Gamma_R0;
-    goto $main$__2__$fEZ8GKsISKaOAJptXmofmg;
-  $main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__4__$S8383WrHT8i~O1Ieq4qHoA:
-    assume {:captureState "$main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__4__$S8383WrHT8i~O1Ieq4qHoA"} true;
-    assume (ZF == 1bv1);
-    goto $main$__4__$S8383WrHT8i~O1Ieq4qHoA;
-  $main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__1__$ca5W8ecrTdSh_xILQFKWFg:
-    assume {:captureState "$main$__0__$eOh8YVTlQnKonp~fpb5jKw_goto_$main$__1__$ca5W8ecrTdSh_xILQFKWFg"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$ca5W8ecrTdSh_xILQFKWFg;
-  $main$__1__$ca5W8ecrTdSh_xILQFKWFg$__0:
-    assume {:captureState "$main$__1__$ca5W8ecrTdSh_xILQFKWFg$__0"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := R0, Gamma_R0;
-    goto $main$__2__$fEZ8GKsISKaOAJptXmofmg;
-  $main$__1__$ca5W8ecrTdSh_xILQFKWFg$__1:
-    assume {:captureState "$main$__1__$ca5W8ecrTdSh_xILQFKWFg$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R0, Gamma_R0 := R1, Gamma_R1;
-    goto $main$__2__$fEZ8GKsISKaOAJptXmofmg;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_5, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_5, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/functionpointer/gcc_pic/functionpointer_gtirb.expected b/src/test/correct/functionpointer/gcc_pic/functionpointer_gtirb.expected
index aa1b8397d..f70f1a33d 100644
--- a/src/test/correct/functionpointer/gcc_pic/functionpointer_gtirb.expected
+++ b/src/test/correct/functionpointer/gcc_pic/functionpointer_gtirb.expected
@@ -1,35 +1,28 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsgt"} bvsgt32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsle"} bvsle32(bv32, bv32) returns (bool);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -59,16 +56,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -103,7 +97,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure set_seven();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2180bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2181bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2182bv64) == 2bv8);
@@ -131,25 +125,22 @@ procedure set_seven();
 
 implementation set_seven()
 {
+  var Gamma_R0_2: bool;
+  var R0_2: bv64;
   $set_seven$__0__$L4yUagLBRvmbr9rJ4OG7AA:
-    assume {:captureState "$set_seven$__0__$L4yUagLBRvmbr9rJ4OG7AA"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
-    R1, Gamma_R1 := 7bv64, true;
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2000$0"} true;
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_2, 7bv32), gamma_store32(Gamma_mem, R0_2, true);
     goto set_seven_basil_return;
   set_seven_basil_return:
-    assume {:captureState "set_seven_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R29, R30, R31, VF, ZF, mem, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2180bv64) == 1bv8);
@@ -164,10 +155,6 @@ procedure main();
   free requires (memory_load64_le(mem, 68992bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 68984bv64) == 1936bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1940bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2180bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2181bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2182bv64) == 2bv8);
@@ -181,168 +168,110 @@ procedure main();
   free ensures (memory_load64_le(mem, 68984bv64) == 1936bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1940bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$10$0: bv64;
-  var Cse0__5$10$4: bv32;
-  var Cse0__5$2$1: bv32;
-  var Cse0__5$7$1: bv32;
-  var Cse0__5$8$1: bv32;
-  var Gamma_Cse0__5$10$0: bool;
-  var Gamma_Cse0__5$10$4: bool;
-  var Gamma_Cse0__5$2$1: bool;
-  var Gamma_Cse0__5$7$1: bool;
-  var Gamma_Cse0__5$8$1: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_11: bv64;
+  var R0_13: bv64;
+  var R0_14: bv64;
+  var R0_2: bv32;
+  var R0_3: bv32;
+  var R0_4: bv32;
+  var R0_5: bv32;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$mSqeYLPTTSeWCfH6eJwJtA:
-    assume {:captureState "$main$__0__$mSqeYLPTTSeWCfH6eJwJtA"} true;
-    Cse0__5$10$0, Gamma_Cse0__5$10$0 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$10$0, R29), gamma_store64(Gamma_stack, Cse0__5$10$0, Gamma_R29);
-    assume {:captureState "2012$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$10$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$10$0, 8bv64), Gamma_R30);
-    assume {:captureState "2012$2"} true;
-    R31, Gamma_R31 := Cse0__5$10$0, Gamma_Cse0__5$10$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "2020$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$10$4, Gamma_Cse0__5$10$4 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$10$4), bvadd33(sign_extend1_32(R0[32:0]), 8589934590bv33))), (Gamma_R0 && Gamma_Cse0__5$10$4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$10$4), bvadd33(zero_extend1_32(R0[32:0]), 4294967294bv33))), (Gamma_R0 && Gamma_Cse0__5$10$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$10$4, 0bv32), Gamma_Cse0__5$10$4;
-    NF, Gamma_NF := Cse0__5$10$4[32:31], Gamma_Cse0__5$10$4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_2;
     goto $main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__7__$CM1tpRQfSBKhPNKoMwfCqQ, $main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__1__$Itcc9ikmRriat4P2PfBY9Q;
-  $main$__1__$Itcc9ikmRriat4P2PfBY9Q:
-    assume {:captureState "$main$__1__$Itcc9ikmRriat4P2PfBY9Q"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$8$1, Gamma_Cse0__5$8$1 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$8$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934590bv33))), (Gamma_R0 && Gamma_Cse0__5$8$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$8$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967294bv33))), (Gamma_R0 && Gamma_Cse0__5$8$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$8$1, 0bv32), Gamma_Cse0__5$8$1;
-    NF, Gamma_NF := Cse0__5$8$1[32:31], Gamma_Cse0__5$8$1;
-    assert ((Gamma_NF && Gamma_VF) && Gamma_ZF);
+  $main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__1__$Itcc9ikmRriat4P2PfBY9Q:
+    assume (!(R0_2 == 2bv32));
+    R0_3, Gamma_R0_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_3;
     goto $main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__8__$sD4BTrlRTieCvvugZUYF7A, $main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ;
-  $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ:
-    assume {:captureState "$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$2$1, Gamma_Cse0__5$2$1 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$2$1, Cse0__5$2$1)), Gamma_Cse0__5$2$1;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$2$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$1, 0bv32), Gamma_Cse0__5$2$1;
-    NF, Gamma_NF := Cse0__5$2$1[32:31], Gamma_Cse0__5$2$1;
-    assert Gamma_ZF;
+  $main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ:
+    assume bvsle32(R0_3, 2bv32);
+    R0_4, Gamma_R0_4 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_4;
     goto $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__5__$cPLOwypmRFeVmHCrCFAc_g, $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__3__$09_lQb5MT_SJaYe07Vmc_g;
-  $main$__3__$09_lQb5MT_SJaYe07Vmc_g:
-    assume {:captureState "$main$__3__$09_lQb5MT_SJaYe07Vmc_g"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$7$1, Gamma_Cse0__5$7$1 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$7$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_Cse0__5$7$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$7$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_Cse0__5$7$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$7$1, 0bv32), Gamma_Cse0__5$7$1;
-    NF, Gamma_NF := Cse0__5$7$1[32:31], Gamma_Cse0__5$7$1;
-    assert Gamma_ZF;
+  $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__3__$09_lQb5MT_SJaYe07Vmc_g:
+    assume (!(R0_4 == 0bv32));
+    R0_5, Gamma_R0_5 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_5;
     goto $main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__6__$SujlhOerQhygmgKHSc1XZw, $main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__4__$Bt04V5oVRaOM5Ip3wRkfUw;
-  $main$__4__$Bt04V5oVRaOM5Ip3wRkfUw:
-    assume {:captureState "$main$__4__$Bt04V5oVRaOM5Ip3wRkfUw"} true;
+  $main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__4__$Bt04V5oVRaOM5Ip3wRkfUw:
+    assume (!(R0_5 == 1bv32));
     goto $main$__8__$sD4BTrlRTieCvvugZUYF7A;
-  $main$__5__$cPLOwypmRFeVmHCrCFAc_g:
-    assume {:captureState "$main$__5__$cPLOwypmRFeVmHCrCFAc_g"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__6__$SujlhOerQhygmgKHSc1XZw:
+    assume (R0_5 == 1bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2084$0"} true;
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_7), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_7);
     goto $main$__9__$7RwlIZnASouKYJ2frkUUKw;
-  $main$__6__$SujlhOerQhygmgKHSc1XZw:
-    assume {:captureState "$main$__6__$SujlhOerQhygmgKHSc1XZw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__5__$cPLOwypmRFeVmHCrCFAc_g:
+    assume (R0_4 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2100$0"} true;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_9), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_9);
     goto $main$__9__$7RwlIZnASouKYJ2frkUUKw;
-  $main$__7__$CM1tpRQfSBKhPNKoMwfCqQ:
-    assume {:captureState "$main$__7__$CM1tpRQfSBKhPNKoMwfCqQ"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__8__$sD4BTrlRTieCvvugZUYF7A:
+    assume bvsgt32(R0_3, 2bv32);
+    goto $main$__8__$sD4BTrlRTieCvvugZUYF7A;
+  $main$__8__$sD4BTrlRTieCvvugZUYF7A:
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4080bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4080bv64)) || L(mem, bvadd64(R0, 4080bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2116$0"} true;
+    R0_11, Gamma_R0_11 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_11), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_11);
     goto $main$__9__$7RwlIZnASouKYJ2frkUUKw;
-  $main$__8__$sD4BTrlRTieCvvugZUYF7A:
-    assume {:captureState "$main$__8__$sD4BTrlRTieCvvugZUYF7A"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__7__$CM1tpRQfSBKhPNKoMwfCqQ:
+    assume (R0_2 == 2bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2132$0"} true;
+    R0_13, Gamma_R0_13 := memory_load64_le(mem, 69616bv64), (gamma_load64(Gamma_mem, 69616bv64) || L(mem, 69616bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_13), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_13);
     goto $main$__9__$7RwlIZnASouKYJ2frkUUKw;
   $main$__9__$7RwlIZnASouKYJ2frkUUKw:
-    assume {:captureState "$main$__9__$7RwlIZnASouKYJ2frkUUKw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2148bv64, true;
+    R0_14, Gamma_R0_14 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_six, $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_two, $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_seven;
-  $main$__10__$~6BcLPrzR_qqeDcEFjH5oA:
-    assume {:captureState "$main$__10__$~6BcLPrzR_qqeDcEFjH5oA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
-    goto main_basil_return;
-  $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__5__$cPLOwypmRFeVmHCrCFAc_g:
-    assume {:captureState "$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__5__$cPLOwypmRFeVmHCrCFAc_g"} true;
-    assume (ZF == 1bv1);
-    goto $main$__5__$cPLOwypmRFeVmHCrCFAc_g;
-  $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__3__$09_lQb5MT_SJaYe07Vmc_g:
-    assume {:captureState "$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ_goto_$main$__3__$09_lQb5MT_SJaYe07Vmc_g"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__3__$09_lQb5MT_SJaYe07Vmc_g;
-  $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_six:
-    assume {:captureState "$main$__9__$7RwlIZnASouKYJ2frkUUKw$set_six"} true;
-    assume (R0 == 1964bv64);
-    call set_six();
+  $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_seven:
+    assume (R0_14 == 1988bv64);
+    call set_seven();
     goto $main$__10__$~6BcLPrzR_qqeDcEFjH5oA;
   $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_two:
-    assume {:captureState "$main$__9__$7RwlIZnASouKYJ2frkUUKw$set_two"} true;
-    assume (R0 == 1940bv64);
+    assume (R0_14 == 1940bv64);
     call set_two();
     goto $main$__10__$~6BcLPrzR_qqeDcEFjH5oA;
-  $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_seven:
-    assume {:captureState "$main$__9__$7RwlIZnASouKYJ2frkUUKw$set_seven"} true;
-    assume (R0 == 1988bv64);
-    call set_seven();
+  $main$__9__$7RwlIZnASouKYJ2frkUUKw$set_six:
+    assume (R0_14 == 1964bv64);
+    call set_six();
     goto $main$__10__$~6BcLPrzR_qqeDcEFjH5oA;
-  $main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__6__$SujlhOerQhygmgKHSc1XZw:
-    assume {:captureState "$main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__6__$SujlhOerQhygmgKHSc1XZw"} true;
-    assume (ZF == 1bv1);
-    goto $main$__6__$SujlhOerQhygmgKHSc1XZw;
-  $main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__4__$Bt04V5oVRaOM5Ip3wRkfUw:
-    assume {:captureState "$main$__3__$09_lQb5MT_SJaYe07Vmc_g_goto_$main$__4__$Bt04V5oVRaOM5Ip3wRkfUw"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__4__$Bt04V5oVRaOM5Ip3wRkfUw;
-  $main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__8__$sD4BTrlRTieCvvugZUYF7A:
-    assume {:captureState "$main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__8__$sD4BTrlRTieCvvugZUYF7A"} true;
-    assume ((NF == VF) && (ZF == 0bv1));
-    goto $main$__8__$sD4BTrlRTieCvvugZUYF7A;
-  $main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ:
-    assume {:captureState "$main$__1__$Itcc9ikmRriat4P2PfBY9Q_goto_$main$__2__$1AJ~HowZR3iJDHcHLtAuzQ"} true;
-    assume (!((NF == VF) && (ZF == 0bv1)));
-    goto $main$__2__$1AJ~HowZR3iJDHcHLtAuzQ;
-  $main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__7__$CM1tpRQfSBKhPNKoMwfCqQ:
-    assume {:captureState "$main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__7__$CM1tpRQfSBKhPNKoMwfCqQ"} true;
-    assume (ZF == 1bv1);
-    goto $main$__7__$CM1tpRQfSBKhPNKoMwfCqQ;
-  $main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__1__$Itcc9ikmRriat4P2PfBY9Q:
-    assume {:captureState "$main$__0__$mSqeYLPTTSeWCfH6eJwJtA_goto_$main$__1__$Itcc9ikmRriat4P2PfBY9Q"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$Itcc9ikmRriat4P2PfBY9Q;
+  $main$__10__$~6BcLPrzR_qqeDcEFjH5oA:
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
 procedure set_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2180bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2181bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2182bv64) == 2bv8);
@@ -370,24 +299,21 @@ procedure set_two();
 
 implementation set_two()
 {
+  var Gamma_R0_2: bool;
+  var R0_2: bv64;
   $set_two$__0__$pc4EEuLAT5~NeDl373acBA:
-    assume {:captureState "$set_two$__0__$pc4EEuLAT5~NeDl373acBA"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
-    R1, Gamma_R1 := 2bv64, true;
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1952$0"} true;
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_2, 2bv32), gamma_store32(Gamma_mem, R0_2, true);
     goto set_two_basil_return;
   set_two_basil_return:
-    assume {:captureState "set_two_basil_return"} true;
     return;
 }
 
 procedure set_six();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2180bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2181bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2182bv64) == 2bv8);
@@ -415,19 +341,16 @@ procedure set_six();
 
 implementation set_six()
 {
+  var Gamma_R0_2: bool;
+  var R0_2: bv64;
   $set_six$__0__$MeJQ5u2GT2qTPkmi76_Clg:
-    assume {:captureState "$set_six$__0__$MeJQ5u2GT2qTPkmi76_Clg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
-    R1, Gamma_R1 := 6bv64, true;
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1976$0"} true;
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_2, 6bv32), gamma_store32(Gamma_mem, R0_2, true);
     goto set_six_basil_return;
   set_six_basil_return:
-    assume {:captureState "set_six_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/functions_with_params/clang/functions_with_params.expected b/src/test/correct/functions_with_params/clang/functions_with_params.expected
index d2b236b8c..52554d286 100644
--- a/src/test/correct/functions_with_params/clang/functions_with_params.expected
+++ b/src/test/correct/functions_with_params/clang/functions_with_params.expected
@@ -1,21 +1,25 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1912bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -25,11 +29,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -45,11 +53,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -82,8 +90,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_stack, R0, R29, R30, R31, R8, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1912bv64) == 1bv8);
@@ -94,10 +102,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1912bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1913bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -107,48 +111,39 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R31_3: bool;
+  var R0_1: bv64;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R31_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%0000030a"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000310"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R8);
-    assume {:captureState "%00000323"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000330"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64));
-    R30, Gamma_R30 := 1848bv64, true;
-    call plus_one();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    call R0_2, Gamma_R0_2, R31_3, Gamma_R31_3 := plus_one(R0_1, Gamma_R0_1, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in);
     goto l00000366;
   l00000366:
-    assume {:captureState "l00000366"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R0);
-    assume {:captureState "%0000036c"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    #5, Gamma_#5 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_2);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_3, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 16bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_3, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 24bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out := 0bv64, R29_3, R30_3, bvadd64(R31_3, 32bv64), 2bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_3, true;
     return;
 }
 
-procedure plus_one();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_stack, R0, R31, R8, stack;
+procedure plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load8_le(mem, 1912bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1913bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -157,8 +152,6 @@ procedure plus_one();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1912bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1913bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -168,19 +161,20 @@ procedure plus_one();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation plus_one()
+implementation plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var R0_2: bv64;
+  var R8_1: bv32;
   lplus_one:
-    assume {:captureState "lplus_one"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000034c"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_2, Gamma_R0_2 := zero_extend32_32(bvadd32(R8_1, 1bv32)), Gamma_R8_1;
     goto plus_one_basil_return;
   plus_one_basil_return:
-    assume {:captureState "plus_one_basil_return"} true;
+    R0_out, R31_out := R0_2, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/functions_with_params/clang/functions_with_params_gtirb.expected b/src/test/correct/functions_with_params/clang/functions_with_params_gtirb.expected
index 428eb1a3e..3253afad1 100644
--- a/src/test/correct/functions_with_params/clang/functions_with_params_gtirb.expected
+++ b/src/test/correct/functions_with_params/clang/functions_with_params_gtirb.expected
@@ -1,21 +1,25 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1912bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -25,11 +29,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -45,11 +53,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -82,8 +90,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_stack, R0, R29, R30, R31, R8, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1912bv64) == 1bv8);
@@ -94,10 +102,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1912bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1913bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -107,48 +111,39 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$2: bv64;
-  var Cse0__5$1$1: bv64;
-  var Gamma_Cse0__5$0$2: bool;
-  var Gamma_Cse0__5$1$1: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R31_3: bool;
+  var R0_1: bv64;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R31_3: bv64;
   $main$__0__$_kmZuIukTa2pHUJW~uCGfQ:
-    assume {:captureState "$main$__0__$_kmZuIukTa2pHUJW~uCGfQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    Cse0__5$1$1, Gamma_Cse0__5$1$1 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$1, R29), gamma_store64(Gamma_stack, Cse0__5$1$1, Gamma_R29);
-    assume {:captureState "1816$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$1, 8bv64), Gamma_R30);
-    assume {:captureState "1816$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R29, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64));
-    R30, Gamma_R30 := 1848bv64, true;
-    call plus_one();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    call R0_2, Gamma_R0_2, R31_3, Gamma_R31_3 := plus_one(R0_1, Gamma_R0_1, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in);
     goto $main$__1__$HspZq7YwQ4y0NoLabaih0w;
   $main$__1__$HspZq7YwQ4y0NoLabaih0w:
-    assume {:captureState "$main$__1__$HspZq7YwQ4y0NoLabaih0w"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), Gamma_R0);
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    Cse0__5$0$2, Gamma_Cse0__5$0$2 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$0$2), gamma_load64(Gamma_stack, Cse0__5$0$2);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$0$2, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$0$2, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_2);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_3, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 16bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_3, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 24bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out := 0bv64, R29_3, R30_3, bvadd64(R31_3, 32bv64), 2bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_3, true;
     return;
 }
 
-procedure plus_one();
-  modifies Gamma_R0, Gamma_R31, Gamma_R8, Gamma_stack, R0, R31, R8, stack;
+procedure plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load8_le(mem, 1912bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1913bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -157,8 +152,6 @@ procedure plus_one();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1912bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1913bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1914bv64) == 2bv8);
@@ -168,19 +161,20 @@ procedure plus_one();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation plus_one()
+implementation plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var R0_2: bv64;
+  var R8_1: bv32;
   $plus_one$__0__$Pl39SFHHQI2EffBjodiSvA:
-    assume {:captureState "$plus_one$__0__$Pl39SFHHQI2EffBjodiSvA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1872$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_2, Gamma_R0_2 := zero_extend32_32(bvadd32(R8_1, 1bv32)), Gamma_R8_1;
     goto plus_one_basil_return;
   plus_one_basil_return:
-    assume {:captureState "plus_one_basil_return"} true;
+    R0_out, R31_out := R0_2, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/functions_with_params/gcc/functions_with_params.expected b/src/test/correct/functions_with_params/gcc/functions_with_params.expected
index 2adfff70a..4f511d33e 100644
--- a/src/test/correct/functions_with_params/gcc/functions_with_params.expected
+++ b/src/test/correct/functions_with_params/gcc/functions_with_params.expected
@@ -1,19 +1,25 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1904bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -23,11 +29,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,11 +53,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,8 +90,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_stack, R0, R29, R30, R31, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1904bv64) == 1bv8);
@@ -92,10 +102,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1904bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1905bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -105,45 +111,39 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R31_3: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R31_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002fc"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000302"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000319"} true;
-    R0, Gamma_R0 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000326"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 1844bv64, true;
-    call plus_one();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    call R0_4, Gamma_R0_4, R31_3, Gamma_R31_3 := plus_one(R0_3, Gamma_R0_3, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in);
     goto l0000035c;
   l0000035c:
-    assume {:captureState "l0000035c"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000362"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_3, 24bv64), R0_4[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_3, 24bv64), Gamma_R0_4);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out := 0bv64, R29_3, R30_3, bvadd64(R31_3, 32bv64);
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_3;
     return;
 }
 
-procedure plus_one();
-  modifies Gamma_R0, Gamma_R31, Gamma_stack, R0, R31, stack;
+procedure plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load8_le(mem, 1904bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1905bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -152,8 +152,6 @@ procedure plus_one();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1904bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1905bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -163,19 +161,20 @@ procedure plus_one();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation plus_one()
+implementation plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var R0_2: bv32;
+  var R0_3: bv64;
   lplus_one:
-    assume {:captureState "lplus_one"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000342"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_3, Gamma_R0_3 := zero_extend32_32(bvadd32(R0_2, 1bv32)), Gamma_R0_2;
     goto plus_one_basil_return;
   plus_one_basil_return:
-    assume {:captureState "plus_one_basil_return"} true;
+    R0_out, R31_out := R0_3, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_3, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/functions_with_params/gcc/functions_with_params_gtirb.expected b/src/test/correct/functions_with_params/gcc/functions_with_params_gtirb.expected
index aba4779b9..2d9f7249a 100644
--- a/src/test/correct/functions_with_params/gcc/functions_with_params_gtirb.expected
+++ b/src/test/correct/functions_with_params/gcc/functions_with_params_gtirb.expected
@@ -1,19 +1,25 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1904bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -23,11 +29,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,11 +53,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,8 +90,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure plus_one();
-  modifies Gamma_R0, Gamma_R31, Gamma_stack, R0, R31, stack;
+procedure plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load8_le(mem, 1904bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1905bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -90,8 +100,6 @@ procedure plus_one();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1904bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1905bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -101,24 +109,25 @@ procedure plus_one();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation plus_one()
+implementation plus_one(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var R0_2: bv32;
+  var R0_3: bv64;
   $plus_one$__0__$aniLEBpwTwWecL~mJKhdww:
-    assume {:captureState "$plus_one$__0__$aniLEBpwTwWecL~mJKhdww"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R0_3, Gamma_R0_3 := zero_extend32_32(bvadd32(R0_2, 1bv32)), Gamma_R0_2;
     goto plus_one_basil_return;
   plus_one_basil_return:
-    assume {:captureState "plus_one_basil_return"} true;
+    R0_out, R31_out := R0_3, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_3, Gamma_R31_in;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_stack, R0, R29, R30, R31, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1904bv64) == 1bv8);
@@ -129,10 +138,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1904bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1905bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -142,40 +147,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R31_3: bool;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
+  var R31_3: bv64;
   $main$__0__$yXI5g~EeQ_GieNYkY~buoQ:
-    assume {:captureState "$main$__0__$yXI5g~EeQ_GieNYkY~buoQ"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1812$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1812$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 1844bv64, true;
-    call plus_one();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    call R0_4, Gamma_R0_4, R31_3, Gamma_R31_3 := plus_one(R0_3, Gamma_R0_3, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in);
     goto $main$__1__$4Vr1A4uzTlqLZDSUKeLWQA;
   $main$__1__$4Vr1A4uzTlqLZDSUKeLWQA:
-    assume {:captureState "$main$__1__$4Vr1A4uzTlqLZDSUKeLWQA"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1844$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_3, 24bv64), R0_4[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_3, 24bv64), Gamma_R0_4);
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out := 0bv64, R29_3, R30_3, bvadd64(R31_3, 32bv64);
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R29_3, Gamma_R30_3, Gamma_R31_3;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/clang/ifbranches.expected b/src/test/correct/ifbranches/clang/ifbranches.expected
index 4c011a0ed..58d7fdd0e 100644
--- a/src/test/correct/ifbranches/clang/ifbranches.expected
+++ b/src/test/correct/ifbranches/clang/ifbranches.expected
@@ -1,40 +1,37 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,15 +47,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -89,9 +84,9 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, R8, VF, ZF, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -102,8 +97,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1920bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1921bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1922bv64) == 2bv8);
@@ -113,84 +106,54 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_9: bool;
+  var R0_2: bv64;
+  var R8_1: bv32;
+  var R8_10: bv64;
+  var R8_6: bv64;
+  var R8_9: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "%0000030d"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000315"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "%0000031d"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000324"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R8_1;
     goto lmain_goto_l0000034c, lmain_goto_l0000034f;
-  l0000034f:
-    assume {:captureState "l0000034f"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000034f:
+    assume (!(R8_1 == 0bv32));
+    R8_6, Gamma_R8_6 := 1bv64, true;
     goto l00000352;
-  l0000034c:
-    assume {:captureState "l0000034c"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000034c:
+    assume (R8_1 == 0bv32);
+    R8_6, Gamma_R8_6 := 0bv64, true;
     goto l00000352;
   l00000352:
-    assume {:captureState "l00000352"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_6;
     goto l00000352_goto_l0000035a, l00000352_goto_l00000397;
-  l0000035a:
-    assume {:captureState "l0000035a"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%0000036a"} true;
+  l00000352_goto_l00000397:
+    assume (!(R8_6[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
     goto l0000036d;
-  l00000397:
-    assume {:captureState "l00000397"} true;
-    goto l00000398;
-  l00000398:
-    assume {:captureState "l00000398"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%000003a6"} true;
+  l00000352_goto_l0000035a:
+    assume (R8_6[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
     goto l0000036d;
   l0000036d:
-    assume {:captureState "l0000036d"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000383"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R8_9, Gamma_R8_9 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R8_10, Gamma_R8_10 := zero_extend32_32(bvadd32(R8_9, 1bv32)), Gamma_R8_9;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_10[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_10);
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
-  lmain_goto_l0000034c:
-    assume {:captureState "lmain_goto_l0000034c"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l0000034c;
-  lmain_goto_l0000034f:
-    assume {:captureState "lmain_goto_l0000034f"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000034f;
-  l00000352_goto_l0000035a:
-    assume {:captureState "l00000352_goto_l0000035a"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l0000035a;
-  l00000352_goto_l00000397:
-    assume {:captureState "l00000352_goto_l00000397"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000397;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_2, R31_in, R8_10;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_2, Gamma_R31_in, Gamma_R8_10;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/clang/ifbranches_gtirb.expected b/src/test/correct/ifbranches/clang/ifbranches_gtirb.expected
index 63d86188d..3523718f4 100644
--- a/src/test/correct/ifbranches/clang/ifbranches_gtirb.expected
+++ b/src/test/correct/ifbranches/clang/ifbranches_gtirb.expected
@@ -1,39 +1,37 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,14 +47,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -87,9 +84,9 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, R8, VF, ZF, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -100,8 +97,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1920bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1921bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1922bv64) == 2bv8);
@@ -111,76 +106,67 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$3$6: bv32;
-  var Gamma_Cse0__5$3$6: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_9: bool;
+  var R0_2: bv64;
+  var R8_1: bv32;
+  var R8_11: bv32;
+  var R8_12: bv64;
+  var R8_7: bv64;
+  var R8_9: bv64;
   $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ:
-    assume {:captureState "$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1820$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "1824$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1828$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    Cse0__5$3$6, Gamma_Cse0__5$3$6 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$6, Cse0__5$3$6)), Gamma_Cse0__5$3$6;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$6), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$3$6);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$6, 0bv32), Gamma_Cse0__5$3$6;
-    NF, Gamma_NF := Cse0__5$3$6[32:31], Gamma_Cse0__5$3$6;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$6), Gamma_Cse0__5$3$6;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R8_1;
     goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0, $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1;
-  $main$__1__$22DSnEAzTL6vU9qI4utrZA:
-    assume {:captureState "$main$__1__$22DSnEAzTL6vU9qI4utrZA"} true;
-    goto $main$__2__$UnO2T_q8SO22cZ~w_xJwoA;
-  $main$__2__$UnO2T_q8SO22cZ~w_xJwoA:
-    assume {:captureState "$main$__2__$UnO2T_q8SO22cZ~w_xJwoA"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1856$0"} true;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1:
+    assume (!(R8_1 == 0bv32));
+    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1_phi_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA, $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1_phi_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1_phi_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA:
+    R8_7, Gamma_R8_7 := 1bv64, true;
+    assert Gamma_R8_7;
+    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1_phi_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA:
+    R8_9, Gamma_R8_9 := 1bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0:
+    assume (R8_1 == 0bv32);
+    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA, $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA:
+    R8_9, Gamma_R8_9 := 0bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA:
+    assume (R8_9[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
     goto $main$__4__$hiOAUbGYTmCyjtnuNPouiQ;
-  $main$__3__$AzuUI8EJR~~zZ4LRu_atQA:
-    assume {:captureState "$main$__3__$AzuUI8EJR~~zZ4LRu_atQA"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1868$0"} true;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0_phi_back_$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA:
+    R8_7, Gamma_R8_7 := 0bv64, true;
+    assert Gamma_R8_7;
+    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA;
+  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA:
+    assume (!(R8_7[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
     goto $main$__4__$hiOAUbGYTmCyjtnuNPouiQ;
   $main$__4__$hiOAUbGYTmCyjtnuNPouiQ:
-    assume {:captureState "$main$__4__$hiOAUbGYTmCyjtnuNPouiQ"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1884$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R8_11, Gamma_R8_11 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    R8_12, Gamma_R8_12 := zero_extend32_32(bvadd32(R8_11, 1bv32)), Gamma_R8_11;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_12[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_12);
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551592bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
-  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA:
-    assume {:captureState "$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$AzuUI8EJR~~zZ4LRu_atQA;
-  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA:
-    assume {:captureState "$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$22DSnEAzTL6vU9qI4utrZA;
-  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0:
-    assume {:captureState "$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA, $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA;
-  $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1:
-    assume {:captureState "$main$__0__$z7dsAZ41QYe9rvbDt1JoIQ$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__3__$AzuUI8EJR~~zZ4LRu_atQA, $main$__0__$z7dsAZ41QYe9rvbDt1JoIQ_goto_$main$__1__$22DSnEAzTL6vU9qI4utrZA;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_2, R31_in, R8_12;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_2, Gamma_R31_in, Gamma_R8_12;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/clang_O2/ifbranches.expected b/src/test/correct/ifbranches/clang_O2/ifbranches.expected
index edfefe37b..ffa7c3aa3 100644
--- a/src/test/correct/ifbranches/clang_O2/ifbranches.expected
+++ b/src/test/correct/ifbranches/clang_O2/ifbranches.expected
@@ -1,24 +1,6 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
@@ -27,9 +9,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -59,9 +38,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_VF, Gamma_ZF, NF, R0, R8, VF, ZF;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1848bv64) == 1bv8);
@@ -81,41 +59,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_5: bool;
+  var R0_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    assert Gamma_R0_in;
     goto lmain_goto_l000002db, lmain_goto_l000002df;
-  l000002df:
-    assume {:captureState "l000002df"} true;
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+  lmain_goto_l000002df:
+    assume (!(R0_in[32:0] == 0bv32));
+    R0_5, Gamma_R0_5 := 3bv64, true;
     goto l000002e2;
-  l000002db:
-    assume {:captureState "l000002db"} true;
-    R0, Gamma_R0 := zero_extend32_32(R8[32:0]), Gamma_R8;
+  lmain_goto_l000002db:
+    assume (R0_in[32:0] == 0bv32);
+    R0_5, Gamma_R0_5 := 2bv64, true;
     goto l000002e2;
   l000002e2:
-    assume {:captureState "l000002e2"} true;
     goto main_basil_return;
-  lmain_goto_l000002db:
-    assume {:captureState "lmain_goto_l000002db"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000002db;
-  lmain_goto_l000002df:
-    assume {:captureState "lmain_goto_l000002df"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000002df;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out := R0_5, 2bv64;
+    Gamma_R0_out, Gamma_R8_out := Gamma_R0_5, true;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/clang_O2/ifbranches_gtirb.expected b/src/test/correct/ifbranches/clang_O2/ifbranches_gtirb.expected
index 3ce882dec..b077eb562 100644
--- a/src/test/correct/ifbranches/clang_O2/ifbranches_gtirb.expected
+++ b/src/test/correct/ifbranches/clang_O2/ifbranches_gtirb.expected
@@ -1,23 +1,6 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
@@ -26,8 +9,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -57,9 +38,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_VF, Gamma_ZF, NF, R0, R8, VF, ZF;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1848bv64) == 1bv8);
@@ -79,32 +59,24 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$1: bv32;
-  var Gamma_Cse0__5$0$1: bool;
+  var Gamma_R0_5: bool;
+  var R0_5: bv64;
   $main$__0__$VPrxPsvYQmW1iyrj_de8Iw:
-    assume {:captureState "$main$__0__$VPrxPsvYQmW1iyrj_de8Iw"} true;
-    R8, Gamma_R8 := 2bv64, true;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$1, Cse0__5$0$1)), Gamma_Cse0__5$0$1;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$1, 0bv32), Gamma_Cse0__5$0$1;
-    NF, Gamma_NF := Cse0__5$0$1[32:31], Gamma_Cse0__5$0$1;
-    assert Gamma_ZF;
+    assert Gamma_R0_in;
     goto $main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__0, $main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__1;
-  $main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__0:
-    assume {:captureState "$main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__0"} true;
-    assume (ZF == 1bv1);
-    R0, Gamma_R0 := zero_extend32_32(R8[32:0]), Gamma_R8;
-    goto main_basil_return;
   $main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__1:
-    assume {:captureState "$main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__1"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    assume (!(R0_in[32:0] == 0bv32));
+    R0_5, Gamma_R0_5 := 3bv64, true;
+    goto main_basil_return;
+  $main$__0__$VPrxPsvYQmW1iyrj_de8Iw$__0:
+    assume (R0_in[32:0] == 0bv32);
+    R0_5, Gamma_R0_5 := 2bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out := R0_5, 2bv64;
+    Gamma_R0_out, Gamma_R8_out := Gamma_R0_5, true;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/gcc/ifbranches.expected b/src/test/correct/ifbranches/gcc/ifbranches.expected
index 248272d12..09ea6e94d 100644
--- a/src/test/correct/ifbranches/gcc/ifbranches.expected
+++ b/src/test/correct/ifbranches/gcc/ifbranches.expected
@@ -1,38 +1,37 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -48,15 +47,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -87,9 +84,9 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, VF, ZF, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1904bv64) == 1bv8);
@@ -100,8 +97,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1904bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1905bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -111,58 +106,40 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_2: bv32;
+  var R0_5: bv32;
+  var R0_6: bv32;
+  var R0_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002fe"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R1), gamma_store64(Gamma_stack, R31, Gamma_R1);
-    assume {:captureState "%00000306"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), true);
-    assume {:captureState "%0000030d"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_2;
     goto lmain_goto_l00000330, lmain_goto_l00000369;
-  l00000330:
-    assume {:captureState "l00000330"} true;
-    R0, Gamma_R0 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000340"} true;
+  lmain_goto_l00000369:
+    assume (R0_2 == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto l00000342;
-  l00000369:
-    assume {:captureState "l00000369"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000374"} true;
+  lmain_goto_l00000330:
+    assume (!(R0_2 == 0bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto l00000342;
   l00000342:
-    assume {:captureState "l00000342"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000355"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R0_5, Gamma_R0_5 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_6, Gamma_R0_6 := bvadd32(R0_5, 1bv32), Gamma_R0_5;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_6), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_6);
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l00000330:
-    assume {:captureState "lmain_goto_l00000330"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000330;
-  lmain_goto_l00000369:
-    assume {:captureState "lmain_goto_l00000369"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000369;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/gcc/ifbranches_gtirb.expected b/src/test/correct/ifbranches/gcc/ifbranches_gtirb.expected
index 353031041..f86eb7550 100644
--- a/src/test/correct/ifbranches/gcc/ifbranches_gtirb.expected
+++ b/src/test/correct/ifbranches/gcc/ifbranches_gtirb.expected
@@ -1,37 +1,37 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -47,14 +47,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -85,9 +84,9 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, VF, ZF, stack;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1904bv64) == 1bv8);
@@ -98,8 +97,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1904bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1905bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1906bv64) == 2bv8);
@@ -109,58 +106,40 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$5: bv32;
-  var Gamma_Cse0__5$0$5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var R0_2: bv32;
+  var R0_5: bv32;
+  var R0_6: bv32;
+  var R0_7: bv64;
   $main$__0__$HREQex45QTmTaqW9AKOrww:
-    assume {:captureState "$main$__0__$HREQex45QTmTaqW9AKOrww"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R1), gamma_store64(Gamma_stack, R31, Gamma_R1);
-    assume {:captureState "1820$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), true);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$0$5, Gamma_Cse0__5$0$5 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$5, Cse0__5$0$5)), Gamma_Cse0__5$0$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$5, 0bv32), Gamma_Cse0__5$0$5;
-    NF, Gamma_NF := Cse0__5$0$5[32:31], Gamma_Cse0__5$0$5;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    assert Gamma_R0_2;
     goto $main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__2__$pc5c5kDrQe25Hv3XM4X5VA, $main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__1__$mUDMeuR3T76Jfb1u23xaOA;
-  $main$__1__$mUDMeuR3T76Jfb1u23xaOA:
-    assume {:captureState "$main$__1__$mUDMeuR3T76Jfb1u23xaOA"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1844$0"} true;
+  $main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__1__$mUDMeuR3T76Jfb1u23xaOA:
+    assume (R0_2 == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto $main$__3__$aU3DvXsmR~eEJl7F4Wc4Ww;
-  $main$__2__$pc5c5kDrQe25Hv3XM4X5VA:
-    assume {:captureState "$main$__2__$pc5c5kDrQe25Hv3XM4X5VA"} true;
-    R0, Gamma_R0 := 2bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1856$0"} true;
+  $main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__2__$pc5c5kDrQe25Hv3XM4X5VA:
+    assume (!(R0_2 == 0bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 2bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto $main$__3__$aU3DvXsmR~eEJl7F4Wc4Ww;
   $main$__3__$aU3DvXsmR~eEJl7F4Wc4Ww:
-    assume {:captureState "$main$__3__$aU3DvXsmR~eEJl7F4Wc4Ww"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1868$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R0_5, Gamma_R0_5 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    R0_6, Gamma_R0_6 := bvadd32(R0_5, 1bv32), Gamma_R0_5;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_6), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_6);
+    R0_7, Gamma_R0_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__2__$pc5c5kDrQe25Hv3XM4X5VA:
-    assume {:captureState "$main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__2__$pc5c5kDrQe25Hv3XM4X5VA"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__2__$pc5c5kDrQe25Hv3XM4X5VA;
-  $main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__1__$mUDMeuR3T76Jfb1u23xaOA:
-    assume {:captureState "$main$__0__$HREQex45QTmTaqW9AKOrww_goto_$main$__1__$mUDMeuR3T76Jfb1u23xaOA"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$mUDMeuR3T76Jfb1u23xaOA;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_7, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_7, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/gcc_O2/ifbranches.expected b/src/test/correct/ifbranches/gcc_O2/ifbranches.expected
index 6745e11ac..7fb4cd91a 100644
--- a/src/test/correct/ifbranches/gcc_O2/ifbranches.expected
+++ b/src/test/correct/ifbranches/gcc_O2/ifbranches.expected
@@ -1,22 +1,7 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
@@ -25,8 +10,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -57,9 +40,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_VF, Gamma_ZF, NF, R0, VF, ZF;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -79,41 +61,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
-  var #1: bv32;
-  var Gamma_#1: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var R0_5: bv64;
+  var R0_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #1, Gamma_#1 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#1, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#1, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#1);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#1, 1bv32), 0bv32), Gamma_#1;
-    NF, Gamma_NF := bvadd32(#1, 1bv32)[32:31], Gamma_#1;
-    assert Gamma_ZF;
+    assert Gamma_R0_in;
     goto lmain_goto_l000001c3, lmain_goto_l000001c6;
-  l000001c6:
-    assume {:captureState "l000001c6"} true;
-    R0, Gamma_R0 := 1bv64, true;
+  lmain_goto_l000001c6:
+    assume (!(R0_in[32:0] == 0bv32));
+    R0_5, Gamma_R0_5 := 1bv64, true;
     goto l000001c9;
-  l000001c3:
-    assume {:captureState "l000001c3"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000001c3:
+    assume (R0_in[32:0] == 0bv32);
+    R0_5, Gamma_R0_5 := 0bv64, true;
     goto l000001c9;
   l000001c9:
-    assume {:captureState "l000001c9"} true;
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 2bv32)), Gamma_R0;
+    R0_6, Gamma_R0_6 := zero_extend32_32(bvadd32(R0_5[32:0], 2bv32)), Gamma_R0_5;
     goto main_basil_return;
-  lmain_goto_l000001c3:
-    assume {:captureState "lmain_goto_l000001c3"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000001c3;
-  lmain_goto_l000001c6:
-    assume {:captureState "lmain_goto_l000001c6"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000001c6;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_6;
+    Gamma_R0_out := Gamma_R0_6;
     return;
 }
 
diff --git a/src/test/correct/ifbranches/gcc_O2/ifbranches_gtirb.expected b/src/test/correct/ifbranches/gcc_O2/ifbranches_gtirb.expected
index a2b4c6448..96b2b9456 100644
--- a/src/test/correct/ifbranches/gcc_O2/ifbranches_gtirb.expected
+++ b/src/test/correct/ifbranches/gcc_O2/ifbranches_gtirb.expected
@@ -1,21 +1,7 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
@@ -24,7 +10,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -55,9 +40,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_VF, Gamma_ZF, NF, R0, VF, ZF;
-  requires (Gamma_R0 == true);
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  requires (Gamma_R0_in == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -77,35 +61,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
-  var Cse0__5$1$0: bv32;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var R0_5: bv64;
+  var R0_6: bv64;
   $main$__0__$qKNLTTV9SPy8sqABlZokYg:
-    assume {:captureState "$main$__0__$qKNLTTV9SPy8sqABlZokYg"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$0, Cse0__5$1$0)), Gamma_Cse0__5$1$0;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$0), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$1$0);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$0, 0bv32), Gamma_Cse0__5$1$0;
-    NF, Gamma_NF := Cse0__5$1$0[32:31], Gamma_Cse0__5$1$0;
-    assert Gamma_ZF;
+    assert Gamma_R0_in;
     goto $main$__0__$qKNLTTV9SPy8sqABlZokYg$__0, $main$__0__$qKNLTTV9SPy8sqABlZokYg$__1;
-  $main$__0__$qKNLTTV9SPy8sqABlZokYg$__0:
-    assume {:captureState "$main$__0__$qKNLTTV9SPy8sqABlZokYg$__0"} true;
-    assume (ZF == 1bv1);
-    R0, Gamma_R0 := 0bv64, true;
-    goto $main$__0__$qKNLTTV9SPy8sqABlZokYg$__2;
   $main$__0__$qKNLTTV9SPy8sqABlZokYg$__1:
-    assume {:captureState "$main$__0__$qKNLTTV9SPy8sqABlZokYg$__1"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := 1bv64, true;
+    assume (!(R0_in[32:0] == 0bv32));
+    R0_5, Gamma_R0_5 := 1bv64, true;
+    goto $main$__0__$qKNLTTV9SPy8sqABlZokYg$__2;
+  $main$__0__$qKNLTTV9SPy8sqABlZokYg$__0:
+    assume (R0_in[32:0] == 0bv32);
+    R0_5, Gamma_R0_5 := 0bv64, true;
     goto $main$__0__$qKNLTTV9SPy8sqABlZokYg$__2;
   $main$__0__$qKNLTTV9SPy8sqABlZokYg$__2:
-    assume {:captureState "$main$__0__$qKNLTTV9SPy8sqABlZokYg$__2"} true;
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 2bv32)), Gamma_R0;
+    R0_6, Gamma_R0_6 := zero_extend32_32(bvadd32(R0_5[32:0], 2bv32)), Gamma_R0_5;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_6;
+    Gamma_R0_out := Gamma_R0_6;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/clang/ifglobal.expected b/src/test/correct/ifglobal/clang/ifglobal.expected
index 04908c696..471b450e4 100644
--- a/src/test/correct/ifglobal/clang/ifglobal.expected
+++ b/src/test/correct/ifglobal/clang/ifglobal.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,19 +8,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +43,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -87,8 +76,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -99,8 +88,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -110,73 +97,56 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_3: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
+  var R9: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f1"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l0000031e, lmain_goto_l00000321;
-  l00000321:
-    assume {:captureState "l00000321"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000321:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l00000324;
-  l0000031e:
-    assume {:captureState "l0000031e"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000031e:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l00000324;
   l00000324:
-    assume {:captureState "l00000324"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l00000324_goto_l0000032c, l00000324_goto_l00000343;
-  l00000343:
-    assume {:captureState "l00000343"} true;
-    goto l00000344;
-  l00000344:
-    assume {:captureState "l00000344"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
+  l00000324_goto_l00000343:
+    assume (!(R8_7[1:0] == 1bv1));
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "%00000357"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    R9_3, Gamma_R9_3 := 69632bv64, true;
+    R8_10, Gamma_R8_10 := 1bv64, true;
     goto l0000032c;
-  l0000032c:
-    assume {:captureState "l0000032c"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l0000031e:
-    assume {:captureState "lmain_goto_l0000031e"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l0000031e;
-  lmain_goto_l00000321:
-    assume {:captureState "lmain_goto_l00000321"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000321;
   l00000324_goto_l0000032c:
-    assume {:captureState "l00000324_goto_l0000032c"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_7[1:0] == 1bv1);
+    R9_3, Gamma_R9_3 := R9, Gamma_R9;
+    R8_10, Gamma_R8_10 := R8_7, Gamma_R8_7;
     goto l0000032c;
-  l00000324_goto_l00000343:
-    assume {:captureState "l00000324_goto_l00000343"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000343;
+  l0000032c:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_10, R9_3;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_10, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/clang/ifglobal_gtirb.expected b/src/test/correct/ifglobal/clang/ifglobal_gtirb.expected
index dcf8b5a82..6e5e6dd56 100644
--- a/src/test/correct/ifglobal/clang/ifglobal_gtirb.expected
+++ b/src/test/correct/ifglobal/clang/ifglobal_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,18 +8,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,10 +43,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -85,8 +76,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -97,8 +88,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -108,65 +97,69 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$3$4: bv32;
-  var Gamma_Cse0__5$3$4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_3: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_2: bv32;
+  var R8_8: bv64;
+  var R9: bv64;
+  var R9_3: bv64;
   $main$__0__$9GnbAUc4SVKU3B~gw6CarA:
-    assume {:captureState "$main$__0__$9GnbAUc4SVKU3B~gw6CarA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$3$4, Gamma_Cse0__5$3$4 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$4, Cse0__5$3$4)), Gamma_Cse0__5$3$4;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$4), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$3$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$4, 0bv32), Gamma_Cse0__5$3$4;
-    NF, Gamma_NF := Cse0__5$3$4[32:31], Gamma_Cse0__5$3$4;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$4), Gamma_Cse0__5$3$4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0, $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1;
-  $main$__1__$7rAM9J5nQI6xBaKIEerTtg:
-    assume {:captureState "$main$__1__$7rAM9J5nQI6xBaKIEerTtg"} true;
-    goto $main$__2__$mbLAJH9oTJ~vni0HqhGvhg;
-  $main$__2__$mbLAJH9oTJ~vni0HqhGvhg:
-    assume {:captureState "$main$__2__$mbLAJH9oTJ~vni0HqhGvhg"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1:
+    assume (!(R8_2 == 0bv32));
+    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1_phi_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw, $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1_phi_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1_phi_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg:
+    R8_8, Gamma_R8_8 := 1bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1_phi_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw:
+    R8_11, Gamma_R8_11 := 1bv64, true;
+    assert Gamma_R8_11;
+    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0:
+    assume (R8_2 == 0bv32);
+    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg, $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw:
+    R8_11, Gamma_R8_11 := 0bv64, true;
+    assert Gamma_R8_11;
+    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw:
+    assume (R8_11[1:0] == 1bv1);
+    R9_3, Gamma_R9_3 := R9, Gamma_R9;
+    R8_12, Gamma_R8_12 := R8_11, Gamma_R8_11;
+    goto $main$__3__$mmRv3GP5SPy6AaIRmLInPw;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0_phi_back_$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg:
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg;
+  $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "1852$0"} true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    R9_3, Gamma_R9_3 := 69632bv64, true;
+    R8_12, Gamma_R8_12 := 1bv64, true;
     goto $main$__3__$mmRv3GP5SPy6AaIRmLInPw;
   $main$__3__$mmRv3GP5SPy6AaIRmLInPw:
-    assume {:captureState "$main$__3__$mmRv3GP5SPy6AaIRmLInPw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw:
-    assume {:captureState "$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$mmRv3GP5SPy6AaIRmLInPw;
-  $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg:
-    assume {:captureState "$main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$7rAM9J5nQI6xBaKIEerTtg;
-  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0:
-    assume {:captureState "$main$__0__$9GnbAUc4SVKU3B~gw6CarA$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw, $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg;
-  $main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1:
-    assume {:captureState "$main$__0__$9GnbAUc4SVKU3B~gw6CarA$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__3__$mmRv3GP5SPy6AaIRmLInPw, $main$__0__$9GnbAUc4SVKU3B~gw6CarA_goto_$main$__1__$7rAM9J5nQI6xBaKIEerTtg;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_12, R9_3;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_12, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/clang_O2/ifglobal.expected b/src/test/correct/ifglobal/clang_O2/ifglobal.expected
index 3841ba288..12d03b47b 100644
--- a/src/test/correct/ifglobal/clang_O2/ifglobal.expected
+++ b/src/test/correct/ifglobal/clang_O2/ifglobal.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,13 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -35,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -68,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -89,38 +95,31 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_2: bool;
+  var Gamma_R9_5: bool;
+  var R9_2: bv64;
+  var R9_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    assert Gamma_R9;
+    R9_2, Gamma_R9_2 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R9_2;
     goto lmain_goto_l000002dc, lmain_goto_l000002f8;
-  l000002dc:
-    assume {:captureState "l000002dc"} true;
-    R9, Gamma_R9 := 1bv64, true;
-    call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assume {:captureState "%000002ec"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
-  l000002f8:
-    assume {:captureState "l000002f8"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002f8:
+    assume (!(R9_2[32:0] == 0bv32));
+    R9_5, Gamma_R9_5 := R9_2, Gamma_R9_2;
     goto main_basil_return;
   lmain_goto_l000002dc:
-    assume {:captureState "lmain_goto_l000002dc"} true;
-    assume (bvcomp32(R9[32:0], 0bv32) != 0bv1);
-    goto l000002dc;
-  lmain_goto_l000002f8:
-    assume {:captureState "lmain_goto_l000002f8"} true;
-    assume (bvcomp32(R9[32:0], 0bv32) == 0bv1);
-    goto l000002f8;
+    assume (R9_2[32:0] == 0bv32);
+    call rely();
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    R9_5, Gamma_R9_5 := 1bv64, true;
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 69632bv64, R9_5;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_5;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/clang_O2/ifglobal_gtirb.expected b/src/test/correct/ifglobal/clang_O2/ifglobal_gtirb.expected
index ff90bf950..055af380d 100644
--- a/src/test/correct/ifglobal/clang_O2/ifglobal_gtirb.expected
+++ b/src/test/correct/ifglobal/clang_O2/ifglobal_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -67,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1868bv64) == 1bv8);
@@ -88,38 +95,31 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_2: bool;
+  var Gamma_R9_5: bool;
+  var R9_2: bv64;
+  var R9_5: bv64;
   $main$__0__$8o8s0gkLQHmltXj4DgySqA:
-    assume {:captureState "$main$__0__$8o8s0gkLQHmltXj4DgySqA"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    assert Gamma_R9;
+    R9_2, Gamma_R9_2 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R9_2;
     goto $main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__2__$J_ed8O5fQyujpIXPBE06ZA, $main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__1__$PgxZhKszSIyzQiwC3MZUTg;
-  $main$__1__$PgxZhKszSIyzQiwC3MZUTg:
-    assume {:captureState "$main$__1__$PgxZhKszSIyzQiwC3MZUTg"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  $main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__1__$PgxZhKszSIyzQiwC3MZUTg:
+    assume (!(R9_2[32:0] == 0bv32));
+    R9_5, Gamma_R9_5 := R9_2, Gamma_R9_2;
     goto main_basil_return;
-  $main$__2__$J_ed8O5fQyujpIXPBE06ZA:
-    assume {:captureState "$main$__2__$J_ed8O5fQyujpIXPBE06ZA"} true;
-    R9, Gamma_R9 := 1bv64, true;
+  $main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__2__$J_ed8O5fQyujpIXPBE06ZA:
+    assume (R9_2[32:0] == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69684bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    R9_5, Gamma_R9_5 := 1bv64, true;
     goto main_basil_return;
-  $main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__2__$J_ed8O5fQyujpIXPBE06ZA:
-    assume {:captureState "$main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__2__$J_ed8O5fQyujpIXPBE06ZA"} true;
-    assume (R9[32:0] == 0bv32);
-    goto $main$__2__$J_ed8O5fQyujpIXPBE06ZA;
-  $main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__1__$PgxZhKszSIyzQiwC3MZUTg:
-    assume {:captureState "$main$__0__$8o8s0gkLQHmltXj4DgySqA_goto_$main$__1__$PgxZhKszSIyzQiwC3MZUTg"} true;
-    assume (!(R9[32:0] == 0bv32));
-    goto $main$__1__$PgxZhKszSIyzQiwC3MZUTg;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 69632bv64, R9_5;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_5;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/clang_pic/ifglobal.expected b/src/test/correct/ifglobal/clang_pic/ifglobal.expected
index 6be997683..bce6114ff 100644
--- a/src/test/correct/ifglobal/clang_pic/ifglobal.expected
+++ b/src/test/correct/ifglobal/clang_pic/ifglobal.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,13 +8,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -56,11 +47,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -92,8 +81,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -105,8 +94,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -117,77 +104,64 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_4: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_8: bv64;
+  var R9: bv64;
+  var R9_2: bv64;
+  var R9_4: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f9"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto lmain_goto_l0000032d, lmain_goto_l00000330;
-  l00000330:
-    assume {:captureState "l00000330"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000330:
+    assume (!(R8_3 == 0bv32));
+    R8_8, Gamma_R8_8 := 1bv64, true;
     goto l00000333;
-  l0000032d:
-    assume {:captureState "l0000032d"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000032d:
+    assume (R8_3 == 0bv32);
+    R8_8, Gamma_R8_8 := 0bv64, true;
     goto l00000333;
   l00000333:
-    assume {:captureState "l00000333"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_8;
     goto l00000333_goto_l0000033b, l00000333_goto_l00000352;
-  l00000352:
-    assume {:captureState "l00000352"} true;
-    goto l00000353;
-  l00000353:
-    assume {:captureState "l00000353"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    R9, Gamma_R9 := 65536bv64, true;
+  l00000333_goto_l00000352:
+    assume (!(R8_8[1:0] == 1bv1));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%0000036d"} true;
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    R9_4, Gamma_R9_4 := R9_2, Gamma_R9_2;
+    R8_11, Gamma_R8_11 := 1bv64, true;
     goto l0000033b;
-  l0000033b:
-    assume {:captureState "l0000033b"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l0000032d:
-    assume {:captureState "lmain_goto_l0000032d"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l0000032d;
-  lmain_goto_l00000330:
-    assume {:captureState "lmain_goto_l00000330"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000330;
   l00000333_goto_l0000033b:
-    assume {:captureState "l00000333_goto_l0000033b"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_8[1:0] == 1bv1);
+    R9_4, Gamma_R9_4 := R9, Gamma_R9;
+    R8_11, Gamma_R8_11 := R8_8, Gamma_R8_8;
     goto l0000033b;
-  l00000333_goto_l00000352:
-    assume {:captureState "l00000333_goto_l00000352"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000352;
+  l0000033b:
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_11, R9_4;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_11, Gamma_R9_4;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/clang_pic/ifglobal_gtirb.expected b/src/test/correct/ifglobal/clang_pic/ifglobal_gtirb.expected
index fe3a8d399..2bdb73bc1 100644
--- a/src/test/correct/ifglobal/clang_pic/ifglobal_gtirb.expected
+++ b/src/test/correct/ifglobal/clang_pic/ifglobal_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,12 +8,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,10 +47,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -90,8 +81,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -103,8 +94,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -115,69 +104,77 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$3$5: bv32;
-  var Gamma_Cse0__5$3$5: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_4: bool;
+  var R0_1: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_9: bv64;
+  var R9: bv64;
+  var R9_2: bv64;
+  var R9_4: bv64;
   $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ:
-    assume {:captureState "$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$3$5, Gamma_Cse0__5$3$5 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$5, Cse0__5$3$5)), Gamma_Cse0__5$3$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$5), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$3$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$5, 0bv32), Gamma_Cse0__5$3$5;
-    NF, Gamma_NF := Cse0__5$3$5[32:31], Gamma_Cse0__5$3$5;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$5), Gamma_Cse0__5$3$5;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0, $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1;
-  $main$__1__$baEU1iczT1WhDbVoju64Lg:
-    assume {:captureState "$main$__1__$baEU1iczT1WhDbVoju64Lg"} true;
-    goto $main$__2__$pEVh12TOROuFnk2eh834jw;
-  $main$__2__$pEVh12TOROuFnk2eh834jw:
-    assume {:captureState "$main$__2__$pEVh12TOROuFnk2eh834jw"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    R9, Gamma_R9 := 65536bv64, true;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1:
+    assume (!(R8_3 == 0bv32));
+    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1_phi_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ, $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1_phi_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1_phi_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg:
+    R8_9, Gamma_R8_9 := 1bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1_phi_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ:
+    R8_12, Gamma_R8_12 := 1bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0:
+    assume (R8_3 == 0bv32);
+    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg, $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ:
+    R8_12, Gamma_R8_12 := 0bv64, true;
+    assert Gamma_R8_12;
+    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ:
+    assume (R8_12[1:0] == 1bv1);
+    R9_4, Gamma_R9_4 := R9, Gamma_R9;
+    R8_13, Gamma_R8_13 := R8_12, Gamma_R8_12;
+    goto $main$__3__$MDEkbquZQ0KXk1JWhP4elQ;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0_phi_back_$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg:
+    R8_9, Gamma_R8_9 := 0bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg;
+  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg:
+    assume (!(R8_9[1:0] == 1bv1));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1924$0"} true;
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 1bv32), gamma_store32(Gamma_mem, R9_2, true);
+    R9_4, Gamma_R9_4 := R9_2, Gamma_R9_2;
+    R8_13, Gamma_R8_13 := 1bv64, true;
     goto $main$__3__$MDEkbquZQ0KXk1JWhP4elQ;
   $main$__3__$MDEkbquZQ0KXk1JWhP4elQ:
-    assume {:captureState "$main$__3__$MDEkbquZQ0KXk1JWhP4elQ"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ:
-    assume {:captureState "$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$MDEkbquZQ0KXk1JWhP4elQ;
-  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg:
-    assume {:captureState "$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$baEU1iczT1WhDbVoju64Lg;
-  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0:
-    assume {:captureState "$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ, $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg;
-  $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1:
-    assume {:captureState "$main$__0__$rjOo3YInS9ep6ZpsZcGhEQ$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__3__$MDEkbquZQ0KXk1JWhP4elQ, $main$__0__$rjOo3YInS9ep6ZpsZcGhEQ_goto_$main$__1__$baEU1iczT1WhDbVoju64Lg;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_1, R31_in, R8_13, R9_4;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13, Gamma_R9_4;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/gcc/ifglobal.expected b/src/test/correct/ifglobal/gcc/ifglobal.expected
index 858159134..561ffa3d3 100644
--- a/src/test/correct/ifglobal/gcc/ifglobal.expected
+++ b/src/test/correct/ifglobal/gcc/ifglobal.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,19 +6,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,12 +41,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -81,8 +73,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1876bv64) == 1bv8);
@@ -102,47 +94,33 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1_4: bool;
+  var R0_4: bv32;
+  var R1_4: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_4;
     goto lmain_goto_l00000302, lmain_goto_l00000311;
-  l00000311:
-    assume {:captureState "l00000311"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+  lmain_goto_l00000311:
+    assume (R0_4 == 0bv32);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000327"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    R1_4, Gamma_R1_4 := 1bv64, true;
     goto l00000302;
-  l00000302:
-    assume {:captureState "l00000302"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   lmain_goto_l00000302:
-    assume {:captureState "lmain_goto_l00000302"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_4 == 0bv32));
+    R1_4, Gamma_R1_4 := R1_in, Gamma_R1_in;
     goto l00000302;
-  lmain_goto_l00000311:
-    assume {:captureState "lmain_goto_l00000311"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000311;
+  l00000302:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/gcc/ifglobal_gtirb.expected b/src/test/correct/ifglobal/gcc/ifglobal_gtirb.expected
index 87745aec2..3ed7a16fb 100644
--- a/src/test/correct/ifglobal/gcc/ifglobal_gtirb.expected
+++ b/src/test/correct/ifglobal/gcc/ifglobal_gtirb.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,18 +6,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -45,11 +41,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -79,8 +73,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1876bv64) == 1bv8);
@@ -100,47 +94,33 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var Cse0__5$0$3: bv32;
-  var Gamma_Cse0__5$0$3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R1_4: bool;
+  var R0_4: bv32;
+  var R1_4: bv64;
   $main$__0__$BdIXwXrPTNePMukmPFVqTg:
-    assume {:captureState "$main$__0__$BdIXwXrPTNePMukmPFVqTg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$0$3, Gamma_Cse0__5$0$3 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$3, Cse0__5$0$3)), Gamma_Cse0__5$0$3;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$3), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$3, 0bv32), Gamma_Cse0__5$0$3;
-    NF, Gamma_NF := Cse0__5$0$3[32:31], Gamma_Cse0__5$0$3;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_4;
     goto $main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__2__$tIV0kBzOR1qEmAHuGr1c7Q, $main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ;
-  $main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ:
-    assume {:captureState "$main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
+  $main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ:
+    assume (R0_4 == 0bv32);
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1844$0"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    R1_4, Gamma_R1_4 := 1bv64, true;
     goto $main$__2__$tIV0kBzOR1qEmAHuGr1c7Q;
-  $main$__2__$tIV0kBzOR1qEmAHuGr1c7Q:
-    assume {:captureState "$main$__2__$tIV0kBzOR1qEmAHuGr1c7Q"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   $main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__2__$tIV0kBzOR1qEmAHuGr1c7Q:
-    assume {:captureState "$main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__2__$tIV0kBzOR1qEmAHuGr1c7Q"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_4 == 0bv32));
+    R1_4, Gamma_R1_4 := R1_in, Gamma_R1_in;
     goto $main$__2__$tIV0kBzOR1qEmAHuGr1c7Q;
-  $main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ:
-    assume {:captureState "$main$__0__$BdIXwXrPTNePMukmPFVqTg_goto_$main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$8wzGZjEOTmOYnhkjdJ4aCQ;
+  $main$__2__$tIV0kBzOR1qEmAHuGr1c7Q:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/gcc_O2/ifglobal.expected b/src/test/correct/ifglobal/gcc_O2/ifglobal.expected
index 93f8cf349..3fff81fb3 100644
--- a/src/test/correct/ifglobal/gcc_O2/ifglobal.expected
+++ b/src/test/correct/ifglobal/gcc_O2/ifglobal.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,14 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -67,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -88,37 +95,33 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var Gamma_R1_5: bool;
+  var R1_2: bv64;
+  var R1_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R0, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R0, 20bv64)) || L(mem, bvadd64(R0, 20bv64)));
-    assert Gamma_R1;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R1_2;
     goto lmain_goto_l000001b7, lmain_goto_l00000396;
-  l00000396:
-    assume {:captureState "l00000396"} true;
-    R1, Gamma_R1 := 1bv64, true;
+  lmain_goto_l00000396:
+    assume (R1_2[32:0] == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R0, 20bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 20bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 20bv64), Gamma_R1);
-    assume {:captureState "%000003a1"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    R1_5, Gamma_R1_5 := 1bv64, true;
     goto l000001b7;
-  l000001b7:
-    assume {:captureState "l000001b7"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   lmain_goto_l000001b7:
-    assume {:captureState "lmain_goto_l000001b7"} true;
-    assume (bvnot1(bvcomp32(R1[32:0], 0bv32)) != 0bv1);
+    assume (!(R1_2[32:0] == 0bv32));
+    R1_5, Gamma_R1_5 := R1_2, Gamma_R1_2;
     goto l000001b7;
-  lmain_goto_l00000396:
-    assume {:captureState "lmain_goto_l00000396"} true;
-    assume (bvnot1(bvcomp32(R1[32:0], 0bv32)) == 0bv1);
-    goto l00000396;
+  l000001b7:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/gcc_O2/ifglobal_gtirb.expected b/src/test/correct/ifglobal/gcc_O2/ifglobal_gtirb.expected
index f7ef66d68..9ca4f3ece 100644
--- a/src/test/correct/ifglobal/gcc_O2/ifglobal_gtirb.expected
+++ b/src/test/correct/ifglobal/gcc_O2/ifglobal_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -11,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -65,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -86,37 +95,33 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var Gamma_R1_5: bool;
+  var R1_2: bv64;
+  var R1_5: bv64;
   $main$__0__$ggTiniswTki0OuJx7AXB6A:
-    assume {:captureState "$main$__0__$ggTiniswTki0OuJx7AXB6A"} true;
-    R0, Gamma_R0 := 69632bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, bvadd64(R0, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R0, 20bv64)) || L(mem, bvadd64(R0, 20bv64)));
-    assert Gamma_R1;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R1_2;
     goto $main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__2__$bRJzoNVcSf~geSM2_j94rg, $main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__1__$TcEobJ5CQB~dL48wnkCobA;
-  $main$__1__$TcEobJ5CQB~dL48wnkCobA:
-    assume {:captureState "$main$__1__$TcEobJ5CQB~dL48wnkCobA"} true;
-    R1, Gamma_R1 := 1bv64, true;
+  $main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__1__$TcEobJ5CQB~dL48wnkCobA:
+    assume (R1_2[32:0] == 0bv32);
     call rely();
-    assert (L(mem, bvadd64(R0, 20bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 20bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 20bv64), Gamma_R1);
-    assume {:captureState "1552$0"} true;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    R1_5, Gamma_R1_5 := 1bv64, true;
     goto $main$__2__$bRJzoNVcSf~geSM2_j94rg;
-  $main$__2__$bRJzoNVcSf~geSM2_j94rg:
-    assume {:captureState "$main$__2__$bRJzoNVcSf~geSM2_j94rg"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   $main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__2__$bRJzoNVcSf~geSM2_j94rg:
-    assume {:captureState "$main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__2__$bRJzoNVcSf~geSM2_j94rg"} true;
-    assume ((R1[32:0] == 0bv32) == false);
+    assume (!(R1_2[32:0] == 0bv32));
+    R1_5, Gamma_R1_5 := R1_2, Gamma_R1_2;
     goto $main$__2__$bRJzoNVcSf~geSM2_j94rg;
-  $main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__1__$TcEobJ5CQB~dL48wnkCobA:
-    assume {:captureState "$main$__0__$ggTiniswTki0OuJx7AXB6A_goto_$main$__1__$TcEobJ5CQB~dL48wnkCobA"} true;
-    assume (!((R1[32:0] == 0bv32) == false));
-    goto $main$__1__$TcEobJ5CQB~dL48wnkCobA;
+  $main$__2__$bRJzoNVcSf~geSM2_j94rg:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/gcc_pic/ifglobal.expected b/src/test/correct/ifglobal/gcc_pic/ifglobal.expected
index 03fc8c3d9..d2e02a379 100644
--- a/src/test/correct/ifglobal/gcc_pic/ifglobal.expected
+++ b/src/test/correct/ifglobal/gcc_pic/ifglobal.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,13 +6,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -34,7 +25,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,12 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -86,8 +78,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1940bv64) == 1bv8);
@@ -109,49 +101,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_4: bool;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_6: bv64;
+  var R1_4: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    assert Gamma_R0_4;
     goto lmain_goto_l00000303, lmain_goto_l00000312;
-  l00000312:
-    assume {:captureState "l00000312"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  lmain_goto_l00000312:
+    assume (R0_4 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000329"} true;
+    assert (L(mem, R0_6) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, 1bv32), gamma_store32(Gamma_mem, R0_6, true);
+    R1_4, Gamma_R1_4 := 1bv64, true;
     goto l00000303;
-  l00000303:
-    assume {:captureState "l00000303"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   lmain_goto_l00000303:
-    assume {:captureState "lmain_goto_l00000303"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_4 == 0bv32));
+    R1_4, Gamma_R1_4 := R1_in, Gamma_R1_in;
     goto l00000303;
-  lmain_goto_l00000312:
-    assume {:captureState "lmain_goto_l00000312"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000312;
+  l00000303:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/ifglobal/gcc_pic/ifglobal_gtirb.expected b/src/test/correct/ifglobal/gcc_pic/ifglobal_gtirb.expected
index d5ed782bd..29bf975af 100644
--- a/src/test/correct/ifglobal/gcc_pic/ifglobal_gtirb.expected
+++ b/src/test/correct/ifglobal/gcc_pic/ifglobal_gtirb.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,12 +6,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $x_addr) then true else false)
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -33,7 +25,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -84,8 +78,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R1, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1940bv64) == 1bv8);
@@ -107,49 +101,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
-  var Cse0__5$0$3: bv32;
-  var Gamma_Cse0__5$0$3: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_4: bool;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_6: bv64;
+  var R1_4: bv64;
   $main$__0__$Loy76gLhRcC4mniw9_LJhw:
-    assume {:captureState "$main$__0__$Loy76gLhRcC4mniw9_LJhw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$0$3, Gamma_Cse0__5$0$3 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$3, Cse0__5$0$3)), Gamma_Cse0__5$0$3;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$3), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$0$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$3, 0bv32), Gamma_Cse0__5$0$3;
-    NF, Gamma_NF := Cse0__5$0$3[32:31], Gamma_Cse0__5$0$3;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    assert Gamma_R0_4;
     goto $main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__2__$3D20OWy7Q32oBwBQc0XvUQ, $main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__1__$k_rnnhlXQEmc~8A~_rBrZg;
-  $main$__1__$k_rnnhlXQEmc~8A~_rBrZg:
-    assume {:captureState "$main$__1__$k_rnnhlXQEmc~8A~_rBrZg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__1__$k_rnnhlXQEmc~8A~_rBrZg:
+    assume (R0_4 == 0bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1908$0"} true;
+    assert (L(mem, R0_6) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, 1bv32), gamma_store32(Gamma_mem, R0_6, true);
+    R1_4, Gamma_R1_4 := 1bv64, true;
     goto $main$__2__$3D20OWy7Q32oBwBQc0XvUQ;
-  $main$__2__$3D20OWy7Q32oBwBQc0XvUQ:
-    assume {:captureState "$main$__2__$3D20OWy7Q32oBwBQc0XvUQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   $main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__2__$3D20OWy7Q32oBwBQc0XvUQ:
-    assume {:captureState "$main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__2__$3D20OWy7Q32oBwBQc0XvUQ"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_4 == 0bv32));
+    R1_4, Gamma_R1_4 := R1_in, Gamma_R1_in;
     goto $main$__2__$3D20OWy7Q32oBwBQc0XvUQ;
-  $main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__1__$k_rnnhlXQEmc~8A~_rBrZg:
-    assume {:captureState "$main$__0__$Loy76gLhRcC4mniw9_LJhw_goto_$main$__1__$k_rnnhlXQEmc~8A~_rBrZg"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$k_rnnhlXQEmc~8A~_rBrZg;
+  $main$__2__$3D20OWy7Q32oBwBQc0XvUQ:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/indirect_call/clang/indirect_call_gtirb.expected b/src/test/correct/indirect_call/clang/indirect_call_gtirb.expected
index 9824811ab..c2d9a43d1 100644
--- a/src/test/correct/indirect_call/clang/indirect_call_gtirb.expected
+++ b/src/test/correct/indirect_call/clang/indirect_call_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +56,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -98,8 +102,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_630();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 1996bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1997bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1998bv64) == 2bv8);
@@ -135,20 +139,143 @@ procedure FUN_630();
   free ensures (memory_load64_le(mem, 69592bv64) == 1904bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation FUN_630()
+implementation FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_630$__0__$49PTrR3fTD2lKP8wnhJ57g:
-    assume {:captureState "$FUN_630$__0__$49PTrR3fTD2lKP8wnhJ57g"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 32bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 32bv64)) || L(mem, bvadd64(R16, 32bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 32bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69664bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure greet();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load8_le(mem, 1996bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1997bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1998bv64) == 2bv8);
@@ -166,10 +293,6 @@ procedure greet();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1904bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1996bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1997bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1998bv64) == 2bv8);
@@ -188,37 +311,27 @@ procedure greet();
   free ensures (memory_load64_le(mem, 69592bv64) == 1904bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation greet()
+implementation greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
   $greet$__0__$Nd2KKa~UT46Es~75P1pNcg:
-    assume {:captureState "$greet$__0__$Nd2KKa~UT46Es~75P1pNcg"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1876$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1876$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2000bv64), Gamma_R0;
-    R30, Gamma_R30 := 1896bv64, true;
-    call FUN_630();
-    goto $greet$__1__$wP8zXF~mT7CtEXlgRwnnfA;
-  $greet$__1__$wP8zXF~mT7CtEXlgRwnnfA:
-    assume {:captureState "$greet$__1__$wP8zXF~mT7CtEXlgRwnnfA"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto greet_basil_return;
   greet_basil_return:
-    assume {:captureState "greet_basil_return"} true;
+    R31_out := R31_in;
+    Gamma_R31_out := Gamma_R31_in;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, R8, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 1996bv64) == 1bv8);
@@ -238,10 +351,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1904bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1996bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1997bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1998bv64) == 2bv8);
@@ -260,55 +369,48 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1904bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$1: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$1: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R8_4: bool;
+  var R0_3: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
+  var R8_4: bv64;
   $main$__0__$YfoEKj0KQgmJWDAtkqhLtQ:
-    assume {:captureState "$main$__0__$YfoEKj0KQgmJWDAtkqhLtQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "1908$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "1908$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1920$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "1924$0"} true;
-    R8, Gamma_R8 := 0bv64, true;
-    R8, Gamma_R8 := bvadd64(R8, 1876bv64), Gamma_R8;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "1936$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2015bv64), Gamma_R0;
-    R30, Gamma_R30 := 1952bv64, true;
-    call FUN_630();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1876bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto $main$__1__$2meKsDplTtaQ3v5DgFlGYQ;
   $main$__1__$2meKsDplTtaQ3v5DgFlGYQ:
-    assume {:captureState "$main$__1__$2meKsDplTtaQ3v5DgFlGYQ"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 1960bv64, true;
-    call greet();
+    R8_4, Gamma_R8_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    call R31_3, Gamma_R31_3 := greet(bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 1960bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in);
     goto $main$__2__$ZjG4NofsQHGQIBdy45MZMg;
   $main$__2__$ZjG4NofsQHGQIBdy45MZMg:
-    assume {:captureState "$main$__2__$ZjG4NofsQHGQIBdy45MZMg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$1$1, Gamma_Cse0__5$1$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$1$1), gamma_load64(Gamma_stack, Cse0__5$1$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$1$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$1$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 12bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_3, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 32bv64));
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 40bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R29_out, R30_out, R31_out, R8_out := R0_3, R16_1, R17_1, R29_3, R30_4, bvadd64(R31_3, 48bv64), R8_4;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_3, Gamma_R16_1, Gamma_R17_1, Gamma_R29_3, Gamma_R30_4, Gamma_R31_3, Gamma_R8_4;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 1996bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1997bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1998bv64) == 2bv8);
diff --git a/src/test/correct/indirect_call/clang_pic/indirect_call_gtirb.expected b/src/test/correct/indirect_call/clang_pic/indirect_call_gtirb.expected
index cd39145d7..de3813cc9 100644
--- a/src/test/correct/indirect_call/clang_pic/indirect_call_gtirb.expected
+++ b/src/test/correct/indirect_call/clang_pic/indirect_call_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +56,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -99,8 +103,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, R8, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 2060bv64) == 1bv8);
@@ -121,10 +125,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1936bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1968bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2060bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2061bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2062bv64) == 2bv8);
@@ -144,57 +144,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1856bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1968bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$2$1: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$2$1: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var R0_3: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
   $main$__0__$sMTViGMvRc6UQwwHLkZ0lg:
-    assume {:captureState "$main$__0__$sMTViGMvRc6UQwwHLkZ0lg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "1972$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "1972$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1984$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "1988$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R8);
-    assume {:captureState "2000$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2079bv64), Gamma_R0;
-    R30, Gamma_R30 := 2016bv64, true;
-    call FUN_650();
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R8_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R8_3);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_650(R16, Gamma_R16);
     goto $main$__1__$3xrW3vxVQYegwMrQhPeDAA;
   $main$__1__$3xrW3vxVQYegwMrQhPeDAA:
-    assume {:captureState "$main$__1__$3xrW3vxVQYegwMrQhPeDAA"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2024bv64, true;
-    call greet();
+    R8_4, Gamma_R8_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    call R31_3, Gamma_R31_3 := greet(bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 2024bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in);
     goto $main$__2__$~oSET3ZKQL2oiUDT8~pKHA;
   $main$__2__$~oSET3ZKQL2oiUDT8~pKHA:
-    assume {:captureState "$main$__2__$~oSET3ZKQL2oiUDT8~pKHA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$2$1, Gamma_Cse0__5$2$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$2$1), gamma_load64(Gamma_stack, Cse0__5$2$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$2$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$2$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 12bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_3, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 32bv64));
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 40bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out := R0_3, R29_3, R30_4, bvadd64(R31_3, 48bv64), R8_4;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_3, Gamma_R29_3, Gamma_R30_4, Gamma_R31_3, Gamma_R8_4;
     return;
 }
 
-procedure FUN_650();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2060bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2061bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2062bv64) == 2bv8);
@@ -232,20 +228,143 @@ procedure FUN_650();
   free ensures (memory_load64_le(mem, 69064bv64) == 1856bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1968bv64);
 
-implementation FUN_650()
+implementation FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_650$__0__$Q8~f_ny6Tyei9F9VZVqpig:
-    assume {:captureState "$FUN_650$__0__$Q8~f_ny6Tyei9F9VZVqpig"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 32bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 32bv64)) || L(mem, bvadd64(R16, 32bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 32bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69664bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure greet();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load8_le(mem, 2060bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2061bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2062bv64) == 2bv8);
@@ -264,10 +383,6 @@ procedure greet();
   free requires (memory_load64_le(mem, 69056bv64) == 1936bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1968bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2060bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2061bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2062bv64) == 2bv8);
@@ -287,36 +402,26 @@ procedure greet();
   free ensures (memory_load64_le(mem, 69064bv64) == 1856bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1968bv64);
 
-implementation greet()
+implementation greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
   $greet$__0__$2iOaL1UgSjeQS6XoIxVEwg:
-    assume {:captureState "$greet$__0__$2iOaL1UgSjeQS6XoIxVEwg"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "1940$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "1940$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2064bv64), Gamma_R0;
-    R30, Gamma_R30 := 1960bv64, true;
-    call FUN_650();
-    goto $greet$__1__$qE3JfQuGRqKhzooPEQBb4Q;
-  $greet$__1__$qE3JfQuGRqKhzooPEQBb4Q:
-    assume {:captureState "$greet$__1__$qE3JfQuGRqKhzooPEQBb4Q"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_650(R16, Gamma_R16);
     goto greet_basil_return;
   greet_basil_return:
-    assume {:captureState "greet_basil_return"} true;
+    R31_out := R31_in;
+    Gamma_R31_out := Gamma_R31_in;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2060bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2061bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2062bv64) == 2bv8);
diff --git a/src/test/correct/indirect_call/gcc/indirect_call_gtirb.expected b/src/test/correct/indirect_call/gcc/indirect_call_gtirb.expected
index 1587a7a14..f6209344d 100644
--- a/src/test/correct/indirect_call/gcc/indirect_call_gtirb.expected
+++ b/src/test/correct/indirect_call/gcc/indirect_call_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -21,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +77,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_630();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 1984bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 1992bv64) == 8583909746840200520bv64);
   free requires (memory_load64_le(mem, 2000bv64) == 143418749551bv64);
@@ -107,20 +108,143 @@ procedure FUN_630();
   free ensures (memory_load64_le(mem, 69616bv64) == 1908bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_630()
+implementation FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_630$__0__$tuyfiXKhQwyDbRrxvmvI3A:
-    assume {:captureState "$FUN_630$__0__$tuyfiXKhQwyDbRrxvmvI3A"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call puts();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := puts(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure greet();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 1984bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 1992bv64) == 8583909746840200520bv64);
   free requires (memory_load64_le(mem, 2000bv64) == 143418749551bv64);
@@ -135,10 +259,6 @@ procedure greet();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1908bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 1984bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 1992bv64) == 8583909746840200520bv64);
   free ensures (memory_load64_le(mem, 2000bv64) == 143418749551bv64);
@@ -154,37 +274,27 @@ procedure greet();
   free ensures (memory_load64_le(mem, 69616bv64) == 1908bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation greet()
+implementation greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
   $greet$__0__$81FUb_xuSnaFuKB7SDT2jQ:
-    assume {:captureState "$greet$__0__$81FUb_xuSnaFuKB7SDT2jQ"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "1876$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "1876$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1992bv64), Gamma_R0;
-    R30, Gamma_R30 := 1896bv64, true;
-    call FUN_630();
-    goto $greet$__1__$kdZai1woRdCWjv9gZOc7IQ;
-  $greet$__1__$kdZai1woRdCWjv9gZOc7IQ:
-    assume {:captureState "$greet$__1__$kdZai1woRdCWjv9gZOc7IQ"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto greet_basil_return;
   greet_basil_return:
-    assume {:captureState "greet_basil_return"} true;
+    R31_out := R31_in;
+    Gamma_R31_out := Gamma_R31_in;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 1984bv64) == 131073bv64);
@@ -201,10 +311,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1908bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 1984bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 1992bv64) == 8583909746840200520bv64);
   free ensures (memory_load64_le(mem, 2000bv64) == 143418749551bv64);
@@ -220,47 +326,40 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1908bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$2$0: bv64;
-  var Gamma_Cse0__5$2$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
   $main$__0__$w0OdBToKQa2Q58glCiVypg:
-    assume {:captureState "$main$__0__$w0OdBToKQa2Q58glCiVypg"} true;
-    Cse0__5$2$0, Gamma_Cse0__5$2$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$2$0, R29), gamma_store64(Gamma_stack, Cse0__5$2$0, Gamma_R29);
-    assume {:captureState "1908$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$2$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$2$0, 8bv64), Gamma_R30);
-    assume {:captureState "1908$2"} true;
-    R31, Gamma_R31 := Cse0__5$2$0, Gamma_Cse0__5$2$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1876bv64), Gamma_R0;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1924$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2008bv64), Gamma_R0;
-    R30, Gamma_R30 := 1940bv64, true;
-    call FUN_630();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1876bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto $main$__1__$XCDB1coVTJ2EOAyBt9pNGg;
   $main$__1__$XCDB1coVTJ2EOAyBt9pNGg:
-    assume {:captureState "$main$__1__$XCDB1coVTJ2EOAyBt9pNGg"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 1948bv64, true;
-    call greet();
+    call R31_3, Gamma_R31_3 := greet(bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, 1948bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in);
     goto $main$__2__$CUvNMZuRSsiLfPsNmfjI_Q;
   $main$__2__$CUvNMZuRSsiLfPsNmfjI_Q:
-    assume {:captureState "$main$__2__$CUvNMZuRSsiLfPsNmfjI_Q"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R29_out, R30_out, R31_out := 0bv64, R16_1, R17_1, R29_3, R30_4, bvadd64(R31_3, 32bv64);
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_1, Gamma_R17_1, Gamma_R29_3, Gamma_R30_4, Gamma_R31_3;
     return;
 }
 
-procedure puts();
+procedure puts(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 1984bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 1992bv64) == 8583909746840200520bv64);
   free requires (memory_load64_le(mem, 2000bv64) == 143418749551bv64);
diff --git a/src/test/correct/indirect_call/gcc_pic/indirect_call_gtirb.expected b/src/test/correct/indirect_call/gcc_pic/indirect_call_gtirb.expected
index 6fae6b6ba..fe03ab27d 100644
--- a/src/test/correct/indirect_call/gcc_pic/indirect_call_gtirb.expected
+++ b/src/test/correct/indirect_call/gcc_pic/indirect_call_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -21,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +78,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure greet();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2056bv64) == 8583909746840200520bv64);
   free requires (memory_load64_le(mem, 2064bv64) == 143418749551bv64);
@@ -94,10 +95,6 @@ procedure greet();
   free requires (memory_load64_le(mem, 69600bv64) == 1940bv64);
   free requires (memory_load64_le(mem, 69008bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1936bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2056bv64) == 8583909746840200520bv64);
   free ensures (memory_load64_le(mem, 2064bv64) == 143418749551bv64);
@@ -114,37 +111,27 @@ procedure greet();
   free ensures (memory_load64_le(mem, 69008bv64) == 1856bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1936bv64);
 
-implementation greet()
+implementation greet(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
   $greet$__0__$ya12BsraQDyb0PY~D2lGYQ:
-    assume {:captureState "$greet$__0__$ya12BsraQDyb0PY~D2lGYQ"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "1940$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "1940$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2056bv64), Gamma_R0;
-    R30, Gamma_R30 := 1960bv64, true;
-    call FUN_650();
-    goto $greet$__1__$BAJa2ZW0ROGpI~IG4G4dnQ;
-  $greet$__1__$BAJa2ZW0ROGpI~IG4G4dnQ:
-    assume {:captureState "$greet$__1__$BAJa2ZW0ROGpI~IG4G4dnQ"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_650(R16, Gamma_R16);
     goto greet_basil_return;
   greet_basil_return:
-    assume {:captureState "greet_basil_return"} true;
+    R31_out := R31_in;
+    Gamma_R31_out := Gamma_R31_in;
     return;
 }
 
-procedure FUN_650();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2056bv64) == 8583909746840200520bv64);
   free requires (memory_load64_le(mem, 2064bv64) == 143418749551bv64);
@@ -176,20 +163,143 @@ procedure FUN_650();
   free ensures (memory_load64_le(mem, 69008bv64) == 1856bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1936bv64);
 
-implementation FUN_650()
+implementation FUN_650(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_650$__0__$blyA87erSRO9dBs3C_GROw:
-    assume {:captureState "$FUN_650$__0__$blyA87erSRO9dBs3C_GROw"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4032bv64)) || L(mem, bvadd64(R16, 4032bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4032bv64), Gamma_R16;
-    call puts();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := puts(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69568bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
@@ -207,10 +317,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69600bv64) == 1940bv64);
   free requires (memory_load64_le(mem, 69008bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1936bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2056bv64) == 8583909746840200520bv64);
   free ensures (memory_load64_le(mem, 2064bv64) == 143418749551bv64);
@@ -227,48 +333,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69008bv64) == 1856bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1936bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var R0_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
   $main$__0__$BoFgJ28hRESLWeRUGTZ6AQ:
-    assume {:captureState "$main$__0__$BoFgJ28hRESLWeRUGTZ6AQ"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1972$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1972$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1988$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2072bv64), Gamma_R0;
-    R30, Gamma_R30 := 2004bv64, true;
-    call FUN_650();
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_2);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_650(R16, Gamma_R16);
     goto $main$__1__$gEm6HfTiSIW8xoT2LZrDVw;
   $main$__1__$gEm6HfTiSIW8xoT2LZrDVw:
-    assume {:captureState "$main$__1__$gEm6HfTiSIW8xoT2LZrDVw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 2012bv64, true;
-    call greet();
+    call R31_3, Gamma_R31_3 := greet(bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, 2012bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in);
     goto $main$__2__$sk~gIF9_TnupcjAVM_n30w;
   $main$__2__$sk~gIF9_TnupcjAVM_n30w:
-    assume {:captureState "$main$__2__$sk~gIF9_TnupcjAVM_n30w"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R29_out, R30_out, R31_out := 0bv64, R16_1, R17_1, R29_3, R30_4, bvadd64(R31_3, 32bv64);
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_1, Gamma_R17_1, Gamma_R29_3, Gamma_R30_4, Gamma_R31_3;
     return;
 }
 
-procedure puts();
+procedure puts(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2048bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2056bv64) == 8583909746840200520bv64);
   free requires (memory_load64_le(mem, 2064bv64) == 143418749551bv64);
diff --git a/src/test/correct/initialisation/clang/initialisation.expected b/src/test/correct/initialisation/clang/initialisation.expected
index 0af0f30d2..ef3fbd0b1 100644
--- a/src/test/correct/initialisation/clang/initialisation.expected
+++ b/src/test/correct/initialisation/clang/initialisation.expected
@@ -1,22 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69696bv64);
@@ -32,10 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd65(bv65, bv65) returns (bv65);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp64(bv64, bv64) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp65(bv65, bv65) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -49,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -73,19 +69,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_64(bv64) returns (bv65);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_64(bv64) returns (bv65);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
@@ -117,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R10, R11, R8, R9, VF, ZF, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 416611827717bv64);
@@ -144,55 +138,50 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R10_2: bv32;
+  var R10_3: bv32;
+  var R10_4: bv64;
+  var R8_3: bv32;
+  var R8_4: bv32;
+  var R8_5: bv64;
+  var R8_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R9, Gamma_R9 := bvadd64(R9, 64bv64), Gamma_R9;
-    R11, Gamma_R11 := 69632bv64, true;
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, bvadd64(R11, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R11, 48bv64)) || L(mem, bvadd64(R11, 48bv64)));
-    R10, Gamma_R10 := zero_extend32_32(bvadd32(R10[32:0], 1bv32)), Gamma_R10;
+    R10_2, Gamma_R10_2 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R10_3, Gamma_R10_3 := bvadd32(R10_2, 1bv32), Gamma_R10_2;
     call rely();
-    assert (L(mem, bvadd64(R11, 48bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R11, 48bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R11, 48bv64), Gamma_R10);
-    assume {:captureState "%00000322"} true;
-    R11, Gamma_R11 := 69632bv64, true;
+    assert (L(mem, 69680bv64) ==> Gamma_R10_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R10_3), gamma_store32(Gamma_mem, 69680bv64, Gamma_R10_3);
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R11, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R11, 56bv64)) || L(mem, bvadd64(R11, 56bv64)));
-    #4, Gamma_#4 := bvadd64(R10, 18446744073709551614bv64), Gamma_R10;
-    VF, Gamma_VF := bvnot1(bvcomp65(sign_extend1_64(bvadd64(#4, 1bv64)), bvadd65(sign_extend1_64(R10), 36893488147419103231bv65))), (Gamma_R10 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp65(zero_extend1_64(bvadd64(#4, 1bv64)), bvadd65(zero_extend1_64(R10), 18446744073709551615bv65))), (Gamma_R10 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp64(bvadd64(#4, 1bv64), 0bv64), Gamma_#4;
-    NF, Gamma_NF := bvadd64(#4, 1bv64)[64:63], Gamma_#4;
-    R10, Gamma_R10 := bvadd64(#4, 1bv64), Gamma_#4;
+    R10_4, Gamma_R10_4 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R11, 56bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R11, 56bv64), R10), gamma_store64(Gamma_mem, bvadd64(R11, 56bv64), Gamma_R10);
-    assume {:captureState "%00000352"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R10_4);
+    mem, Gamma_mem := memory_store64_le(mem, 69688bv64, bvadd64(R10_4, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69688bv64, Gamma_R10_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 64bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 64bv64)) || L(mem, bvadd64(R8, 64bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 3bv32)), Gamma_R8;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, 69696bv64), (gamma_load32(Gamma_mem, 69696bv64) || L(mem, 69696bv64));
+    R8_4, Gamma_R8_4 := bvadd32(R8_3, 3bv32), Gamma_R8_3;
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
-    assume {:captureState "%00000367"} true;
-    R9, Gamma_R9 := 69632bv64, true;
+    assert (L(mem, 69700bv64) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, 69700bv64, R8_4), gamma_store32(Gamma_mem, 69700bv64, Gamma_R8_4);
     call rely();
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, bvadd64(R9, 52bv64))), (gamma_load8(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_5, Gamma_R8_5 := zero_extend56_8(memory_load8_le(mem, 69684bv64)), (gamma_load8(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_6, Gamma_R8_6 := zero_extend32_32(bvadd32(R8_5[32:0], 1bv32)), Gamma_R8_5;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 52bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "%00000381"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69684bv64) ==> Gamma_R8_6);
+    mem, Gamma_mem := memory_store8_le(mem, 69684bv64, R8_6[8:0]), gamma_store8(Gamma_mem, 69684bv64, Gamma_R8_6);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R8_out, R9_out := 0bv64, bvadd64(R10_4, 18446744073709551615bv64), 69632bv64, R8_6, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_4, true, Gamma_R8_6, true;
     return;
 }
 
diff --git a/src/test/correct/initialisation/clang/initialisation_gtirb.expected b/src/test/correct/initialisation/clang/initialisation_gtirb.expected
index 3f5fbc23c..26fc60505 100644
--- a/src/test/correct/initialisation/clang/initialisation_gtirb.expected
+++ b/src/test/correct/initialisation/clang/initialisation_gtirb.expected
@@ -1,22 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69696bv64);
@@ -32,10 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd65(bv65, bv65) returns (bv65);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp64(bv64, bv64) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp65(bv65, bv65) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -49,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -73,21 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_64(bv64) returns (bv65);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_64(bv64) returns (bv65);
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -117,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R10, R11, R8, R9, VF, ZF, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 416611827717bv64);
@@ -144,55 +138,50 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$9: bv64;
-  var Gamma_Cse0__5$0$9: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R10_2: bv32;
+  var R10_3: bv32;
+  var R10_4: bv64;
+  var R8_3: bv32;
+  var R8_4: bv32;
+  var R8_5: bv64;
+  var R8_6: bv64;
   $main$__0__$bXjOvzBIQmSVnOWXdNnWZA:
-    assume {:captureState "$main$__0__$bXjOvzBIQmSVnOWXdNnWZA"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R9, Gamma_R9 := bvadd64(R9, 64bv64), Gamma_R9;
-    R11, Gamma_R11 := 69632bv64, true;
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, bvadd64(R11, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R11, 48bv64)) || L(mem, bvadd64(R11, 48bv64)));
-    R10, Gamma_R10 := zero_extend32_32(bvadd32(R10[32:0], 1bv32)), Gamma_R10;
+    R10_2, Gamma_R10_2 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R10_3, Gamma_R10_3 := bvadd32(R10_2, 1bv32), Gamma_R10_2;
     call rely();
-    assert (L(mem, bvadd64(R11, 48bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R11, 48bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R11, 48bv64), Gamma_R10);
-    assume {:captureState "1836$0"} true;
-    R11, Gamma_R11 := 69632bv64, true;
+    assert (L(mem, 69680bv64) ==> Gamma_R10_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R10_3), gamma_store32(Gamma_mem, 69680bv64, Gamma_R10_3);
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R11, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R11, 56bv64)) || L(mem, bvadd64(R11, 56bv64)));
-    Cse0__5$0$9, Gamma_Cse0__5$0$9 := bvadd64(R10, 18446744073709551615bv64), Gamma_R10;
-    VF, Gamma_VF := bvnot1(bvcomp65(sign_extend1_64(Cse0__5$0$9), bvadd65(sign_extend1_64(R10), 36893488147419103231bv65))), (Gamma_R10 && Gamma_Cse0__5$0$9);
-    CF, Gamma_CF := bvnot1(bvcomp65(zero_extend1_64(Cse0__5$0$9), bvadd65(zero_extend1_64(R10), 18446744073709551615bv65))), (Gamma_R10 && Gamma_Cse0__5$0$9);
-    ZF, Gamma_ZF := bvcomp64(Cse0__5$0$9, 0bv64), Gamma_Cse0__5$0$9;
-    NF, Gamma_NF := Cse0__5$0$9[64:63], Gamma_Cse0__5$0$9;
-    R10, Gamma_R10 := Cse0__5$0$9, Gamma_Cse0__5$0$9;
+    R10_4, Gamma_R10_4 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R11, 56bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R11, 56bv64), R10), gamma_store64(Gamma_mem, bvadd64(R11, 56bv64), Gamma_R10);
-    assume {:captureState "1852$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R10_4);
+    mem, Gamma_mem := memory_store64_le(mem, 69688bv64, bvadd64(R10_4, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69688bv64, Gamma_R10_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 64bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 64bv64)) || L(mem, bvadd64(R8, 64bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 3bv32)), Gamma_R8;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, 69696bv64), (gamma_load32(Gamma_mem, 69696bv64) || L(mem, 69696bv64));
+    R8_4, Gamma_R8_4 := bvadd32(R8_3, 3bv32), Gamma_R8_3;
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
-    assume {:captureState "1864$0"} true;
-    R9, Gamma_R9 := 69632bv64, true;
+    assert (L(mem, 69700bv64) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, 69700bv64, R8_4), gamma_store32(Gamma_mem, 69700bv64, Gamma_R8_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R9, 52bv64)))), (gamma_load8(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_5, Gamma_R8_5 := zero_extend56_8(memory_load8_le(mem, 69684bv64)), (gamma_load8(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_6, Gamma_R8_6 := zero_extend32_32(bvadd32(R8_5[32:0], 1bv32)), Gamma_R8_5;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 52bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69684bv64) ==> Gamma_R8_6);
+    mem, Gamma_mem := memory_store8_le(mem, 69684bv64, R8_6[8:0]), gamma_store8(Gamma_mem, 69684bv64, Gamma_R8_6);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R8_out, R9_out := 0bv64, bvadd64(R10_4, 18446744073709551615bv64), 69632bv64, R8_6, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_4, true, Gamma_R8_6, true;
     return;
 }
 
diff --git a/src/test/correct/initialisation/clang_O2/initialisation.expected b/src/test/correct/initialisation/clang_O2/initialisation.expected
index 13d304de8..aea68aa6e 100644
--- a/src/test/correct/initialisation/clang_O2/initialisation.expected
+++ b/src/test/correct/initialisation/clang_O2/initialisation.expected
@@ -1,22 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R12: bool;
-var {:extern} Gamma_R13: bool;
-var {:extern} Gamma_R14: bool;
-var {:extern} Gamma_R15: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R12: bv64;
-var {:extern} R13: bv64;
-var {:extern} R14: bv64;
-var {:extern} R15: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69696bv64);
@@ -32,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -45,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -69,15 +69,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -111,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R12, Gamma_R13, Gamma_R14, Gamma_R15, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R11, R12, R13, R14, R15, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 416611827717bv64);
@@ -138,47 +138,50 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_4: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R15_2: bool;
+  var R10_4: bv64;
+  var R11_2: bv32;
+  var R11_3: bv64;
+  var R13_2: bv32;
+  var R13_3: bv64;
+  var R14_2: bv64;
+  var R15_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R10, Gamma_R10 := 69632bv64, true;
-    R10, Gamma_R10 := bvadd64(R10, 64bv64), Gamma_R10;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R12, Gamma_R12 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R11, Gamma_R11 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
+    R11_2, Gamma_R11_2 := memory_load32_le(mem, 69696bv64), (gamma_load32(Gamma_mem, 69696bv64) || L(mem, 69696bv64));
     call rely();
-    R13, Gamma_R13 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 48bv64)) || L(mem, bvadd64(R8, 48bv64)));
+    R13_2, Gamma_R13_2 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
     call rely();
-    R14, Gamma_R14 := memory_load64_le(mem, bvadd64(R9, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 56bv64)) || L(mem, bvadd64(R9, 56bv64)));
-    R11, Gamma_R11 := zero_extend32_32(bvadd32(R11[32:0], 3bv32)), Gamma_R11;
+    R14_2, Gamma_R14_2 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    R11_3, Gamma_R11_3 := zero_extend32_32(bvadd32(R11_2, 3bv32)), Gamma_R11_2;
     call rely();
-    R15, Gamma_R15 := zero_extend56_8(memory_load8_le(mem, bvadd64(R12, 52bv64))), (gamma_load8(Gamma_mem, bvadd64(R12, 52bv64)) || L(mem, bvadd64(R12, 52bv64)));
-    R13, Gamma_R13 := zero_extend32_32(bvadd32(R13[32:0], 1bv32)), Gamma_R13;
-    R14, Gamma_R14 := bvadd64(R14, 18446744073709551615bv64), Gamma_R14;
+    R15_2, Gamma_R15_2 := zero_extend56_8(memory_load8_le(mem, 69684bv64)), (gamma_load8(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R13_3, Gamma_R13_3 := zero_extend32_32(bvadd32(R13_2, 1bv32)), Gamma_R13_2;
     call rely();
-    assert (L(mem, bvadd64(R10, 4bv64)) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 4bv64), R11[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 4bv64), Gamma_R11);
-    assume {:captureState "%00000349"} true;
-    R10, Gamma_R10 := zero_extend32_32(bvadd32(R15[32:0], 1bv32)), Gamma_R15;
+    assert (L(mem, 69700bv64) ==> Gamma_R11_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69700bv64, R11_3[32:0]), gamma_store32(Gamma_mem, 69700bv64, Gamma_R11_3);
+    R10_4, Gamma_R10_4 := zero_extend32_32(bvadd32(R15_2[32:0], 1bv32)), Gamma_R15_2;
     call rely();
-    assert (L(mem, bvadd64(R8, 48bv64)) ==> Gamma_R13);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 48bv64), R13[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 48bv64), Gamma_R13);
-    assume {:captureState "%00000357"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R13_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R13_3[32:0]), gamma_store32(Gamma_mem, 69680bv64, Gamma_R13_3);
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R14);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 56bv64), R14), gamma_store64(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R14);
-    assume {:captureState "%0000035f"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R14_2);
+    mem, Gamma_mem := memory_store64_le(mem, 69688bv64, bvadd64(R14_2, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69688bv64, Gamma_R14_2);
     call rely();
-    assert (L(mem, bvadd64(R12, 52bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R12, 52bv64), R10[8:0]), gamma_store8(Gamma_mem, bvadd64(R12, 52bv64), Gamma_R10);
-    assume {:captureState "%00000367"} true;
+    assert (L(mem, 69684bv64) ==> Gamma_R10_4);
+    mem, Gamma_mem := memory_store8_le(mem, 69684bv64, R10_4[8:0]), gamma_store8(Gamma_mem, 69684bv64, Gamma_R10_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R12_out, R13_out, R14_out, R15_out, R8_out, R9_out := 0bv64, R10_4, R11_3, 69632bv64, R13_3, bvadd64(R14_2, 18446744073709551615bv64), R15_2, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R12_out, Gamma_R13_out, Gamma_R14_out, Gamma_R15_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_4, Gamma_R11_3, true, Gamma_R13_3, Gamma_R14_2, Gamma_R15_2, true, true;
     return;
 }
 
diff --git a/src/test/correct/initialisation/clang_O2/initialisation_gtirb.expected b/src/test/correct/initialisation/clang_O2/initialisation_gtirb.expected
index a9e116b67..ab9f21f0c 100644
--- a/src/test/correct/initialisation/clang_O2/initialisation_gtirb.expected
+++ b/src/test/correct/initialisation/clang_O2/initialisation_gtirb.expected
@@ -1,22 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R12: bool;
-var {:extern} Gamma_R13: bool;
-var {:extern} Gamma_R14: bool;
-var {:extern} Gamma_R15: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R12: bv64;
-var {:extern} R13: bv64;
-var {:extern} R14: bv64;
-var {:extern} R15: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69696bv64);
@@ -32,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -45,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -69,19 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -111,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R12, Gamma_R13, Gamma_R14, Gamma_R15, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R11, R12, R13, R14, R15, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 416611827717bv64);
@@ -138,47 +138,50 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_4: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R15_2: bool;
+  var R10_4: bv64;
+  var R11_2: bv32;
+  var R11_3: bv64;
+  var R13_2: bv32;
+  var R13_3: bv64;
+  var R14_2: bv64;
+  var R15_2: bv64;
   $main$__0__$f6fSZwrZSIKfQqhZ9R_A_Q:
-    assume {:captureState "$main$__0__$f6fSZwrZSIKfQqhZ9R_A_Q"} true;
-    R10, Gamma_R10 := 69632bv64, true;
-    R10, Gamma_R10 := bvadd64(R10, 64bv64), Gamma_R10;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R12, Gamma_R12 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R11, Gamma_R11 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
+    R11_2, Gamma_R11_2 := memory_load32_le(mem, 69696bv64), (gamma_load32(Gamma_mem, 69696bv64) || L(mem, 69696bv64));
     call rely();
-    R13, Gamma_R13 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 48bv64)) || L(mem, bvadd64(R8, 48bv64)));
+    R13_2, Gamma_R13_2 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
     call rely();
-    R14, Gamma_R14 := memory_load64_le(mem, bvadd64(R9, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 56bv64)) || L(mem, bvadd64(R9, 56bv64)));
-    R11, Gamma_R11 := zero_extend32_32(bvadd32(R11[32:0], 3bv32)), Gamma_R11;
+    R14_2, Gamma_R14_2 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    R11_3, Gamma_R11_3 := zero_extend32_32(bvadd32(R11_2, 3bv32)), Gamma_R11_2;
     call rely();
-    R15, Gamma_R15 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R12, 52bv64)))), (gamma_load8(Gamma_mem, bvadd64(R12, 52bv64)) || L(mem, bvadd64(R12, 52bv64)));
-    R13, Gamma_R13 := zero_extend32_32(bvadd32(R13[32:0], 1bv32)), Gamma_R13;
-    R14, Gamma_R14 := bvadd64(R14, 18446744073709551615bv64), Gamma_R14;
+    R15_2, Gamma_R15_2 := zero_extend56_8(memory_load8_le(mem, 69684bv64)), (gamma_load8(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R13_3, Gamma_R13_3 := zero_extend32_32(bvadd32(R13_2, 1bv32)), Gamma_R13_2;
     call rely();
-    assert (L(mem, bvadd64(R10, 4bv64)) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 4bv64), R11[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 4bv64), Gamma_R11);
-    assume {:captureState "1864$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(bvadd32(R15[32:0], 1bv32)), Gamma_R15;
+    assert (L(mem, 69700bv64) ==> Gamma_R11_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69700bv64, R11_3[32:0]), gamma_store32(Gamma_mem, 69700bv64, Gamma_R11_3);
+    R10_4, Gamma_R10_4 := zero_extend32_32(bvadd32(R15_2[32:0], 1bv32)), Gamma_R15_2;
     call rely();
-    assert (L(mem, bvadd64(R8, 48bv64)) ==> Gamma_R13);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 48bv64), R13[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 48bv64), Gamma_R13);
-    assume {:captureState "1872$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R13_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R13_3[32:0]), gamma_store32(Gamma_mem, 69680bv64, Gamma_R13_3);
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R14);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 56bv64), R14), gamma_store64(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R14);
-    assume {:captureState "1876$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R14_2);
+    mem, Gamma_mem := memory_store64_le(mem, 69688bv64, bvadd64(R14_2, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69688bv64, Gamma_R14_2);
     call rely();
-    assert (L(mem, bvadd64(R12, 52bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R12, 52bv64), R10[8:0]), gamma_store8(Gamma_mem, bvadd64(R12, 52bv64), Gamma_R10);
-    assume {:captureState "1880$0"} true;
+    assert (L(mem, 69684bv64) ==> Gamma_R10_4);
+    mem, Gamma_mem := memory_store8_le(mem, 69684bv64, R10_4[8:0]), gamma_store8(Gamma_mem, 69684bv64, Gamma_R10_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R12_out, R13_out, R14_out, R15_out, R8_out, R9_out := 0bv64, R10_4, R11_3, 69632bv64, R13_3, bvadd64(R14_2, 18446744073709551615bv64), R15_2, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R12_out, Gamma_R13_out, Gamma_R14_out, Gamma_R15_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_4, Gamma_R11_3, true, Gamma_R13_3, Gamma_R14_2, Gamma_R15_2, true, true;
     return;
 }
 
diff --git a/src/test/correct/initialisation/clang_pic/initialisation.expected b/src/test/correct/initialisation/clang_pic/initialisation.expected
index dadd6b3d7..7f30bafff 100644
--- a/src/test/correct/initialisation/clang_pic/initialisation.expected
+++ b/src/test/correct/initialisation/clang_pic/initialisation.expected
@@ -1,20 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69696bv64);
@@ -30,10 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd65(bv65, bv65) returns (bv65);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp64(bv64, bv64) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp65(bv65, bv65) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -47,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -71,19 +69,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_64(bv64) returns (bv65);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_64(bv64) returns (bv65);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
@@ -119,8 +115,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R10, R8, R9, VF, ZF, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 416611827717bv64);
@@ -154,61 +150,66 @@ procedure main();
   free ensures (memory_load64_le(mem, 69032bv64) == 1936bv64);
   free ensures (memory_load64_le(mem, 69560bv64) == 69680bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_5: bool;
+  var R10_3: bv64;
+  var R10_5: bv64;
+  var R8_2: bv32;
+  var R8_3: bv32;
+  var R8_4: bv64;
+  var R8_6: bv32;
+  var R8_7: bv32;
+  var R8_8: bv64;
+  var R8_9: bv64;
+  var R9_3: bv64;
+  var R9_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R10, Gamma_R10 := 65536bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R10, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R10, 4024bv64)) || L(mem, bvadd64(R10, 4024bv64)));
+    R10_3, Gamma_R10_3 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, R10_3), (gamma_load32(Gamma_mem, R10_3) || L(mem, R10_3));
+    R8_3, Gamma_R8_3 := bvadd32(R8_2, 1bv32), Gamma_R8_2;
     call rely();
-    assert (L(mem, R10) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R10, R8[32:0]), gamma_store32(Gamma_mem, R10, Gamma_R8);
-    assume {:captureState "%0000032d"} true;
-    R10, Gamma_R10 := 65536bv64, true;
+    assert (L(mem, R10_3) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, R10_3, R8_3), gamma_store32(Gamma_mem, R10_3, Gamma_R8_3);
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R10, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R10, 4016bv64)) || L(mem, bvadd64(R10, 4016bv64)));
+    R10_5, Gamma_R10_5 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, R10), (gamma_load64(Gamma_mem, R10) || L(mem, R10));
-    #4, Gamma_#4 := bvadd64(R8, 18446744073709551614bv64), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp65(sign_extend1_64(bvadd64(#4, 1bv64)), bvadd65(sign_extend1_64(R8), 36893488147419103231bv65))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp65(zero_extend1_64(bvadd64(#4, 1bv64)), bvadd65(zero_extend1_64(R8), 18446744073709551615bv65))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp64(bvadd64(#4, 1bv64), 0bv64), Gamma_#4;
-    NF, Gamma_NF := bvadd64(#4, 1bv64)[64:63], Gamma_#4;
-    R8, Gamma_R8 := bvadd64(#4, 1bv64), Gamma_#4;
+    R8_4, Gamma_R8_4 := memory_load64_le(mem, R10_5), (gamma_load64(Gamma_mem, R10_5) || L(mem, R10_5));
     call rely();
-    assert (L(mem, R10) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, R10, R8), gamma_store64(Gamma_mem, R10, Gamma_R8);
-    assume {:captureState "%00000364"} true;
+    assert (L(mem, R10_5) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store64_le(mem, R10_5, bvadd64(R8_4, 18446744073709551615bv64)), gamma_store64(Gamma_mem, R10_5, Gamma_R8_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 3bv32)), Gamma_R8;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_7, Gamma_R8_7 := bvadd32(R8_6, 3bv32), Gamma_R8_6;
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
-    assume {:captureState "%00000379"} true;
-    R9, Gamma_R9 := 65536bv64, true;
+    assert (L(mem, bvadd64(R9_3, 4bv64)) ==> Gamma_R8_7);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9_3, 4bv64), R8_7), gamma_store32(Gamma_mem, bvadd64(R9_3, 4bv64), Gamma_R8_7);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
+    R9_5, Gamma_R9_5 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, R9)), (gamma_load8(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_8, Gamma_R8_8 := zero_extend56_8(memory_load8_le(mem, R9_5)), (gamma_load8(Gamma_mem, R9_5) || L(mem, R9_5));
+    R8_9, Gamma_R8_9 := zero_extend32_32(bvadd32(R8_8[32:0], 1bv32)), Gamma_R8_8;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%0000039a"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R9_5) ==> Gamma_R8_9);
+    mem, Gamma_mem := memory_store8_le(mem, R9_5, R8_9[8:0]), gamma_store8(Gamma_mem, R9_5, Gamma_R8_9);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, R10_5, R8_9, R9_5;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_5, Gamma_R8_9, Gamma_R9_5;
     return;
 }
 
diff --git a/src/test/correct/initialisation/clang_pic/initialisation_gtirb.expected b/src/test/correct/initialisation/clang_pic/initialisation_gtirb.expected
index b27c8c0fc..b78f48973 100644
--- a/src/test/correct/initialisation/clang_pic/initialisation_gtirb.expected
+++ b/src/test/correct/initialisation/clang_pic/initialisation_gtirb.expected
@@ -1,20 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69696bv64);
@@ -30,10 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd65(bv65, bv65) returns (bv65);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp64(bv64, bv64) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp65(bv65, bv65) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -47,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -71,21 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_64(bv64) returns (bv65);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_64(bv64) returns (bv65);
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -119,8 +115,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R10, R8, R9, VF, ZF, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 416611827717bv64);
@@ -154,61 +150,66 @@ procedure main();
   free ensures (memory_load64_le(mem, 69032bv64) == 1936bv64);
   free ensures (memory_load64_le(mem, 69560bv64) == 69680bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$10: bv64;
-  var Gamma_Cse0__5$0$10: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_5: bool;
+  var R10_3: bv64;
+  var R10_5: bv64;
+  var R8_2: bv32;
+  var R8_3: bv32;
+  var R8_4: bv64;
+  var R8_6: bv32;
+  var R8_7: bv32;
+  var R8_8: bv64;
+  var R8_9: bv64;
+  var R9_3: bv64;
+  var R9_5: bv64;
   $main$__0__$qUctHEkFTbC0bXMW251ihQ:
-    assume {:captureState "$main$__0__$qUctHEkFTbC0bXMW251ihQ"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R10, Gamma_R10 := 65536bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R10, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R10, 4024bv64)) || L(mem, bvadd64(R10, 4024bv64)));
+    R10_3, Gamma_R10_3 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, R10_3), (gamma_load32(Gamma_mem, R10_3) || L(mem, R10_3));
+    R8_3, Gamma_R8_3 := bvadd32(R8_2, 1bv32), Gamma_R8_2;
     call rely();
-    assert (L(mem, R10) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R10, R8[32:0]), gamma_store32(Gamma_mem, R10, Gamma_R8);
-    assume {:captureState "1964$0"} true;
-    R10, Gamma_R10 := 65536bv64, true;
+    assert (L(mem, R10_3) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, R10_3, R8_3), gamma_store32(Gamma_mem, R10_3, Gamma_R8_3);
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R10, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R10, 4016bv64)) || L(mem, bvadd64(R10, 4016bv64)));
+    R10_5, Gamma_R10_5 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, R10), (gamma_load64(Gamma_mem, R10) || L(mem, R10));
-    Cse0__5$0$10, Gamma_Cse0__5$0$10 := bvadd64(R8, 18446744073709551615bv64), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp65(sign_extend1_64(Cse0__5$0$10), bvadd65(sign_extend1_64(R8), 36893488147419103231bv65))), (Gamma_R8 && Gamma_Cse0__5$0$10);
-    CF, Gamma_CF := bvnot1(bvcomp65(zero_extend1_64(Cse0__5$0$10), bvadd65(zero_extend1_64(R8), 18446744073709551615bv65))), (Gamma_R8 && Gamma_Cse0__5$0$10);
-    ZF, Gamma_ZF := bvcomp64(Cse0__5$0$10, 0bv64), Gamma_Cse0__5$0$10;
-    NF, Gamma_NF := Cse0__5$0$10[64:63], Gamma_Cse0__5$0$10;
-    R8, Gamma_R8 := Cse0__5$0$10, Gamma_Cse0__5$0$10;
+    R8_4, Gamma_R8_4 := memory_load64_le(mem, R10_5), (gamma_load64(Gamma_mem, R10_5) || L(mem, R10_5));
     call rely();
-    assert (L(mem, R10) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, R10, R8), gamma_store64(Gamma_mem, R10, Gamma_R8);
-    assume {:captureState "1984$0"} true;
+    assert (L(mem, R10_5) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store64_le(mem, R10_5, bvadd64(R8_4, 18446744073709551615bv64)), gamma_store64(Gamma_mem, R10_5, Gamma_R8_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 3bv32)), Gamma_R8;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_7, Gamma_R8_7 := bvadd32(R8_6, 3bv32), Gamma_R8_6;
     call rely();
-    assert (L(mem, bvadd64(R9, 4bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 4bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 4bv64), Gamma_R8);
-    assume {:captureState "1996$0"} true;
-    R9, Gamma_R9 := 65536bv64, true;
+    assert (L(mem, bvadd64(R9_3, 4bv64)) ==> Gamma_R8_7);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9_3, 4bv64), R8_7), gamma_store32(Gamma_mem, bvadd64(R9_3, 4bv64), Gamma_R8_7);
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
+    R9_5, Gamma_R9_5 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R9))), (gamma_load8(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_8, Gamma_R8_8 := zero_extend56_8(memory_load8_le(mem, R9_5)), (gamma_load8(Gamma_mem, R9_5) || L(mem, R9_5));
+    R8_9, Gamma_R8_9 := zero_extend32_32(bvadd32(R8_8[32:0], 1bv32)), Gamma_R8_8;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2016$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R9_5) ==> Gamma_R8_9);
+    mem, Gamma_mem := memory_store8_le(mem, R9_5, R8_9[8:0]), gamma_store8(Gamma_mem, R9_5, Gamma_R8_9);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, R10_5, R8_9, R9_5;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_5, Gamma_R8_9, Gamma_R9_5;
     return;
 }
 
diff --git a/src/test/correct/initialisation/gcc/initialisation.expected b/src/test/correct/initialisation/gcc/initialisation.expected
index cec7d3cbd..efdaca08d 100644
--- a/src/test/correct/initialisation/gcc/initialisation.expected
+++ b/src/test/correct/initialisation/gcc/initialisation.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69664bv64);
@@ -18,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -55,15 +69,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -97,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 416611827717bv64);
@@ -124,59 +138,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_14: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_14: bv32;
+  var R0_19: bv64;
+  var R0_20: bv64;
+  var R0_4: bv32;
+  var R0_9: bv64;
+  var R1_2: bv32;
+  var R1_4: bv32;
+  var R1_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R1_2, Gamma_R1_2 := bvadd32(R0_4, 1bv32), Gamma_R0_4;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000034f"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    assert (L(mem, 69648bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R1_2), gamma_store32(Gamma_mem, 69648bv64, Gamma_R1_2);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := bvadd64(R0, 18446744073709551615bv64), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69656bv64), (gamma_load64(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000037a"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    assert (L(mem, 69656bv64) ==> Gamma_R0_9);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, bvadd64(R0_9, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69656bv64, Gamma_R0_9);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 3bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    R0_14, Gamma_R0_14 := memory_load32_le(mem, 69664bv64), (gamma_load32(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    R1_4, Gamma_R1_4 := bvadd32(R0_14, 3bv32), Gamma_R0_14;
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
-    assume {:captureState "%000003a5"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69668bv64) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, 69668bv64, R1_4), gamma_store32(Gamma_mem, 69668bv64, Gamma_R1_4);
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((0bv24 ++ R0[8:0])), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_19, Gamma_R0_19 := zero_extend56_8(memory_load8_le(mem, 69652bv64)), (gamma_load8(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R0_20, Gamma_R0_20 := zero_extend32_32(bvadd32(R0_19[32:0], 1bv32)), Gamma_R0_19;
+    R1_5, Gamma_R1_5 := zero_extend56_8(R0_20[8:0]), Gamma_R0_20;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003d6"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store8_le(mem, 69652bv64, R1_5[8:0]), gamma_store8(Gamma_mem, 69652bv64, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/correct/initialisation/gcc/initialisation_gtirb.expected b/src/test/correct/initialisation/gcc/initialisation_gtirb.expected
index 45006ee53..24db0eb0d 100644
--- a/src/test/correct/initialisation/gcc/initialisation_gtirb.expected
+++ b/src/test/correct/initialisation/gcc/initialisation_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69664bv64);
@@ -18,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -55,19 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -97,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 416611827717bv64);
@@ -124,59 +138,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_14: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_14: bv32;
+  var R0_19: bv64;
+  var R0_20: bv64;
+  var R0_4: bv32;
+  var R0_9: bv64;
+  var R1_2: bv32;
+  var R1_4: bv32;
+  var R1_5: bv64;
   $main$__0__$ulEp46faSbyYIP08N0ny3w:
-    assume {:captureState "$main$__0__$ulEp46faSbyYIP08N0ny3w"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R1_2, Gamma_R1_2 := bvadd32(R0_4, 1bv32), Gamma_R0_4;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    assert (L(mem, 69648bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R1_2), gamma_store32(Gamma_mem, 69648bv64, Gamma_R1_2);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := bvadd64(R0, 18446744073709551615bv64), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69656bv64), (gamma_load64(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1864$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    assert (L(mem, 69656bv64) ==> Gamma_R0_9);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, bvadd64(R0_9, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69656bv64, Gamma_R0_9);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 3bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    R0_14, Gamma_R0_14 := memory_load32_le(mem, 69664bv64), (gamma_load32(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    R1_4, Gamma_R1_4 := bvadd32(R0_14, 3bv32), Gamma_R0_14;
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69668bv64) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, 69668bv64, R1_4), gamma_store32(Gamma_mem, 69668bv64, Gamma_R1_4);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((0bv24 ++ R0[8:0])), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_19, Gamma_R0_19 := zero_extend56_8(memory_load8_le(mem, 69652bv64)), (gamma_load8(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R0_20, Gamma_R0_20 := zero_extend32_32(bvadd32(R0_19[32:0], 1bv32)), Gamma_R0_19;
+    R1_5, Gamma_R1_5 := zero_extend56_8(R0_20[8:0]), Gamma_R0_20;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1924$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store8_le(mem, 69652bv64, R1_5[8:0]), gamma_store8(Gamma_mem, 69652bv64, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/correct/initialisation/gcc_O2/initialisation.expected b/src/test/correct/initialisation/gcc_O2/initialisation.expected
index efb62f192..ae8ed1e52 100644
--- a/src/test/correct/initialisation/gcc_O2/initialisation.expected
+++ b/src/test/correct/initialisation/gcc_O2/initialisation.expected
@@ -1,18 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
-var {:extern} Gamma_R4: bool;
-var {:extern} Gamma_R5: bool;
-var {:extern} Gamma_R6: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
-var {:extern} R4: bv64;
-var {:extern} R5: bv64;
-var {:extern} R6: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69664bv64);
@@ -28,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -65,15 +69,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -107,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_R4, Gamma_R5, Gamma_R6, Gamma_mem, R0, R1, R2, R3, R4, R5, R6, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 5bv64);
@@ -135,44 +139,50 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool)
 {
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R3_2: bv32;
+  var R3_3: bv64;
+  var R4_2: bv64;
+  var R6_2: bv32;
+  var R6_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R5, Gamma_R5 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R5, 16bv64), Gamma_R5;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R6, Gamma_R6 := zero_extend32_32(memory_load32_le(mem, bvadd64(R5, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R5, 16bv64)) || L(mem, bvadd64(R5, 16bv64)));
+    R6_2, Gamma_R6_2 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
     call rely();
-    R4, Gamma_R4 := memory_load64_le(mem, bvadd64(R1, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R1, 8bv64)) || L(mem, bvadd64(R1, 8bv64)));
-    R6, Gamma_R6 := zero_extend32_32(bvadd32(R6[32:0], 1bv32)), Gamma_R6;
+    R4_2, Gamma_R4_2 := memory_load64_le(mem, 69656bv64), (gamma_load64(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R6_3, Gamma_R6_3 := zero_extend32_32(bvadd32(R6_2, 1bv32)), Gamma_R6_2;
     call rely();
-    R2, Gamma_R2 := zero_extend56_8(memory_load8_le(mem, bvadd64(R1, 24bv64))), (gamma_load8(Gamma_mem, bvadd64(R1, 24bv64)) || L(mem, bvadd64(R1, 24bv64)));
+    R2_2, Gamma_R2_2 := zero_extend56_8(memory_load8_le(mem, 69672bv64)), (gamma_load8(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
     call rely();
-    R3, Gamma_R3 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 16bv64)) || L(mem, bvadd64(R1, 16bv64)));
-    R4, Gamma_R4 := bvadd64(R4, 18446744073709551615bv64), Gamma_R4;
-    R2, Gamma_R2 := zero_extend32_32(bvadd32(R2[32:0], 1bv32)), Gamma_R2;
+    R3_2, Gamma_R3_2 := memory_load32_le(mem, 69664bv64), (gamma_load32(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    R2_3, Gamma_R2_3 := zero_extend32_32(bvadd32(R2_2[32:0], 1bv32)), Gamma_R2_2;
     call rely();
-    assert (L(mem, bvadd64(R5, 16bv64)) ==> Gamma_R6);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R5, 16bv64), R6[32:0]), gamma_store32(Gamma_mem, bvadd64(R5, 16bv64), Gamma_R6);
-    assume {:captureState "%000001ec"} true;
-    R3, Gamma_R3 := zero_extend32_32(bvadd32(R3[32:0], 3bv32)), Gamma_R3;
+    assert (L(mem, 69648bv64) ==> Gamma_R6_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R6_3[32:0]), gamma_store32(Gamma_mem, 69648bv64, Gamma_R6_3);
+    R3_3, Gamma_R3_3 := zero_extend32_32(bvadd32(R3_2, 3bv32)), Gamma_R3_2;
     call rely();
-    assert (L(mem, bvadd64(R1, 8bv64)) ==> Gamma_R4);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R1, 8bv64), R4), gamma_store64(Gamma_mem, bvadd64(R1, 8bv64), Gamma_R4);
-    assume {:captureState "%000001fa"} true;
+    assert (L(mem, 69656bv64) ==> Gamma_R4_2);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, bvadd64(R4_2, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69656bv64, Gamma_R4_2);
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R3);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R3);
-    assume {:captureState "%00000202"} true;
+    assert (L(mem, 69668bv64) ==> Gamma_R3_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69668bv64, R3_3[32:0]), gamma_store32(Gamma_mem, 69668bv64, Gamma_R3_3);
     call rely();
-    assert (L(mem, bvadd64(R1, 24bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R1, 24bv64), R2[8:0]), gamma_store8(Gamma_mem, bvadd64(R1, 24bv64), Gamma_R2);
-    assume {:captureState "%0000020a"} true;
+    assert (L(mem, 69672bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69672bv64, R2_3[8:0]), gamma_store8(Gamma_mem, 69672bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out, R4_out, R5_out, R6_out := 0bv64, 69648bv64, R2_3, R3_3, bvadd64(R4_2, 18446744073709551615bv64), 69632bv64, R6_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out, Gamma_R4_out, Gamma_R5_out, Gamma_R6_out := true, true, Gamma_R2_3, Gamma_R3_3, Gamma_R4_2, true, Gamma_R6_3;
     return;
 }
 
diff --git a/src/test/correct/initialisation/gcc_O2/initialisation_gtirb.expected b/src/test/correct/initialisation/gcc_O2/initialisation_gtirb.expected
index cc20e1b32..cabf0da86 100644
--- a/src/test/correct/initialisation/gcc_O2/initialisation_gtirb.expected
+++ b/src/test/correct/initialisation/gcc_O2/initialisation_gtirb.expected
@@ -1,18 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
-var {:extern} Gamma_R4: bool;
-var {:extern} Gamma_R5: bool;
-var {:extern} Gamma_R6: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
-var {:extern} R4: bv64;
-var {:extern} R5: bv64;
-var {:extern} R6: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69664bv64);
@@ -28,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -65,19 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -107,8 +111,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_R4, Gamma_R5, Gamma_R6, Gamma_mem, R0, R1, R2, R3, R4, R5, R6, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 5bv64);
@@ -135,44 +139,50 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool)
 {
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R3_2: bv32;
+  var R3_3: bv64;
+  var R4_2: bv64;
+  var R6_2: bv32;
+  var R6_3: bv64;
   $main$__0__$VgTx1GD5RKmGejJw1DpySQ:
-    assume {:captureState "$main$__0__$VgTx1GD5RKmGejJw1DpySQ"} true;
-    R5, Gamma_R5 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R5, 16bv64), Gamma_R5;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R6, Gamma_R6 := zero_extend32_32(memory_load32_le(mem, bvadd64(R5, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R5, 16bv64)) || L(mem, bvadd64(R5, 16bv64)));
+    R6_2, Gamma_R6_2 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
     call rely();
-    R4, Gamma_R4 := memory_load64_le(mem, bvadd64(R1, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R1, 8bv64)) || L(mem, bvadd64(R1, 8bv64)));
-    R6, Gamma_R6 := zero_extend32_32(bvadd32(R6[32:0], 1bv32)), Gamma_R6;
+    R4_2, Gamma_R4_2 := memory_load64_le(mem, 69656bv64), (gamma_load64(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    R6_3, Gamma_R6_3 := zero_extend32_32(bvadd32(R6_2, 1bv32)), Gamma_R6_2;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R1, 24bv64)))), (gamma_load8(Gamma_mem, bvadd64(R1, 24bv64)) || L(mem, bvadd64(R1, 24bv64)));
+    R2_2, Gamma_R2_2 := zero_extend56_8(memory_load8_le(mem, 69672bv64)), (gamma_load8(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
     call rely();
-    R3, Gamma_R3 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 16bv64)) || L(mem, bvadd64(R1, 16bv64)));
-    R4, Gamma_R4 := bvadd64(R4, 18446744073709551615bv64), Gamma_R4;
-    R2, Gamma_R2 := zero_extend32_32(bvadd32(R2[32:0], 1bv32)), Gamma_R2;
+    R3_2, Gamma_R3_2 := memory_load32_le(mem, 69664bv64), (gamma_load32(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    R2_3, Gamma_R2_3 := zero_extend32_32(bvadd32(R2_2[32:0], 1bv32)), Gamma_R2_2;
     call rely();
-    assert (L(mem, bvadd64(R5, 16bv64)) ==> Gamma_R6);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R5, 16bv64), R6[32:0]), gamma_store32(Gamma_mem, bvadd64(R5, 16bv64), Gamma_R6);
-    assume {:captureState "1576$0"} true;
-    R3, Gamma_R3 := zero_extend32_32(bvadd32(R3[32:0], 3bv32)), Gamma_R3;
+    assert (L(mem, 69648bv64) ==> Gamma_R6_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R6_3[32:0]), gamma_store32(Gamma_mem, 69648bv64, Gamma_R6_3);
+    R3_3, Gamma_R3_3 := zero_extend32_32(bvadd32(R3_2, 3bv32)), Gamma_R3_2;
     call rely();
-    assert (L(mem, bvadd64(R1, 8bv64)) ==> Gamma_R4);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R1, 8bv64), R4), gamma_store64(Gamma_mem, bvadd64(R1, 8bv64), Gamma_R4);
-    assume {:captureState "1584$0"} true;
+    assert (L(mem, 69656bv64) ==> Gamma_R4_2);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, bvadd64(R4_2, 18446744073709551615bv64)), gamma_store64(Gamma_mem, 69656bv64, Gamma_R4_2);
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R3);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R3);
-    assume {:captureState "1588$0"} true;
+    assert (L(mem, 69668bv64) ==> Gamma_R3_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69668bv64, R3_3[32:0]), gamma_store32(Gamma_mem, 69668bv64, Gamma_R3_3);
     call rely();
-    assert (L(mem, bvadd64(R1, 24bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R1, 24bv64), R2[8:0]), gamma_store8(Gamma_mem, bvadd64(R1, 24bv64), Gamma_R2);
-    assume {:captureState "1592$0"} true;
+    assert (L(mem, 69672bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69672bv64, R2_3[8:0]), gamma_store8(Gamma_mem, 69672bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out, R4_out, R5_out, R6_out := 0bv64, 69648bv64, R2_3, R3_3, bvadd64(R4_2, 18446744073709551615bv64), 69632bv64, R6_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out, Gamma_R4_out, Gamma_R5_out, Gamma_R6_out := true, true, Gamma_R2_3, Gamma_R3_3, Gamma_R4_2, true, Gamma_R6_3;
     return;
 }
 
diff --git a/src/test/correct/initialisation/gcc_pic/initialisation.expected b/src/test/correct/initialisation/gcc_pic/initialisation.expected
index ef5a7eb85..b06b98436 100644
--- a/src/test/correct/initialisation/gcc_pic/initialisation.expected
+++ b/src/test/correct/initialisation/gcc_pic/initialisation.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69664bv64);
@@ -18,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -55,15 +69,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -101,8 +115,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 416611827717bv64);
@@ -136,67 +150,85 @@ procedure main();
   free ensures (memory_load64_le(mem, 68984bv64) == 1936bv64);
   free ensures (memory_load64_le(mem, 68992bv64) == 1856bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_11: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_22: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_11: bv64;
+  var R0_13: bv64;
+  var R0_14: bv32;
+  var R0_16: bv64;
+  var R0_18: bv64;
+  var R0_19: bv64;
+  var R0_20: bv64;
+  var R0_22: bv64;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_6: bv64;
+  var R0_8: bv64;
+  var R0_9: bv64;
+  var R1_2: bv32;
+  var R1_4: bv32;
+  var R1_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    R1_2, Gamma_R1_2 := bvadd32(R0_4, 1bv32), Gamma_R0_4;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000351"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_6) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, R1_2), gamma_store32(Gamma_mem, R0_6, Gamma_R1_2);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := bvadd64(R0, 18446744073709551615bv64), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, R0_8), (gamma_load64(Gamma_mem, R0_8) || L(mem, R0_8));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
+    R0_11, Gamma_R0_11 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000037e"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_11) ==> Gamma_R0_9);
+    mem, Gamma_mem := memory_store64_le(mem, R0_11, bvadd64(R0_9, 18446744073709551615bv64)), gamma_store64(Gamma_mem, R0_11, Gamma_R0_9);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_13, Gamma_R0_13 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 3bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_14, Gamma_R0_14 := memory_load32_le(mem, R0_13), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
+    R1_4, Gamma_R1_4 := bvadd32(R0_14, 3bv32), Gamma_R0_14;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_16, Gamma_R0_16 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
-    assume {:captureState "%000003ab"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, bvadd64(R0_16, 4bv64)) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0_16, 4bv64), R1_4), gamma_store32(Gamma_mem, bvadd64(R0_16, 4bv64), Gamma_R1_4);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_18, Gamma_R0_18 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((0bv24 ++ R0[8:0])), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_19, Gamma_R0_19 := zero_extend56_8(memory_load8_le(mem, R0_18)), (gamma_load8(Gamma_mem, R0_18) || L(mem, R0_18));
+    R0_20, Gamma_R0_20 := zero_extend32_32(bvadd32(R0_19[32:0], 1bv32)), Gamma_R0_19;
+    R1_5, Gamma_R1_5 := zero_extend56_8(R0_20[8:0]), Gamma_R0_20;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_22, Gamma_R0_22 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003de"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_22) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store8_le(mem, R0_22, R1_5[8:0]), gamma_store8(Gamma_mem, R0_22, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/correct/initialisation/gcc_pic/initialisation_gtirb.expected b/src/test/correct/initialisation/gcc_pic/initialisation_gtirb.expected
index 0de8f82bf..47799b514 100644
--- a/src/test/correct/initialisation/gcc_pic/initialisation_gtirb.expected
+++ b/src/test/correct/initialisation/gcc_pic/initialisation_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $a_addr: bv64;
 axiom ($a_addr == 69664bv64);
@@ -18,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -55,19 +69,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -101,8 +115,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 416611827717bv64);
@@ -136,67 +150,85 @@ procedure main();
   free ensures (memory_load64_le(mem, 68984bv64) == 1936bv64);
   free ensures (memory_load64_le(mem, 68992bv64) == 1856bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_11: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_22: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_11: bv64;
+  var R0_13: bv64;
+  var R0_14: bv32;
+  var R0_16: bv64;
+  var R0_18: bv64;
+  var R0_19: bv64;
+  var R0_20: bv64;
+  var R0_22: bv64;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_6: bv64;
+  var R0_8: bv64;
+  var R0_9: bv64;
+  var R1_2: bv32;
+  var R1_4: bv32;
+  var R1_5: bv64;
   $main$__0__$RdBKbEpiQ_~E2xl9E6bZQw:
-    assume {:captureState "$main$__0__$RdBKbEpiQ_~E2xl9E6bZQw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    R1_2, Gamma_R1_2 := bvadd32(R0_4, 1bv32), Gamma_R0_4;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_6, Gamma_R0_6 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1964$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_6) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, R1_2), gamma_store32(Gamma_mem, R0_6, Gamma_R1_2);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := bvadd64(R0, 18446744073709551615bv64), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, R0_8), (gamma_load64(Gamma_mem, R0_8) || L(mem, R0_8));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4040bv64)) || L(mem, bvadd64(R0, 4040bv64)));
+    R0_11, Gamma_R0_11 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1992$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_11) ==> Gamma_R0_9);
+    mem, Gamma_mem := memory_store64_le(mem, R0_11, bvadd64(R0_9, 18446744073709551615bv64)), gamma_store64(Gamma_mem, R0_11, Gamma_R0_9);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_13, Gamma_R0_13 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 3bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_14, Gamma_R0_14 := memory_load32_le(mem, R0_13), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
+    R1_4, Gamma_R1_4 := bvadd32(R0_14, 3bv32), Gamma_R0_14;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_16, Gamma_R0_16 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, bvadd64(R0, 4bv64)) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0, 4bv64), R1[32:0]), gamma_store32(Gamma_mem, bvadd64(R0, 4bv64), Gamma_R1);
-    assume {:captureState "2020$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, bvadd64(R0_16, 4bv64)) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R0_16, 4bv64), R1_4), gamma_store32(Gamma_mem, bvadd64(R0_16, 4bv64), Gamma_R1_4);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_18, Gamma_R0_18 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((0bv24 ++ R0[8:0])), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_19, Gamma_R0_19 := zero_extend56_8(memory_load8_le(mem, R0_18)), (gamma_load8(Gamma_mem, R0_18) || L(mem, R0_18));
+    R0_20, Gamma_R0_20 := zero_extend32_32(bvadd32(R0_19[32:0], 1bv32)), Gamma_R0_19;
+    R1_5, Gamma_R1_5 := zero_extend56_8(R0_20[8:0]), Gamma_R0_20;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_22, Gamma_R0_22 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2052$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_22) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store8_le(mem, R0_22, R1_5[8:0]), gamma_store8(Gamma_mem, R0_22, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/correct/jumptable2/clang/jumptable2_gtirb.expected b/src/test/correct/jumptable2/clang/jumptable2_gtirb.expected
index 0ca38869d..05cd7ad8a 100644
--- a/src/test/correct/jumptable2/clang/jumptable2_gtirb.expected
+++ b/src/test/correct/jumptable2/clang/jumptable2_gtirb.expected
@@ -1,27 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -35,11 +13,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -49,11 +37,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -69,15 +61,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -112,7 +102,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure add_two();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -138,24 +128,24 @@ procedure add_two();
 
 implementation add_two()
 {
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var R8_1: bv32;
+  var R8_2: bv32;
   $add_two$__0__$q7ZKy1R2QUKWr5v_JFG4ug:
-    assume {:captureState "$add_two$__0__$q7ZKy1R2QUKWr5v_JFG4ug"} true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 48bv64)) || L(mem, bvadd64(R9, 48bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 2bv32)), Gamma_R8;
+    R8_1, Gamma_R8_1 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R8_2, Gamma_R8_2 := bvadd32(R8_1, 2bv32), Gamma_R8_1;
     call rely();
-    assert (L(mem, bvadd64(R9, 48bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 48bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 48bv64), Gamma_R8);
-    assume {:captureState "1888$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R8_2), gamma_store32(Gamma_mem, 69680bv64, Gamma_R8_2);
     goto add_two_basil_return;
   add_two_basil_return:
-    assume {:captureState "add_two_basil_return"} true;
     return;
 }
 
 procedure sub_seven();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R8, R9, VF, ZF, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -181,31 +171,24 @@ procedure sub_seven();
 
 implementation sub_seven()
 {
-  var Cse0__5$0$2: bv32;
-  var Gamma_Cse0__5$0$2: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var R8_1: bv32;
+  var R8_2: bv32;
   $sub_seven$__0__$NsH3NjTvSbaIhN4GlaFRLw:
-    assume {:captureState "$sub_seven$__0__$NsH3NjTvSbaIhN4GlaFRLw"} true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 48bv64)) || L(mem, bvadd64(R9, 48bv64)));
-    Cse0__5$0$2, Gamma_Cse0__5$0$2 := bvadd32(R8[32:0], 4294967289bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$0$2), bvadd33(sign_extend1_32(R8[32:0]), 8589934585bv33))), (Gamma_R8 && Gamma_Cse0__5$0$2);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$2), bvadd33(zero_extend1_32(R8[32:0]), 4294967289bv33))), (Gamma_R8 && Gamma_Cse0__5$0$2);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$2, 0bv32), Gamma_Cse0__5$0$2;
-    NF, Gamma_NF := Cse0__5$0$2[32:31], Gamma_Cse0__5$0$2;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$0$2), Gamma_Cse0__5$0$2;
+    R8_1, Gamma_R8_1 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R8_2, Gamma_R8_2 := bvadd32(R8_1, 4294967289bv32), Gamma_R8_1;
     call rely();
-    assert (L(mem, bvadd64(R9, 48bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 48bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 48bv64), Gamma_R8);
-    assume {:captureState "1928$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R8_2), gamma_store32(Gamma_mem, 69680bv64, Gamma_R8_2);
     goto sub_seven_basil_return;
   sub_seven_basil_return:
-    assume {:captureState "sub_seven_basil_return"} true;
     return;
 }
 
 procedure add_six();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2053bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -231,24 +214,24 @@ procedure add_six();
 
 implementation add_six()
 {
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var R8_1: bv32;
+  var R8_2: bv32;
   $add_six$__0__$R7rnILkkQt~m3atwYHgqZw:
-    assume {:captureState "$add_six$__0__$R7rnILkkQt~m3atwYHgqZw"} true;
-    R9, Gamma_R9 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 48bv64)) || L(mem, bvadd64(R9, 48bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 6bv32)), Gamma_R8;
+    R8_1, Gamma_R8_1 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R8_2, Gamma_R8_2 := bvadd32(R8_1, 6bv32), Gamma_R8_1;
     call rely();
-    assert (L(mem, bvadd64(R9, 48bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 48bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 48bv64), Gamma_R8);
-    assume {:captureState "1908$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R8_2), gamma_store32(Gamma_mem, 69680bv64, Gamma_R8_2);
     goto add_six_basil_return;
   add_six_basil_return:
-    assume {:captureState "add_six_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R29, R30, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 5bv64);
@@ -266,10 +249,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1936bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2052bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2053bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -282,66 +261,45 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1936bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$1: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_5: bv64;
+  var R8_5: bv64;
+  var R8_6: bv64;
   $main$__0__$eU5HB3jMTHGqgfMDZYX1tA:
-    assume {:captureState "$main$__0__$eU5HB3jMTHGqgfMDZYX1tA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$1$1, Gamma_Cse0__5$1$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$1, R29), gamma_store64(Gamma_stack, Cse0__5$1$1, Gamma_R29);
-    assume {:captureState "1940$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$1, 8bv64), Gamma_R30);
-    assume {:captureState "1940$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R9, Gamma_R9 := bvadd64(R9, 56bv64), Gamma_R9;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R9), gamma_store64(Gamma_stack, R31, Gamma_R9);
-    assume {:captureState "1960$0"} true;
-    R9, Gamma_R9 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R9);
-    assume {:captureState "1968$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "1972$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551608bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R0);
-    assume {:captureState "1976$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "1980$0"} true;
-    call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    R30, Gamma_R30 := 1992bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), 69688bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
     call add_two();
     goto $main$__1__$p5YPh9uZSeeRZ2XwUYn~Tw;
   $main$__1__$p5YPh9uZSeeRZ2XwUYn~Tw:
-    assume {:captureState "$main$__1__$p5YPh9uZSeeRZ2XwUYn~Tw"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 8bv64)) || L(mem, bvadd64(R8, 8bv64)));
-    R30, Gamma_R30 := 1992bv64, true;
     call add_six();
     goto $main$__2__$_hg9mn5wS7GgqSlZeoJfGQ;
   $main$__2__$_hg9mn5wS7GgqSlZeoJfGQ:
-    assume {:captureState "$main$__2__$_hg9mn5wS7GgqSlZeoJfGQ"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
+    R8_5, Gamma_R8_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 16bv64)) || L(mem, bvadd64(R8, 16bv64)));
-    R30, Gamma_R30 := 1992bv64, true;
+    R8_6, Gamma_R8_6 := memory_load64_le(mem, bvadd64(R8_5, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R8_5, 16bv64)) || L(mem, bvadd64(R8_5, 16bv64)));
     call sub_seven();
     goto $main$__3__$Wg9L39DXQImRFWkgvX2gEw;
   $main$__3__$Wg9L39DXQImRFWkgvX2gEw:
-    assume {:captureState "$main$__3__$Wg9L39DXQImRFWkgvX2gEw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$0$1), gamma_load64(Gamma_stack, Cse0__5$0$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$0$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_2, R29_3, R30_5, R31_in, R8_6, 0bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in, Gamma_R8_6, true;
     return;
 }
 
diff --git a/src/test/correct/jumptable2/clang_O2/jumptable2_gtirb.expected b/src/test/correct/jumptable2/clang_O2/jumptable2_gtirb.expected
index dc88e8297..3e7e7fa88 100644
--- a/src/test/correct/jumptable2/clang_O2/jumptable2_gtirb.expected
+++ b/src/test/correct/jumptable2/clang_O2/jumptable2_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R19: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R19: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -28,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,11 +37,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -57,14 +61,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -97,8 +100,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R19, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R19, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R19_out: bv64, Gamma_R19_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 5bv64);
@@ -116,12 +119,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1936bv64);
-  free ensures (Gamma_R19 == old(Gamma_R19));
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R19 == old(R19));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2016bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2017bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2018bv64) == 2bv8);
@@ -134,57 +131,43 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1872bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1936bv64);
 
-implementation main()
+implementation main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R19_out: bv64, Gamma_R19_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$2$0: bv64;
-  var Gamma_Cse0__5$2$0: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R8_3: bool;
+  var R19_4: bv64;
+  var R29_3: bv64;
+  var R30_5: bv64;
+  var R8_3: bv64;
   $main$__0__$wC7NIj00StStGxM0LI2VwQ:
-    assume {:captureState "$main$__0__$wC7NIj00StStGxM0LI2VwQ"} true;
-    Cse0__5$2$0, Gamma_Cse0__5$2$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$2$0, R29), gamma_store64(Gamma_stack, Cse0__5$2$0, Gamma_R29);
-    assume {:captureState "1936$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$2$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$2$0, 8bv64), Gamma_R30);
-    assume {:captureState "1936$2"} true;
-    R31, Gamma_R31 := Cse0__5$2$0, Gamma_Cse0__5$2$0;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R19), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R19);
-    assume {:captureState "1940$0"} true;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R19, Gamma_R19 := 69632bv64, true;
-    R19, Gamma_R19 := bvadd64(R19, 56bv64), Gamma_R19;
-    call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, R19), (gamma_load64(Gamma_mem, R19) || L(mem, R19));
-    R30, Gamma_R30 := 1964bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R19_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R19_in);
     call add_two();
     goto $main$__1__$9JzDMe78T9KO0OnEp65uKg;
   $main$__1__$9JzDMe78T9KO0OnEp65uKg:
-    assume {:captureState "$main$__1__$9JzDMe78T9KO0OnEp65uKg"} true;
-    call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R19, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R19, 8bv64)) || L(mem, bvadd64(R19, 8bv64)));
-    R30, Gamma_R30 := 1964bv64, true;
     call add_six();
     goto $main$__2__$F9IXiDuaS2S~EwbOz5HUEw;
   $main$__2__$F9IXiDuaS2S~EwbOz5HUEw:
-    assume {:captureState "$main$__2__$F9IXiDuaS2S~EwbOz5HUEw"} true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R19, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R19, 16bv64)) || L(mem, bvadd64(R19, 16bv64)));
-    R30, Gamma_R30 := 1964bv64, true;
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69704bv64), (gamma_load64(Gamma_mem, 69704bv64) || L(mem, 69704bv64));
     call sub_seven();
     goto $main$__3__$OhO~c77aTJ6ndOxW9PxJzQ;
   $main$__3__$OhO~c77aTJ6ndOxW9PxJzQ:
-    assume {:captureState "$main$__3__$OhO~c77aTJ6ndOxW9PxJzQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R19_4, Gamma_R19_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R19_out, R29_out, R30_out, R31_out, R8_out := 0bv64, R19_4, R29_3, R30_5, R31_in, R8_3;
+    Gamma_R0_out, Gamma_R19_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out := true, Gamma_R19_4, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in, Gamma_R8_3;
     return;
 }
 
 procedure sub_seven();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2016bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2017bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2018bv64) == 2bv8);
@@ -210,24 +193,24 @@ procedure sub_seven();
 
 implementation sub_seven()
 {
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R9_1: bv32;
+  var R9_2: bv32;
   $sub_seven$__0__$ocbHXXGATjqAp6GkHigdUA:
-    assume {:captureState "$sub_seven$__0__$ocbHXXGATjqAp6GkHigdUA"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 48bv64)) || L(mem, bvadd64(R8, 48bv64)));
-    R9, Gamma_R9 := zero_extend32_32(bvadd32(R9[32:0], 4294967289bv32)), Gamma_R9;
+    R9_1, Gamma_R9_1 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R9_2, Gamma_R9_2 := bvadd32(R9_1, 4294967289bv32), Gamma_R9_1;
     call rely();
-    assert (L(mem, bvadd64(R8, 48bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 48bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 48bv64), Gamma_R9);
-    assume {:captureState "1928$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R9_2), gamma_store32(Gamma_mem, 69680bv64, Gamma_R9_2);
     goto sub_seven_basil_return;
   sub_seven_basil_return:
-    assume {:captureState "sub_seven_basil_return"} true;
     return;
 }
 
 procedure add_two();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2016bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2017bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2018bv64) == 2bv8);
@@ -253,24 +236,24 @@ procedure add_two();
 
 implementation add_two()
 {
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R9_1: bv32;
+  var R9_2: bv32;
   $add_two$__0__$Y7f13oh7RqmVBWvxNXuniA:
-    assume {:captureState "$add_two$__0__$Y7f13oh7RqmVBWvxNXuniA"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 48bv64)) || L(mem, bvadd64(R8, 48bv64)));
-    R9, Gamma_R9 := zero_extend32_32(bvadd32(R9[32:0], 2bv32)), Gamma_R9;
+    R9_1, Gamma_R9_1 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R9_2, Gamma_R9_2 := bvadd32(R9_1, 2bv32), Gamma_R9_1;
     call rely();
-    assert (L(mem, bvadd64(R8, 48bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 48bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 48bv64), Gamma_R9);
-    assume {:captureState "1888$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R9_2), gamma_store32(Gamma_mem, 69680bv64, Gamma_R9_2);
     goto add_two_basil_return;
   add_two_basil_return:
-    assume {:captureState "add_two_basil_return"} true;
     return;
 }
 
 procedure add_six();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2016bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2017bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2018bv64) == 2bv8);
@@ -296,19 +279,19 @@ procedure add_six();
 
 implementation add_six()
 {
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R9_1: bv32;
+  var R9_2: bv32;
   $add_six$__0__$xWsLZ13VTJuk_UvRVjK3kQ:
-    assume {:captureState "$add_six$__0__$xWsLZ13VTJuk_UvRVjK3kQ"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 48bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 48bv64)) || L(mem, bvadd64(R8, 48bv64)));
-    R9, Gamma_R9 := zero_extend32_32(bvadd32(R9[32:0], 6bv32)), Gamma_R9;
+    R9_1, Gamma_R9_1 := memory_load32_le(mem, 69680bv64), (gamma_load32(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    R9_2, Gamma_R9_2 := bvadd32(R9_1, 6bv32), Gamma_R9_1;
     call rely();
-    assert (L(mem, bvadd64(R8, 48bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 48bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 48bv64), Gamma_R9);
-    assume {:captureState "1908$0"} true;
+    assert (L(mem, 69680bv64) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69680bv64, R9_2), gamma_store32(Gamma_mem, 69680bv64, Gamma_R9_2);
     goto add_six_basil_return;
   add_six_basil_return:
-    assume {:captureState "add_six_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/jumptable2/clang_pic/jumptable2_gtirb.expected b/src/test/correct/jumptable2/clang_pic/jumptable2_gtirb.expected
index 1cebf2f2d..f6936d2ec 100644
--- a/src/test/correct/jumptable2/clang_pic/jumptable2_gtirb.expected
+++ b/src/test/correct/jumptable2/clang_pic/jumptable2_gtirb.expected
@@ -1,27 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -35,11 +13,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -49,11 +37,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -69,15 +61,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -114,7 +104,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure add_two();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2124bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2125bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2126bv64) == 2bv8);
@@ -144,26 +134,28 @@ procedure add_two();
 
 implementation add_two()
 {
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_2: bool;
+  var R8_1: bv32;
+  var R8_2: bv32;
+  var R9_2: bv64;
   $add_two$__0__$r_TPM3RHSfm3u2v1UY0bLw:
-    assume {:captureState "$add_two$__0__$r_TPM3RHSfm3u2v1UY0bLw"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 2bv32)), Gamma_R8;
+    R8_1, Gamma_R8_1 := memory_load32_le(mem, R9_2), (gamma_load32(Gamma_mem, R9_2) || L(mem, R9_2));
+    R8_2, Gamma_R8_2 := bvadd32(R8_1, 2bv32), Gamma_R8_1;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1956$0"} true;
+    assert (L(mem, R9_2) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, R8_2), gamma_store32(Gamma_mem, R9_2, Gamma_R8_2);
     goto add_two_basil_return;
   add_two_basil_return:
-    assume {:captureState "add_two_basil_return"} true;
     return;
 }
 
 procedure add_six();
-  modifies Gamma_R8, Gamma_R9, Gamma_mem, R8, R9, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2124bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2125bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2126bv64) == 2bv8);
@@ -193,26 +185,28 @@ procedure add_six();
 
 implementation add_six()
 {
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_2: bool;
+  var R8_1: bv32;
+  var R8_2: bv32;
+  var R9_2: bv64;
   $add_six$__0__$WmWCAeM7QYqeVhx9woNn_g:
-    assume {:captureState "$add_six$__0__$WmWCAeM7QYqeVhx9woNn_g"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 6bv32)), Gamma_R8;
+    R8_1, Gamma_R8_1 := memory_load32_le(mem, R9_2), (gamma_load32(Gamma_mem, R9_2) || L(mem, R9_2));
+    R8_2, Gamma_R8_2 := bvadd32(R8_1, 6bv32), Gamma_R8_1;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1980$0"} true;
+    assert (L(mem, R9_2) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, R8_2), gamma_store32(Gamma_mem, R9_2, Gamma_R8_2);
     goto add_six_basil_return;
   add_six_basil_return:
-    assume {:captureState "add_six_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R29, R30, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 5bv64);
@@ -232,10 +226,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69704bv64) == 1988bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 1964bv64);
   free requires (memory_load64_le(mem, 69600bv64) == 69688bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2124bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2125bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2126bv64) == 2bv8);
@@ -250,71 +240,54 @@ procedure main();
   free ensures (memory_load64_le(mem, 69696bv64) == 1964bv64);
   free ensures (memory_load64_le(mem, 69600bv64) == 69688bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$2$1: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$2$1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var R0_2: bv64;
+  var R29_3: bv64;
+  var R30_5: bv64;
+  var R8_2: bv64;
+  var R8_6: bv64;
+  var R8_7: bv64;
   $main$__0__$EvxJkgQzT1q~MAbs_DZI3w:
-    assume {:captureState "$main$__0__$EvxJkgQzT1q~MAbs_DZI3w"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "2016$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "2016$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
-    call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4064bv64)) || L(mem, bvadd64(R8, 4064bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, R31, R8), gamma_store64(Gamma_stack, R31, Gamma_R8);
-    assume {:captureState "2032$0"} true;
-    R9, Gamma_R9 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R9);
-    assume {:captureState "2040$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "2044$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551608bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R0);
-    assume {:captureState "2048$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "2052$0"} true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, R8), (gamma_load64(Gamma_mem, R8) || L(mem, R8));
-    R30, Gamma_R30 := 2064bv64, true;
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R8_2), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R8_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
     call add_two();
     goto $main$__1__$~R7GAmlPRJGIPLWxHDibcw;
   $main$__1__$~R7GAmlPRJGIPLWxHDibcw:
-    assume {:captureState "$main$__1__$~R7GAmlPRJGIPLWxHDibcw"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 8bv64)) || L(mem, bvadd64(R8, 8bv64)));
-    R30, Gamma_R30 := 2064bv64, true;
     call add_six();
     goto $main$__2__$N2O4Vfx1QgWyqbECmi5prA;
   $main$__2__$N2O4Vfx1QgWyqbECmi5prA:
-    assume {:captureState "$main$__2__$N2O4Vfx1QgWyqbECmi5prA"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
+    R8_6, Gamma_R8_6 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 16bv64)) || L(mem, bvadd64(R8, 16bv64)));
-    R30, Gamma_R30 := 2064bv64, true;
+    R8_7, Gamma_R8_7 := memory_load64_le(mem, bvadd64(R8_6, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R8_6, 16bv64)) || L(mem, bvadd64(R8_6, 16bv64)));
     call sub_seven();
     goto $main$__3__$Ql81hl5HThuEPpygsxdjXA;
   $main$__3__$Ql81hl5HThuEPpygsxdjXA:
-    assume {:captureState "$main$__3__$Ql81hl5HThuEPpygsxdjXA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$2$1, Gamma_Cse0__5$2$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$2$1), gamma_load64(Gamma_stack, Cse0__5$2$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$2$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$2$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_2, R29_3, R30_5, R31_in, R8_7, 0bv64;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in, Gamma_R8_7, true;
     return;
 }
 
 procedure sub_seven();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R8, R9, VF, ZF, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2124bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2125bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2126bv64) == 2bv8);
@@ -344,28 +317,23 @@ procedure sub_seven();
 
 implementation sub_seven()
 {
-  var Cse0__5$0$3: bv32;
-  var Gamma_Cse0__5$0$3: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_2: bool;
+  var R8_1: bv32;
+  var R8_2: bv32;
+  var R9_2: bv64;
   $sub_seven$__0__$PpMW6ScZQ3q32PrByBlXeA:
-    assume {:captureState "$sub_seven$__0__$PpMW6ScZQ3q32PrByBlXeA"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_2, Gamma_R9_2 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    Cse0__5$0$3, Gamma_Cse0__5$0$3 := bvadd32(R8[32:0], 4294967289bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$0$3), bvadd33(sign_extend1_32(R8[32:0]), 8589934585bv33))), (Gamma_R8 && Gamma_Cse0__5$0$3);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$3), bvadd33(zero_extend1_32(R8[32:0]), 4294967289bv33))), (Gamma_R8 && Gamma_Cse0__5$0$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$3, 0bv32), Gamma_Cse0__5$0$3;
-    NF, Gamma_NF := Cse0__5$0$3[32:31], Gamma_Cse0__5$0$3;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$0$3), Gamma_Cse0__5$0$3;
+    R8_1, Gamma_R8_1 := memory_load32_le(mem, R9_2), (gamma_load32(Gamma_mem, R9_2) || L(mem, R9_2));
+    R8_2, Gamma_R8_2 := bvadd32(R8_1, 4294967289bv32), Gamma_R8_1;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2004$0"} true;
+    assert (L(mem, R9_2) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, R8_2), gamma_store32(Gamma_mem, R9_2, Gamma_R8_2);
     goto sub_seven_basil_return;
   sub_seven_basil_return:
-    assume {:captureState "sub_seven_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/jumptable2/gcc/jumptable2_gtirb.expected b/src/test/correct/jumptable2/gcc/jumptable2_gtirb.expected
index 37f9a52df..677a4c67e 100644
--- a/src/test/correct/jumptable2/gcc/jumptable2_gtirb.expected
+++ b/src/test/correct/jumptable2/gcc/jumptable2_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -24,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -33,11 +37,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,14 +61,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -94,7 +101,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure add_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -120,27 +127,24 @@ procedure add_two();
 
 implementation add_two()
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R1_1: bool;
+  var R0_3: bv32;
+  var R1_1: bv32;
   $add_two$__0__$Rbfn3kvcQq6N6xB9sTqQbg:
-    assume {:captureState "$add_two$__0__$Rbfn3kvcQq6N6xB9sTqQbg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 2bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R1_1, Gamma_R1_1 := bvadd32(R0_3, 2bv32), Gamma_R0_3;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1900$0"} true;
+    assert (L(mem, 69648bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R1_1), gamma_store32(Gamma_mem, 69648bv64, Gamma_R1_1);
     goto add_two_basil_return;
   add_two_basil_return:
-    assume {:captureState "add_two_basil_return"} true;
     return;
 }
 
 procedure sub_seven();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -166,27 +170,24 @@ procedure sub_seven();
 
 implementation sub_seven()
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R1_1: bool;
+  var R0_3: bv32;
+  var R1_1: bv32;
   $sub_seven$__0__$MLKKmEoXSkSC_7jU3K5ZIA:
-    assume {:captureState "$sub_seven$__0__$MLKKmEoXSkSC_7jU3K5ZIA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 4294967289bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R1_1, Gamma_R1_1 := bvadd32(R0_3, 4294967289bv32), Gamma_R0_3;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1972$0"} true;
+    assert (L(mem, 69648bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R1_1), gamma_store32(Gamma_mem, 69648bv64, Gamma_R1_1);
     goto sub_seven_basil_return;
   sub_seven_basil_return:
-    assume {:captureState "sub_seven_basil_return"} true;
     return;
 }
 
 procedure add_six();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2080bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2081bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -212,27 +213,24 @@ procedure add_six();
 
 implementation add_six()
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R1_1: bool;
+  var R0_3: bv32;
+  var R1_1: bv32;
   $add_six$__0__$tNh_uLjASU~LDGT1yt60fQ:
-    assume {:captureState "$add_six$__0__$tNh_uLjASU~LDGT1yt60fQ"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 6bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 16bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R1_1, Gamma_R1_1 := bvadd32(R0_3, 6bv32), Gamma_R0_3;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1936$0"} true;
+    assert (L(mem, 69648bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R1_1), gamma_store32(Gamma_mem, 69648bv64, Gamma_R1_1);
     goto add_six_basil_return;
   add_six_basil_return:
-    assume {:captureState "add_six_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 5bv64);
@@ -250,10 +248,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 1948bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2080bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2081bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2082bv64) == 2bv8);
@@ -266,57 +260,32 @@ procedure main();
   free ensures (memory_load64_le(mem, 69672bv64) == 1948bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$3$0: bv64;
-  var Gamma_Cse0__5$3$0: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var R29_3: bv64;
+  var R30_5: bv64;
   $main$__0__$w7eGi8EzQxu0kP7hQuHVUA:
-    assume {:captureState "$main$__0__$w7eGi8EzQxu0kP7hQuHVUA"} true;
-    Cse0__5$3$0, Gamma_Cse0__5$3$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$3$0, R29), gamma_store64(Gamma_stack, Cse0__5$3$0, Gamma_R29);
-    assume {:captureState "1984$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$3$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$3$0, 8bv64), Gamma_R30);
-    assume {:captureState "1984$2"} true;
-    R31, Gamma_R31 := Cse0__5$3$0, Gamma_Cse0__5$3$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1992$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "1996$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    R30, Gamma_R30 := 2016bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
     call add_two();
     goto $main$__1__$GHoZzu8MSj2vNAxUUuG_yw;
   $main$__1__$GHoZzu8MSj2vNAxUUuG_yw:
-    assume {:captureState "$main$__1__$GHoZzu8MSj2vNAxUUuG_yw"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 8bv64)) || L(mem, bvadd64(R0, 8bv64)));
-    R30, Gamma_R30 := 2016bv64, true;
     call add_six();
     goto $main$__2__$ZuhsVpJtT7GuDYpY3MOTrg;
   $main$__2__$ZuhsVpJtT7GuDYpY3MOTrg:
-    assume {:captureState "$main$__2__$ZuhsVpJtT7GuDYpY3MOTrg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 16bv64)) || L(mem, bvadd64(R0, 16bv64)));
-    R30, Gamma_R30 := 2016bv64, true;
     call sub_seven();
     goto $main$__3__$pfScaWraQ9qCs0VAc_LK4w;
   $main$__3__$pfScaWraQ9qCs0VAc_LK4w:
-    assume {:captureState "$main$__3__$pfScaWraQ9qCs0VAc_LK4w"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_in, R29_3, R30_5, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_in, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/jumptable2/gcc_O2/jumptable2_gtirb.expected b/src/test/correct/jumptable2/gcc_O2/jumptable2_gtirb.expected
index 5c232874f..c00443177 100644
--- a/src/test/correct/jumptable2/gcc_O2/jumptable2_gtirb.expected
+++ b/src/test/correct/jumptable2/gcc_O2/jumptable2_gtirb.expected
@@ -1,17 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R19: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R19: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -26,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -35,11 +37,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,14 +61,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -96,7 +101,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure add_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2040bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2041bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2042bv64) == 2bv8);
@@ -122,24 +127,24 @@ procedure add_two();
 
 implementation add_two()
 {
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var R0_1: bv32;
+  var R0_2: bv32;
   $add_two$__0__$PJOnl6EiQpak9~3sAS5yAg:
-    assume {:captureState "$add_two$__0__$PJOnl6EiQpak9~3sAS5yAg"} true;
-    R1, Gamma_R1 := 69632bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 16bv64)) || L(mem, bvadd64(R1, 16bv64)));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 2bv32)), Gamma_R0;
+    R0_1, Gamma_R0_1 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R0_2, Gamma_R0_2 := bvadd32(R0_1, 2bv32), Gamma_R0_1;
     call rely();
-    assert (L(mem, bvadd64(R1, 16bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 16bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 16bv64), Gamma_R0);
-    assume {:captureState "1964$0"} true;
+    assert (L(mem, 69648bv64) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R0_2), gamma_store32(Gamma_mem, 69648bv64, Gamma_R0_2);
     goto add_two_basil_return;
   add_two_basil_return:
-    assume {:captureState "add_two_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R19, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R19, R29, R30, R31, mem, stack;
+procedure main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 5bv64);
@@ -157,12 +162,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1856bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 2000bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R19 == old(Gamma_R19));
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R19 == old(R19));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2040bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2041bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2042bv64) == 2bv8);
@@ -175,57 +174,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69672bv64) == 2000bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$2$0: bv64;
-  var Gamma_Cse0__5$2$0: bool;
+  var Gamma_R1: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var R1: bv64;
+  var R19_3: bv64;
+  var R29_3: bv64;
+  var R30_5: bv64;
   $main$__0__$qxn5kvI1Qb20o759oZW7og:
-    assume {:captureState "$main$__0__$qxn5kvI1Qb20o759oZW7og"} true;
-    Cse0__5$2$0, Gamma_Cse0__5$2$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$2$0, R29), gamma_store64(Gamma_stack, Cse0__5$2$0, Gamma_R29);
-    assume {:captureState "1600$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$2$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$2$0, 8bv64), Gamma_R30);
-    assume {:captureState "1600$2"} true;
-    R31, Gamma_R31 := Cse0__5$2$0, Gamma_Cse0__5$2$0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R19), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R19);
-    assume {:captureState "1612$0"} true;
-    R19, Gamma_R19 := bvadd64(R0, 24bv64), Gamma_R0;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 24bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 24bv64)) || L(mem, bvadd64(R0, 24bv64)));
-    R30, Gamma_R30 := 1628bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R19_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R19_in);
     call add_two();
     goto $main$__1__$QY_U0Yl6SpejbEOj4iwjmA;
   $main$__1__$QY_U0Yl6SpejbEOj4iwjmA:
-    assume {:captureState "$main$__1__$QY_U0Yl6SpejbEOj4iwjmA"} true;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R19, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R19, 8bv64)) || L(mem, bvadd64(R19, 8bv64)));
-    R30, Gamma_R30 := 1628bv64, true;
     call add_six();
     goto $main$__2__$FEo8kCy_S~yuUaueq991zg;
   $main$__2__$FEo8kCy_S~yuUaueq991zg:
-    assume {:captureState "$main$__2__$FEo8kCy_S~yuUaueq991zg"} true;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R19, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R19, 16bv64)) || L(mem, bvadd64(R19, 16bv64)));
-    R30, Gamma_R30 := 1628bv64, true;
     call sub_seven();
     goto $main$__3__$b24tuus8Sm6VPGFLPjIJzQ;
   $main$__3__$b24tuus8Sm6VPGFLPjIJzQ:
-    assume {:captureState "$main$__3__$b24tuus8Sm6VPGFLPjIJzQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R19_3, Gamma_R19_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R19_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R19_3, R1, R29_3, R30_5, R31_in;
+    Gamma_R0_out, Gamma_R19_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R19_3, Gamma_R1, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in;
     return;
 }
 
 procedure sub_seven();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2040bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2041bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2042bv64) == 2bv8);
@@ -251,24 +234,24 @@ procedure sub_seven();
 
 implementation sub_seven()
 {
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var R0_1: bv32;
+  var R0_2: bv32;
   $sub_seven$__0__$X3yfVq36TdmZRiUe3JnW5Q:
-    assume {:captureState "$sub_seven$__0__$X3yfVq36TdmZRiUe3JnW5Q"} true;
-    R1, Gamma_R1 := 69632bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 16bv64)) || L(mem, bvadd64(R1, 16bv64)));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 4294967289bv32)), Gamma_R0;
+    R0_1, Gamma_R0_1 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R0_2, Gamma_R0_2 := bvadd32(R0_1, 4294967289bv32), Gamma_R0_1;
     call rely();
-    assert (L(mem, bvadd64(R1, 16bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 16bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 16bv64), Gamma_R0);
-    assume {:captureState "2012$0"} true;
+    assert (L(mem, 69648bv64) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R0_2), gamma_store32(Gamma_mem, 69648bv64, Gamma_R0_2);
     goto sub_seven_basil_return;
   sub_seven_basil_return:
-    assume {:captureState "sub_seven_basil_return"} true;
     return;
 }
 
 procedure add_six();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2040bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2041bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2042bv64) == 2bv8);
@@ -294,19 +277,19 @@ procedure add_six();
 
 implementation add_six()
 {
+  var Gamma_R0_1: bool;
+  var Gamma_R0_2: bool;
+  var R0_1: bv32;
+  var R0_2: bv32;
   $add_six$__0__$ZqFkXi0rTbONoLjBM0hAkA:
-    assume {:captureState "$add_six$__0__$ZqFkXi0rTbONoLjBM0hAkA"} true;
-    R1, Gamma_R1 := 69632bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R1, 16bv64))), (gamma_load32(Gamma_mem, bvadd64(R1, 16bv64)) || L(mem, bvadd64(R1, 16bv64)));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 6bv32)), Gamma_R0;
+    R0_1, Gamma_R0_1 := memory_load32_le(mem, 69648bv64), (gamma_load32(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    R0_2, Gamma_R0_2 := bvadd32(R0_1, 6bv32), Gamma_R0_1;
     call rely();
-    assert (L(mem, bvadd64(R1, 16bv64)) ==> Gamma_R0);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 16bv64), R0[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 16bv64), Gamma_R0);
-    assume {:captureState "1984$0"} true;
+    assert (L(mem, 69648bv64) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69648bv64, R0_2), gamma_store32(Gamma_mem, 69648bv64, Gamma_R0_2);
     goto add_six_basil_return;
   add_six_basil_return:
-    assume {:captureState "add_six_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/jumptable2/gcc_pic/jumptable2_gtirb.expected b/src/test/correct/jumptable2/gcc_pic/jumptable2_gtirb.expected
index 9ff9781fc..1b45657df 100644
--- a/src/test/correct/jumptable2/gcc_pic/jumptable2_gtirb.expected
+++ b/src/test/correct/jumptable2/gcc_pic/jumptable2_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -24,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -33,11 +37,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -53,14 +61,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -96,7 +103,7 @@ procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
 procedure add_two();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2144bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2145bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2146bv64) == 2bv8);
@@ -126,29 +133,32 @@ procedure add_two();
 
 implementation add_two()
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_1: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R1_1: bv32;
   $add_two$__0__$ACkGoC6ATEib99m8m22xRg:
-    assume {:captureState "$add_two$__0__$ACkGoC6ATEib99m8m22xRg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 2bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    R1_1, Gamma_R1_1 := bvadd32(R0_3, 2bv32), Gamma_R0_3;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1964$0"} true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_1), gamma_store32(Gamma_mem, R0_5, Gamma_R1_1);
     goto add_two_basil_return;
   add_two_basil_return:
-    assume {:captureState "add_two_basil_return"} true;
     return;
 }
 
 procedure sub_seven();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2144bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2145bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2146bv64) == 2bv8);
@@ -178,29 +188,32 @@ procedure sub_seven();
 
 implementation sub_seven()
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_1: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R1_1: bv32;
   $sub_seven$__0__$mxkvrZFjT0OVHvaLG5jKfA:
-    assume {:captureState "$sub_seven$__0__$mxkvrZFjT0OVHvaLG5jKfA"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 4294967289bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    R1_1, Gamma_R1_1 := bvadd32(R0_3, 4294967289bv32), Gamma_R0_3;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2036$0"} true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_1), gamma_store32(Gamma_mem, R0_5, Gamma_R1_1);
     goto sub_seven_basil_return;
   sub_seven_basil_return:
-    assume {:captureState "sub_seven_basil_return"} true;
     return;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R29, R30, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 69648bv64) == 5bv64);
@@ -220,10 +233,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1936bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 2012bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2144bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2145bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2146bv64) == 2bv8);
@@ -238,65 +247,37 @@ procedure main();
   free ensures (memory_load64_le(mem, 69672bv64) == 2012bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$2$0: bv64;
-  var Gamma_Cse0__5$2$0: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var R29_3: bv64;
+  var R30_5: bv64;
   $main$__0__$WpLalhBxTN28CzXBzaW2jg:
-    assume {:captureState "$main$__0__$WpLalhBxTN28CzXBzaW2jg"} true;
-    Cse0__5$2$0, Gamma_Cse0__5$2$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$2$0, R29), gamma_store64(Gamma_stack, Cse0__5$2$0, Gamma_R29);
-    assume {:captureState "2048$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$2$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$2$0, 8bv64), Gamma_R30);
-    assume {:captureState "2048$2"} true;
-    R31, Gamma_R31 := Cse0__5$2$0, Gamma_Cse0__5$2$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "2056$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "2060$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4088bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4088bv64)) || L(mem, bvadd64(R0, 4088bv64)));
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    R30, Gamma_R30 := 2080bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R1_in);
     call add_two();
     goto $main$__1__$sDnYWAohRBuHbEQ~zVQGsQ;
   $main$__1__$sDnYWAohRBuHbEQ~zVQGsQ:
-    assume {:captureState "$main$__1__$sDnYWAohRBuHbEQ~zVQGsQ"} true;
-    R0, Gamma_R0 := 65536bv64, true;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4088bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4088bv64)) || L(mem, bvadd64(R0, 4088bv64)));
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 8bv64)) || L(mem, bvadd64(R0, 8bv64)));
-    R30, Gamma_R30 := 2080bv64, true;
     call add_six();
     goto $main$__2__$L~8jkqoxTpihgr9AvP0~jA;
   $main$__2__$L~8jkqoxTpihgr9AvP0~jA:
-    assume {:captureState "$main$__2__$L~8jkqoxTpihgr9AvP0~jA"} true;
-    R0, Gamma_R0 := 65536bv64, true;
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4088bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4088bv64)) || L(mem, bvadd64(R0, 4088bv64)));
-    call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 16bv64)) || L(mem, bvadd64(R0, 16bv64)));
-    R30, Gamma_R30 := 2080bv64, true;
     call sub_seven();
     goto $main$__3__$QIGh3XotTZ6dibPcFRtsag;
   $main$__3__$QIGh3XotTZ6dibPcFRtsag:
-    assume {:captureState "$main$__3__$QIGh3XotTZ6dibPcFRtsag"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_in, R29_3, R30_5, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_in, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in;
     return;
 }
 
 procedure add_six();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2144bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2145bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2146bv64) == 2bv8);
@@ -326,24 +307,27 @@ procedure add_six();
 
 implementation add_six()
 {
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R1_1: bool;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R1_1: bv32;
   $add_six$__0__$csIZPpeWTza5lU2dTuTP6g:
-    assume {:captureState "$add_six$__0__$csIZPpeWTza5lU2dTuTP6g"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 6bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    R1_1, Gamma_R1_1 := bvadd32(R0_3, 6bv32), Gamma_R0_3;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2000$0"} true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_1), gamma_store32(Gamma_mem, R0_5, Gamma_R1_1);
     goto add_six_basil_return;
   add_six_basil_return:
-    assume {:captureState "add_six_basil_return"} true;
     return;
 }
 
diff --git a/src/test/correct/malloc_with_local/clang/malloc_with_local.expected b/src/test/correct/malloc_with_local/clang/malloc_with_local.expected
index d744c417a..de1d70a79 100644
--- a/src/test/correct/malloc_with_local/clang/malloc_with_local.expected
+++ b/src/test/correct/malloc_with_local/clang/malloc_with_local.expected
@@ -1,23 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -27,6 +13,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,17 +40,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -64,15 +68,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -110,7 +114,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
@@ -137,8 +141,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
@@ -153,10 +157,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free ensures (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -170,109 +170,591 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R10_7: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R11_7: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R12_7: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R13_7: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R14_7: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R15_7: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R18_7: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R20_7: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R21_7: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R22_7: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R23_7: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R24_7: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R25_7: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R26_7: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R27_7: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R28_7: bool;
+  var Gamma_R29_10: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_13: bool;
+  var Gamma_R30_15: bool;
+  var Gamma_R30_16: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R3_7: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R4_7: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R5_7: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R6_7: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R7_7: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var Gamma_R9_8: bool;
+  var Gamma_R9_9: bool;
+  var R0_10: bv64;
+  var R0_13: bv64;
+  var R0_14: bv64;
+  var R0_15: bv64;
+  var R0_16: bv64;
+  var R0_17: bv64;
+  var R0_18: bv64;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R0_7: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R10_7: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R11_7: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R12_7: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R13_7: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R14_7: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R15_7: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R18_7: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_4: bv64;
+  var R1_5: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R20_7: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R21_7: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R22_7: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R23_7: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R24_7: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R25_7: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R26_7: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R27_7: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R28_7: bv64;
+  var R29_10: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R3: bv64;
+  var R30_11: bv64;
+  var R30_13: bv64;
+  var R30_15: bv64;
+  var R30_16: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_9: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R31_9: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R3_7: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R4_7: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R5_7: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R6_7: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R7_7: bv64;
+  var R8_10: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_7: bv64;
+  var R8_8: bv64;
+  var R8_9: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
+  var R9_8: bv64;
+  var R9_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000362"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000368"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, R31, R8[32:0]), gamma_store32(Gamma_stack, R31, Gamma_R8);
-    assume {:captureState "%0000037b"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "%00000382"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551568bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 2100bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, 0bv64, true, R9, Gamma_R9);
     goto l00000391;
   l00000391:
-    assume {:captureState "l00000391"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "%00000397"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2112bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 16bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 16bv64), Gamma_R0_2);
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_3, Gamma_R8_3, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2112bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_1, Gamma_R9_1);
     goto l000003a5;
   l000003a5:
-    assume {:captureState "l000003a5"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%000003ab"} true;
-    R8, Gamma_R8 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%000003b8"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R8, Gamma_R8 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 8bv64), R0_4), gamma_store64(Gamma_stack, bvadd64(R31_4, 8bv64), Gamma_R0_4);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_4, 4bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_4, 4bv64), true);
+    R9_3, Gamma_R9_3 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000003cc"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    assert (L(mem, R9_3) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_3, 65bv8), gamma_store8(Gamma_mem, R9_3, true);
+    R9_4, Gamma_R9_4 := memory_load64_le(stack, bvadd64(R31_4, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 8bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000003e0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
+    assert (L(mem, R9_4) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_4, 42bv32), gamma_store32(Gamma_mem, R9_4, true);
+    R8_7, Gamma_R8_7 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(mem, R8)), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2260bv64), Gamma_R0;
-    R30, Gamma_R30 := 2168bv64, true;
-    call printf();
+    R1_3, Gamma_R1_3 := zero_extend56_8(memory_load8_le(mem, R8_7)), (gamma_load8(Gamma_mem, R8_7) || L(mem, R8_7));
+    call R0_7, Gamma_R0_7, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_4, Gamma_R1_4, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_8, Gamma_R8_8, R9_5, Gamma_R9_5 := printf(2260bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_3, Gamma_R1_3, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2168bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_7, Gamma_R8_7, R9_4, Gamma_R9_4);
     goto l00000403;
   l00000403:
-    assume {:captureState "l00000403"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_9, Gamma_R8_9 := memory_load64_le(stack, bvadd64(R31_5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 8bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2277bv64), Gamma_R0;
-    R30, Gamma_R30 := 2188bv64, true;
-    call printf();
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(mem, R8_9)), (gamma_load32(Gamma_mem, R8_9) || L(mem, R8_9));
+    call R0_10, Gamma_R0_10, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_6, Gamma_R1_6, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_9, Gamma_R30_9, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_10, Gamma_R8_10, R9_6, Gamma_R9_6 := printf(2277bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_5, Gamma_R1_5, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2188bv64, true, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_9, Gamma_R8_9, R9_5, Gamma_R9_5);
     goto l00000423;
   l00000423:
-    assume {:captureState "l00000423"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2293bv64), Gamma_R0;
-    R30, Gamma_R30 := 2204bv64, true;
-    call printf();
+    R1_7, Gamma_R1_7 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_6, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31_6, 4bv64));
+    call R0_13, Gamma_R0_13, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_8, Gamma_R1_8, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_11, Gamma_R30_11, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_11, Gamma_R8_11, R9_7, Gamma_R9_7 := printf(2293bv64, true, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_7, Gamma_R1_7, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2204bv64, true, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_10, Gamma_R8_10, R9_6, Gamma_R9_6);
     goto l0000043c;
   l0000043c:
-    assume {:captureState "l0000043c"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2212bv64, true;
-    call #free();
+    R0_14, Gamma_R0_14 := memory_load64_le(stack, bvadd64(R31_7, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_7, 16bv64));
+    call R0_15, Gamma_R0_15, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_9, Gamma_R1_9, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_13, Gamma_R30_13, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_12, Gamma_R8_12, R9_8, Gamma_R9_8 := #free(R0_14, Gamma_R0_14, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_8, Gamma_R1_8, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2212bv64, true, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_11, Gamma_R8_11, R9_7, Gamma_R9_7);
     goto l0000044b;
   l0000044b:
-    assume {:captureState "l0000044b"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R30, Gamma_R30 := 2220bv64, true;
-    call #free();
+    R0_16, Gamma_R0_16 := memory_load64_le(stack, bvadd64(R31_8, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 8bv64));
+    call R0_17, Gamma_R0_17, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_10, Gamma_R1_10, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, R30_15, Gamma_R30_15, R31_9, Gamma_R31_9, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_13, Gamma_R8_13, R9_9, Gamma_R9_9 := #free(R0_16, Gamma_R0_16, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_9, Gamma_R1_9, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, 2220bv64, true, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_12, Gamma_R8_12, R9_8, Gamma_R9_8);
     goto l00000459;
   l00000459:
-    assume {:captureState "l00000459"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, R31)), gamma_load32(Gamma_stack, R31);
-    #5, Gamma_#5 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_18, Gamma_R0_18 := zero_extend32_32(memory_load32_le(stack, R31_9)), gamma_load32(Gamma_stack, R31_9);
+    R29_10, Gamma_R29_10 := memory_load64_le(stack, bvadd64(R31_9, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 32bv64));
+    R30_16, Gamma_R30_16 := memory_load64_le(stack, bvadd64(R31_9, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 40bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_18, R1_10, R29_10, R30_16, bvadd64(R31_9, 48bv64), R8_13, R9_9;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_18, Gamma_R1_10, Gamma_R29_10, Gamma_R30_16, Gamma_R31_9, Gamma_R8_13, Gamma_R9_9;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
@@ -299,7 +781,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
diff --git a/src/test/correct/malloc_with_local/clang/malloc_with_local_gtirb.expected b/src/test/correct/malloc_with_local/clang/malloc_with_local_gtirb.expected
index 35a8659c0..40542b0fb 100644
--- a/src/test/correct/malloc_with_local/clang/malloc_with_local_gtirb.expected
+++ b/src/test/correct/malloc_with_local/clang/malloc_with_local_gtirb.expected
@@ -1,23 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -27,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -35,22 +31,22 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
-function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) {
-  gammaMap[index]
-}
-
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -59,23 +55,18 @@ function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv6
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
 
-function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) {
-  memory[index]
-}
-
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -110,8 +101,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -137,20 +128,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$9vdUBrbQSwiaJeVuom5EvQ:
-    assume {:captureState "$FUN_680$__0__$9vdUBrbQSwiaJeVuom5EvQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -176,20 +290,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$8CgJ347mTAagL8N803gTlQ:
-    assume {:captureState "$FUN_6b0$__0__$8CgJ347mTAagL8N803gTlQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 40bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 40bv64)) || L(mem, bvadd64(R16, 40bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 40bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69672bv64), (gamma_load64(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69672bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -215,20 +452,143 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$4WlH9L7ETgacwvseUfY3jw:
-    assume {:captureState "$FUN_6c0$__0__$4WlH9L7ETgacwvseUfY3jw"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 48bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 48bv64)) || L(mem, bvadd64(R16, 48bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 48bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69680bv64), (gamma_load64(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69680bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
@@ -243,10 +603,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free ensures (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -260,109 +616,102 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$2$1: bv64;
-  var Cse0__5$3$1: bv64;
-  var Gamma_Cse0__5$2$1: bool;
-  var Gamma_Cse0__5$3$1: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_11: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R1_3: bv64;
+  var R29_3: bv64;
+  var R30_9: bv64;
+  var R8_6: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
   $main$__0__$uE7qCv5XQSaoZC2XHmZwIA:
-    assume {:captureState "$main$__0__$uE7qCv5XQSaoZC2XHmZwIA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$3$1, Gamma_Cse0__5$3$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$3$1, R29), gamma_store64(Gamma_stack, Cse0__5$3$1, Gamma_R29);
-    assume {:captureState "2072$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$3$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$3$1, 8bv64), Gamma_R30);
-    assume {:captureState "2072$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, R31, R8[32:0]), gamma_store32(Gamma_stack, R31, Gamma_R8);
-    assume {:captureState "2084$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "2088$0"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551568bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$dgj~vxjdRmWAIHXijPkJIw;
   $main$__1__$dgj~vxjdRmWAIHXijPkJIw:
-    assume {:captureState "$main$__1__$dgj~vxjdRmWAIHXijPkJIw"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "2100$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2112bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$AbMdt8szSHac6Me44gUD3g;
   $main$__2__$AbMdt8szSHac6Me44gUD3g:
-    assume {:captureState "$main$__2__$AbMdt8szSHac6Me44gUD3g"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "2112$0"} true;
-    R8, Gamma_R8 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "2120$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R8, Gamma_R8 := 65bv64, true;
-    call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2132$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551572bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551572bv64), true);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2144$0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
+    assert (L(mem, R9_1) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_1, 65bv8), gamma_store8(Gamma_mem, R9_1, true);
+    R9_2, Gamma_R9_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R8))), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2260bv64), Gamma_R0;
-    R30, Gamma_R30 := 2168bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 42bv32), gamma_store32(Gamma_mem, R9_2, true);
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_6c0(R16_2, Gamma_R16_2);
     goto $main$__3__$YiNkuzyxSAi8ch4~JRnQRw;
   $main$__3__$YiNkuzyxSAi8ch4~JRnQRw:
-    assume {:captureState "$main$__3__$YiNkuzyxSAi8ch4~JRnQRw"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2277bv64), Gamma_R0;
-    R30, Gamma_R30 := 2188bv64, true;
-    call FUN_6c0();
+    R8_6, Gamma_R8_6 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__4__$sePoi2e_Tqq7bHfBWVfW5g;
   $main$__4__$sePoi2e_Tqq7bHfBWVfW5g:
-    assume {:captureState "$main$__4__$sePoi2e_Tqq7bHfBWVfW5g"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2293bv64), Gamma_R0;
-    R30, Gamma_R30 := 2204bv64, true;
-    call FUN_6c0();
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551572bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551572bv64));
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6c0(R16_4, Gamma_R16_4);
     goto $main$__5__$J4PaOyLLQDaFhYWMa4o2Xw;
   $main$__5__$J4PaOyLLQDaFhYWMa4o2Xw:
-    assume {:captureState "$main$__5__$J4PaOyLLQDaFhYWMa4o2Xw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2212bv64, true;
-    call FUN_6b0();
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6b0(R16_5, Gamma_R16_5);
     goto $main$__6__$r9k1rsQ0R9i49NDTDexoJg;
   $main$__6__$r9k1rsQ0R9i49NDTDexoJg:
-    assume {:captureState "$main$__6__$r9k1rsQ0R9i49NDTDexoJg"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R30, Gamma_R30 := 2220bv64, true;
-    call FUN_6b0();
+    call R16_7, Gamma_R16_7, R17_7, Gamma_R17_7 := FUN_6b0(R16_6, Gamma_R16_6);
     goto $main$__7__$2lSrma4tR0KhXTbZ8h2uhw;
   $main$__7__$2lSrma4tR0KhXTbZ8h2uhw:
-    assume {:captureState "$main$__7__$2lSrma4tR0KhXTbZ8h2uhw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, R31)), gamma_load32(Gamma_stack, R31);
-    Cse0__5$2$1, Gamma_Cse0__5$2$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$2$1), gamma_load64(Gamma_stack, Cse0__5$2$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$2$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$2$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_11, Gamma_R0_11 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551568bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_9, Gamma_R30_9 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_11, R16_7, R17_7, R1_3, R29_3, R30_9, R31_in, R8_6, R9_2;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_11, Gamma_R16_7, Gamma_R17_7, Gamma_R1_3, Gamma_R29_3, Gamma_R30_9, Gamma_R31_in, Gamma_R8_6, Gamma_R9_2;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -388,7 +737,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
@@ -414,7 +763,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2256bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 7307182754559632672bv64);
diff --git a/src/test/correct/malloc_with_local/clang_O2/malloc_with_local.expected b/src/test/correct/malloc_with_local/clang_O2/malloc_with_local.expected
index e967cbe24..df587f2be 100644
--- a/src/test/correct/malloc_with_local/clang_O2/malloc_with_local.expected
+++ b/src/test/correct/malloc_with_local/clang_O2/malloc_with_local.expected
@@ -1,30 +1,33 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1964bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -36,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -79,8 +82,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_stack, R16, R17, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -102,10 +105,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -126,54 +125,280 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_8: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var R0_3: bv64;
+  var R0_6: bv64;
+  var R0_9: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R1_2: bv64;
+  var R1_4: bv64;
+  var R1_6: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_8: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002f8"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002fe"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1968bv64), Gamma_R0;
-    R1, Gamma_R1 := 65bv64, true;
-    R30, Gamma_R30 := 1900bv64, true;
-    call printf();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R0_3, Gamma_R0_3, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_2, Gamma_R1_2, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(1968bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, 65bv64, true, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 1900bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000322;
   l00000322:
-    assume {:captureState "l00000322"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1985bv64), Gamma_R0;
-    R1, Gamma_R1 := 42bv64, true;
-    R30, Gamma_R30 := 1916bv64, true;
-    call printf();
+    call R0_6, Gamma_R0_6, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_4, Gamma_R1_4, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := printf(1985bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, 42bv64, true, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 1916bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l00000339;
   l00000339:
-    assume {:captureState "l00000339"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2001bv64), Gamma_R0;
-    R1, Gamma_R1 := 10bv64, true;
-    R30, Gamma_R30 := 1932bv64, true;
-    call printf();
+    call R0_9, Gamma_R0_9, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_6, Gamma_R1_6, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := printf(2001bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, 10bv64, true, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 1932bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l00000350;
   l00000350:
-    assume {:captureState "l00000350"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_6, Gamma_R29_6 := memory_load64_le(stack, R31_5), gamma_load64(Gamma_stack, R31_5);
+    R30_8, Gamma_R30_8 := memory_load64_le(stack, bvadd64(R31_5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_6, R29_6, R30_8, bvadd64(R31_5, 16bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_6, Gamma_R29_6, Gamma_R30_8, Gamma_R31_5;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1965bv64) == 0bv8);
diff --git a/src/test/correct/malloc_with_local/clang_O2/malloc_with_local_gtirb.expected b/src/test/correct/malloc_with_local/clang_O2/malloc_with_local_gtirb.expected
index 69e194091..c4a8ab0b3 100644
--- a/src/test/correct/malloc_with_local/clang_O2/malloc_with_local_gtirb.expected
+++ b/src/test/correct/malloc_with_local/clang_O2/malloc_with_local_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -40,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -83,8 +82,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_630();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1965bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -124,20 +123,143 @@ procedure FUN_630();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation FUN_630()
+implementation FUN_630(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_630$__0__$Q70X6WVjRICVO79dZjxubQ:
-    assume {:captureState "$FUN_630$__0__$Q70X6WVjRICVO79dZjxubQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 32bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 32bv64)) || L(mem, bvadd64(R16, 32bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 32bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69664bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -159,10 +281,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -183,54 +301,48 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$3$0: bv64;
-  var Gamma_Cse0__5$3$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R29_3: bv64;
+  var R30_5: bv64;
   $main$__0__$qsNWZvfmT3SqwMLjWcYSLA:
-    assume {:captureState "$main$__0__$qsNWZvfmT3SqwMLjWcYSLA"} true;
-    Cse0__5$3$0, Gamma_Cse0__5$3$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$3$0, R29), gamma_store64(Gamma_stack, Cse0__5$3$0, Gamma_R29);
-    assume {:captureState "1876$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$3$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$3$0, 8bv64), Gamma_R30);
-    assume {:captureState "1876$2"} true;
-    R31, Gamma_R31 := Cse0__5$3$0, Gamma_Cse0__5$3$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1968bv64), Gamma_R0;
-    R1, Gamma_R1 := 65bv64, true;
-    R30, Gamma_R30 := 1900bv64, true;
-    call FUN_630();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_630(R16, Gamma_R16);
     goto $main$__1__$i1LEKl1vSbiR7lae0n2rcw;
   $main$__1__$i1LEKl1vSbiR7lae0n2rcw:
-    assume {:captureState "$main$__1__$i1LEKl1vSbiR7lae0n2rcw"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 1985bv64), Gamma_R0;
-    R1, Gamma_R1 := 42bv64, true;
-    R30, Gamma_R30 := 1916bv64, true;
-    call FUN_630();
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_630(R16_1, Gamma_R16_1);
     goto $main$__2__$TtIWNKMwRKK1do~W4tjTkA;
   $main$__2__$TtIWNKMwRKK1do~W4tjTkA:
-    assume {:captureState "$main$__2__$TtIWNKMwRKK1do~W4tjTkA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2001bv64), Gamma_R0;
-    R1, Gamma_R1 := 10bv64, true;
-    R30, Gamma_R30 := 1932bv64, true;
-    call FUN_630();
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_630(R16_2, Gamma_R16_2);
     goto $main$__3__$f8mE4zYMSriGzPYQZgWMTA;
   $main$__3__$f8mE4zYMSriGzPYQZgWMTA:
-    assume {:captureState "$main$__3__$f8mE4zYMSriGzPYQZgWMTA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R16_3, R17_3, 10bv64, R29_3, R30_5, R31_in;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_3, Gamma_R17_3, true, Gamma_R29_3, Gamma_R30_5, Gamma_R31_in;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1965bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1966bv64) == 2bv8);
diff --git a/src/test/correct/malloc_with_local/gcc/malloc_with_local.expected b/src/test/correct/malloc_with_local/gcc/malloc_with_local.expected
index 86442b2ef..42b9d04ff 100644
--- a/src/test/correct/malloc_with_local/gcc/malloc_with_local.expected
+++ b/src/test/correct/malloc_with_local/gcc/malloc_with_local.expected
@@ -1,19 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +13,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -36,17 +40,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -60,15 +68,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -110,7 +118,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
@@ -145,8 +153,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
@@ -165,10 +173,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -186,103 +190,594 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_21: bool;
+  var Gamma_R0_22: bool;
+  var Gamma_R0_23: bool;
+  var Gamma_R0_24: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R10_7: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R11_7: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R12_7: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R13_7: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R14_7: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R15_7: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R18_7: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_11: bool;
+  var Gamma_R1_12: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R20_7: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R21_7: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R22_7: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R23_7: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R24_7: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R25_7: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R26_7: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R27_7: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R28_7: bool;
+  var Gamma_R29_10: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_13: bool;
+  var Gamma_R30_15: bool;
+  var Gamma_R30_16: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R3_7: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R4_7: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R5_7: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R6_7: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R7_7: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var R0_12: bv64;
+  var R0_13: bv64;
+  var R0_14: bv32;
+  var R0_17: bv64;
+  var R0_2: bv64;
+  var R0_20: bv64;
+  var R0_21: bv64;
+  var R0_22: bv64;
+  var R0_23: bv64;
+  var R0_24: bv64;
+  var R0_4: bv64;
+  var R0_6: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R0_9: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R10_7: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R11_7: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R12_7: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R13_7: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R14_7: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R15_7: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R18_7: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_11: bv64;
+  var R1_12: bv64;
+  var R1_2: bv64;
+  var R1_5: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R20_7: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R21_7: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R22_7: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R23_7: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R24_7: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R25_7: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R26_7: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R27_7: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R28_7: bv64;
+  var R29_10: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R3: bv64;
+  var R30_11: bv64;
+  var R30_13: bv64;
+  var R30_15: bv64;
+  var R30_16: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_9: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R31_9: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R3_7: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R4_7: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R5_7: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R6_7: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R7_7: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R8_5: bv64;
+  var R8_6: bv64;
+  var R8_7: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000350"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000356"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R2, Gamma_R2, 2084bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l0000036f;
   l0000036f:
-    assume {:captureState "l0000036f"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R0);
-    assume {:captureState "%00000375"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2096bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 32bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 32bv64), Gamma_R0_2);
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2096bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l00000383;
   l00000383:
-    assume {:captureState "l00000383"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "%00000389"} true;
-    R0, Gamma_R0 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000396"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R1, Gamma_R1 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 40bv64), R0_4), gamma_store64(Gamma_stack, bvadd64(R31_4, 40bv64), Gamma_R0_4);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_4, 28bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_4, 28bv64), true);
+    R0_6, Gamma_R0_6 := memory_load64_le(stack, bvadd64(R31_4, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 32bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003aa"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    assert (L(mem, R0_6) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_6, 65bv8), gamma_store8(Gamma_mem, R0_6, true);
+    R0_7, Gamma_R0_7 := memory_load64_le(stack, bvadd64(R31_4, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 40bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003be"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
+    assert (L(mem, R0_7) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 42bv32), gamma_store32(Gamma_mem, R0_7, true);
+    R0_8, Gamma_R0_8 := memory_load64_le(stack, bvadd64(R31_4, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 32bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2256bv64), Gamma_R0;
-    R30, Gamma_R30 := 2156bv64, true;
-    call printf();
+    R0_9, Gamma_R0_9 := zero_extend56_8(memory_load8_le(mem, R0_8)), (gamma_load8(Gamma_mem, R0_8) || L(mem, R0_8));
+    R1_5, Gamma_R1_5 := zero_extend32_32(R0_9[32:0]), Gamma_R0_9;
+    call R0_12, Gamma_R0_12, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_6, Gamma_R1_6, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := printf(2256bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_5, Gamma_R1_5, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2156bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l000003e7;
   l000003e7:
-    assume {:captureState "l000003e7"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
+    R0_13, Gamma_R0_13 := memory_load64_le(stack, bvadd64(R31_5, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 40bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2280bv64), Gamma_R0;
-    R30, Gamma_R30 := 2180bv64, true;
-    call printf();
+    R0_14, Gamma_R0_14 := memory_load32_le(mem, R0_13), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
+    R1_7, Gamma_R1_7 := zero_extend32_32(R0_14), Gamma_R0_14;
+    call R0_17, Gamma_R0_17, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_8, Gamma_R1_8, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_9, Gamma_R30_9, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4 := printf(2280bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_7, Gamma_R1_7, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2180bv64, true, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3);
     goto l0000040d;
   l0000040d:
-    assume {:captureState "l0000040d"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2296bv64), Gamma_R0;
-    R30, Gamma_R30 := 2196bv64, true;
-    call printf();
+    R1_9, Gamma_R1_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_6, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_6, 28bv64));
+    call R0_20, Gamma_R0_20, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_10, Gamma_R1_10, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_11, Gamma_R30_11, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5 := printf(2296bv64, true, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_9, Gamma_R1_9, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2196bv64, true, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4);
     goto l00000426;
   l00000426:
-    assume {:captureState "l00000426"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R30, Gamma_R30 := 2204bv64, true;
-    call #free();
+    R0_21, Gamma_R0_21 := memory_load64_le(stack, bvadd64(R31_7, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_7, 32bv64));
+    call R0_22, Gamma_R0_22, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_11, Gamma_R1_11, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_13, Gamma_R30_13, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6 := #free(R0_21, Gamma_R0_21, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_10, Gamma_R1_10, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2204bv64, true, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5);
     goto l00000435;
   l00000435:
-    assume {:captureState "l00000435"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2212bv64, true;
-    call #free();
+    R0_23, Gamma_R0_23 := memory_load64_le(stack, bvadd64(R31_8, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 40bv64));
+    call R0_24, Gamma_R0_24, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_12, Gamma_R1_12, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, R30_15, Gamma_R30_15, R31_9, Gamma_R31_9, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_7, Gamma_R8_7, R9_7, Gamma_R9_7 := #free(R0_23, Gamma_R0_23, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_11, Gamma_R1_11, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, 2212bv64, true, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6);
     goto l00000443;
   l00000443:
-    assume {:captureState "l00000443"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R29_10, Gamma_R29_10 := memory_load64_le(stack, R31_9), gamma_load64(Gamma_stack, R31_9);
+    R30_16, Gamma_R30_16 := memory_load64_le(stack, bvadd64(R31_9, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_12, R29_10, R30_16, bvadd64(R31_9, 48bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_12, Gamma_R29_10, Gamma_R30_16, Gamma_R31_9;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
@@ -317,7 +812,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
diff --git a/src/test/correct/malloc_with_local/gcc/malloc_with_local_gtirb.expected b/src/test/correct/malloc_with_local/gcc/malloc_with_local_gtirb.expected
index 9c82490bb..536f13d47 100644
--- a/src/test/correct/malloc_with_local/gcc/malloc_with_local_gtirb.expected
+++ b/src/test/correct/malloc_with_local/gcc/malloc_with_local_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,22 +31,22 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
-function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) {
-  gammaMap[index]
-}
-
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -60,18 +60,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -110,8 +109,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -145,20 +144,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$G9dTDoYvRG25kbHLw1VfkA:
-    assume {:captureState "$FUN_680$__0__$G9dTDoYvRG25kbHLw1VfkA"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4008bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4008bv64)) || L(mem, bvadd64(R16, 4008bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4008bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69544bv64), (gamma_load64(Gamma_mem, 69544bv64) || L(mem, 69544bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69544bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -192,20 +314,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$zCVLckCjR0u8KR3z1jE6GQ:
-    assume {:captureState "$FUN_6b0$__0__$zCVLckCjR0u8KR3z1jE6GQ"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4032bv64)) || L(mem, bvadd64(R16, 4032bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4032bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69568bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
@@ -224,10 +469,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -245,104 +486,101 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_9: bool;
+  var R0_10: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R1_5: bv64;
+  var R29_3: bv64;
+  var R30_9: bv64;
   $main$__0__$SUJRVtnjRyS2h6Rx4EyZkw:
-    assume {:captureState "$main$__0__$SUJRVtnjRyS2h6Rx4EyZkw"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "2068$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "2068$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$dXGr9aYyQ8G9hHSr5qB_Fg;
   $main$__1__$dXGr9aYyQ8G9hHSr5qB_Fg:
-    assume {:captureState "$main$__1__$dXGr9aYyQ8G9hHSr5qB_Fg"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R0);
-    assume {:captureState "2084$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2096bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$kxvGNkmcRTWZLsX2IG8zQg;
   $main$__2__$kxvGNkmcRTWZLsX2IG8zQg:
-    assume {:captureState "$main$__2__$kxvGNkmcRTWZLsX2IG8zQg"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2096$0"} true;
-    R0, Gamma_R0 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "2104$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R1, Gamma_R1 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    R0_4, Gamma_R0_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2116$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    assert (L(mem, R0_4) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_4, 65bv8), gamma_store8(Gamma_mem, R0_4, true);
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2128$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2256bv64), Gamma_R0;
-    R30, Gamma_R30 := 2156bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R0_5) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, 42bv32), gamma_store32(Gamma_mem, R0_5, true);
+    R0_6, Gamma_R0_6 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_6c0(R16_2, Gamma_R16_2);
     goto $main$__3__$KeIk_ZKFT1GwKspywoVEIw;
   $main$__3__$KeIk_ZKFT1GwKspywoVEIw:
-    assume {:captureState "$main$__3__$KeIk_ZKFT1GwKspywoVEIw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2280bv64), Gamma_R0;
-    R30, Gamma_R30 := 2180bv64, true;
-    call FUN_6c0();
+    R0_10, Gamma_R0_10 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__4__$NWXkJAFcTsylQC0_~kBpIg;
   $main$__4__$NWXkJAFcTsylQC0_~kBpIg:
-    assume {:captureState "$main$__4__$NWXkJAFcTsylQC0_~kBpIg"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2296bv64), Gamma_R0;
-    R30, Gamma_R30 := 2196bv64, true;
-    call FUN_6c0();
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6c0(R16_4, Gamma_R16_4);
     goto $main$__5__$HGIidlGjSU~nVJyWDq3sTA;
   $main$__5__$HGIidlGjSU~nVJyWDq3sTA:
-    assume {:captureState "$main$__5__$HGIidlGjSU~nVJyWDq3sTA"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R30, Gamma_R30 := 2204bv64, true;
-    call FUN_6b0();
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6b0(R16_5, Gamma_R16_5);
     goto $main$__6__$oMn7uKPqTSOK6gp7Lrg3TQ;
   $main$__6__$oMn7uKPqTSOK6gp7Lrg3TQ:
-    assume {:captureState "$main$__6__$oMn7uKPqTSOK6gp7Lrg3TQ"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2212bv64, true;
-    call FUN_6b0();
+    call R16_7, Gamma_R16_7, R17_7, Gamma_R17_7 := FUN_6b0(R16_6, Gamma_R16_6);
     goto $main$__7__$1RsW4Nh~QjukdAMYUoDwdg;
   $main$__7__$1RsW4Nh~QjukdAMYUoDwdg:
-    assume {:captureState "$main$__7__$1RsW4Nh~QjukdAMYUoDwdg"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    R30_9, Gamma_R30_9 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R16_7, R17_7, R1_5, R29_3, R30_9, R31_in;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_7, Gamma_R17_7, Gamma_R1_5, Gamma_R29_3, Gamma_R30_9, Gamma_R31_in;
     return;
 }
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -376,19 +614,142 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$z3eRO9k2T_a0u0N1n7WjQg:
-    assume {:captureState "$FUN_6c0$__0__$z3eRO9k2T_a0u0N1n7WjQg"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -422,7 +783,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
@@ -456,7 +817,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2248bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2256bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 748482783423457568bv64);
diff --git a/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local.expected b/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local.expected
index 2b6826c22..0806a2d73 100644
--- a/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local.expected
+++ b/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local.expected
@@ -1,32 +1,33 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 2088bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,7 +79,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure __printf_chk();
+procedure __printf_chk(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2088bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2096bv64) == 8241983568019286100bv64);
@@ -113,8 +114,8 @@ procedure __printf_chk();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_stack, R16, R17, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2088bv64) == 131073bv64);
@@ -133,10 +134,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2088bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2096bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2104bv64) == 748482783423457568bv64);
@@ -154,53 +151,274 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #1: bv64;
-  var Gamma_#1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_8: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R0_6: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R1_3: bv64;
+  var R1_6: bv64;
+  var R1_9: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R2_2: bv64;
+  var R2_4: bv64;
+  var R2_6: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_8: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #1, Gamma_#1 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #1, R29), gamma_store64(Gamma_stack, #1, Gamma_R29);
-    assume {:captureState "%000001f2"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#1, 8bv64), Gamma_R30);
-    assume {:captureState "%000001f8"} true;
-    R31, Gamma_R31 := #1, Gamma_#1;
-    R2, Gamma_R2 := 65bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R1, Gamma_R1 := bvadd64(R1, 2096bv64), Gamma_R1;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 1692bv64, true;
-    call __printf_chk();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_3, Gamma_R1_3, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_2, Gamma_R2_2, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := __printf_chk(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, 2096bv64, true, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 65bv64, true, 1692bv64, true, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000221;
   l00000221:
-    assume {:captureState "l00000221"} true;
-    R2, Gamma_R2 := 42bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2120bv64), Gamma_R1;
-    R30, Gamma_R30 := 1712bv64, true;
-    call __printf_chk();
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_6, Gamma_R1_6, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_4, Gamma_R2_4, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := __printf_chk(1bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, 2120bv64, true, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, 42bv64, true, 1712bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l0000023d;
   l0000023d:
-    assume {:captureState "l0000023d"} true;
-    R2, Gamma_R2 := 10bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2136bv64), Gamma_R1;
-    R30, Gamma_R30 := 1732bv64, true;
-    call __printf_chk();
+    call R0_6, Gamma_R0_6, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_9, Gamma_R1_9, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_6, Gamma_R2_6, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := __printf_chk(1bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, 2136bv64, true, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, 10bv64, true, 1732bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l00000259;
   l00000259:
-    assume {:captureState "l00000259"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_6, Gamma_R29_6 := memory_load64_le(stack, R31_5), gamma_load64(Gamma_stack, R31_5);
+    R30_8, Gamma_R30_8 := memory_load64_le(stack, bvadd64(R31_5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R2_out, R30_out, R31_out := 0bv64, R1_9, R29_6, R2_6, R30_8, bvadd64(R31_5, 16bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_9, Gamma_R29_6, Gamma_R2_6, Gamma_R30_8, Gamma_R31_5;
     return;
 }
 
diff --git a/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local_gtirb.expected b/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local_gtirb.expected
index 026f5518e..2dd693da0 100644
--- a/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local_gtirb.expected
+++ b/src/test/correct/malloc_with_local/gcc_O2/malloc_with_local_gtirb.expected
@@ -1,21 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -25,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -42,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -82,8 +79,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_620();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_620(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2088bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2096bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2104bv64) == 748482783423457568bv64);
@@ -117,20 +114,143 @@ procedure FUN_620();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_620()
+implementation FUN_620(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_620$__0__$qaPbEwmeQ4Or9EH8own00w:
-    assume {:captureState "$FUN_620$__0__$qaPbEwmeQ4Or9EH8own00w"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4024bv64)) || L(mem, bvadd64(R16, 4024bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4024bv64), Gamma_R16;
-    call __printf_chk();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := __printf_chk(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69560bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2088bv64) == 131073bv64);
@@ -149,10 +269,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2088bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2096bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2104bv64) == 748482783423457568bv64);
@@ -170,57 +286,48 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1664bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$2$0: bv64;
-  var Gamma_Cse0__5$2$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_5: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R29_3: bv64;
+  var R30_5: bv64;
   $main$__0__$ItZEqVtrTPCOwqXa82Hwsg:
-    assume {:captureState "$main$__0__$ItZEqVtrTPCOwqXa82Hwsg"} true;
-    Cse0__5$2$0, Gamma_Cse0__5$2$0 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$2$0, R29), gamma_store64(Gamma_stack, Cse0__5$2$0, Gamma_R29);
-    assume {:captureState "1664$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$2$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$2$0, 8bv64), Gamma_R30);
-    assume {:captureState "1664$2"} true;
-    R31, Gamma_R31 := Cse0__5$2$0, Gamma_Cse0__5$2$0;
-    R2, Gamma_R2 := 65bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R1, Gamma_R1 := bvadd64(R1, 2096bv64), Gamma_R1;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 1692bv64, true;
-    call FUN_620();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_620(R16, Gamma_R16);
     goto $main$__1__$6_uJfVJBSzy6iG4r9DVpgQ;
   $main$__1__$6_uJfVJBSzy6iG4r9DVpgQ:
-    assume {:captureState "$main$__1__$6_uJfVJBSzy6iG4r9DVpgQ"} true;
-    R2, Gamma_R2 := 42bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2120bv64), Gamma_R1;
-    R30, Gamma_R30 := 1712bv64, true;
-    call FUN_620();
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_620(R16_1, Gamma_R16_1);
     goto $main$__2__$fcYUL~TbQFeL~A7mbUFIWQ;
   $main$__2__$fcYUL~TbQFeL~A7mbUFIWQ:
-    assume {:captureState "$main$__2__$fcYUL~TbQFeL~A7mbUFIWQ"} true;
-    R2, Gamma_R2 := 10bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2136bv64), Gamma_R1;
-    R30, Gamma_R30 := 1732bv64, true;
-    call FUN_620();
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_620(R16_2, Gamma_R16_2);
     goto $main$__3__$Yc641wYvRgyME32XFwFaxw;
   $main$__3__$Yc641wYvRgyME32XFwFaxw:
-    assume {:captureState "$main$__3__$Yc641wYvRgyME32XFwFaxw"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_5, Gamma_R30_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R2_out, R30_out, R31_out := 0bv64, R16_3, R17_3, 2136bv64, R29_3, 10bv64, R30_5, R31_in;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_3, Gamma_R17_3, true, Gamma_R29_3, true, Gamma_R30_5, Gamma_R31_in;
     return;
 }
 
-procedure __printf_chk();
+procedure __printf_chk(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2088bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2096bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2104bv64) == 748482783423457568bv64);
diff --git a/src/test/correct/malloc_with_local2/clang/malloc_with_local2.expected b/src/test/correct/malloc_with_local2/clang/malloc_with_local2.expected
index 9503872ed..d0d80f95d 100644
--- a/src/test/correct/malloc_with_local2/clang/malloc_with_local2.expected
+++ b/src/test/correct/malloc_with_local2/clang/malloc_with_local2.expected
@@ -1,23 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -27,6 +13,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,17 +40,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -64,15 +68,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -117,7 +121,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
@@ -158,8 +162,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
@@ -181,10 +185,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2292bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2293bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -205,126 +205,672 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R10_7: bool;
+  var Gamma_R10_8: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R11_7: bool;
+  var Gamma_R11_8: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R12_7: bool;
+  var Gamma_R12_8: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R13_7: bool;
+  var Gamma_R13_8: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R14_7: bool;
+  var Gamma_R14_8: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R15_7: bool;
+  var Gamma_R15_8: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R16_8: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R17_8: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R18_7: bool;
+  var Gamma_R18_8: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R19_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_11: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R20_7: bool;
+  var Gamma_R20_8: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R21_7: bool;
+  var Gamma_R21_8: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R22_7: bool;
+  var Gamma_R22_8: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R23_7: bool;
+  var Gamma_R23_8: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R24_7: bool;
+  var Gamma_R24_8: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R25_7: bool;
+  var Gamma_R25_8: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R26_7: bool;
+  var Gamma_R26_8: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R27_7: bool;
+  var Gamma_R27_8: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R28_7: bool;
+  var Gamma_R28_8: bool;
+  var Gamma_R29_10: bool;
+  var Gamma_R29_11: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R2_8: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_13: bool;
+  var Gamma_R30_15: bool;
+  var Gamma_R30_17: bool;
+  var Gamma_R30_18: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R31_10: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R3_7: bool;
+  var Gamma_R3_8: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R4_7: bool;
+  var Gamma_R4_8: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R5_7: bool;
+  var Gamma_R5_8: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R6_7: bool;
+  var Gamma_R6_8: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R7_7: bool;
+  var Gamma_R7_8: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_16: bool;
+  var Gamma_R8_17: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_10: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var Gamma_R9_8: bool;
+  var Gamma_R9_9: bool;
+  var R0_12: bv64;
+  var R0_15: bv64;
+  var R0_16: bv64;
+  var R0_17: bv64;
+  var R0_18: bv64;
+  var R0_19: bv64;
+  var R0_2: bv64;
+  var R0_20: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R0_9: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R10_7: bv64;
+  var R10_8: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R11_7: bv64;
+  var R11_8: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R12_7: bv64;
+  var R12_8: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R13_7: bv64;
+  var R13_8: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R14_7: bv64;
+  var R14_8: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R15_7: bv64;
+  var R15_8: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R16_8: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R17_8: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R18_7: bv64;
+  var R18_8: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R19_8: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_11: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_4: bv64;
+  var R1_5: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R20_7: bv64;
+  var R20_8: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R21_7: bv64;
+  var R21_8: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R22_7: bv64;
+  var R22_8: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R23_7: bv64;
+  var R23_8: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R24_7: bv64;
+  var R24_8: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R25_7: bv64;
+  var R25_8: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R26_7: bv64;
+  var R26_8: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R27_7: bv64;
+  var R27_8: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R28_7: bv64;
+  var R28_8: bv64;
+  var R29_10: bv64;
+  var R29_11: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R2_8: bv64;
+  var R3: bv64;
+  var R30_11: bv64;
+  var R30_13: bv64;
+  var R30_15: bv64;
+  var R30_17: bv64;
+  var R30_18: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_9: bv64;
+  var R31_10: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R31_9: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R3_7: bv64;
+  var R3_8: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R4_7: bv64;
+  var R4_8: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R5_7: bv64;
+  var R5_8: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R6_7: bv64;
+  var R6_8: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R7_7: bv64;
+  var R7_8: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_16: bv64;
+  var R8_17: bv64;
+  var R8_2: bv64;
+  var R8_4: bv64;
+  var R8_7: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_10: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
+  var R9_8: bv64;
+  var R9_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551536bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 64bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000386"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%0000038c"} true;
-    R29, Gamma_R29 := bvadd64(R31, 64bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%0000039f"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "%000003a6"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551544bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551544bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 2100bv64, true, bvadd64(R31_in, 18446744073709551536bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, 0bv64, true, R9, Gamma_R9);
     goto l000003b5;
   l000003b5:
-    assume {:captureState "l000003b5"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551600bv64), R0), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64), Gamma_R0);
-    assume {:captureState "%000003bb"} true;
-    R8, Gamma_R8 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551596bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551596bv64), Gamma_R8);
-    assume {:captureState "%000003c8"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R0), gamma_store64(Gamma_stack, R31, Gamma_R0);
-    assume {:captureState "%000003d5"} true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call malloc();
+    call rely();
+    assert (L(mem, bvadd64(R29_3, 18446744073709551600bv64)) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R29_3, 18446744073709551600bv64), R0_2), gamma_store64(Gamma_mem, bvadd64(R29_3, 18446744073709551600bv64), Gamma_R0_2);
+    call rely();
+    assert (L(mem, bvadd64(R29_3, 18446744073709551596bv64)) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R29_3, 18446744073709551596bv64), 11bv32), gamma_store32(Gamma_mem, bvadd64(R29_3, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store64_le(stack, R31_3, 4bv64), gamma_store64(Gamma_stack, R31_3, true);
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_4, Gamma_R8_4, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2124bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, 11bv64, true, R9_1, Gamma_R9_1);
     goto l000003de;
   l000003de:
-    assume {:captureState "l000003de"} true;
-    R8, Gamma_R8 := R0, Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R8);
-    assume {:captureState "%000003f1"} true;
-    R8, Gamma_R8 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R8);
-    assume {:captureState "%000003fe"} true;
-    R30, Gamma_R30 := 2148bv64, true;
-    call malloc();
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, R31_4), gamma_load64(Gamma_stack, R31_4);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 32bv64), R0_4), gamma_store64(Gamma_stack, bvadd64(R31_4, 32bv64), Gamma_R0_4);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_4, 28bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_4, 28bv64), true);
+    call R0_6, Gamma_R0_6, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_3, Gamma_R1_3, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_7, Gamma_R8_7, R9_3, Gamma_R9_3 := malloc(R0_5, Gamma_R0_5, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2148bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, 10bv64, true, R9_2, Gamma_R9_2);
     goto l00000407;
   l00000407:
-    assume {:captureState "l00000407"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "%0000040d"} true;
-    R8, Gamma_R8 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%0000041a"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R8, Gamma_R8 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_5, 16bv64), R0_6), gamma_store64(Gamma_stack, bvadd64(R31_5, 16bv64), Gamma_R0_6);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_5, 12bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_5, 12bv64), true);
+    call rely();
+    R9_4, Gamma_R9_4 := memory_load64_le(mem, bvadd64(R29_5, 18446744073709551600bv64)), (gamma_load64(Gamma_mem, bvadd64(R29_5, 18446744073709551600bv64)) || L(mem, bvadd64(R29_5, 18446744073709551600bv64)));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%0000042e"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    assert (L(mem, R9_4) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_4, 65bv8), gamma_store8(Gamma_mem, R9_4, true);
+    R9_5, Gamma_R9_5 := memory_load64_le(stack, bvadd64(R31_5, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 32bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000442"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
+    assert (L(mem, R9_5) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_5, 42bv32), gamma_store32(Gamma_mem, R9_5, true);
     call rely();
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(mem, R8)), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2296bv64), Gamma_R0;
-    R30, Gamma_R30 := 2204bv64, true;
-    call printf();
+    R8_11, Gamma_R8_11 := memory_load64_le(mem, bvadd64(R29_5, 18446744073709551600bv64)), (gamma_load64(Gamma_mem, bvadd64(R29_5, 18446744073709551600bv64)) || L(mem, bvadd64(R29_5, 18446744073709551600bv64)));
+    call rely();
+    R1_4, Gamma_R1_4 := zero_extend56_8(memory_load8_le(mem, R8_11)), (gamma_load8(Gamma_mem, R8_11) || L(mem, R8_11));
+    call R0_9, Gamma_R0_9, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_5, Gamma_R1_5, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_9, Gamma_R30_9, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_12, Gamma_R8_12, R9_6, Gamma_R9_6 := printf(2296bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_4, Gamma_R1_4, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2204bv64, true, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_11, Gamma_R8_11, R9_5, Gamma_R9_5);
     goto l00000465;
   l00000465:
-    assume {:captureState "l00000465"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
+    R8_13, Gamma_R8_13 := memory_load64_le(stack, bvadd64(R31_6, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 32bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2313bv64), Gamma_R0;
-    R30, Gamma_R30 := 2224bv64, true;
-    call printf();
+    R1_6, Gamma_R1_6 := zero_extend32_32(memory_load32_le(mem, R8_13)), (gamma_load32(Gamma_mem, R8_13) || L(mem, R8_13));
+    call R0_12, Gamma_R0_12, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_7, Gamma_R1_7, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_11, Gamma_R30_11, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_14, Gamma_R8_14, R9_7, Gamma_R9_7 := printf(2313bv64, true, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_6, Gamma_R1_6, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2224bv64, true, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_13, Gamma_R8_13, R9_6, Gamma_R9_6);
     goto l00000485;
   l00000485:
-    assume {:captureState "l00000485"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2329bv64), Gamma_R0;
-    R30, Gamma_R30 := 2240bv64, true;
-    call printf();
+    R1_8, Gamma_R1_8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_7, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_7, 28bv64));
+    call R0_15, Gamma_R0_15, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_9, Gamma_R1_9, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_13, Gamma_R30_13, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_15, Gamma_R8_15, R9_8, Gamma_R9_8 := printf(2329bv64, true, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_8, Gamma_R1_8, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2240bv64, true, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_14, Gamma_R8_14, R9_7, Gamma_R9_7);
     goto l0000049e;
   l0000049e:
-    assume {:captureState "l0000049e"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R30, Gamma_R30 := 2248bv64, true;
-    call #free();
+    call rely();
+    R0_16, Gamma_R0_16 := memory_load64_le(mem, bvadd64(R29_8, 18446744073709551600bv64)), (gamma_load64(Gamma_mem, bvadd64(R29_8, 18446744073709551600bv64)) || L(mem, bvadd64(R29_8, 18446744073709551600bv64)));
+    call R0_17, Gamma_R0_17, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_10, Gamma_R1_10, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, R30_15, Gamma_R30_15, R31_9, Gamma_R31_9, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_16, Gamma_R8_16, R9_9, Gamma_R9_9 := #free(R0_16, Gamma_R0_16, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_9, Gamma_R1_9, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, 2248bv64, true, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_15, Gamma_R8_15, R9_8, Gamma_R9_8);
     goto l000004ad;
   l000004ad:
-    assume {:captureState "l000004ad"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R30, Gamma_R30 := 2256bv64, true;
-    call #free();
+    R0_18, Gamma_R0_18 := memory_load64_le(stack, bvadd64(R31_9, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 32bv64));
+    call R0_19, Gamma_R0_19, R10_8, Gamma_R10_8, R11_8, Gamma_R11_8, R12_8, Gamma_R12_8, R13_8, Gamma_R13_8, R14_8, Gamma_R14_8, R15_8, Gamma_R15_8, R16_8, Gamma_R16_8, R17_8, Gamma_R17_8, R18_8, Gamma_R18_8, R19_8, Gamma_R19_8, R1_11, Gamma_R1_11, R20_8, Gamma_R20_8, R21_8, Gamma_R21_8, R22_8, Gamma_R22_8, R23_8, Gamma_R23_8, R24_8, Gamma_R24_8, R25_8, Gamma_R25_8, R26_8, Gamma_R26_8, R27_8, Gamma_R27_8, R28_8, Gamma_R28_8, R29_10, Gamma_R29_10, R2_8, Gamma_R2_8, R30_17, Gamma_R30_17, R31_10, Gamma_R31_10, R3_8, Gamma_R3_8, R4_8, Gamma_R4_8, R5_8, Gamma_R5_8, R6_8, Gamma_R6_8, R7_8, Gamma_R7_8, R8_17, Gamma_R8_17, R9_10, Gamma_R9_10 := #free(R0_18, Gamma_R0_18, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_10, Gamma_R1_10, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, 2256bv64, true, R31_9, Gamma_R31_9, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_16, Gamma_R8_16, R9_9, Gamma_R9_9);
     goto l000004bb;
   l000004bb:
-    assume {:captureState "l000004bb"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    #5, Gamma_#5 := bvadd64(R31, 64bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 80bv64), Gamma_R31;
+    R0_20, Gamma_R0_20 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_10, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31_10, 8bv64));
+    R29_11, Gamma_R29_11 := memory_load64_le(stack, bvadd64(R31_10, 64bv64)), gamma_load64(Gamma_stack, bvadd64(R31_10, 64bv64));
+    R30_18, Gamma_R30_18 := memory_load64_le(stack, bvadd64(R31_10, 72bv64)), gamma_load64(Gamma_stack, bvadd64(R31_10, 72bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_20, R1_11, R29_11, R30_18, bvadd64(R31_10, 80bv64), R8_17, R9_10;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_20, Gamma_R1_11, Gamma_R29_11, Gamma_R30_18, Gamma_R31_10, Gamma_R8_17, Gamma_R9_10;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
@@ -365,7 +911,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
diff --git a/src/test/correct/malloc_with_local2/clang/malloc_with_local2_gtirb.expected b/src/test/correct/malloc_with_local2/clang/malloc_with_local2_gtirb.expected
index 22e7f1347..ea744f68f 100644
--- a/src/test/correct/malloc_with_local2/clang/malloc_with_local2_gtirb.expected
+++ b/src/test/correct/malloc_with_local2/clang/malloc_with_local2_gtirb.expected
@@ -1,23 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -27,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -35,22 +31,22 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
-function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) {
-  gammaMap[index]
-}
-
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -64,18 +60,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -117,8 +112,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -158,20 +153,143 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$_Yurx7rnRDiQIbh1u7Z0dw:
-    assume {:captureState "$FUN_6c0$__0__$_Yurx7rnRDiQIbh1u7Z0dw"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 48bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 48bv64)) || L(mem, bvadd64(R16, 48bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 48bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69680bv64), (gamma_load64(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69680bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
@@ -193,10 +311,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2292bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2293bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -217,127 +331,117 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$1: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$1: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R16_8: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R17_8: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_10: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_12: bv64;
+  var R0_3: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R16_8: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R17_8: bv64;
+  var R1_3: bv64;
+  var R29_3: bv64;
+  var R30_10: bv64;
+  var R8_9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
   $main$__0__$yN1LokBAR9yRD4RMSXSfxQ:
-    assume {:captureState "$main$__0__$yN1LokBAR9yRD4RMSXSfxQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551536bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 64bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "2072$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "2072$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 64bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "2084$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "2088$0"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551544bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551544bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$eCR9p3I6QnuW7E2ugOxN7g;
   $main$__1__$eCR9p3I6QnuW7E2ugOxN7g:
-    assume {:captureState "$main$__1__$eCR9p3I6QnuW7E2ugOxN7g"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551600bv64), R0), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64), Gamma_R0);
-    assume {:captureState "2100$0"} true;
-    R8, Gamma_R8 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551596bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551596bv64), Gamma_R8);
-    assume {:captureState "2108$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R0), gamma_store64(Gamma_stack, R31, Gamma_R0);
-    assume {:captureState "2116$0"} true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 11bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551536bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551536bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$FSETkqUYRWuqGvRhnzp0tA;
   $main$__2__$FSETkqUYRWuqGvRhnzp0tA:
-    assume {:captureState "$main$__2__$FSETkqUYRWuqGvRhnzp0tA"} true;
-    R8, Gamma_R8 := R0, Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R8);
-    assume {:captureState "2132$0"} true;
-    R8, Gamma_R8 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R8);
-    assume {:captureState "2140$0"} true;
-    R30, Gamma_R30 := 2148bv64, true;
-    call FUN_680();
+    R0_3, Gamma_R0_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551536bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551536bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551564bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551564bv64), true);
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_680(R16_2, Gamma_R16_2);
     goto $main$__3__$trREPylQRuWIzMBYpyXfnQ;
   $main$__3__$trREPylQRuWIzMBYpyXfnQ:
-    assume {:captureState "$main$__3__$trREPylQRuWIzMBYpyXfnQ"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "2148$0"} true;
-    R8, Gamma_R8 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "2156$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R8, Gamma_R8 := 65bv64, true;
-    call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2168$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551552bv64), R0_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551548bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551548bv64), true);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2180$0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
+    assert (L(mem, R9_1) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_1, 65bv8), gamma_store8(Gamma_mem, R9_1, true);
+    R9_2, Gamma_R9_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R8))), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2296bv64), Gamma_R0;
-    R30, Gamma_R30 := 2204bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 42bv32), gamma_store32(Gamma_mem, R9_2, true);
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__4__$qWMJh7qWT8yorxt1BpnoAg;
   $main$__4__$qWMJh7qWT8yorxt1BpnoAg:
-    assume {:captureState "$main$__4__$qWMJh7qWT8yorxt1BpnoAg"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2313bv64), Gamma_R0;
-    R30, Gamma_R30 := 2224bv64, true;
-    call FUN_6c0();
+    R8_9, Gamma_R8_9 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6c0(R16_4, Gamma_R16_4);
     goto $main$__5__$XGVqaesVShylRrbOWqzjFw;
   $main$__5__$XGVqaesVShylRrbOWqzjFw:
-    assume {:captureState "$main$__5__$XGVqaesVShylRrbOWqzjFw"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2329bv64), Gamma_R0;
-    R30, Gamma_R30 := 2240bv64, true;
-    call FUN_6c0();
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551564bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551564bv64));
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6c0(R16_5, Gamma_R16_5);
     goto $main$__6__$KOWJQzAnSc2QejZ1C9Zzjw;
   $main$__6__$KOWJQzAnSc2QejZ1C9Zzjw:
-    assume {:captureState "$main$__6__$KOWJQzAnSc2QejZ1C9Zzjw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R30, Gamma_R30 := 2248bv64, true;
-    call FUN_6b0();
+    call R16_7, Gamma_R16_7, R17_7, Gamma_R17_7 := FUN_6b0(R16_6, Gamma_R16_6);
     goto $main$__7__$XxlrxTEbSBSt~FnDRB3sPg;
   $main$__7__$XxlrxTEbSBSt~FnDRB3sPg:
-    assume {:captureState "$main$__7__$XxlrxTEbSBSt~FnDRB3sPg"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R30, Gamma_R30 := 2256bv64, true;
-    call FUN_6b0();
+    call R16_8, Gamma_R16_8, R17_8, Gamma_R17_8 := FUN_6b0(R16_7, Gamma_R16_7);
     goto $main$__8__$vRLqE2TDSi2s0PYIJ~bRSA;
   $main$__8__$vRLqE2TDSi2s0PYIJ~bRSA:
-    assume {:captureState "$main$__8__$vRLqE2TDSi2s0PYIJ~bRSA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    Cse0__5$1$1, Gamma_Cse0__5$1$1 := bvadd64(R31, 64bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$1$1), gamma_load64(Gamma_stack, Cse0__5$1$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$1$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$1$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 80bv64), Gamma_R31;
+    R0_12, Gamma_R0_12 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551544bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551544bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_10, Gamma_R30_10 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_12, R16_8, R17_8, R1_3, R29_3, R30_10, R31_in, R8_9, R9_2;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_12, Gamma_R16_8, Gamma_R17_8, Gamma_R1_3, Gamma_R29_3, Gamma_R30_10, Gamma_R31_in, Gamma_R8_9, Gamma_R9_2;
     return;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -377,20 +481,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$ftC9I58hTr~uInFEjp~qaQ:
-    assume {:captureState "$FUN_6b0$__0__$ftC9I58hTr~uInFEjp~qaQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 40bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 40bv64)) || L(mem, bvadd64(R16, 40bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 40bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69672bv64), (gamma_load64(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69672bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -430,19 +657,142 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$5~1SMMaYTnC_yOEStjKdRw:
-    assume {:captureState "$FUN_680$__0__$5~1SMMaYTnC_yOEStjKdRw"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -482,7 +832,7 @@ procedure printf();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2294bv64) == 2bv8);
@@ -522,7 +872,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 2292bv64) == 1bv8);
   free requires (memory_load8_le(mem, 2293bv64) == 0bv8);
   free requires (memory_load8_le(mem, 2294bv64) == 2bv8);
diff --git a/src/test/correct/malloc_with_local2/gcc/malloc_with_local2.expected b/src/test/correct/malloc_with_local2/gcc/malloc_with_local2.expected
index ba606abce..894935975 100644
--- a/src/test/correct/malloc_with_local2/gcc/malloc_with_local2.expected
+++ b/src/test/correct/malloc_with_local2/gcc/malloc_with_local2.expected
@@ -1,19 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +13,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -36,17 +40,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -60,15 +68,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -110,7 +118,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
@@ -145,8 +153,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
@@ -165,10 +173,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -186,117 +190,664 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_21: bool;
+  var Gamma_R0_24: bool;
+  var Gamma_R0_25: bool;
+  var Gamma_R0_26: bool;
+  var Gamma_R0_27: bool;
+  var Gamma_R0_28: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R10_7: bool;
+  var Gamma_R10_8: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R11_7: bool;
+  var Gamma_R11_8: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R12_7: bool;
+  var Gamma_R12_8: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R13_7: bool;
+  var Gamma_R13_8: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R14_7: bool;
+  var Gamma_R14_8: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R15_7: bool;
+  var Gamma_R15_8: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R16_8: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R17_8: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R18_7: bool;
+  var Gamma_R18_8: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R19_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_11: bool;
+  var Gamma_R1_12: bool;
+  var Gamma_R1_13: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R20_7: bool;
+  var Gamma_R20_8: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R21_7: bool;
+  var Gamma_R21_8: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R22_7: bool;
+  var Gamma_R22_8: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R23_7: bool;
+  var Gamma_R23_8: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R24_7: bool;
+  var Gamma_R24_8: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R25_7: bool;
+  var Gamma_R25_8: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R26_7: bool;
+  var Gamma_R26_8: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R27_7: bool;
+  var Gamma_R27_8: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R28_7: bool;
+  var Gamma_R28_8: bool;
+  var Gamma_R29_10: bool;
+  var Gamma_R29_11: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R2_8: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_13: bool;
+  var Gamma_R30_15: bool;
+  var Gamma_R30_17: bool;
+  var Gamma_R30_18: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R31_10: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R3_7: bool;
+  var Gamma_R3_8: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R4_7: bool;
+  var Gamma_R4_8: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R5_7: bool;
+  var Gamma_R5_8: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R6_7: bool;
+  var Gamma_R6_8: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R7_7: bool;
+  var Gamma_R7_8: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var Gamma_R9_8: bool;
+  var R0_10: bv64;
+  var R0_11: bv64;
+  var R0_12: bv64;
+  var R0_13: bv64;
+  var R0_16: bv64;
+  var R0_17: bv64;
+  var R0_18: bv32;
+  var R0_2: bv64;
+  var R0_21: bv64;
+  var R0_24: bv64;
+  var R0_25: bv64;
+  var R0_26: bv64;
+  var R0_27: bv64;
+  var R0_28: bv64;
+  var R0_5: bv64;
+  var R0_8: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R10_7: bv64;
+  var R10_8: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R11_7: bv64;
+  var R11_8: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R12_7: bv64;
+  var R12_8: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R13_7: bv64;
+  var R13_8: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R14_7: bv64;
+  var R14_8: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R15_7: bv64;
+  var R15_8: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R16_8: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R17_8: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R18_7: bv64;
+  var R18_8: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R19_8: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_11: bv64;
+  var R1_12: bv64;
+  var R1_13: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R20_7: bv64;
+  var R20_8: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R21_7: bv64;
+  var R21_8: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R22_7: bv64;
+  var R22_8: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R23_7: bv64;
+  var R23_8: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R24_7: bv64;
+  var R24_8: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R25_7: bv64;
+  var R25_8: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R26_7: bv64;
+  var R26_8: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R27_7: bv64;
+  var R27_8: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R28_7: bv64;
+  var R28_8: bv64;
+  var R29_10: bv64;
+  var R29_11: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R2_8: bv64;
+  var R3: bv64;
+  var R30_11: bv64;
+  var R30_13: bv64;
+  var R30_15: bv64;
+  var R30_17: bv64;
+  var R30_18: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_9: bv64;
+  var R31_10: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R31_9: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R3_7: bv64;
+  var R3_8: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R4_7: bv64;
+  var R4_8: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R5_7: bv64;
+  var R5_8: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R6_7: bv64;
+  var R6_8: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R7_7: bv64;
+  var R7_8: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R8_5: bv64;
+  var R8_6: bv64;
+  var R8_7: bv64;
+  var R8_8: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
+  var R9_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551552bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%0000036c"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000372"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551552bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551560bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551560bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R31_in, R2, Gamma_R2, 2084bv64, true, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l0000038b;
   l0000038b:
-    assume {:captureState "l0000038b"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "%00000391"} true;
-    R0, Gamma_R0 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%0000039e"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2104bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 40bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 40bv64), Gamma_R0_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_3, 28bv64), 11bv32), gamma_store32(Gamma_stack, bvadd64(R31_3, 28bv64), true);
+    call R0_5, Gamma_R0_5, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2104bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l000003ac;
   l000003ac:
-    assume {:captureState "l000003ac"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 48bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 48bv64), Gamma_R0);
-    assume {:captureState "%000003b2"} true;
-    R0, Gamma_R0 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 32bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R0);
-    assume {:captureState "%000003bf"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 48bv64), R0_5), gamma_store64(Gamma_stack, bvadd64(R31_4, 48bv64), Gamma_R0_5);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_4, 32bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_4, 32bv64), true);
+    call R0_8, Gamma_R0_8, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_3, Gamma_R1_3, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := malloc(4bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2124bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l000003cd;
   l000003cd:
-    assume {:captureState "l000003cd"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 56bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 56bv64), Gamma_R0);
-    assume {:captureState "%000003d3"} true;
-    R0, Gamma_R0 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_R0);
-    assume {:captureState "%000003e0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R1, Gamma_R1 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_5, 56bv64), R0_8), gamma_store64(Gamma_stack, bvadd64(R31_5, 56bv64), Gamma_R0_8);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_5, 36bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_5, 36bv64), true);
+    R0_10, Gamma_R0_10 := memory_load64_le(stack, bvadd64(R31_5, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 40bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003f4"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    assert (L(mem, R0_10) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_10, 65bv8), gamma_store8(Gamma_mem, R0_10, true);
+    R0_11, Gamma_R0_11 := memory_load64_le(stack, bvadd64(R31_5, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 48bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000408"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
+    assert (L(mem, R0_11) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_11, 42bv32), gamma_store32(Gamma_mem, R0_11, true);
+    R0_12, Gamma_R0_12 := memory_load64_le(stack, bvadd64(R31_5, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 40bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2280bv64), Gamma_R0;
-    R30, Gamma_R30 := 2184bv64, true;
-    call printf();
+    R0_13, Gamma_R0_13 := zero_extend56_8(memory_load8_le(mem, R0_12)), (gamma_load8(Gamma_mem, R0_12) || L(mem, R0_12));
+    R1_6, Gamma_R1_6 := zero_extend32_32(R0_13[32:0]), Gamma_R0_13;
+    call R0_16, Gamma_R0_16, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_7, Gamma_R1_7, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_9, Gamma_R30_9, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4 := printf(2280bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_6, Gamma_R1_6, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2184bv64, true, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3);
     goto l00000431;
   l00000431:
-    assume {:captureState "l00000431"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
+    R0_17, Gamma_R0_17 := memory_load64_le(stack, bvadd64(R31_6, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 48bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2304bv64), Gamma_R0;
-    R30, Gamma_R30 := 2208bv64, true;
-    call printf();
+    R0_18, Gamma_R0_18 := memory_load32_le(mem, R0_17), (gamma_load32(Gamma_mem, R0_17) || L(mem, R0_17));
+    R1_8, Gamma_R1_8 := zero_extend32_32(R0_18), Gamma_R0_18;
+    call R0_21, Gamma_R0_21, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_11, Gamma_R30_11, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5 := printf(2304bv64, true, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_8, Gamma_R1_8, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2208bv64, true, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4);
     goto l00000457;
   l00000457:
-    assume {:captureState "l00000457"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 32bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2320bv64), Gamma_R0;
-    R30, Gamma_R30 := 2224bv64, true;
-    call printf();
+    R1_10, Gamma_R1_10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_7, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31_7, 32bv64));
+    call R0_24, Gamma_R0_24, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_11, Gamma_R1_11, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_13, Gamma_R30_13, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6 := printf(2320bv64, true, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_10, Gamma_R1_10, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2224bv64, true, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5);
     goto l00000470;
   l00000470:
-    assume {:captureState "l00000470"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2232bv64, true;
-    call #free();
+    R0_25, Gamma_R0_25 := memory_load64_le(stack, bvadd64(R31_8, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 40bv64));
+    call R0_26, Gamma_R0_26, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_12, Gamma_R1_12, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, R30_15, Gamma_R30_15, R31_9, Gamma_R31_9, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_7, Gamma_R8_7, R9_7, Gamma_R9_7 := #free(R0_25, Gamma_R0_25, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_11, Gamma_R1_11, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, 2232bv64, true, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6);
     goto l0000047f;
   l0000047f:
-    assume {:captureState "l0000047f"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R30, Gamma_R30 := 2240bv64, true;
-    call #free();
+    R0_27, Gamma_R0_27 := memory_load64_le(stack, bvadd64(R31_9, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 48bv64));
+    call R0_28, Gamma_R0_28, R10_8, Gamma_R10_8, R11_8, Gamma_R11_8, R12_8, Gamma_R12_8, R13_8, Gamma_R13_8, R14_8, Gamma_R14_8, R15_8, Gamma_R15_8, R16_8, Gamma_R16_8, R17_8, Gamma_R17_8, R18_8, Gamma_R18_8, R19_8, Gamma_R19_8, R1_13, Gamma_R1_13, R20_8, Gamma_R20_8, R21_8, Gamma_R21_8, R22_8, Gamma_R22_8, R23_8, Gamma_R23_8, R24_8, Gamma_R24_8, R25_8, Gamma_R25_8, R26_8, Gamma_R26_8, R27_8, Gamma_R27_8, R28_8, Gamma_R28_8, R29_10, Gamma_R29_10, R2_8, Gamma_R2_8, R30_17, Gamma_R30_17, R31_10, Gamma_R31_10, R3_8, Gamma_R3_8, R4_8, Gamma_R4_8, R5_8, Gamma_R5_8, R6_8, Gamma_R6_8, R7_8, Gamma_R7_8, R8_8, Gamma_R8_8, R9_8, Gamma_R9_8 := #free(R0_27, Gamma_R0_27, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_12, Gamma_R1_12, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, 2240bv64, true, R31_9, Gamma_R31_9, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_7, Gamma_R8_7, R9_7, Gamma_R9_7);
     goto l0000048d;
   l0000048d:
-    assume {:captureState "l0000048d"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 64bv64), Gamma_R31;
+    R29_11, Gamma_R29_11 := memory_load64_le(stack, R31_10), gamma_load64(Gamma_stack, R31_10);
+    R30_18, Gamma_R30_18 := memory_load64_le(stack, bvadd64(R31_10, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_10, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_13, R29_11, R30_18, bvadd64(R31_10, 64bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_13, Gamma_R29_11, Gamma_R30_18, Gamma_R31_10;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
@@ -331,7 +882,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
diff --git a/src/test/correct/malloc_with_local2/gcc/malloc_with_local2_gtirb.expected b/src/test/correct/malloc_with_local2/gcc/malloc_with_local2_gtirb.expected
index 034a6ffd3..b934e6ac8 100644
--- a/src/test/correct/malloc_with_local2/gcc/malloc_with_local2_gtirb.expected
+++ b/src/test/correct/malloc_with_local2/gcc/malloc_with_local2_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,22 +31,22 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
-function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) {
-  gammaMap[index]
-}
-
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -60,18 +60,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -110,8 +109,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
@@ -130,10 +129,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -151,118 +146,111 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$8$0: bv64;
-  var Gamma_Cse0__5$8$0: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R16_8: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R17_8: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_10: bool;
+  var R0_13: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R0_9: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R16_8: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R17_8: bv64;
+  var R1_5: bv64;
+  var R29_3: bv64;
+  var R30_10: bv64;
   $main$__0__$AZzshZKtSEuJn8wjRf5oKw:
-    assume {:captureState "$main$__0__$AZzshZKtSEuJn8wjRf5oKw"} true;
-    Cse0__5$8$0, Gamma_Cse0__5$8$0 := bvadd64(R31, 18446744073709551552bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$8$0, R29), gamma_store64(Gamma_stack, Cse0__5$8$0, Gamma_R29);
-    assume {:captureState "2068$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$8$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$8$0, 8bv64), Gamma_R30);
-    assume {:captureState "2068$2"} true;
-    R31, Gamma_R31 := Cse0__5$8$0, Gamma_Cse0__5$8$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551552bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551560bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551560bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$_Jt_AVu0STa3DsAXddfzmA;
   $main$__1__$_Jt_AVu0STa3DsAXddfzmA:
-    assume {:captureState "$main$__1__$_Jt_AVu0STa3DsAXddfzmA"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2084$0"} true;
-    R0, Gamma_R0 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "2092$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2104bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 11bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$vVSPHAjaRAyVtXo~vTrC7g;
   $main$__2__$vVSPHAjaRAyVtXo~vTrC7g:
-    assume {:captureState "$main$__2__$vVSPHAjaRAyVtXo~vTrC7g"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 48bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 48bv64), Gamma_R0);
-    assume {:captureState "2104$0"} true;
-    R0, Gamma_R0 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 32bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R0);
-    assume {:captureState "2112$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_680(R16_2, Gamma_R16_2);
     goto $main$__3__$qo4gHbnYSpa0qcz2RNo4Dw;
   $main$__3__$qo4gHbnYSpa0qcz2RNo4Dw:
-    assume {:captureState "$main$__3__$qo4gHbnYSpa0qcz2RNo4Dw"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 56bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 56bv64), Gamma_R0);
-    assume {:captureState "2124$0"} true;
-    R0, Gamma_R0 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_R0);
-    assume {:captureState "2132$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R1, Gamma_R1 := 65bv64, true;
-    call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2144$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), true);
+    R0_7, Gamma_R0_7 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2156$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
+    assert (L(mem, R0_7) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_7, 65bv8), gamma_store8(Gamma_mem, R0_7, true);
+    R0_8, Gamma_R0_8 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2280bv64), Gamma_R0;
-    R30, Gamma_R30 := 2184bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R0_8) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_8, 42bv32), gamma_store32(Gamma_mem, R0_8, true);
+    R0_9, Gamma_R0_9 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__4__$sKQEwpisRC~Deg8htVYDGA;
   $main$__4__$sKQEwpisRC~Deg8htVYDGA:
-    assume {:captureState "$main$__4__$sKQEwpisRC~Deg8htVYDGA"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2304bv64), Gamma_R0;
-    R30, Gamma_R30 := 2208bv64, true;
-    call FUN_6c0();
+    R0_13, Gamma_R0_13 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6c0(R16_4, Gamma_R16_4);
     goto $main$__5__$UU_sb98JQMuNTccrtfVShA;
   $main$__5__$UU_sb98JQMuNTccrtfVShA:
-    assume {:captureState "$main$__5__$UU_sb98JQMuNTccrtfVShA"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 32bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2320bv64), Gamma_R0;
-    R30, Gamma_R30 := 2224bv64, true;
-    call FUN_6c0();
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551584bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6c0(R16_5, Gamma_R16_5);
     goto $main$__6__$xqmLBBa1TNCvLDxmYyOHcQ;
   $main$__6__$xqmLBBa1TNCvLDxmYyOHcQ:
-    assume {:captureState "$main$__6__$xqmLBBa1TNCvLDxmYyOHcQ"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2232bv64, true;
-    call FUN_6b0();
+    call R16_7, Gamma_R16_7, R17_7, Gamma_R17_7 := FUN_6b0(R16_6, Gamma_R16_6);
     goto $main$__7__$9CEaMIK4TyKPblekpKg8LA;
   $main$__7__$9CEaMIK4TyKPblekpKg8LA:
-    assume {:captureState "$main$__7__$9CEaMIK4TyKPblekpKg8LA"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R30, Gamma_R30 := 2240bv64, true;
-    call FUN_6b0();
+    call R16_8, Gamma_R16_8, R17_8, Gamma_R17_8 := FUN_6b0(R16_7, Gamma_R16_7);
     goto $main$__8__$kYgEsvZnR5mgdgIreZDDSA;
   $main$__8__$kYgEsvZnR5mgdgIreZDDSA:
-    assume {:captureState "$main$__8__$kYgEsvZnR5mgdgIreZDDSA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 64bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551552bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64));
+    R30_10, Gamma_R30_10 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551560bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551560bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_5, R29_3, R30_10, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_5, Gamma_R29_3, Gamma_R30_10, Gamma_R31_in;
     return;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -296,20 +284,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$dQPm~3VORAieWEy83BwbqQ:
-    assume {:captureState "$FUN_6b0$__0__$dQPm~3VORAieWEy83BwbqQ"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4032bv64)) || L(mem, bvadd64(R16, 4032bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4032bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69568bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -343,20 +454,143 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$e2Fzppr9TBufcmss~nKX6w:
-    assume {:captureState "$FUN_6c0$__0__$e2Fzppr9TBufcmss~nKX6w"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -390,19 +624,142 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$6hxifqk6SUCUrrqeP4IHHw:
-    assume {:captureState "$FUN_680$__0__$6hxifqk6SUCUrrqeP4IHHw"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4008bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4008bv64)) || L(mem, bvadd64(R16, 4008bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4008bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69544bv64), (gamma_load64(Gamma_mem, 69544bv64) || L(mem, 69544bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69544bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -436,7 +793,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
@@ -470,7 +827,7 @@ procedure printf();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2272bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2288bv64) == 748482783423457568bv64);
diff --git a/src/test/correct/malloc_with_local3/clang/malloc_with_local3.expected b/src/test/correct/malloc_with_local3/clang/malloc_with_local3.expected
index f8b3fd019..fcba62a4d 100644
--- a/src/test/correct/malloc_with_local3/clang/malloc_with_local3.expected
+++ b/src/test/correct/malloc_with_local3/clang/malloc_with_local3.expected
@@ -1,23 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -28,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -65,15 +69,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -117,7 +121,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
@@ -156,8 +160,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
@@ -178,10 +182,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free ensures (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -201,122 +201,608 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #7: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#7: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R10_7: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R11_7: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R12_7: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R13_7: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R14_7: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R15_7: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R18_7: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R20_7: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R21_7: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R22_7: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R23_7: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R24_7: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R25_7: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R26_7: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R27_7: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R28_7: bool;
+  var Gamma_R29_10: bool;
+  var Gamma_R29_11: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_10: bool;
+  var Gamma_R30_12: bool;
+  var Gamma_R30_14: bool;
+  var Gamma_R30_16: bool;
+  var Gamma_R30_17: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R31_10: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R3_7: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R4_7: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R5_7: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R6_7: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R7_7: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var Gamma_R9_8: bool;
+  var Gamma_R9_9: bool;
+  var R0_10: bv64;
+  var R0_13: bv64;
+  var R0_14: bv64;
+  var R0_15: bv64;
+  var R0_16: bv64;
+  var R0_17: bv64;
+  var R0_18: bv64;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R0_7: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R10_7: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R11_7: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R12_7: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R13_7: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R14_7: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R15_7: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R18_7: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_4: bv64;
+  var R1_5: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R20_7: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R21_7: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R22_7: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R23_7: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R24_7: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R25_7: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R26_7: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R27_7: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R28_7: bv64;
+  var R29_10: bv64;
+  var R29_11: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R3: bv64;
+  var R30_10: bv64;
+  var R30_12: bv64;
+  var R30_14: bv64;
+  var R30_16: bv64;
+  var R30_17: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R31_10: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R31_9: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R3_7: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R4_7: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R5_7: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R6_7: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R7_7: bv64;
+  var R8_11: bv64;
+  var R8_12: bv64;
+  var R8_13: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_2: bv64;
+  var R8_4: bv64;
+  var R8_7: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
+  var R9_8: bv64;
+  var R9_9: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551536bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 64bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000003ba"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000003c0"} true;
-    R29, Gamma_R29 := bvadd64(R31, 64bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%000003d3"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "%000003da"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551544bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551544bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 2100bv64, true, bvadd64(R31_in, 18446744073709551536bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, 0bv64, true, R9, Gamma_R9);
     goto l000003e9;
   l000003e9:
-    assume {:captureState "l000003e9"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551600bv64), R0), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64), Gamma_R0);
-    assume {:captureState "%000003ef"} true;
-    R8, Gamma_R8 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551596bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551596bv64), Gamma_R8);
-    assume {:captureState "%000003fc"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R0), gamma_store64(Gamma_stack, R31, Gamma_R0);
-    assume {:captureState "%00000409"} true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call malloc();
+    call rely();
+    assert (L(mem, bvadd64(R29_3, 18446744073709551600bv64)) ==> Gamma_R0_2);
+    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R29_3, 18446744073709551600bv64), R0_2), gamma_store64(Gamma_mem, bvadd64(R29_3, 18446744073709551600bv64), Gamma_R0_2);
+    call rely();
+    assert (L(mem, bvadd64(R29_3, 18446744073709551596bv64)) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R29_3, 18446744073709551596bv64), 11bv32), gamma_store32(Gamma_mem, bvadd64(R29_3, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store64_le(stack, R31_3, 4bv64), gamma_store64(Gamma_stack, R31_3, true);
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_4, Gamma_R8_4, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2124bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, 11bv64, true, R9_1, Gamma_R9_1);
     goto l00000412;
   l00000412:
-    assume {:captureState "l00000412"} true;
-    R8, Gamma_R8 := R0, Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R8);
-    assume {:captureState "%00000425"} true;
-    R8, Gamma_R8 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R8);
-    assume {:captureState "%00000432"} true;
-    R30, Gamma_R30 := 2148bv64, true;
-    call malloc();
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, R31_4), gamma_load64(Gamma_stack, R31_4);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 32bv64), R0_4), gamma_store64(Gamma_stack, bvadd64(R31_4, 32bv64), Gamma_R0_4);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_4, 28bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_4, 28bv64), true);
+    call R0_6, Gamma_R0_6, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_3, Gamma_R1_3, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_7, Gamma_R8_7, R9_3, Gamma_R9_3 := malloc(R0_5, Gamma_R0_5, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2148bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, 10bv64, true, R9_2, Gamma_R9_2);
     goto l0000043b;
   l0000043b:
-    assume {:captureState "l0000043b"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "%00000441"} true;
-    R8, Gamma_R8 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%0000044e"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R8, Gamma_R8 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_5, 16bv64), R0_6), gamma_store64(Gamma_stack, bvadd64(R31_5, 16bv64), Gamma_R0_6);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_5, 12bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_5, 12bv64), true);
+    call rely();
+    R9_4, Gamma_R9_4 := memory_load64_le(mem, bvadd64(R29_5, 18446744073709551600bv64)), (gamma_load64(Gamma_mem, bvadd64(R29_5, 18446744073709551600bv64)) || L(mem, bvadd64(R29_5, 18446744073709551600bv64)));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000462"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    assert (L(mem, R9_4) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_4, 65bv8), gamma_store8(Gamma_mem, R9_4, true);
+    R9_5, Gamma_R9_5 := memory_load64_le(stack, bvadd64(R31_5, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 32bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000476"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R30, Gamma_R30 := 2192bv64, true;
-    call printCharValue();
+    assert (L(mem, R9_5) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_5, 42bv32), gamma_store32(Gamma_mem, R9_5, true);
+    call rely();
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, bvadd64(R29_5, 18446744073709551600bv64)), (gamma_load64(Gamma_mem, bvadd64(R29_5, 18446744073709551600bv64)) || L(mem, bvadd64(R29_5, 18446744073709551600bv64)));
+    call R29_6, Gamma_R29_6, R31_6, Gamma_R31_6 := printCharValue(R0_7, Gamma_R0_7, R29_5, Gamma_R29_5, 2192bv64, true, R31_5, Gamma_R31_5);
     goto l00000504;
   l00000504:
-    assume {:captureState "l00000504"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
+    R8_11, Gamma_R8_11 := memory_load64_le(stack, bvadd64(R31_6, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 32bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2348bv64), Gamma_R0;
-    R30, Gamma_R30 := 2212bv64, true;
-    call printf();
+    R1_4, Gamma_R1_4 := zero_extend32_32(memory_load32_le(mem, R8_11)), (gamma_load32(Gamma_mem, R8_11) || L(mem, R8_11));
+    call R0_10, Gamma_R0_10, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_5, Gamma_R1_5, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_7, Gamma_R29_7, R2_4, Gamma_R2_4, R30_10, Gamma_R30_10, R31_7, Gamma_R31_7, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_12, Gamma_R8_12, R9_6, Gamma_R9_6 := printf(2348bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_4, Gamma_R1_4, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_6, Gamma_R29_6, R2_3, Gamma_R2_3, 2212bv64, true, R31_6, Gamma_R31_6, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_11, Gamma_R8_11, R9_5, Gamma_R9_5);
     goto l00000524;
   l00000524:
-    assume {:captureState "l00000524"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2364bv64), Gamma_R0;
-    R30, Gamma_R30 := 2228bv64, true;
-    call printf();
+    R1_6, Gamma_R1_6 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_7, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_7, 28bv64));
+    call R0_13, Gamma_R0_13, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_7, Gamma_R1_7, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_8, Gamma_R29_8, R2_5, Gamma_R2_5, R30_12, Gamma_R30_12, R31_8, Gamma_R31_8, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_13, Gamma_R8_13, R9_7, Gamma_R9_7 := printf(2364bv64, true, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_6, Gamma_R1_6, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_7, Gamma_R29_7, R2_4, Gamma_R2_4, 2228bv64, true, R31_7, Gamma_R31_7, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_12, Gamma_R8_12, R9_6, Gamma_R9_6);
     goto l0000053d;
   l0000053d:
-    assume {:captureState "l0000053d"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R30, Gamma_R30 := 2236bv64, true;
-    call #free();
+    call rely();
+    R0_14, Gamma_R0_14 := memory_load64_le(mem, bvadd64(R29_8, 18446744073709551600bv64)), (gamma_load64(Gamma_mem, bvadd64(R29_8, 18446744073709551600bv64)) || L(mem, bvadd64(R29_8, 18446744073709551600bv64)));
+    call R0_15, Gamma_R0_15, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_8, Gamma_R1_8, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_9, Gamma_R29_9, R2_6, Gamma_R2_6, R30_14, Gamma_R30_14, R31_9, Gamma_R31_9, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_14, Gamma_R8_14, R9_8, Gamma_R9_8 := #free(R0_14, Gamma_R0_14, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_7, Gamma_R1_7, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_8, Gamma_R29_8, R2_5, Gamma_R2_5, 2236bv64, true, R31_8, Gamma_R31_8, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_13, Gamma_R8_13, R9_7, Gamma_R9_7);
     goto l0000054c;
   l0000054c:
-    assume {:captureState "l0000054c"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R30, Gamma_R30 := 2244bv64, true;
-    call #free();
+    R0_16, Gamma_R0_16 := memory_load64_le(stack, bvadd64(R31_9, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 32bv64));
+    call R0_17, Gamma_R0_17, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_9, Gamma_R1_9, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_10, Gamma_R29_10, R2_7, Gamma_R2_7, R30_16, Gamma_R30_16, R31_10, Gamma_R31_10, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_15, Gamma_R8_15, R9_9, Gamma_R9_9 := #free(R0_16, Gamma_R0_16, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_8, Gamma_R1_8, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_9, Gamma_R29_9, R2_6, Gamma_R2_6, 2244bv64, true, R31_9, Gamma_R31_9, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_14, Gamma_R8_14, R9_8, Gamma_R9_8);
     goto l0000055a;
   l0000055a:
-    assume {:captureState "l0000055a"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    #7, Gamma_#7 := bvadd64(R31, 64bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #7), gamma_load64(Gamma_stack, #7);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#7, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#7, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 80bv64), Gamma_R31;
+    R0_18, Gamma_R0_18 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_10, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31_10, 8bv64));
+    R29_11, Gamma_R29_11 := memory_load64_le(stack, bvadd64(R31_10, 64bv64)), gamma_load64(Gamma_stack, bvadd64(R31_10, 64bv64));
+    R30_17, Gamma_R30_17 := memory_load64_le(stack, bvadd64(R31_10, 72bv64)), gamma_load64(Gamma_stack, bvadd64(R31_10, 72bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_18, R1_9, R29_11, R30_17, bvadd64(R31_10, 80bv64), R8_15, R9_9;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_18, Gamma_R1_9, Gamma_R29_11, Gamma_R30_17, Gamma_R31_10, Gamma_R8_15, Gamma_R9_9;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
@@ -355,8 +841,8 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure printCharValue();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R29_out: bv64, Gamma_R29_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -375,10 +861,6 @@ procedure printCharValue();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free ensures (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -398,52 +880,160 @@ procedure printCharValue();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation printCharValue()
+implementation printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R29_out: bv64, Gamma_R29_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #5: bv64;
-  var #6: bv64;
-  var Gamma_#5: bool;
-  var Gamma_#6: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_4: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R31_3: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
   lprintCharValue:
-    assume {:captureState "lprintCharValue"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    #5, Gamma_#5 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #5, R29), gamma_store64(Gamma_stack, #5, Gamma_R29);
-    assume {:captureState "%00000496"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#5, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#5, 8bv64), Gamma_R30);
-    assume {:captureState "%0000049c"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%000004aa"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, R9)), (gamma_load8(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_1, Gamma_R8_1 := zero_extend56_8(memory_load8_le(mem, R9_1)), (gamma_load8(Gamma_mem, R9_1) || L(mem, R9_1));
+    R8_2, Gamma_R8_2 := zero_extend32_32(bvadd32(R8_1[32:0], 1bv32)), Gamma_R8_1;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000004c6"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    assert (L(mem, R9_1) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store8_le(mem, R9_1, R8_2[8:0]), gamma_store8(Gamma_mem, R9_1, Gamma_R8_2);
+    R8_3, Gamma_R8_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(mem, R8)), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2391bv64), Gamma_R0;
-    R30, Gamma_R30 := 2312bv64, true;
-    call printf();
+    R1_1, Gamma_R1_1 := zero_extend56_8(memory_load8_le(mem, R8_3)), (gamma_load8(Gamma_mem, R8_3) || L(mem, R8_3));
+    call R0_4, Gamma_R0_4, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_2, Gamma_R1_2, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_4, Gamma_R8_4, R9_2, Gamma_R9_2 := printf(2391bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1_1, Gamma_R1_1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 2312bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8_3, Gamma_R8_3, R9_1, Gamma_R9_1);
     goto l000004e9;
   l000004e9:
-    assume {:captureState "l000004e9"} true;
-    #6, Gamma_#6 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #6), gamma_load64(Gamma_stack, #6);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#6, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#6, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, bvadd64(R31_3, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 16bv64));
     goto printCharValue_basil_return;
   printCharValue_basil_return:
-    assume {:captureState "printCharValue_basil_return"} true;
+    R29_out, R31_out := R29_4, bvadd64(R31_3, 32bv64);
+    Gamma_R29_out, Gamma_R31_out := Gamma_R29_4, Gamma_R31_3;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
diff --git a/src/test/correct/malloc_with_local3/clang/malloc_with_local3_gtirb.expected b/src/test/correct/malloc_with_local3/clang/malloc_with_local3_gtirb.expected
index 508af9ec4..dea4d4695 100644
--- a/src/test/correct/malloc_with_local3/clang/malloc_with_local3_gtirb.expected
+++ b/src/test/correct/malloc_with_local3/clang/malloc_with_local3_gtirb.expected
@@ -1,23 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -28,6 +10,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,17 +37,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -65,19 +65,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -117,8 +117,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -156,20 +156,143 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$me9kzk4bRj6EX~wS6RkzzQ:
-    assume {:captureState "$FUN_6c0$__0__$me9kzk4bRj6EX~wS6RkzzQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 48bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 48bv64)) || L(mem, bvadd64(R16, 48bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 48bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69680bv64), (gamma_load64(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69680bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
@@ -190,10 +313,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free ensures (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -213,123 +332,120 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$4$1: bv64;
-  var Cse0__5$5$1: bv64;
-  var Gamma_Cse0__5$4$1: bool;
-  var Gamma_Cse0__5$5$1: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R30_10: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_11: bv64;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R30_10: bv64;
+  var R31_3: bv64;
+  var R8_8: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
   $main$__0__$nxS5BBFfTke_CNErRQFGKQ:
-    assume {:captureState "$main$__0__$nxS5BBFfTke_CNErRQFGKQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551536bv64), Gamma_R31;
-    Cse0__5$5$1, Gamma_Cse0__5$5$1 := bvadd64(R31, 64bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$5$1, R29), gamma_store64(Gamma_stack, Cse0__5$5$1, Gamma_R29);
-    assume {:captureState "2072$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$5$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$5$1, 8bv64), Gamma_R30);
-    assume {:captureState "2072$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 64bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "2084$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "2088$0"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551544bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551544bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$Ik7a47RJTBa1l1WDXE7X3A;
   $main$__1__$Ik7a47RJTBa1l1WDXE7X3A:
-    assume {:captureState "$main$__1__$Ik7a47RJTBa1l1WDXE7X3A"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551600bv64), R0), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64), Gamma_R0);
-    assume {:captureState "2100$0"} true;
-    R8, Gamma_R8 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551596bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551596bv64), Gamma_R8);
-    assume {:captureState "2108$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    stack, Gamma_stack := memory_store64_le(stack, R31, R0), gamma_store64(Gamma_stack, R31, Gamma_R0);
-    assume {:captureState "2116$0"} true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 11bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551536bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551536bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$4Qjclk41Sf2Jx7UaAwk5Gw;
   $main$__2__$4Qjclk41Sf2Jx7UaAwk5Gw:
-    assume {:captureState "$main$__2__$4Qjclk41Sf2Jx7UaAwk5Gw"} true;
-    R8, Gamma_R8 := R0, Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R8);
-    assume {:captureState "2132$0"} true;
-    R8, Gamma_R8 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R8);
-    assume {:captureState "2140$0"} true;
-    R30, Gamma_R30 := 2148bv64, true;
-    call FUN_680();
+    R0_3, Gamma_R0_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551536bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551536bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551564bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551564bv64), true);
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_680(R16_2, Gamma_R16_2);
     goto $main$__3__$jJOoR~rDTuy7U_5U9rR_Gg;
   $main$__3__$jJOoR~rDTuy7U_5U9rR_Gg:
-    assume {:captureState "$main$__3__$jJOoR~rDTuy7U_5U9rR_Gg"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "2148$0"} true;
-    R8, Gamma_R8 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "2156$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R8, Gamma_R8 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551552bv64), R0_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551548bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551548bv64), true);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2168$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    assert (L(mem, R9_1) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_1, 65bv8), gamma_store8(Gamma_mem, R9_1, true);
+    R9_2, Gamma_R9_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2180$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R30, Gamma_R30 := 2192bv64, true;
-    call printCharValue();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 42bv32), gamma_store32(Gamma_mem, R9_2, true);
+    R0_4, Gamma_R0_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    call R29_3, Gamma_R29_3, R31_3, Gamma_R31_3 := printCharValue(R0_4, Gamma_R0_4, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, 2192bv64, true, bvadd64(R31_in, 18446744073709551536bv64), Gamma_R31_in);
     goto $main$__4__$Pa4MGsAVS6~tzB83NfXLBg;
   $main$__4__$Pa4MGsAVS6~tzB83NfXLBg:
-    assume {:captureState "$main$__4__$Pa4MGsAVS6~tzB83NfXLBg"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2348bv64), Gamma_R0;
-    R30, Gamma_R30 := 2148bv64, true;
-    call FUN_6c0();
+    R8_8, Gamma_R8_8 := memory_load64_le(stack, bvadd64(R31_3, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 32bv64));
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__5__$~SkD5Pe5QqiMlkcFiJItZA;
   $main$__5__$~SkD5Pe5QqiMlkcFiJItZA:
-    assume {:captureState "$main$__5__$~SkD5Pe5QqiMlkcFiJItZA"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2364bv64), Gamma_R0;
-    R30, Gamma_R30 := 2228bv64, true;
-    call FUN_6c0();
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 28bv64));
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6c0(R16_4, Gamma_R16_4);
     goto $main$__6__$hzO7zn1JRG~r_d3kLC97VQ;
   $main$__6__$hzO7zn1JRG~r_d3kLC97VQ:
-    assume {:captureState "$main$__6__$hzO7zn1JRG~r_d3kLC97VQ"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R29, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64));
-    R30, Gamma_R30 := 2236bv64, true;
-    call FUN_6b0();
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6b0(R16_5, Gamma_R16_5);
     goto $main$__7__$uPLqBGF0TDGfPpIXh_rpzQ;
   $main$__7__$uPLqBGF0TDGfPpIXh_rpzQ:
-    assume {:captureState "$main$__7__$uPLqBGF0TDGfPpIXh_rpzQ"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64));
-    R30, Gamma_R30 := 2244bv64, true;
-    call FUN_6b0();
+    call R16_7, Gamma_R16_7, R17_7, Gamma_R17_7 := FUN_6b0(R16_6, Gamma_R16_6);
     goto $main$__8__$9Y41cbd5RxmWaVzl3hmTRA;
   $main$__8__$9Y41cbd5RxmWaVzl3hmTRA:
-    assume {:captureState "$main$__8__$9Y41cbd5RxmWaVzl3hmTRA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    Cse0__5$4$1, Gamma_Cse0__5$4$1 := bvadd64(R31, 64bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$4$1), gamma_load64(Gamma_stack, Cse0__5$4$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$4$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$4$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 80bv64), Gamma_R31;
+    R0_11, Gamma_R0_11 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 8bv64));
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, bvadd64(R31_3, 64bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 64bv64));
+    R30_10, Gamma_R30_10 := memory_load64_le(stack, bvadd64(R31_3, 72bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 72bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_11, R16_7, R17_7, R1_2, R29_4, R30_10, bvadd64(R31_3, 80bv64), R8_8, R9_2;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_11, Gamma_R16_7, Gamma_R17_7, Gamma_R1_2, Gamma_R29_4, Gamma_R30_10, Gamma_R31_3, Gamma_R8_8, Gamma_R9_2;
     return;
 }
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -367,20 +483,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$q33iZ61pRiq0p_PPlVbZ1g:
-    assume {:captureState "$FUN_680$__0__$q33iZ61pRiq0p_PPlVbZ1g"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -418,20 +657,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$RW4J0XkoQ6ao8Rv9r_1Z0Q:
-    assume {:captureState "$FUN_6b0$__0__$RW4J0XkoQ6ao8Rv9r_1Z0Q"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 40bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 40bv64)) || L(mem, bvadd64(R16, 40bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 40bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69672bv64), (gamma_load64(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69672bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure printCharValue();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R29_out: bv64, Gamma_R29_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -450,10 +812,6 @@ procedure printCharValue();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free ensures (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -473,52 +831,45 @@ procedure printCharValue();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation printCharValue()
+implementation printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R29_out: bv64, Gamma_R29_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R9_1: bool;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R9_1: bv64;
   $printCharValue$__0__$oLhjcPasQ0GRWJmyJMiN1Q:
-    assume {:captureState "$printCharValue$__0__$oLhjcPasQ0GRWJmyJMiN1Q"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "2264$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "2264$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 16bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "2272$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    call rely();
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R9))), (gamma_load8(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2288$0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_1, Gamma_R8_1 := zero_extend56_8(memory_load8_le(mem, R9_1)), (gamma_load8(Gamma_mem, R9_1) || L(mem, R9_1));
+    R8_2, Gamma_R8_2 := zero_extend32_32(bvadd32(R8_1[32:0], 1bv32)), Gamma_R8_1;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R8))), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2391bv64), Gamma_R0;
-    R30, Gamma_R30 := 2312bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R9_1) ==> Gamma_R8_2);
+    mem, Gamma_mem := memory_store8_le(mem, R9_1, R8_2[8:0]), gamma_store8(Gamma_mem, R9_1, Gamma_R8_2);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_6c0(R16, Gamma_R16);
     goto $printCharValue$__1__$tdcD~_GVQvixIy4UvVBE1Q;
   $printCharValue$__1__$tdcD~_GVQvixIy4UvVBE1Q:
-    assume {:captureState "$printCharValue$__1__$tdcD~_GVQvixIy4UvVBE1Q"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 16bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$1$0), gamma_load64(Gamma_stack, Cse0__5$1$0);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$1$0, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
     goto printCharValue_basil_return;
   printCharValue_basil_return:
-    assume {:captureState "printCharValue_basil_return"} true;
+    R29_out, R31_out := R29_3, R31_in;
+    Gamma_R29_out, Gamma_R31_out := Gamma_R29_3, Gamma_R31_in;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -556,7 +907,7 @@ procedure printf();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
@@ -594,7 +945,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2344bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2352bv64) == 2322295453216173673bv64);
   free requires (memory_load64_le(mem, 2360bv64) == 2334386691848692773bv64);
diff --git a/src/test/correct/malloc_with_local3/gcc/malloc_with_local3.expected b/src/test/correct/malloc_with_local3/gcc/malloc_with_local3.expected
index b090008a9..127f5e11e 100644
--- a/src/test/correct/malloc_with_local3/gcc/malloc_with_local3.expected
+++ b/src/test/correct/malloc_with_local3/gcc/malloc_with_local3.expected
@@ -1,19 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -24,6 +14,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,17 +41,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -61,15 +69,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -115,7 +123,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
@@ -158,8 +166,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
@@ -182,10 +190,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free ensures (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -207,112 +211,595 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_21: bool;
+  var Gamma_R0_22: bool;
+  var Gamma_R0_23: bool;
+  var Gamma_R0_24: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R10_7: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R11_7: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R12_7: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R13_7: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R14_7: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R15_7: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R18_7: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_11: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R20_7: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R21_7: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R22_7: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R23_7: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R24_7: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R25_7: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R26_7: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R27_7: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R28_7: bool;
+  var Gamma_R29_10: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_10: bool;
+  var Gamma_R30_12: bool;
+  var Gamma_R30_14: bool;
+  var Gamma_R30_16: bool;
+  var Gamma_R30_17: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R31_10: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R3_7: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R4_7: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R5_7: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R6_7: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R7_7: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var R0_10: bv64;
+  var R0_11: bv64;
+  var R0_12: bv64;
+  var R0_13: bv64;
+  var R0_14: bv32;
+  var R0_17: bv64;
+  var R0_2: bv64;
+  var R0_20: bv64;
+  var R0_21: bv64;
+  var R0_22: bv64;
+  var R0_23: bv64;
+  var R0_24: bv64;
+  var R0_5: bv64;
+  var R0_8: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R10_7: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R11_7: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R12_7: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R13_7: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R14_7: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R15_7: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R18_7: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_11: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R20_7: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R21_7: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R22_7: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R23_7: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R24_7: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R25_7: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R26_7: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R27_7: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R28_7: bv64;
+  var R29_10: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R3: bv64;
+  var R30_10: bv64;
+  var R30_12: bv64;
+  var R30_14: bv64;
+  var R30_16: bv64;
+  var R30_17: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R31_10: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R31_9: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R3_7: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R4_7: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R5_7: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R6_7: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R7_7: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R8_5: bv64;
+  var R8_6: bv64;
+  var R8_7: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551552bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000003a4"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000003aa"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551552bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551560bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551560bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R31_in, R2, Gamma_R2, 2084bv64, true, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l000003c3;
   l000003c3:
-    assume {:captureState "l000003c3"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "%000003c9"} true;
-    R0, Gamma_R0 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%000003d6"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2104bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 40bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 40bv64), Gamma_R0_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_3, 28bv64), 11bv32), gamma_store32(Gamma_stack, bvadd64(R31_3, 28bv64), true);
+    call R0_5, Gamma_R0_5, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2104bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l000003e4;
   l000003e4:
-    assume {:captureState "l000003e4"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 48bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 48bv64), Gamma_R0);
-    assume {:captureState "%000003ea"} true;
-    R0, Gamma_R0 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 32bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R0);
-    assume {:captureState "%000003f7"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 48bv64), R0_5), gamma_store64(Gamma_stack, bvadd64(R31_4, 48bv64), Gamma_R0_5);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_4, 32bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_4, 32bv64), true);
+    call R0_8, Gamma_R0_8, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_3, Gamma_R1_3, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := malloc(4bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2124bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l00000405;
   l00000405:
-    assume {:captureState "l00000405"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 56bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 56bv64), Gamma_R0);
-    assume {:captureState "%0000040b"} true;
-    R0, Gamma_R0 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_R0);
-    assume {:captureState "%00000418"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R1, Gamma_R1 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_5, 56bv64), R0_8), gamma_store64(Gamma_stack, bvadd64(R31_5, 56bv64), Gamma_R0_8);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_5, 36bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_5, 36bv64), true);
+    R0_10, Gamma_R0_10 := memory_load64_le(stack, bvadd64(R31_5, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 40bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000042c"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    assert (L(mem, R0_10) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_10, 65bv8), gamma_store8(Gamma_mem, R0_10, true);
+    R0_11, Gamma_R0_11 := memory_load64_le(stack, bvadd64(R31_5, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 48bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000440"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2168bv64, true;
-    call printCharValue();
+    assert (L(mem, R0_11) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_11, 42bv32), gamma_store32(Gamma_mem, R0_11, true);
+    R0_12, Gamma_R0_12 := memory_load64_le(stack, bvadd64(R31_5, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 40bv64));
+    call R31_6, Gamma_R31_6 := printCharValue(R0_12, Gamma_R0_12, R29_5, Gamma_R29_5, 2168bv64, true, R31_5, Gamma_R31_5);
     goto l000004db;
   l000004db:
-    assume {:captureState "l000004db"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
+    R0_13, Gamma_R0_13 := memory_load64_le(stack, bvadd64(R31_6, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 48bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2336bv64), Gamma_R0;
-    R30, Gamma_R30 := 2192bv64, true;
-    call printf();
+    R0_14, Gamma_R0_14 := memory_load32_le(mem, R0_13), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
+    R1_6, Gamma_R1_6 := zero_extend32_32(R0_14), Gamma_R0_14;
+    call R0_17, Gamma_R0_17, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_7, Gamma_R1_7, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_10, Gamma_R30_10, R31_7, Gamma_R31_7, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4 := printf(2336bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_6, Gamma_R1_6, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2192bv64, true, R31_6, Gamma_R31_6, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3);
     goto l00000501;
   l00000501:
-    assume {:captureState "l00000501"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 32bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2352bv64), Gamma_R0;
-    R30, Gamma_R30 := 2208bv64, true;
-    call printf();
+    R1_8, Gamma_R1_8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_7, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31_7, 32bv64));
+    call R0_20, Gamma_R0_20, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_12, Gamma_R30_12, R31_8, Gamma_R31_8, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5 := printf(2352bv64, true, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_8, Gamma_R1_8, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2208bv64, true, R31_7, Gamma_R31_7, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4);
     goto l0000051a;
   l0000051a:
-    assume {:captureState "l0000051a"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2216bv64, true;
-    call #free();
+    R0_21, Gamma_R0_21 := memory_load64_le(stack, bvadd64(R31_8, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 40bv64));
+    call R0_22, Gamma_R0_22, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_10, Gamma_R1_10, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_14, Gamma_R30_14, R31_9, Gamma_R31_9, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6 := #free(R0_21, Gamma_R0_21, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2216bv64, true, R31_8, Gamma_R31_8, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5);
     goto l00000529;
   l00000529:
-    assume {:captureState "l00000529"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R30, Gamma_R30 := 2224bv64, true;
-    call #free();
+    R0_23, Gamma_R0_23 := memory_load64_le(stack, bvadd64(R31_9, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_9, 48bv64));
+    call R0_24, Gamma_R0_24, R10_7, Gamma_R10_7, R11_7, Gamma_R11_7, R12_7, Gamma_R12_7, R13_7, Gamma_R13_7, R14_7, Gamma_R14_7, R15_7, Gamma_R15_7, R16_7, Gamma_R16_7, R17_7, Gamma_R17_7, R18_7, Gamma_R18_7, R19_7, Gamma_R19_7, R1_11, Gamma_R1_11, R20_7, Gamma_R20_7, R21_7, Gamma_R21_7, R22_7, Gamma_R22_7, R23_7, Gamma_R23_7, R24_7, Gamma_R24_7, R25_7, Gamma_R25_7, R26_7, Gamma_R26_7, R27_7, Gamma_R27_7, R28_7, Gamma_R28_7, R29_9, Gamma_R29_9, R2_7, Gamma_R2_7, R30_16, Gamma_R30_16, R31_10, Gamma_R31_10, R3_7, Gamma_R3_7, R4_7, Gamma_R4_7, R5_7, Gamma_R5_7, R6_7, Gamma_R6_7, R7_7, Gamma_R7_7, R8_7, Gamma_R8_7, R9_7, Gamma_R9_7 := #free(R0_23, Gamma_R0_23, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_10, Gamma_R1_10, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, 2224bv64, true, R31_9, Gamma_R31_9, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6);
     goto l00000537;
   l00000537:
-    assume {:captureState "l00000537"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 64bv64), Gamma_R31;
+    R29_10, Gamma_R29_10 := memory_load64_le(stack, R31_10), gamma_load64(Gamma_stack, R31_10);
+    R30_17, Gamma_R30_17 := memory_load64_le(stack, bvadd64(R31_10, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_10, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_11, R29_10, R30_17, bvadd64(R31_10, 64bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_11, Gamma_R29_10, Gamma_R30_17, Gamma_R31_10;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
@@ -355,8 +842,8 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printCharValue();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -377,10 +864,6 @@ procedure printCharValue();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free ensures (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -402,52 +885,168 @@ procedure printCharValue();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation printCharValue()
+implementation printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #5: bv64;
-  var Gamma_#5: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R0_7: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv8;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R31_3: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   lprintCharValue:
-    assume {:captureState "lprintCharValue"} true;
-    #5, Gamma_#5 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #5, R29), gamma_store64(Gamma_stack, #5, Gamma_R29);
-    assume {:captureState "%0000045a"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#5, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#5, 8bv64), Gamma_R30);
-    assume {:captureState "%00000460"} true;
-    R31, Gamma_R31 := #5, Gamma_#5;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000472"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((0bv24 ++ R0[8:0])), Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    R0_3, Gamma_R0_3 := zero_extend56_8(memory_load8_le(mem, R0_2)), (gamma_load8(Gamma_mem, R0_2) || L(mem, R0_2));
+    R0_4, Gamma_R0_4 := zero_extend32_32(bvadd32(R0_3[32:0], 1bv32)), Gamma_R0_3;
+    R1_1, Gamma_R1_1 := R0_4[8:0], Gamma_R0_4;
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000049b"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store8_le(mem, R0_5, R1_1), gamma_store8(Gamma_mem, R0_5, Gamma_R1_1);
+    R0_6, Gamma_R0_6 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2384bv64), Gamma_R0;
-    R30, Gamma_R30 := 2296bv64, true;
-    call printf();
-    goto l000004c4;
-  l000004c4:
-    assume {:captureState "l000004c4"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R0_7, Gamma_R0_7 := zero_extend56_8(memory_load8_le(mem, R0_6)), (gamma_load8(Gamma_mem, R0_6) || L(mem, R0_6));
+    R1_2, Gamma_R1_2 := zero_extend32_32(R0_7[32:0]), Gamma_R0_7;
+    call R0_10, Gamma_R0_10, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_3, Gamma_R1_3, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(2384bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1_2, Gamma_R1_2, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R2, Gamma_R2, 2296bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto printCharValue_basil_return;
   printCharValue_basil_return:
-    assume {:captureState "printCharValue_basil_return"} true;
+    R31_out := bvadd64(R31_3, 32bv64);
+    Gamma_R31_out := Gamma_R31_3;
     return;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
diff --git a/src/test/correct/malloc_with_local3/gcc/malloc_with_local3_gtirb.expected b/src/test/correct/malloc_with_local3/gcc/malloc_with_local3_gtirb.expected
index dfaf0a7b1..f64e2df90 100644
--- a/src/test/correct/malloc_with_local3/gcc/malloc_with_local3_gtirb.expected
+++ b/src/test/correct/malloc_with_local3/gcc/malloc_with_local3_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -24,6 +10,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,17 +37,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -61,19 +65,19 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -115,8 +119,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -158,20 +162,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$fmUrfOHbTziivIh1CtAkdg:
-    assume {:captureState "$FUN_680$__0__$fmUrfOHbTziivIh1CtAkdg"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4008bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4008bv64)) || L(mem, bvadd64(R16, 4008bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4008bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69544bv64), (gamma_load64(Gamma_mem, 69544bv64) || L(mem, 69544bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69544bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure printCharValue();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -192,10 +319,6 @@ procedure printCharValue();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free ensures (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -217,53 +340,50 @@ procedure printCharValue();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation printCharValue()
+implementation printCharValue(R0_in: bv64, Gamma_R0_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R1_1: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R1_1: bv8;
   $printCharValue$__0__$jkKHMcI6QseLTh14pX_pkA:
-    assume {:captureState "$printCharValue$__0__$jkKHMcI6QseLTh14pX_pkA"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "2236$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "2236$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "2244$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32((0bv24 ++ R0[8:0])), Gamma_R0;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2268$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    R0_3, Gamma_R0_3 := zero_extend56_8(memory_load8_le(mem, R0_2)), (gamma_load8(Gamma_mem, R0_2) || L(mem, R0_2));
+    R0_4, Gamma_R0_4 := zero_extend32_32(bvadd32(R0_3[32:0], 1bv32)), Gamma_R0_3;
+    R1_1, Gamma_R1_1 := R0_4[8:0], Gamma_R0_4;
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2384bv64), Gamma_R0;
-    R30, Gamma_R30 := 2296bv64, true;
-    call FUN_6c0();
-    goto $printCharValue$__1__$SXzrMILSR1~X131kBRFqew;
-  $printCharValue$__1__$SXzrMILSR1~X131kBRFqew:
-    assume {:captureState "$printCharValue$__1__$SXzrMILSR1~X131kBRFqew"} true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store8_le(mem, R0_5, R1_1), gamma_store8(Gamma_mem, R0_5, Gamma_R1_1);
+    R0_6, Gamma_R0_6 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_6c0(R16, Gamma_R16);
     goto printCharValue_basil_return;
   printCharValue_basil_return:
-    assume {:captureState "printCharValue_basil_return"} true;
+    R31_out := R31_in;
+    Gamma_R31_out := Gamma_R31_in;
     return;
 }
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -305,20 +425,143 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$1dgk8kyGRWulXZar~5y0Vg:
-    assume {:captureState "$FUN_6c0$__0__$1dgk8kyGRWulXZar~5y0Vg"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -360,20 +603,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$ro0bVXILQkORwyd0nThiUA:
-    assume {:captureState "$FUN_6b0$__0__$ro0bVXILQkORwyd0nThiUA"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4032bv64)) || L(mem, bvadd64(R16, 4032bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4032bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69568bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
@@ -396,10 +762,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free ensures (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -421,112 +783,108 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R16_7: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R17_7: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_10: bool;
+  var Gamma_R31_3: bool;
+  var R0_10: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R0_9: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R16_7: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R17_7: bv64;
+  var R1_4: bv64;
+  var R29_3: bv64;
+  var R30_10: bv64;
+  var R31_3: bv64;
   $main$__0__$Rrgu9bwQROy_ybbFoniuZw:
-    assume {:captureState "$main$__0__$Rrgu9bwQROy_ybbFoniuZw"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551552bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "2068$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "2068$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551552bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551560bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551560bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$~QYw5PpOTImctI5IIXThPA;
   $main$__1__$~QYw5PpOTImctI5IIXThPA:
-    assume {:captureState "$main$__1__$~QYw5PpOTImctI5IIXThPA"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0);
-    assume {:captureState "2084$0"} true;
-    R0, Gamma_R0 := 11bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "2092$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2104bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), 11bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$SxiuTMn9TQuPWr33qVC1ig;
   $main$__2__$SxiuTMn9TQuPWr33qVC1ig:
-    assume {:captureState "$main$__2__$SxiuTMn9TQuPWr33qVC1ig"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 48bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 48bv64), Gamma_R0);
-    assume {:captureState "2104$0"} true;
-    R0, Gamma_R0 := 10bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 32bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R0);
-    assume {:captureState "2112$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2124bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 10bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_680(R16_2, Gamma_R16_2);
     goto $main$__3__$fN0A9b3HQhuiC36Xy0_rHA;
   $main$__3__$fN0A9b3HQhuiC36Xy0_rHA:
-    assume {:captureState "$main$__3__$fN0A9b3HQhuiC36Xy0_rHA"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 56bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 56bv64), Gamma_R0);
-    assume {:captureState "2124$0"} true;
-    R0, Gamma_R0 := 9bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 36bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 36bv64), Gamma_R0);
-    assume {:captureState "2132$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R1, Gamma_R1 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551588bv64), 9bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551588bv64), true);
+    R0_7, Gamma_R0_7 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2144$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    assert (L(mem, R0_7) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_7, 65bv8), gamma_store8(Gamma_mem, R0_7, true);
+    R0_8, Gamma_R0_8 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2156$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2168bv64, true;
-    call printCharValue();
+    assert (L(mem, R0_8) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_8, 42bv32), gamma_store32(Gamma_mem, R0_8, true);
+    R0_9, Gamma_R0_9 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
+    call R31_3, Gamma_R31_3 := printCharValue(R0_9, Gamma_R0_9, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R31_in, 2168bv64, true, bvadd64(R31_in, 18446744073709551552bv64), Gamma_R31_in);
     goto $main$__4__$BE~PRGMvSjG9MvttQyQE0g;
   $main$__4__$BE~PRGMvSjG9MvttQyQE0g:
-    assume {:captureState "$main$__4__$BE~PRGMvSjG9MvttQyQE0g"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2336bv64), Gamma_R0;
-    R30, Gamma_R30 := 2192bv64, true;
-    call FUN_6c0();
+    R0_10, Gamma_R0_10 := memory_load64_le(stack, bvadd64(R31_3, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 48bv64));
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__5__$D4s2Co1KQ~Ky~M5w0gLHPQ;
   $main$__5__$D4s2Co1KQ~Ky~M5w0gLHPQ:
-    assume {:captureState "$main$__5__$D4s2Co1KQ~Ky~M5w0gLHPQ"} true;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 32bv64));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2352bv64), Gamma_R0;
-    R30, Gamma_R30 := 2208bv64, true;
-    call FUN_6c0();
+    R1_4, Gamma_R1_4 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 32bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 32bv64));
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6c0(R16_4, Gamma_R16_4);
     goto $main$__6__$p5nsnxjyQKOrSPmPj~5GAQ;
   $main$__6__$p5nsnxjyQKOrSPmPj~5GAQ:
-    assume {:captureState "$main$__6__$p5nsnxjyQKOrSPmPj~5GAQ"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64));
-    R30, Gamma_R30 := 2216bv64, true;
-    call FUN_6b0();
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6b0(R16_5, Gamma_R16_5);
     goto $main$__7__$bVpViQZjRLKY7mskQ1PnAQ;
   $main$__7__$bVpViQZjRLKY7mskQ1PnAQ:
-    assume {:captureState "$main$__7__$bVpViQZjRLKY7mskQ1PnAQ"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 48bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 48bv64));
-    R30, Gamma_R30 := 2224bv64, true;
-    call FUN_6b0();
+    call R16_7, Gamma_R16_7, R17_7, Gamma_R17_7 := FUN_6b0(R16_6, Gamma_R16_6);
     goto $main$__8__$ZGCusIYzRSyjeisM9blzeQ;
   $main$__8__$ZGCusIYzRSyjeisM9blzeQ:
-    assume {:captureState "$main$__8__$ZGCusIYzRSyjeisM9blzeQ"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 64bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_10, Gamma_R30_10 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R16_7, R17_7, R1_4, R29_3, R30_10, bvadd64(R31_3, 64bv64);
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_7, Gamma_R17_7, Gamma_R1_4, Gamma_R29_3, Gamma_R30_10, Gamma_R31_3;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -568,7 +926,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
@@ -610,7 +968,7 @@ procedure printf();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2328bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2336bv64) == 2338615504306268244bv64);
   free requires (memory_load64_le(mem, 2344bv64) == 2924860384375657bv64);
diff --git a/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected b/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected
index 7b2e9ba3f..f09ee17f1 100644
--- a/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected
+++ b/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected
@@ -1,25 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R19: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R3: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R19: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R3: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -30,6 +14,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
@@ -39,13 +32,17 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
@@ -55,11 +52,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -101,7 +98,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure __printf_chk();
+procedure __printf_chk(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
@@ -136,7 +133,7 @@ procedure __printf_chk();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
@@ -171,8 +168,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R29, Gamma_R3, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R29, R3, R30, R31, mem, stack;
+procedure main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
@@ -191,12 +188,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 2112bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R19 == old(Gamma_R19));
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R19 == old(R19));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -214,74 +205,365 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #1: bv64;
-  var Gamma_#1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R19_7: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R2_7: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_10: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_6: bool;
+  var Gamma_R30_8: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R19_2: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R19_7: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_3: bv64;
+  var R1_6: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_4: bv64;
+  var R2_6: bv64;
+  var R2_7: bv64;
+  var R3: bv64;
+  var R30_10: bv64;
+  var R30_11: bv64;
+  var R30_3: bv64;
+  var R30_6: bv64;
+  var R30_8: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #1, Gamma_#1 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #1, R29), gamma_store64(Gamma_stack, #1, Gamma_R29);
-    assume {:captureState "%00000222"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#1, 8bv64), Gamma_R30);
-    assume {:captureState "%00000228"} true;
-    R31, Gamma_R31 := #1, Gamma_#1;
-    R0, Gamma_R0 := 1bv64, true;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R19), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R19);
-    assume {:captureState "%0000023f"} true;
-    R30, Gamma_R30 := 1812bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R19_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R19_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_2, Gamma_R19_2, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19_in, Gamma_R19_in, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R2, Gamma_R2, 1812bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000249;
   l00000249:
-    assume {:captureState "l00000249"} true;
-    R1, Gamma_R1 := 65bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000254"} true;
-    R19, Gamma_R19 := R0, Gamma_R0;
-    R30, Gamma_R30 := 1828bv64, true;
-    call printCharValue();
+    assert (L(mem, R0_2) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_2, 65bv8), gamma_store8(Gamma_mem, R0_2, true);
+    call R0_3, Gamma_R0_3, R1_3, Gamma_R1_3, R2_2, Gamma_R2_2, R3_2, Gamma_R3_2 := printCharValue(R0_2, Gamma_R0_2, 65bv64, true, R2_1, Gamma_R2_1, R3_1, Gamma_R3_1);
     goto l0000029a;
   l0000029a:
-    assume {:captureState "l0000029a"} true;
-    R2, Gamma_R2 := 42bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2296bv64), Gamma_R1;
-    R30, Gamma_R30 := 1848bv64, true;
-    call __printf_chk();
+    call R0_5, Gamma_R0_5, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_4, Gamma_R19_4, R1_6, Gamma_R1_6, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_4, Gamma_R2_4, R30_6, Gamma_R30_6, R31_4, Gamma_R31_4, R3_3, Gamma_R3_3, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := __printf_chk(1bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R0_2, Gamma_R0_2, 2296bv64, true, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, 42bv64, true, 1848bv64, true, R31_3, Gamma_R31_3, R3_2, Gamma_R3_2, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l000002b6;
   l000002b6:
-    assume {:captureState "l000002b6"} true;
-    R1, Gamma_R1 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2312bv64), Gamma_R1;
-    R2, Gamma_R2 := 10bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 1868bv64, true;
-    call __printf_chk();
+    call R0_7, Gamma_R0_7, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_6, Gamma_R2_6, R30_8, Gamma_R30_8, R31_5, Gamma_R31_5, R3_4, Gamma_R3_4, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := __printf_chk(1bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_4, Gamma_R19_4, 2312bv64, true, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, 10bv64, true, 1868bv64, true, R31_4, Gamma_R31_4, R3_3, Gamma_R3_3, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l000002d2;
   l000002d2:
-    assume {:captureState "l000002d2"} true;
-    R0, Gamma_R0 := R19, Gamma_R19;
-    R30, Gamma_R30 := 1876bv64, true;
-    call #free();
+    call R0_9, Gamma_R0_9, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_6, Gamma_R19_6, R1_10, Gamma_R1_10, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_7, Gamma_R2_7, R30_10, Gamma_R30_10, R31_6, Gamma_R31_6, R3_5, Gamma_R3_5, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4 := #free(R19_5, Gamma_R19_5, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_6, Gamma_R2_6, 1876bv64, true, R31_5, Gamma_R31_5, R3_4, Gamma_R3_4, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3);
     goto l000002e0;
   l000002e0:
-    assume {:captureState "l000002e0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R19_7, Gamma_R19_7 := memory_load64_le(stack, bvadd64(R31_6, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 16bv64));
+    R29_7, Gamma_R29_7 := memory_load64_le(stack, R31_6), gamma_load64(Gamma_stack, R31_6);
+    R30_11, Gamma_R30_11 := memory_load64_le(stack, bvadd64(R31_6, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R19_out, R1_out, R29_out, R2_out, R30_out, R31_out := 0bv64, R19_7, R1_10, R29_7, R2_7, R30_11, bvadd64(R31_6, 32bv64);
+    Gamma_R0_out, Gamma_R19_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R19_7, Gamma_R1_10, Gamma_R29_7, Gamma_R2_7, Gamma_R30_11, Gamma_R31_6;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
@@ -316,8 +598,8 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printCharValue();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R16, R17, R2, R3, mem;
+procedure printCharValue(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -351,23 +633,143 @@ procedure printCharValue();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation printCharValue()
+implementation printCharValue(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0_3: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_4: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_3: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   lprintCharValue:
-    assume {:captureState "lprintCharValue"} true;
-    R3, Gamma_R3 := R0, Gamma_R0;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2272bv64), Gamma_R1;
     call rely();
-    R2, Gamma_R2 := zero_extend56_8(memory_load8_le(mem, R3)), (gamma_load8(Gamma_mem, R3) || L(mem, R3));
-    R2, Gamma_R2 := zero_extend32_32(bvadd32(R2[32:0], R0[32:0])), (Gamma_R0 && Gamma_R2);
-    R2, Gamma_R2 := zero_extend32_32((0bv24 ++ R2[8:0])), Gamma_R2;
+    R2_2, Gamma_R2_2 := zero_extend56_8(memory_load8_le(mem, R0_in)), (gamma_load8(Gamma_mem, R0_in) || L(mem, R0_in));
+    R2_3, Gamma_R2_3 := zero_extend32_32(bvadd32(R2_2[32:0], 1bv32)), Gamma_R2_2;
+    R2_4, Gamma_R2_4 := zero_extend56_8(R2_3[8:0]), Gamma_R2_3;
     call rely();
-    assert (L(mem, R3) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store8_le(mem, R3, R2[8:0]), gamma_store8(Gamma_mem, R3, Gamma_R2);
-    assume {:captureState "%00000293"} true;
-    call __printf_chk();
-    assume false; //no return target
+    assert (L(mem, R0_in) ==> Gamma_R2_4);
+    mem, Gamma_mem := memory_store8_le(mem, R0_in, R2_4[8:0]), gamma_store8(Gamma_mem, R0_in, Gamma_R2_4);
+    call R0_3, Gamma_R0_3, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_4, Gamma_R1_4, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_5, Gamma_R2_5, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_3, Gamma_R3_3, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := __printf_chk(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, 2272bv64, true, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2_4, Gamma_R2_4, R30, Gamma_R30, R31, Gamma_R31, R0_in, Gamma_R0_in, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
+    assume false;
 }
 
diff --git a/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3_gtirb.expected b/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3_gtirb.expected
index b26def393..24833760d 100644
--- a/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3_gtirb.expected
+++ b/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3_gtirb.expected
@@ -1,25 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R19: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R3: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R19: bv64;
-var {:extern} R2: bv64;
-var {:extern} R29: bv64;
-var {:extern} R3: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -30,6 +10,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
@@ -39,13 +28,17 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
@@ -55,15 +48,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -101,8 +94,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_690();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_690(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -136,20 +129,143 @@ procedure FUN_690();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_690()
+implementation FUN_690(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_690$__0__$mY9s1Q7ERri98AKVPtsmww:
-    assume {:captureState "$FUN_690$__0__$mY9s1Q7ERri98AKVPtsmww"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4008bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4008bv64)) || L(mem, bvadd64(R16, 4008bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4008bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69544bv64), (gamma_load64(Gamma_mem, 69544bv64) || L(mem, 69544bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69544bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6d0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6d0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -183,20 +299,143 @@ procedure FUN_6d0();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6d0()
+implementation FUN_6d0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6d0$__0__$TBxeE0XrQd~VB7pBlFfEjQ:
-    assume {:captureState "$FUN_6d0$__0__$TBxeE0XrQd~VB7pBlFfEjQ"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6a0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6a0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -230,20 +469,143 @@ procedure FUN_6a0();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6a0()
+implementation FUN_6a0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6a0$__0__$O00NhqclR_SCVHbvubgdHA:
-    assume {:captureState "$FUN_6a0$__0__$O00NhqclR_SCVHbvubgdHA"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4016bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4016bv64)) || L(mem, bvadd64(R16, 4016bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4016bv64), Gamma_R16;
-    call __printf_chk();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69552bv64), (gamma_load64(Gamma_mem, 69552bv64) || L(mem, 69552bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := __printf_chk(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69552bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R29, Gamma_R3, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R29, R3, R30, R31, mem, stack;
+procedure main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
@@ -262,12 +624,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 2112bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R19 == old(Gamma_R19));
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R19 == old(R19));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -285,75 +641,82 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R19_in: bv64, Gamma_R19_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$2$0: bv64;
-  var Gamma_Cse0__5$2$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R3_1: bool;
+  var R0_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R19_3: bv64;
+  var R1_2: bv64;
+  var R2: bv64;
+  var R29_3: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30_7: bv64;
+  var R3_1: bv64;
   $main$__0__$EGWpjBzGR2uGhrMJAyG~3g:
-    assume {:captureState "$main$__0__$EGWpjBzGR2uGhrMJAyG~3g"} true;
-    Cse0__5$2$0, Gamma_Cse0__5$2$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$2$0, R29), gamma_store64(Gamma_stack, Cse0__5$2$0, Gamma_R29);
-    assume {:captureState "1792$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$2$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$2$0, 8bv64), Gamma_R30);
-    assume {:captureState "1792$2"} true;
-    R31, Gamma_R31 := Cse0__5$2$0, Gamma_Cse0__5$2$0;
-    R0, Gamma_R0 := 1bv64, true;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R19), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R19);
-    assume {:captureState "1804$0"} true;
-    R30, Gamma_R30 := 1812bv64, true;
-    call FUN_690();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R19_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R19_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_690(R16, Gamma_R16);
     goto $main$__1__$1G3_7a3~SsmqJyDUhqAFGg;
   $main$__1__$1G3_7a3~SsmqJyDUhqAFGg:
-    assume {:captureState "$main$__1__$1G3_7a3~SsmqJyDUhqAFGg"} true;
-    R1, Gamma_R1 := 65bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1816$0"} true;
-    R19, Gamma_R19 := R0, Gamma_R0;
-    R30, Gamma_R30 := 1828bv64, true;
-    call printCharValue();
+    assert (L(mem, 1bv64) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, 1bv64, 65bv8), gamma_store8(Gamma_mem, 1bv64, true);
+    call R0_2, Gamma_R0_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R1_2, Gamma_R1_2, R2_1, Gamma_R2_1, R3_1, Gamma_R3_1 := printCharValue(1bv64, true, R16_1, Gamma_R16_1, 65bv64, true, R2, Gamma_R2, R3, Gamma_R3);
     goto $main$__2__$rV0qH7AUTYCipfKaroPpAw;
   $main$__2__$rV0qH7AUTYCipfKaroPpAw:
-    assume {:captureState "$main$__2__$rV0qH7AUTYCipfKaroPpAw"} true;
-    R2, Gamma_R2 := 42bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2296bv64), Gamma_R1;
-    R30, Gamma_R30 := 1848bv64, true;
-    call FUN_6a0();
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_6a0(R16_2, Gamma_R16_2);
     goto $main$__3__$IxBBXD6FTfupEp7ajNK8uA;
   $main$__3__$IxBBXD6FTfupEp7ajNK8uA:
-    assume {:captureState "$main$__3__$IxBBXD6FTfupEp7ajNK8uA"} true;
-    R1, Gamma_R1 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2312bv64), Gamma_R1;
-    R2, Gamma_R2 := 10bv64, true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 1868bv64, true;
-    call FUN_6a0();
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6a0(R16_3, Gamma_R16_3);
     goto $main$__4__$aEiQ_BI9RcCTTmScF~6KKw;
   $main$__4__$aEiQ_BI9RcCTTmScF~6KKw:
-    assume {:captureState "$main$__4__$aEiQ_BI9RcCTTmScF~6KKw"} true;
-    R0, Gamma_R0 := R19, Gamma_R19;
-    R30, Gamma_R30 := 1812bv64, true;
-    call FUN_6d0();
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6d0(R16_4, Gamma_R16_4);
     goto $main$__5__$WNzpebfFQGeh7VGQ52Mh0w;
   $main$__5__$WNzpebfFQGeh7VGQ52Mh0w:
-    assume {:captureState "$main$__5__$WNzpebfFQGeh7VGQ52Mh0w"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R19_3, Gamma_R19_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_7, Gamma_R30_7 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R19_out, R1_out, R29_out, R2_out, R30_out, R31_out := 0bv64, R16_5, R17_5, R19_3, 2312bv64, R29_3, 10bv64, R30_7, R31_in;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R19_out, Gamma_R1_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R16_5, Gamma_R17_5, Gamma_R19_3, true, Gamma_R29_3, true, Gamma_R30_7, Gamma_R31_in;
     return;
 }
 
-procedure printCharValue();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R16, R17, R2, R3, mem;
+procedure printCharValue(R0_in: bv64, Gamma_R0_in: bool, R16_in: bv64, Gamma_R16_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -387,27 +750,31 @@ procedure printCharValue();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation printCharValue()
+implementation printCharValue(R0_in: bv64, Gamma_R0_in: bool, R16_in: bv64, Gamma_R16_in: bool, R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
+  var Gamma_R16_2: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var R16_2: bv64;
+  var R17_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv8;
   $printCharValue$__0__$PI~q8_8oRjGuRvGwgENEcw:
-    assume {:captureState "$printCharValue$__0__$PI~q8_8oRjGuRvGwgENEcw"} true;
-    R3, Gamma_R3 := R0, Gamma_R0;
-    R0, Gamma_R0 := 1bv64, true;
-    R1, Gamma_R1 := 0bv64, true;
-    R1, Gamma_R1 := bvadd64(R1, 2272bv64), Gamma_R1;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R3))), (gamma_load8(Gamma_mem, R3) || L(mem, R3));
-    R2, Gamma_R2 := zero_extend32_32(bvadd32(R2[32:0], R0[32:0])), (Gamma_R0 && Gamma_R2);
-    R2, Gamma_R2 := zero_extend32_32((0bv24 ++ R2[8:0])), Gamma_R2;
+    R2_2, Gamma_R2_2 := zero_extend56_8(memory_load8_le(mem, R0_in)), (gamma_load8(Gamma_mem, R0_in) || L(mem, R0_in));
+    R2_3, Gamma_R2_3 := zero_extend32_32(bvadd32(R2_2[32:0], 1bv32)), Gamma_R2_2;
+    R2_4, Gamma_R2_4 := R2_3[8:0], Gamma_R2_3;
     call rely();
-    assert (L(mem, R3) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store8_le(mem, R3, R2[8:0]), gamma_store8(Gamma_mem, R3, Gamma_R2);
-    assume {:captureState "2236$0"} true;
-    call FUN_6a0();
+    assert (L(mem, R0_in) ==> Gamma_R2_4);
+    mem, Gamma_mem := memory_store8_le(mem, R0_in, R2_4), gamma_store8(Gamma_mem, R0_in, Gamma_R2_4);
+    call R16_2, Gamma_R16_2, R17_1, Gamma_R17_1 := FUN_6a0(R16_in, Gamma_R16_in);
     assume false;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -441,7 +808,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
@@ -475,7 +842,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure __printf_chk();
+procedure __printf_chk(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2264bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2272bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2280bv64) == 7575166128241079840bv64);
diff --git a/src/test/correct/multi_malloc/clang/multi_malloc.expected b/src/test/correct/multi_malloc/clang/multi_malloc.expected
index c9b7066c9..d5548b6e8 100644
--- a/src/test/correct/multi_malloc/clang/multi_malloc.expected
+++ b/src/test/correct/multi_malloc/clang/multi_malloc.expected
@@ -1,23 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -27,6 +13,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,17 +40,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -64,15 +68,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -111,7 +115,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
@@ -140,8 +144,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
@@ -157,10 +161,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free ensures (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -175,98 +175,520 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_13: bool;
+  var Gamma_R30_14: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_7: bool;
+  var Gamma_R9_8: bool;
+  var R0_10: bv64;
+  var R0_11: bv64;
+  var R0_12: bv64;
+  var R0_13: bv64;
+  var R0_14: bv64;
+  var R0_15: bv64;
+  var R0_2: bv64;
+  var R0_4: bv64;
+  var R0_7: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_4: bv64;
+  var R1_5: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R3: bv64;
+  var R30_11: bv64;
+  var R30_13: bv64;
+  var R30_14: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_9: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R8_10: bv64;
+  var R8_11: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_6: bv64;
+  var R8_7: bv64;
+  var R8_8: bv64;
+  var R8_9: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
+  var R9_7: bv64;
+  var R9_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%0000034a"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%00000350"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%00000363"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "%0000036a"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551572bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551572bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 2100bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, 0bv64, true, R9, Gamma_R9);
     goto l00000379;
   l00000379:
-    assume {:captureState "l00000379"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "%0000037f"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2112bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 16bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 16bv64), Gamma_R0_2);
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_3, Gamma_R8_3, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2112bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_2, Gamma_R8_2, R9_1, Gamma_R9_1);
     goto l0000038d;
   l0000038d:
-    assume {:captureState "l0000038d"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%00000393"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R8, Gamma_R8 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 8bv64), R0_4), gamma_store64(Gamma_stack, bvadd64(R31_4, 8bv64), Gamma_R0_4);
+    R9_3, Gamma_R9_3 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000003a7"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    assert (L(mem, R9_3) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_3, 65bv8), gamma_store8(Gamma_mem, R9_3, true);
+    R9_4, Gamma_R9_4 := memory_load64_le(stack, bvadd64(R31_4, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 8bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%000003bb"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
+    assert (L(mem, R9_4) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_4, 42bv32), gamma_store32(Gamma_mem, R9_4, true);
+    R8_6, Gamma_R8_6 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(mem, R8)), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2236bv64), Gamma_R0;
-    R30, Gamma_R30 := 2160bv64, true;
-    call printf();
+    R1_3, Gamma_R1_3 := zero_extend56_8(memory_load8_le(mem, R8_6)), (gamma_load8(Gamma_mem, R8_6) || L(mem, R8_6));
+    call R0_7, Gamma_R0_7, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_4, Gamma_R1_4, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_7, Gamma_R8_7, R9_5, Gamma_R9_5 := printf(2236bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_3, Gamma_R1_3, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2160bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_6, Gamma_R8_6, R9_4, Gamma_R9_4);
     goto l000003de;
   l000003de:
-    assume {:captureState "l000003de"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_8, Gamma_R8_8 := memory_load64_le(stack, bvadd64(R31_5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 8bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2253bv64), Gamma_R0;
-    R30, Gamma_R30 := 2180bv64, true;
-    call printf();
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(mem, R8_8)), (gamma_load32(Gamma_mem, R8_8) || L(mem, R8_8));
+    call R0_10, Gamma_R0_10, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_6, Gamma_R1_6, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_9, Gamma_R30_9, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_9, Gamma_R8_9, R9_6, Gamma_R9_6 := printf(2253bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_5, Gamma_R1_5, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2180bv64, true, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_8, Gamma_R8_8, R9_5, Gamma_R9_5);
     goto l000003fe;
   l000003fe:
-    assume {:captureState "l000003fe"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2188bv64, true;
-    call #free();
+    R0_11, Gamma_R0_11 := memory_load64_le(stack, bvadd64(R31_6, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 16bv64));
+    call R0_12, Gamma_R0_12, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_7, Gamma_R1_7, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_11, Gamma_R30_11, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_10, Gamma_R8_10, R9_7, Gamma_R9_7 := #free(R0_11, Gamma_R0_11, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_6, Gamma_R1_6, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2188bv64, true, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_9, Gamma_R8_9, R9_6, Gamma_R9_6);
     goto l0000040d;
   l0000040d:
-    assume {:captureState "l0000040d"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R30, Gamma_R30 := 2196bv64, true;
-    call #free();
+    R0_13, Gamma_R0_13 := memory_load64_le(stack, bvadd64(R31_7, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_7, 8bv64));
+    call R0_14, Gamma_R0_14, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_8, Gamma_R1_8, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_13, Gamma_R30_13, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_11, Gamma_R8_11, R9_8, Gamma_R9_8 := #free(R0_13, Gamma_R0_13, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_7, Gamma_R1_7, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2196bv64, true, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_10, Gamma_R8_10, R9_7, Gamma_R9_7);
     goto l0000041b;
   l0000041b:
-    assume {:captureState "l0000041b"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    #5, Gamma_#5 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_15, Gamma_R0_15 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_8, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31_8, 4bv64));
+    R29_9, Gamma_R29_9 := memory_load64_le(stack, bvadd64(R31_8, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 32bv64));
+    R30_14, Gamma_R30_14 := memory_load64_le(stack, bvadd64(R31_8, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 40bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_15, R1_8, R29_9, R30_14, bvadd64(R31_8, 48bv64), R8_11, R9_8;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_15, Gamma_R1_8, Gamma_R29_9, Gamma_R30_14, Gamma_R31_8, Gamma_R8_11, Gamma_R9_8;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
@@ -295,7 +717,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
diff --git a/src/test/correct/multi_malloc/clang/multi_malloc_gtirb.expected b/src/test/correct/multi_malloc/clang/multi_malloc_gtirb.expected
index 4cb699d0b..3604ae671 100644
--- a/src/test/correct/multi_malloc/clang/multi_malloc_gtirb.expected
+++ b/src/test/correct/multi_malloc/clang/multi_malloc_gtirb.expected
@@ -1,23 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -27,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -35,22 +31,22 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
-function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) {
-  gammaMap[index]
-}
-
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -64,18 +60,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -111,8 +106,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, R8, R9, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69688bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
@@ -128,10 +123,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69696bv64) == 69696bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free ensures (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free ensures (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -146,99 +137,96 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$3$1: bv64;
-  var Cse0__5$5$1: bv64;
-  var Gamma_Cse0__5$3$1: bool;
-  var Gamma_Cse0__5$5$1: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_8: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var R0_9: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R1_2: bv64;
+  var R29_3: bv64;
+  var R30_8: bv64;
+  var R8_5: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
   $main$__0__$rJrwEHH7Q82yFH8R8ikgag:
-    assume {:captureState "$main$__0__$rJrwEHH7Q82yFH8R8ikgag"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$3$1, Gamma_Cse0__5$3$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$3$1, R29), gamma_store64(Gamma_stack, Cse0__5$3$1, Gamma_R29);
-    assume {:captureState "2072$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$3$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$3$1, 8bv64), Gamma_R30);
-    assume {:captureState "2072$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    R8, Gamma_R8 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "2084$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "2088$0"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2100bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551572bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551572bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$tUCvozcRRoOvSNkfyBzGow;
   $main$__1__$tUCvozcRRoOvSNkfyBzGow:
-    assume {:captureState "$main$__1__$tUCvozcRRoOvSNkfyBzGow"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "2100$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2112bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$~rbIOEybSQ2ZVy7pglbk3Q;
   $main$__2__$~rbIOEybSQ2ZVy7pglbk3Q:
-    assume {:captureState "$main$__2__$~rbIOEybSQ2ZVy7pglbk3Q"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "2112$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R8, Gamma_R8 := 65bv64, true;
-    call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2124$0"} true;
-    R9, Gamma_R9 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 42bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), true);
+    R9_1, Gamma_R9_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "2136$0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
+    assert (L(mem, R9_1) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R9_1, 65bv8), gamma_store8(Gamma_mem, R9_1, true);
+    R9_2, Gamma_R9_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R8))), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2236bv64), Gamma_R0;
-    R30, Gamma_R30 := 2160bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R9_2) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R9_2, 42bv32), gamma_store32(Gamma_mem, R9_2, true);
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_6c0(R16_2, Gamma_R16_2);
     goto $main$__3__$ioncN2xEQpKeAoUViDvFEQ;
   $main$__3__$ioncN2xEQpKeAoUViDvFEQ:
-    assume {:captureState "$main$__3__$ioncN2xEQpKeAoUViDvFEQ"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_5, Gamma_R8_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2253bv64), Gamma_R0;
-    R30, Gamma_R30 := 2180bv64, true;
-    call FUN_6c0();
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, R8_5)), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__4__$RDsizvM6Rs2uP1PoNQRqUw;
   $main$__4__$RDsizvM6Rs2uP1PoNQRqUw:
-    assume {:captureState "$main$__4__$RDsizvM6Rs2uP1PoNQRqUw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2188bv64, true;
-    call FUN_6b0();
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6b0(R16_4, Gamma_R16_4);
     goto $main$__5__$XLbDejiVSoaQEuwh3~~Wuw;
   $main$__5__$XLbDejiVSoaQEuwh3~~Wuw:
-    assume {:captureState "$main$__5__$XLbDejiVSoaQEuwh3~~Wuw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R30, Gamma_R30 := 2196bv64, true;
-    call FUN_6b0();
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6b0(R16_5, Gamma_R16_5);
     goto $main$__6__$_atEl4xoTOCpT5EUBgYVEg;
   $main$__6__$_atEl4xoTOCpT5EUBgYVEg:
-    assume {:captureState "$main$__6__$_atEl4xoTOCpT5EUBgYVEg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    Cse0__5$5$1, Gamma_Cse0__5$5$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$5$1), gamma_load64(Gamma_stack, Cse0__5$5$1);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$5$1, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$5$1, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    R0_9, Gamma_R0_9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551572bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551572bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_8, Gamma_R30_8 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out, R8_out, R9_out := R0_9, R1_2, R29_3, R30_8, R31_in, R8_5, R9_2;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_9, Gamma_R1_2, Gamma_R29_3, Gamma_R30_8, Gamma_R31_in, Gamma_R8_5, Gamma_R9_2;
     return;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -266,20 +254,143 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$anzTk9j8RqWD4tIwhKfzRQ:
-    assume {:captureState "$FUN_6b0$__0__$anzTk9j8RqWD4tIwhKfzRQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 40bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 40bv64)) || L(mem, bvadd64(R16, 40bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 40bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69672bv64), (gamma_load64(Gamma_mem, 69672bv64) || L(mem, 69672bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69672bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -307,20 +418,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$tdGxah9RStWBBxOs4YOZUA:
-    assume {:captureState "$FUN_680$__0__$tdGxah9RStWBBxOs4YOZUA"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -348,19 +582,142 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$Buk7BXt9RGSvhsDcbjEctg:
-    assume {:captureState "$FUN_6c0$__0__$Buk7BXt9RGSvhsDcbjEctg"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 48bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 48bv64)) || L(mem, bvadd64(R16, 48bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 48bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69680bv64), (gamma_load64(Gamma_mem, 69680bv64) || L(mem, 69680bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69680bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -388,7 +745,7 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
@@ -416,7 +773,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69592bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69696bv64) == 69696bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2232bv64) == 2334386691848142849bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 4211825664600402019bv64);
   free requires (memory_load64_le(mem, 2248bv64) == 7307182754559632672bv64);
diff --git a/src/test/correct/multi_malloc/gcc/multi_malloc.expected b/src/test/correct/multi_malloc/gcc/multi_malloc.expected
index f81950ff7..e9733441e 100644
--- a/src/test/correct/multi_malloc/gcc/multi_malloc.expected
+++ b/src/test/correct/multi_malloc/gcc/multi_malloc.expected
@@ -1,19 +1,9 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +13,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -36,17 +40,21 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool)
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -60,15 +68,15 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -104,7 +112,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
@@ -127,8 +135,8 @@ procedure #free();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_mem, Gamma_stack, R16, R17, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
@@ -141,10 +149,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -156,92 +160,523 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_11: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_20: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R10_2: bool;
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R10_5: bool;
+  var Gamma_R10_6: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R11_3: bool;
+  var Gamma_R11_4: bool;
+  var Gamma_R11_5: bool;
+  var Gamma_R11_6: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R12_2: bool;
+  var Gamma_R12_3: bool;
+  var Gamma_R12_4: bool;
+  var Gamma_R12_5: bool;
+  var Gamma_R12_6: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R13_2: bool;
+  var Gamma_R13_3: bool;
+  var Gamma_R13_4: bool;
+  var Gamma_R13_5: bool;
+  var Gamma_R13_6: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R14_2: bool;
+  var Gamma_R14_3: bool;
+  var Gamma_R14_4: bool;
+  var Gamma_R14_5: bool;
+  var Gamma_R14_6: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R15_2: bool;
+  var Gamma_R15_3: bool;
+  var Gamma_R15_4: bool;
+  var Gamma_R15_5: bool;
+  var Gamma_R15_6: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R18_2: bool;
+  var Gamma_R18_3: bool;
+  var Gamma_R18_4: bool;
+  var Gamma_R18_5: bool;
+  var Gamma_R18_6: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R19_2: bool;
+  var Gamma_R19_3: bool;
+  var Gamma_R19_4: bool;
+  var Gamma_R19_5: bool;
+  var Gamma_R19_6: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_5: bool;
+  var Gamma_R1_6: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R1_8: bool;
+  var Gamma_R1_9: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R20_2: bool;
+  var Gamma_R20_3: bool;
+  var Gamma_R20_4: bool;
+  var Gamma_R20_5: bool;
+  var Gamma_R20_6: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R21_2: bool;
+  var Gamma_R21_3: bool;
+  var Gamma_R21_4: bool;
+  var Gamma_R21_5: bool;
+  var Gamma_R21_6: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R22_2: bool;
+  var Gamma_R22_3: bool;
+  var Gamma_R22_4: bool;
+  var Gamma_R22_5: bool;
+  var Gamma_R22_6: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R23_2: bool;
+  var Gamma_R23_3: bool;
+  var Gamma_R23_4: bool;
+  var Gamma_R23_5: bool;
+  var Gamma_R23_6: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R24_2: bool;
+  var Gamma_R24_3: bool;
+  var Gamma_R24_4: bool;
+  var Gamma_R24_5: bool;
+  var Gamma_R24_6: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R25_2: bool;
+  var Gamma_R25_3: bool;
+  var Gamma_R25_4: bool;
+  var Gamma_R25_5: bool;
+  var Gamma_R25_6: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R26_2: bool;
+  var Gamma_R26_3: bool;
+  var Gamma_R26_4: bool;
+  var Gamma_R26_5: bool;
+  var Gamma_R26_6: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R27_2: bool;
+  var Gamma_R27_3: bool;
+  var Gamma_R27_4: bool;
+  var Gamma_R27_5: bool;
+  var Gamma_R27_6: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R28_2: bool;
+  var Gamma_R28_3: bool;
+  var Gamma_R28_4: bool;
+  var Gamma_R28_5: bool;
+  var Gamma_R28_6: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R29_5: bool;
+  var Gamma_R29_6: bool;
+  var Gamma_R29_7: bool;
+  var Gamma_R29_8: bool;
+  var Gamma_R29_9: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var Gamma_R2_4: bool;
+  var Gamma_R2_5: bool;
+  var Gamma_R2_6: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_11: bool;
+  var Gamma_R30_13: bool;
+  var Gamma_R30_14: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_5: bool;
+  var Gamma_R30_7: bool;
+  var Gamma_R30_9: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R31_4: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_6: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_8: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R3_2: bool;
+  var Gamma_R3_3: bool;
+  var Gamma_R3_4: bool;
+  var Gamma_R3_5: bool;
+  var Gamma_R3_6: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R4_2: bool;
+  var Gamma_R4_3: bool;
+  var Gamma_R4_4: bool;
+  var Gamma_R4_5: bool;
+  var Gamma_R4_6: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R5_2: bool;
+  var Gamma_R5_3: bool;
+  var Gamma_R5_4: bool;
+  var Gamma_R5_5: bool;
+  var Gamma_R5_6: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R6_2: bool;
+  var Gamma_R6_3: bool;
+  var Gamma_R6_4: bool;
+  var Gamma_R6_5: bool;
+  var Gamma_R6_6: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R7_2: bool;
+  var Gamma_R7_3: bool;
+  var Gamma_R7_4: bool;
+  var Gamma_R7_5: bool;
+  var Gamma_R7_6: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_3: bool;
+  var Gamma_R9_4: bool;
+  var Gamma_R9_5: bool;
+  var Gamma_R9_6: bool;
+  var R0_11: bv64;
+  var R0_12: bv64;
+  var R0_13: bv32;
+  var R0_16: bv64;
+  var R0_17: bv64;
+  var R0_18: bv64;
+  var R0_19: bv64;
+  var R0_2: bv64;
+  var R0_20: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R10_2: bv64;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R10_5: bv64;
+  var R10_6: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R11_2: bv64;
+  var R11_3: bv64;
+  var R11_4: bv64;
+  var R11_5: bv64;
+  var R11_6: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R12_2: bv64;
+  var R12_3: bv64;
+  var R12_4: bv64;
+  var R12_5: bv64;
+  var R12_6: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R13_2: bv64;
+  var R13_3: bv64;
+  var R13_4: bv64;
+  var R13_5: bv64;
+  var R13_6: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R14_2: bv64;
+  var R14_3: bv64;
+  var R14_4: bv64;
+  var R14_5: bv64;
+  var R14_6: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R15_2: bv64;
+  var R15_3: bv64;
+  var R15_4: bv64;
+  var R15_5: bv64;
+  var R15_6: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R18_2: bv64;
+  var R18_3: bv64;
+  var R18_4: bv64;
+  var R18_5: bv64;
+  var R18_6: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R19_2: bv64;
+  var R19_3: bv64;
+  var R19_4: bv64;
+  var R19_5: bv64;
+  var R19_6: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_2: bv64;
+  var R1_5: bv64;
+  var R1_6: bv64;
+  var R1_7: bv64;
+  var R1_8: bv64;
+  var R1_9: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R20_2: bv64;
+  var R20_3: bv64;
+  var R20_4: bv64;
+  var R20_5: bv64;
+  var R20_6: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R21_2: bv64;
+  var R21_3: bv64;
+  var R21_4: bv64;
+  var R21_5: bv64;
+  var R21_6: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R22_2: bv64;
+  var R22_3: bv64;
+  var R22_4: bv64;
+  var R22_5: bv64;
+  var R22_6: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R23_2: bv64;
+  var R23_3: bv64;
+  var R23_4: bv64;
+  var R23_5: bv64;
+  var R23_6: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R24_2: bv64;
+  var R24_3: bv64;
+  var R24_4: bv64;
+  var R24_5: bv64;
+  var R24_6: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R25_2: bv64;
+  var R25_3: bv64;
+  var R25_4: bv64;
+  var R25_5: bv64;
+  var R25_6: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R26_2: bv64;
+  var R26_3: bv64;
+  var R26_4: bv64;
+  var R26_5: bv64;
+  var R26_6: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R27_2: bv64;
+  var R27_3: bv64;
+  var R27_4: bv64;
+  var R27_5: bv64;
+  var R27_6: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R28_2: bv64;
+  var R28_3: bv64;
+  var R28_4: bv64;
+  var R28_5: bv64;
+  var R28_6: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R29_5: bv64;
+  var R29_6: bv64;
+  var R29_7: bv64;
+  var R29_8: bv64;
+  var R29_9: bv64;
+  var R2_1: bv64;
+  var R2_2: bv64;
+  var R2_3: bv64;
+  var R2_4: bv64;
+  var R2_5: bv64;
+  var R2_6: bv64;
+  var R3: bv64;
+  var R30_11: bv64;
+  var R30_13: bv64;
+  var R30_14: bv64;
+  var R30_3: bv64;
+  var R30_5: bv64;
+  var R30_7: bv64;
+  var R30_9: bv64;
+  var R31_3: bv64;
+  var R31_4: bv64;
+  var R31_5: bv64;
+  var R31_6: bv64;
+  var R31_7: bv64;
+  var R31_8: bv64;
+  var R3_1: bv64;
+  var R3_2: bv64;
+  var R3_3: bv64;
+  var R3_4: bv64;
+  var R3_5: bv64;
+  var R3_6: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R4_2: bv64;
+  var R4_3: bv64;
+  var R4_4: bv64;
+  var R4_5: bv64;
+  var R4_6: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R5_2: bv64;
+  var R5_3: bv64;
+  var R5_4: bv64;
+  var R5_5: bv64;
+  var R5_6: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R6_2: bv64;
+  var R6_3: bv64;
+  var R6_4: bv64;
+  var R6_5: bv64;
+  var R6_6: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R7_2: bv64;
+  var R7_3: bv64;
+  var R7_4: bv64;
+  var R7_5: bv64;
+  var R7_6: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R8_5: bv64;
+  var R8_6: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
+  var R9_2: bv64;
+  var R9_3: bv64;
+  var R9_4: bv64;
+  var R9_5: bv64;
+  var R9_6: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%00000338"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%0000033e"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(1bv64, true, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R2, Gamma_R2, 2084bv64, true, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000357;
   l00000357:
-    assume {:captureState "l00000357"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "%0000035d"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2096bv64, true;
-    call malloc();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_3, 16bv64), R0_2), gamma_store64(Gamma_stack, bvadd64(R31_3, 16bv64), Gamma_R0_2);
+    call R0_4, Gamma_R0_4, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_2, Gamma_R1_2, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, R30_5, Gamma_R30_5, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2 := malloc(4bv64, true, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, 2096bv64, true, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1);
     goto l0000036b;
   l0000036b:
-    assume {:captureState "l0000036b"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%00000371"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R1, Gamma_R1 := 65bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_4, 24bv64), R0_4), gamma_store64(Gamma_stack, bvadd64(R31_4, 24bv64), Gamma_R0_4);
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000385"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    assert (L(mem, R0_5) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_5, 65bv8), gamma_store8(Gamma_mem, R0_5, true);
+    R0_6, Gamma_R0_6 := memory_load64_le(stack, bvadd64(R31_4, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 24bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000399"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
+    assert (L(mem, R0_6) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_6, 42bv32), gamma_store32(Gamma_mem, R0_6, true);
+    R0_7, Gamma_R0_7 := memory_load64_le(stack, bvadd64(R31_4, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_4, 16bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2232bv64), Gamma_R0;
-    R30, Gamma_R30 := 2148bv64, true;
-    call printf();
+    R0_8, Gamma_R0_8 := zero_extend56_8(memory_load8_le(mem, R0_7)), (gamma_load8(Gamma_mem, R0_7) || L(mem, R0_7));
+    R1_5, Gamma_R1_5 := zero_extend32_32(R0_8[32:0]), Gamma_R0_8;
+    call R0_11, Gamma_R0_11, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_6, Gamma_R1_6, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, R30_7, Gamma_R30_7, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3 := printf(2232bv64, true, R10_2, Gamma_R10_2, R11_2, Gamma_R11_2, R12_2, Gamma_R12_2, R13_2, Gamma_R13_2, R14_2, Gamma_R14_2, R15_2, Gamma_R15_2, R16_2, Gamma_R16_2, R17_2, Gamma_R17_2, R18_2, Gamma_R18_2, R19_2, Gamma_R19_2, R1_5, Gamma_R1_5, R20_2, Gamma_R20_2, R21_2, Gamma_R21_2, R22_2, Gamma_R22_2, R23_2, Gamma_R23_2, R24_2, Gamma_R24_2, R25_2, Gamma_R25_2, R26_2, Gamma_R26_2, R27_2, Gamma_R27_2, R28_2, Gamma_R28_2, R29_4, Gamma_R29_4, R2_2, Gamma_R2_2, 2148bv64, true, R31_4, Gamma_R31_4, R3_2, Gamma_R3_2, R4_2, Gamma_R4_2, R5_2, Gamma_R5_2, R6_2, Gamma_R6_2, R7_2, Gamma_R7_2, R8_2, Gamma_R8_2, R9_2, Gamma_R9_2);
     goto l000003c2;
   l000003c2:
-    assume {:captureState "l000003c2"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    R0_12, Gamma_R0_12 := memory_load64_le(stack, bvadd64(R31_5, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_5, 24bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2256bv64), Gamma_R0;
-    R30, Gamma_R30 := 2172bv64, true;
-    call printf();
+    R0_13, Gamma_R0_13 := memory_load32_le(mem, R0_12), (gamma_load32(Gamma_mem, R0_12) || L(mem, R0_12));
+    R1_7, Gamma_R1_7 := zero_extend32_32(R0_13), Gamma_R0_13;
+    call R0_16, Gamma_R0_16, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_8, Gamma_R1_8, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, R30_9, Gamma_R30_9, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4 := printf(2256bv64, true, R10_3, Gamma_R10_3, R11_3, Gamma_R11_3, R12_3, Gamma_R12_3, R13_3, Gamma_R13_3, R14_3, Gamma_R14_3, R15_3, Gamma_R15_3, R16_3, Gamma_R16_3, R17_3, Gamma_R17_3, R18_3, Gamma_R18_3, R19_3, Gamma_R19_3, R1_7, Gamma_R1_7, R20_3, Gamma_R20_3, R21_3, Gamma_R21_3, R22_3, Gamma_R22_3, R23_3, Gamma_R23_3, R24_3, Gamma_R24_3, R25_3, Gamma_R25_3, R26_3, Gamma_R26_3, R27_3, Gamma_R27_3, R28_3, Gamma_R28_3, R29_5, Gamma_R29_5, R2_3, Gamma_R2_3, 2172bv64, true, R31_5, Gamma_R31_5, R3_3, Gamma_R3_3, R4_3, Gamma_R4_3, R5_3, Gamma_R5_3, R6_3, Gamma_R6_3, R7_3, Gamma_R7_3, R8_3, Gamma_R8_3, R9_3, Gamma_R9_3);
     goto l000003e8;
   l000003e8:
-    assume {:captureState "l000003e8"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2180bv64, true;
-    call #free();
+    R0_17, Gamma_R0_17 := memory_load64_le(stack, bvadd64(R31_6, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31_6, 16bv64));
+    call R0_18, Gamma_R0_18, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, R30_11, Gamma_R30_11, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5 := #free(R0_17, Gamma_R0_17, R10_4, Gamma_R10_4, R11_4, Gamma_R11_4, R12_4, Gamma_R12_4, R13_4, Gamma_R13_4, R14_4, Gamma_R14_4, R15_4, Gamma_R15_4, R16_4, Gamma_R16_4, R17_4, Gamma_R17_4, R18_4, Gamma_R18_4, R19_4, Gamma_R19_4, R1_8, Gamma_R1_8, R20_4, Gamma_R20_4, R21_4, Gamma_R21_4, R22_4, Gamma_R22_4, R23_4, Gamma_R23_4, R24_4, Gamma_R24_4, R25_4, Gamma_R25_4, R26_4, Gamma_R26_4, R27_4, Gamma_R27_4, R28_4, Gamma_R28_4, R29_6, Gamma_R29_6, R2_4, Gamma_R2_4, 2180bv64, true, R31_6, Gamma_R31_6, R3_4, Gamma_R3_4, R4_4, Gamma_R4_4, R5_4, Gamma_R5_4, R6_4, Gamma_R6_4, R7_4, Gamma_R7_4, R8_4, Gamma_R8_4, R9_4, Gamma_R9_4);
     goto l000003f7;
   l000003f7:
-    assume {:captureState "l000003f7"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 2188bv64, true;
-    call #free();
+    R0_19, Gamma_R0_19 := memory_load64_le(stack, bvadd64(R31_7, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31_7, 24bv64));
+    call R0_20, Gamma_R0_20, R10_6, Gamma_R10_6, R11_6, Gamma_R11_6, R12_6, Gamma_R12_6, R13_6, Gamma_R13_6, R14_6, Gamma_R14_6, R15_6, Gamma_R15_6, R16_6, Gamma_R16_6, R17_6, Gamma_R17_6, R18_6, Gamma_R18_6, R19_6, Gamma_R19_6, R1_10, Gamma_R1_10, R20_6, Gamma_R20_6, R21_6, Gamma_R21_6, R22_6, Gamma_R22_6, R23_6, Gamma_R23_6, R24_6, Gamma_R24_6, R25_6, Gamma_R25_6, R26_6, Gamma_R26_6, R27_6, Gamma_R27_6, R28_6, Gamma_R28_6, R29_8, Gamma_R29_8, R2_6, Gamma_R2_6, R30_13, Gamma_R30_13, R31_8, Gamma_R31_8, R3_6, Gamma_R3_6, R4_6, Gamma_R4_6, R5_6, Gamma_R5_6, R6_6, Gamma_R6_6, R7_6, Gamma_R7_6, R8_6, Gamma_R8_6, R9_6, Gamma_R9_6 := #free(R0_19, Gamma_R0_19, R10_5, Gamma_R10_5, R11_5, Gamma_R11_5, R12_5, Gamma_R12_5, R13_5, Gamma_R13_5, R14_5, Gamma_R14_5, R15_5, Gamma_R15_5, R16_5, Gamma_R16_5, R17_5, Gamma_R17_5, R18_5, Gamma_R18_5, R19_5, Gamma_R19_5, R1_9, Gamma_R1_9, R20_5, Gamma_R20_5, R21_5, Gamma_R21_5, R22_5, Gamma_R22_5, R23_5, Gamma_R23_5, R24_5, Gamma_R24_5, R25_5, Gamma_R25_5, R26_5, Gamma_R26_5, R27_5, Gamma_R27_5, R28_5, Gamma_R28_5, R29_7, Gamma_R29_7, R2_5, Gamma_R2_5, 2188bv64, true, R31_7, Gamma_R31_7, R3_5, Gamma_R3_5, R4_5, Gamma_R4_5, R5_5, Gamma_R5_5, R6_5, Gamma_R6_5, R7_5, Gamma_R7_5, R8_5, Gamma_R8_5, R9_5, Gamma_R9_5);
     goto l00000405;
   l00000405:
-    assume {:captureState "l00000405"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_9, Gamma_R29_9 := memory_load64_le(stack, R31_8), gamma_load64(Gamma_stack, R31_8);
+    R30_14, Gamma_R30_14 := memory_load64_le(stack, bvadd64(R31_8, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_8, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_10, R29_9, R30_14, bvadd64(R31_8, 32bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_10, Gamma_R29_9, Gamma_R30_14, Gamma_R31_8;
     return;
 }
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
@@ -264,7 +699,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
diff --git a/src/test/correct/multi_malloc/gcc/multi_malloc_gtirb.expected b/src/test/correct/multi_malloc/gcc/multi_malloc_gtirb.expected
index bddf81deb..87b910b8e 100644
--- a/src/test/correct/multi_malloc/gcc/multi_malloc_gtirb.expected
+++ b/src/test/correct/multi_malloc/gcc/multi_malloc_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,22 +31,22 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
-function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) {
-  gammaMap[index]
-}
-
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
   gammaMap[index := value]
 }
 
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
+}
+
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
   (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))
 }
@@ -55,23 +55,18 @@ function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv6
   (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index])))))))
 }
 
-function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) {
-  memory[index]
-}
-
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -104,8 +99,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
@@ -118,10 +113,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69000bv64) == 1984bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free ensures (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free ensures (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -133,93 +124,97 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$0: bv64;
-  var Gamma_Cse0__5$1$0: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R16_2: bool;
+  var Gamma_R16_3: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R16_5: bool;
+  var Gamma_R16_6: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R17_3: bool;
+  var Gamma_R17_4: bool;
+  var Gamma_R17_5: bool;
+  var Gamma_R17_6: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_8: bool;
+  var R0_10: bv32;
+  var R0_3: bv64;
+  var R0_4: bv64;
+  var R0_5: bv64;
+  var R0_9: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R16_2: bv64;
+  var R16_3: bv64;
+  var R16_4: bv64;
+  var R16_5: bv64;
+  var R16_6: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R17_3: bv64;
+  var R17_4: bv64;
+  var R17_5: bv64;
+  var R17_6: bv64;
+  var R1_4: bv64;
+  var R29_3: bv64;
+  var R30_8: bv64;
   $main$__0__$dwzLCyR~Qf6ppIpcnfBeyw:
-    assume {:captureState "$main$__0__$dwzLCyR~Qf6ppIpcnfBeyw"} true;
-    Cse0__5$1$0, Gamma_Cse0__5$1$0 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$1$0, R29), gamma_store64(Gamma_stack, Cse0__5$1$0, Gamma_R29);
-    assume {:captureState "2068$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$1$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$1$0, 8bv64), Gamma_R30);
-    assume {:captureState "2068$2"} true;
-    R31, Gamma_R31 := Cse0__5$1$0, Gamma_Cse0__5$1$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    R30, Gamma_R30 := 2084bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R30_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_680(R16, Gamma_R16);
     goto $main$__1__$qq0fnVWHRfSzM76qEY54cg;
   $main$__1__$qq0fnVWHRfSzM76qEY54cg:
-    assume {:captureState "$main$__1__$qq0fnVWHRfSzM76qEY54cg"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R0);
-    assume {:captureState "2084$0"} true;
-    R0, Gamma_R0 := 4bv64, true;
-    R30, Gamma_R30 := 2096bv64, true;
-    call FUN_680();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), 1bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), true);
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := FUN_680(R16_1, Gamma_R16_1);
     goto $main$__2__$OIRkzI73QCm6jl9JBTWOFw;
   $main$__2__$OIRkzI73QCm6jl9JBTWOFw:
-    assume {:captureState "$main$__2__$OIRkzI73QCm6jl9JBTWOFw"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "2096$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R1, Gamma_R1 := 65bv64, true;
-    call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2108$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R1, Gamma_R1 := 42bv64, true;
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 4bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_3, Gamma_R0_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "2120$0"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
+    assert (L(mem, R0_3) ==> true);
+    mem, Gamma_mem := memory_store8_le(mem, R0_3, 65bv8), gamma_store8(Gamma_mem, R0_3, true);
+    R0_4, Gamma_R0_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2232bv64), Gamma_R0;
-    R30, Gamma_R30 := 2084bv64, true;
-    call FUN_6c0();
+    assert (L(mem, R0_4) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_4, 42bv32), gamma_store32(Gamma_mem, R0_4, true);
+    R0_5, Gamma_R0_5 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    call R16_3, Gamma_R16_3, R17_3, Gamma_R17_3 := FUN_6c0(R16_2, Gamma_R16_2);
     goto $main$__3__$DLqleMKWShKLuDEFd2d5wA;
   $main$__3__$DLqleMKWShKLuDEFd2d5wA:
-    assume {:captureState "$main$__3__$DLqleMKWShKLuDEFd2d5wA"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
+    R0_9, Gamma_R0_9 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(R0[32:0]), Gamma_R0;
-    R0, Gamma_R0 := 0bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 2256bv64), Gamma_R0;
-    R30, Gamma_R30 := 2172bv64, true;
-    call FUN_6c0();
+    R0_10, Gamma_R0_10 := memory_load32_le(mem, R0_9), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
+    R1_4, Gamma_R1_4 := zero_extend32_32(R0_10), Gamma_R0_10;
+    call R16_4, Gamma_R16_4, R17_4, Gamma_R17_4 := FUN_6c0(R16_3, Gamma_R16_3);
     goto $main$__4__$VxlFjKprQLyiMLIhbUhZNw;
   $main$__4__$VxlFjKprQLyiMLIhbUhZNw:
-    assume {:captureState "$main$__4__$VxlFjKprQLyiMLIhbUhZNw"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64));
-    R30, Gamma_R30 := 2180bv64, true;
-    call FUN_6b0();
+    call R16_5, Gamma_R16_5, R17_5, Gamma_R17_5 := FUN_6b0(R16_4, Gamma_R16_4);
     goto $main$__5__$lPC5PztFQmelpi1yHg437g;
   $main$__5__$lPC5PztFQmelpi1yHg437g:
-    assume {:captureState "$main$__5__$lPC5PztFQmelpi1yHg437g"} true;
-    R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64));
-    R30, Gamma_R30 := 2188bv64, true;
-    call FUN_6b0();
+    call R16_6, Gamma_R16_6, R17_6, Gamma_R17_6 := FUN_6b0(R16_5, Gamma_R16_5);
     goto $main$__6__$mc7RYY6OQ9i3XnFy_bGwqA;
   $main$__6__$mc7RYY6OQ9i3XnFy_bGwqA:
-    assume {:captureState "$main$__6__$mc7RYY6OQ9i3XnFy_bGwqA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551584bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64));
+    R30_8, Gamma_R30_8 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R29_out, R30_out, R31_out := 0bv64, R1_4, R29_3, R30_8, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := true, Gamma_R1_4, Gamma_R29_3, Gamma_R30_8, Gamma_R31_in;
     return;
 }
 
-procedure FUN_6c0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -241,20 +236,143 @@ procedure FUN_6c0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6c0()
+implementation FUN_6c0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6c0$__0__$krJLwhrcTQ2f7LDo~OEQzg:
-    assume {:captureState "$FUN_6c0$__0__$krJLwhrcTQ2f7LDo~OEQzg"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4040bv64)) || L(mem, bvadd64(R16, 4040bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4040bv64), Gamma_R16;
-    call printf();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := printf(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69576bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_680();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -276,20 +394,143 @@ procedure FUN_680();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_680()
+implementation FUN_680(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_680$__0__$Wajo05XJRzmPtHyIXXM3SA:
-    assume {:captureState "$FUN_680$__0__$Wajo05XJRzmPtHyIXXM3SA"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4008bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4008bv64)) || L(mem, bvadd64(R16, 4008bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4008bv64), Gamma_R16;
-    call malloc();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69544bv64), (gamma_load64(Gamma_mem, 69544bv64) || L(mem, 69544bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := malloc(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69544bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure FUN_6b0();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -311,19 +552,142 @@ procedure FUN_6b0();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_6b0()
+implementation FUN_6b0(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_6b0$__0__$f179eReyRKeTLiqzJB4ZdQ:
-    assume {:captureState "$FUN_6b0$__0__$f179eReyRKeTLiqzJB4ZdQ"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4032bv64)) || L(mem, bvadd64(R16, 4032bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4032bv64), Gamma_R16;
-    call #free();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := #free(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69568bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure printf();
+procedure printf(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -345,7 +709,7 @@ procedure printf();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure malloc();
+procedure malloc(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
@@ -367,7 +731,7 @@ procedure malloc();
   free ensures (memory_load64_le(mem, 69616bv64) == 2068bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure #free();
+procedure #free(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 2224bv64) == 131073bv64);
   free requires (memory_load64_le(mem, 2232bv64) == 8241983568019286100bv64);
   free requires (memory_load64_le(mem, 2240bv64) == 748482783423457568bv64);
diff --git a/src/test/correct/no_interference_update_x/clang/no_interference_update_x.expected b/src/test/correct/no_interference_update_x/clang/no_interference_update_x.expected
index 8824e2170..fc87837fa 100644
--- a/src/test/correct/no_interference_update_x/clang/no_interference_update_x.expected
+++ b/src/test/correct/no_interference_update_x/clang/no_interference_update_x.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1852bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var y_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "%000002ce"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/clang/no_interference_update_x_gtirb.expected b/src/test/correct/no_interference_update_x/clang/no_interference_update_x_gtirb.expected
index a0daae130..af6683c3a 100644
--- a/src/test/correct/no_interference_update_x/clang/no_interference_update_x_gtirb.expected
+++ b/src/test/correct/no_interference_update_x/clang/no_interference_update_x_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1852bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var y_old: bv32;
   $main$__0__$QAlkNCjET2GXdH1~AtPR1g:
-    assume {:captureState "$main$__0__$QAlkNCjET2GXdH1~AtPR1g"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x.expected b/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x.expected
index 0ba50c6e8..48c5f8431 100644
--- a/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x.expected
+++ b/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -102,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var y_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x_gtirb.expected b/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x_gtirb.expected
index 51d3fd212..cc3d6ba3f 100644
--- a/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x_gtirb.expected
+++ b/src/test/correct/no_interference_update_x/clang_pic/no_interference_update_x_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -102,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var y_old: bv32;
   $main$__0__$uD5wQok2QlKmkwPvtjvpMQ:
-    assume {:captureState "$main$__0__$uD5wQok2QlKmkwPvtjvpMQ"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/gcc/no_interference_update_x.expected b/src/test/correct/no_interference_update_x/gcc/no_interference_update_x.expected
index 39715fe78..307aba5d9 100644
--- a/src/test/correct/no_interference_update_x/gcc/no_interference_update_x.expected
+++ b/src/test/correct/no_interference_update_x/gcc/no_interference_update_x.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -93,24 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var y_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "%000002d8"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/gcc/no_interference_update_x_gtirb.expected b/src/test/correct/no_interference_update_x/gcc/no_interference_update_x_gtirb.expected
index a7e28fd8a..8857a974d 100644
--- a/src/test/correct/no_interference_update_x/gcc/no_interference_update_x_gtirb.expected
+++ b/src/test/correct/no_interference_update_x/gcc/no_interference_update_x_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -93,24 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var y_old: bv32;
   $main$__0__$nl5V_SraR2KNW_76ZHI0eQ:
-    assume {:captureState "$main$__0__$nl5V_SraR2KNW_76ZHI0eQ"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x.expected b/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x.expected
index 812b72308..5fd1eb3ea 100644
--- a/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x.expected
+++ b/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var y_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "%000001bd"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x_gtirb.expected b/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x_gtirb.expected
index 5addc892a..aa3762b54 100644
--- a/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x_gtirb.expected
+++ b/src/test/correct/no_interference_update_x/gcc_O2/no_interference_update_x_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var y_old: bv32;
   $main$__0__$RLJgOu_IRpaLPAvA5PJYnQ:
-    assume {:captureState "$main$__0__$RLJgOu_IRpaLPAvA5PJYnQ"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "1548$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x.expected b/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x.expected
index b3dff2519..66944afd1 100644
--- a/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x.expected
+++ b/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -100,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var y_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x_gtirb.expected b/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x_gtirb.expected
index 5714ee446..75af6762f 100644
--- a/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x_gtirb.expected
+++ b/src/test/correct/no_interference_update_x/gcc_pic/no_interference_update_x_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $y_addr) == memory_load32_le(mem, $y_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -100,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var y_old: bv32;
   $main$__0__$jTPw4UUhRdSFa8LhwZUbcQ:
-    assume {:captureState "$main$__0__$jTPw4UUhRdSFa8LhwZUbcQ"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     y_old := memory_load32_le(mem, $y_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert (memory_load32_le(mem, $y_addr) == y_old);
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/clang/no_interference_update_y.expected b/src/test/correct/no_interference_update_y/clang/no_interference_update_y.expected
index 47005edc5..63a781cee 100644
--- a/src/test/correct/no_interference_update_y/clang/no_interference_update_y.expected
+++ b/src/test/correct/no_interference_update_y/clang/no_interference_update_y.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1852bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "%000002ce"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/clang/no_interference_update_y_gtirb.expected b/src/test/correct/no_interference_update_y/clang/no_interference_update_y_gtirb.expected
index 9d04098e1..4360454f5 100644
--- a/src/test/correct/no_interference_update_y/clang/no_interference_update_y_gtirb.expected
+++ b/src/test/correct/no_interference_update_y/clang/no_interference_update_y_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1852bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var x_old: bv32;
   $main$__0__$g7pcuBFbQH~Jw8saI~uAQA:
-    assume {:captureState "$main$__0__$g7pcuBFbQH~Jw8saI~uAQA"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y.expected b/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y.expected
index 99d2305ec..4db59f759 100644
--- a/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y.expected
+++ b/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -102,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y_gtirb.expected b/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y_gtirb.expected
index ce221cf8e..e22b786c3 100644
--- a/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y_gtirb.expected
+++ b/src/test/correct/no_interference_update_y/clang_pic/no_interference_update_y_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -78,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -102,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
+  var R9_3: bv64;
   var x_old: bv32;
   $main$__0__$G8iEx~cVQd2oIfccjCjY1g:
-    assume {:captureState "$main$__0__$G8iEx~cVQd2oIfccjCjY1g"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4048bv64)) || L(mem, bvadd64(R9, 4048bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/gcc/no_interference_update_y.expected b/src/test/correct/no_interference_update_y/gcc/no_interference_update_y.expected
index 4e0b74c0f..cb973389d 100644
--- a/src/test/correct/no_interference_update_y/gcc/no_interference_update_y.expected
+++ b/src/test/correct/no_interference_update_y/gcc/no_interference_update_y.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -93,24 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "%000002d8"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/gcc/no_interference_update_y_gtirb.expected b/src/test/correct/no_interference_update_y/gcc/no_interference_update_y_gtirb.expected
index 524df54f5..456c32ced 100644
--- a/src/test/correct/no_interference_update_y/gcc/no_interference_update_y_gtirb.expected
+++ b/src/test/correct/no_interference_update_y/gcc/no_interference_update_y_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -30,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -71,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -93,24 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var x_old: bv32;
   $main$__0__$Wy8teY__S~m6dNMhY03xKA:
-    assume {:captureState "$main$__0__$Wy8teY__S~m6dNMhY03xKA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y.expected b/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y.expected
index a45d9640a..f9caa736d 100644
--- a/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y.expected
+++ b/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "%000001bd"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y_gtirb.expected b/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y_gtirb.expected
index 873279301..aab841220 100644
--- a/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y_gtirb.expected
+++ b/src/test/correct/no_interference_update_y/gcc_O2/no_interference_update_y_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -15,8 +9,21 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -73,8 +80,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -95,23 +102,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var x_old: bv32;
   $main$__0__$jEeH_W1PQjO_BGqBl3CzIA:
-    assume {:captureState "$main$__0__$jEeH_W1PQjO_BGqBl3CzIA"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "1548$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y.expected b/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y.expected
index 8d57819eb..54cf16376 100644
--- a/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y.expected
+++ b/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -100,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var x_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y_gtirb.expected b/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y_gtirb.expected
index b9ffef1ce..1755a22ad 100644
--- a/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y_gtirb.expected
+++ b/src/test/correct/no_interference_update_y/gcc_pic/no_interference_update_y_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -76,8 +85,8 @@ implementation {:extern} guarantee_reflexive()
   assert (memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1920bv64) == 1bv8);
@@ -100,25 +109,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var R0_3: bv64;
   var x_old: bv32;
   $main$__0__$5FgihppzTHuH09MtdD5bbg:
-    assume {:captureState "$main$__0__$5FgihppzTHuH09MtdD5bbg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     x_old := memory_load32_le(mem, $x_addr);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
     assert (memory_load32_le(mem, $x_addr) == x_old);
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/clang/secret_write.expected b/src/test/correct/secret_write/clang/secret_write.expected
index 9fd104c05..0752422e5 100644
--- a/src/test/correct/secret_write/clang/secret_write.expected
+++ b/src/test/correct/secret_write/clang/secret_write.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -20,14 +12,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,7 +48,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -88,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -113,67 +118,68 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_2: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
   var Gamma_x_old: bool;
+  var R10_2: bv64;
+  var R8_2: bv32;
+  var R8_3: bv32;
+  var R8_6: bv32;
+  var R8_7: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> true);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), true);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000002f5"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_3, Gamma_R8_3 := bvadd32(R8_2, 1bv32), Gamma_R8_2;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> Gamma_R8_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R8_3), gamma_store32(Gamma_mem, 69684bv64, Gamma_R8_3);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000030a"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    R8, Gamma_R8 := 69632bv64, true;
+    R10_2, Gamma_R10_2 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> Gamma_R10);
+    assert (L(mem, 69692bv64) ==> Gamma_R10_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), Gamma_R10);
-    assert ((bvadd64(R8, 60bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R10_2[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R10_2);
+    assert ((69692bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000323"} true;
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> true);
+    assert (L(mem, 69692bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), true);
-    assert ((bvadd64(R8, 60bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 0bv32), gamma_store32(Gamma_mem, 69692bv64, true);
+    assert ((69692bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000032a"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_7, Gamma_R8_7 := zero_extend32_32(bvadd32(R8_6, 1bv32)), Gamma_R8_6;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> Gamma_R8_7);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R8_7[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R8_7);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000033f"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, R10_2, R8_7, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_2, Gamma_R8_7, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/clang/secret_write_gtirb.expected b/src/test/correct/secret_write/clang/secret_write_gtirb.expected
index 6c22b7f34..5b5193970 100644
--- a/src/test/correct/secret_write/clang/secret_write_gtirb.expected
+++ b/src/test/correct/secret_write/clang/secret_write_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -20,14 +12,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,7 +48,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -88,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -113,67 +118,68 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_2: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_6: bool;
+  var Gamma_R8_7: bool;
   var Gamma_x_old: bool;
+  var R10_2: bv64;
+  var R8_2: bv32;
+  var R8_3: bv32;
+  var R8_6: bv32;
+  var R8_7: bv64;
   var z_old: bv32;
   $main$__0__$xS~orUUNTR22OV8RB7tSjw:
-    assume {:captureState "$main$__0__$xS~orUUNTR22OV8RB7tSjw"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> true);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), true);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 0bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1820$0"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_3, Gamma_R8_3 := bvadd32(R8_2, 1bv32), Gamma_R8_2;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> Gamma_R8_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R8_3), gamma_store32(Gamma_mem, 69684bv64, Gamma_R8_3);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1832$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    R8, Gamma_R8 := 69632bv64, true;
+    R10_2, Gamma_R10_2 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> Gamma_R10);
+    assert (L(mem, 69692bv64) ==> Gamma_R10_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), Gamma_R10);
-    assert ((bvadd64(R8, 60bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R10_2[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R10_2);
+    assert ((69692bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1848$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> true);
+    assert (L(mem, 69692bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), true);
-    assert ((bvadd64(R8, 60bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 0bv32), gamma_store32(Gamma_mem, 69692bv64, true);
+    assert ((69692bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1852$0"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R9, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R9, 52bv64)) || L(mem, bvadd64(R9, 52bv64)));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_6, Gamma_R8_6 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    R8_7, Gamma_R8_7 := zero_extend32_32(bvadd32(R8_6, 1bv32)), Gamma_R8_6;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> Gamma_R8_7);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R8_7[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R8_7);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1864$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, R10_2, R8_7, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_2, Gamma_R8_7, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/clang_O2/secret_write.expected b/src/test/correct/secret_write/clang_O2/secret_write.expected
index a9048843f..3ca9f26ea 100644
--- a/src/test/correct/secret_write/clang_O2/secret_write.expected
+++ b/src/test/correct/secret_write/clang_O2/secret_write.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -19,14 +11,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -86,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -111,35 +116,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var Gamma_x_old: bool;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R10, Gamma_R10 := 2bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> true);
+    assert (L(mem, 69692bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), true);
-    assert ((bvadd64(R8, 60bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 0bv32), gamma_store32(Gamma_mem, 69692bv64, true);
+    assert ((69692bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000002df"} true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R10);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R10);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 2bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000002e7"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, 2bv64, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, true, true, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/clang_O2/secret_write_gtirb.expected b/src/test/correct/secret_write/clang_O2/secret_write_gtirb.expected
index 8e15ef31b..ccd821416 100644
--- a/src/test/correct/secret_write/clang_O2/secret_write_gtirb.expected
+++ b/src/test/correct/secret_write/clang_O2/secret_write_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -19,14 +11,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -86,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -111,35 +116,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var Gamma_x_old: bool;
   var z_old: bv32;
   $main$__0__$aSiaHsE5TDyirZoC~C78XA:
-    assume {:captureState "$main$__0__$aSiaHsE5TDyirZoC~C78XA"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R10, Gamma_R10 := 2bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R8, 60bv64)) ==> true);
+    assert (L(mem, 69692bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 60bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 60bv64), true);
-    assert ((bvadd64(R8, 60bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, 0bv32), gamma_store32(Gamma_mem, 69692bv64, true);
+    assert ((69692bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1828$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R10);
+    assert (L(mem, 69684bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R10);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 2bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1832$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, 2bv64, 69632bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, true, true, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/clang_pic/secret_write.expected b/src/test/correct/secret_write/clang_pic/secret_write.expected
index ec9017dde..d659c8c19 100644
--- a/src/test/correct/secret_write/clang_pic/secret_write.expected
+++ b/src/test/correct/secret_write/clang_pic/secret_write.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -20,8 +12,17 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,7 +32,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -47,7 +52,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -95,8 +100,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -126,73 +131,80 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69560bv64) == 69684bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_2: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9_3: bool;
   var Gamma_x_old: bool;
+  var R10_2: bv64;
+  var R8_2: bv32;
+  var R8_3: bv32;
+  var R8_5: bv64;
+  var R8_7: bv64;
+  var R8_8: bv32;
+  var R8_9: bv64;
+  var R9_3: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4024bv64)) || L(mem, bvadd64(R9, 4024bv64)));
-    R0, Gamma_R0 := 0bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
     call rely();
-    assert (L(mem, R9) ==> true);
+    assert (L(mem, R9_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, 0bv32), gamma_store32(Gamma_mem, R9, true);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 0bv32), gamma_store32(Gamma_mem, R9_3, true);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000308"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_3, Gamma_R8_3 := bvadd32(R8_2, 1bv32), Gamma_R8_2;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> Gamma_R8_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_3), gamma_store32(Gamma_mem, R9_3, Gamma_R8_3);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000031d"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_5, Gamma_R8_5 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R8, Gamma_R8 := 65536bv64, true;
+    R10_2, Gamma_R10_2 := zero_extend32_32(memory_load32_le(mem, R8_5)), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_7, Gamma_R8_7 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R10);
+    assert (L(mem, R8_7) ==> Gamma_R10_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R10[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R10);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_7, R10_2[32:0]), gamma_store32(Gamma_mem, R8_7, Gamma_R10_2);
+    assert ((R8_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000344"} true;
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_7) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_7, 0bv32), gamma_store32(Gamma_mem, R8_7, true);
+    assert ((R8_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000034b"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_8, Gamma_R8_8 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_9, Gamma_R8_9 := zero_extend32_32(bvadd32(R8_8, 1bv32)), Gamma_R8_8;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> Gamma_R8_9);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_9[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_9);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000360"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, R10_2, R8_9, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_2, Gamma_R8_9, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/secret_write/clang_pic/secret_write_gtirb.expected b/src/test/correct/secret_write/clang_pic/secret_write_gtirb.expected
index 848e9040c..85f3c78bd 100644
--- a/src/test/correct/secret_write/clang_pic/secret_write_gtirb.expected
+++ b/src/test/correct/secret_write/clang_pic/secret_write_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -20,8 +12,17 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -31,7 +32,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -47,7 +52,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -95,8 +100,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -126,73 +131,80 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69560bv64) == 69684bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_2: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var Gamma_R9_3: bool;
   var Gamma_x_old: bool;
+  var R10_2: bv64;
+  var R8_2: bv32;
+  var R8_3: bv32;
+  var R8_5: bv64;
+  var R8_7: bv64;
+  var R8_8: bv32;
+  var R8_9: bv64;
+  var R9_3: bv64;
   var z_old: bv32;
   $main$__0__$OCJPxV7kTAqIa7P9NrZAQg:
-    assume {:captureState "$main$__0__$OCJPxV7kTAqIa7P9NrZAQg"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4024bv64)) || L(mem, bvadd64(R9, 4024bv64)));
-    R0, Gamma_R0 := 0bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
     call rely();
-    assert (L(mem, R9) ==> true);
+    assert (L(mem, R9_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, 0bv32), gamma_store32(Gamma_mem, R9, true);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 0bv32), gamma_store32(Gamma_mem, R9_3, true);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1888$0"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_3, Gamma_R8_3 := bvadd32(R8_2, 1bv32), Gamma_R8_2;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> Gamma_R8_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_3), gamma_store32(Gamma_mem, R9_3, Gamma_R8_3);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1900$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_5, Gamma_R8_5 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R8, Gamma_R8 := 65536bv64, true;
+    R10_2, Gamma_R10_2 := zero_extend32_32(memory_load32_le(mem, R8_5)), (gamma_load32(Gamma_mem, R8_5) || L(mem, R8_5));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_7, Gamma_R8_7 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R10);
+    assert (L(mem, R8_7) ==> Gamma_R10_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, R10[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R10);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_7, R10_2[32:0]), gamma_store32(Gamma_mem, R8_7, Gamma_R10_2);
+    assert ((R8_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1924$0"} true;
     call rely();
-    assert (L(mem, R8) ==> true);
+    assert (L(mem, R8_7) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assert ((R8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R8_7, 0bv32), gamma_store32(Gamma_mem, R8_7, true);
+    assert ((R8_7 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1928$0"} true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R9)), (gamma_load32(Gamma_mem, R9) || L(mem, R9));
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(R8[32:0], 1bv32)), Gamma_R8;
+    R8_8, Gamma_R8_8 := memory_load32_le(mem, R9_3), (gamma_load32(Gamma_mem, R9_3) || L(mem, R9_3));
+    R8_9, Gamma_R8_9 := zero_extend32_32(bvadd32(R8_8, 1bv32)), Gamma_R8_8;
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> Gamma_R8_9);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_9[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_9);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1940$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, R10_2, R8_9, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_2, Gamma_R8_9, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/secret_write/gcc/secret_write.expected b/src/test/correct/secret_write/gcc/secret_write.expected
index c0e03ae6f..7fbb182dd 100644
--- a/src/test/correct/secret_write/gcc/secret_write.expected
+++ b/src/test/correct/secret_write/gcc/secret_write.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -16,14 +12,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -39,7 +48,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -109,80 +118,68 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_17: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
   var Gamma_x_old: bool;
+  var R0_17: bv32;
+  var R0_6: bv32;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000032a"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_2, Gamma_R1_2 := bvadd32(R0_6, 1bv32), Gamma_R0_6;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000355"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 28bv64), Gamma_R0;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_3, Gamma_R1_3 := memory_load32_le(mem, 69660bv64), (gamma_load32(Gamma_mem, 69660bv64) || L(mem, 69660bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> Gamma_R1_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_3), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_3);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000037a"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000038c"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_17, Gamma_R0_17 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_4, Gamma_R1_4 := zero_extend32_32(bvadd32(R0_17, 1bv32)), Gamma_R0_17;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_4);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_4[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_4);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000003b7"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/secret_write/gcc/secret_write_gtirb.expected b/src/test/correct/secret_write/gcc/secret_write_gtirb.expected
index 38bbdd467..f88123e1d 100644
--- a/src/test/correct/secret_write/gcc/secret_write_gtirb.expected
+++ b/src/test/correct/secret_write/gcc/secret_write_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -16,14 +12,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -39,7 +48,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -84,8 +93,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -109,80 +118,68 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_17: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
   var Gamma_x_old: bool;
+  var R0_17: bv32;
+  var R0_6: bv32;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv64;
   var z_old: bv32;
   $main$__0__$KpvN4unOQSe6fvbZnP4O3Q:
-    assume {:captureState "$main$__0__$KpvN4unOQSe6fvbZnP4O3Q"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_2, Gamma_R1_2 := bvadd32(R0_6, 1bv32), Gamma_R0_6;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 28bv64), Gamma_R0;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_3, Gamma_R1_3 := memory_load32_le(mem, 69660bv64), (gamma_load32(Gamma_mem, 69660bv64) || L(mem, 69660bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> Gamma_R1_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_3), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_3);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1872$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 0bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1884$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_17, Gamma_R0_17 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    R1_4, Gamma_R1_4 := zero_extend32_32(bvadd32(R0_17, 1bv32)), Gamma_R0_17;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69652bv64) ==> Gamma_R1_4);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_4[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_4);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/secret_write/gcc_O2/secret_write.expected b/src/test/correct/secret_write/gcc_O2/secret_write.expected
index 0f26390fb..92feb36ea 100644
--- a/src/test/correct/secret_write/gcc_O2/secret_write.expected
+++ b/src/test/correct/secret_write/gcc_O2/secret_write.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -19,14 +11,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -86,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R2, R3, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -111,35 +116,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
   var Gamma_x_old: bool;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R3, Gamma_R3 := 2bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), true);
-    assert ((bvadd64(R1, 20bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000001c2"} true;
     call rely();
-    assert (L(mem, bvadd64(R2, 4bv64)) ==> Gamma_R3);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 4bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R2, 4bv64), Gamma_R3);
-    assert ((bvadd64(R2, 4bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 2bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000001ca"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out := 0bv64, 69632bv64, 69652bv64, 2bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out := true, true, true, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/gcc_O2/secret_write_gtirb.expected b/src/test/correct/secret_write/gcc_O2/secret_write_gtirb.expected
index 7af63a49b..9fbb05f3f 100644
--- a/src/test/correct/secret_write/gcc_O2/secret_write_gtirb.expected
+++ b/src/test/correct/secret_write/gcc_O2/secret_write_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
-var {:extern} Gamma_R3: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
-var {:extern} R3: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -19,14 +11,27 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -86,8 +91,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_R3, Gamma_mem, R0, R1, R2, R3, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -111,35 +116,29 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool, R3_in: bv64, Gamma_R3_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool, R3_out: bv64, Gamma_R3_out: bool)
 {
   var Gamma_x_old: bool;
   var z_old: bv32;
   $main$__0__$1CqTVg9ZT1uFZwqE_OAzfA:
-    assume {:captureState "$main$__0__$1CqTVg9ZT1uFZwqE_OAzfA"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R3, Gamma_R3 := 2bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> true);
+    assert (L(mem, 69652bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), true);
-    assert ((bvadd64(R1, 20bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1552$0"} true;
     call rely();
-    assert (L(mem, bvadd64(R2, 4bv64)) ==> Gamma_R3);
+    assert (L(mem, 69656bv64) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R2, 4bv64), R3[32:0]), gamma_store32(Gamma_mem, bvadd64(R2, 4bv64), Gamma_R3);
-    assert ((bvadd64(R2, 4bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 2bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1556$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out, R3_out := 0bv64, 69632bv64, 69652bv64, 2bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out, Gamma_R3_out := true, true, true, true;
     return;
 }
 
diff --git a/src/test/correct/secret_write/gcc_pic/secret_write.expected b/src/test/correct/secret_write/gcc_pic/secret_write.expected
index 64d5aff6b..de569d993 100644
--- a/src/test/correct/secret_write/gcc_pic/secret_write.expected
+++ b/src/test/correct/secret_write/gcc_pic/secret_write.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -16,8 +12,17 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -27,7 +32,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,7 +52,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -91,8 +100,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -122,88 +131,100 @@ procedure main();
   free ensures (memory_load64_le(mem, 69000bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 68992bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
   var Gamma_x_old: bool;
+  var R0_10: bv64;
+  var R0_12: bv64;
+  var R0_14: bv64;
+  var R0_16: bv64;
+  var R0_17: bv32;
+  var R0_19: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_8: bv64;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv64;
   var z_old: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 0bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000032b"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    R1_2, Gamma_R1_2 := bvadd32(R0_6, 1bv32), Gamma_R0_6;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_8) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_8, R1_2), gamma_store32(Gamma_mem, R0_8, Gamma_R1_2);
+    assert ((R0_8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000358"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_3, Gamma_R1_3 := memory_load32_le(mem, R0_10), (gamma_load32(Gamma_mem, R0_10) || L(mem, R0_10));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_12, Gamma_R0_12 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_12) ==> Gamma_R1_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_12, R1_3), gamma_store32(Gamma_mem, R0_12, Gamma_R1_3);
+    assert ((R0_12 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000037f"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_14, Gamma_R0_14 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_14) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_14, 0bv32), gamma_store32(Gamma_mem, R0_14, true);
+    assert ((R0_14 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%00000392"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_16, Gamma_R0_16 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_17, Gamma_R0_17 := memory_load32_le(mem, R0_16), (gamma_load32(Gamma_mem, R0_16) || L(mem, R0_16));
+    R1_4, Gamma_R1_4 := zero_extend32_32(bvadd32(R0_17, 1bv32)), Gamma_R0_17;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_19, Gamma_R0_19 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_19) ==> Gamma_R1_4);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_19, R1_4[32:0]), gamma_store32(Gamma_mem, R0_19, Gamma_R1_4);
+    assert ((R0_19 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%000003bf"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/secret_write/gcc_pic/secret_write_gtirb.expected b/src/test/correct/secret_write/gcc_pic/secret_write_gtirb.expected
index e7f9eb3a1..baef06084 100644
--- a/src/test/correct/secret_write/gcc_pic/secret_write_gtirb.expected
+++ b/src/test/correct/secret_write/gcc_pic/secret_write_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -16,8 +12,17 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
 function {:extern} {:bvbuiltin "bvsge"} bvsge32(bv32, bv32) returns (bool);
 function {:extern} {:bvbuiltin "bvsmod"} bvsmod32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -27,7 +32,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,7 +52,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -91,8 +100,8 @@ implementation {:extern} guarantee_reflexive()
   assert bvsge32(memory_load32_le(mem, $z_addr), memory_load32_le(mem, $z_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   requires (gamma_load32(Gamma_mem, $z_addr) == true);
   requires (gamma_load32(Gamma_mem, $secret_addr) == false);
@@ -122,88 +131,100 @@ procedure main();
   free ensures (memory_load64_le(mem, 69000bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 68992bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_16: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
   var Gamma_x_old: bool;
+  var R0_10: bv64;
+  var R0_12: bv64;
+  var R0_14: bv64;
+  var R0_16: bv64;
+  var R0_17: bv32;
+  var R0_19: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_8: bv64;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv64;
   var z_old: bv32;
   $main$__0__$sQQ_g_3GSW~3KrITchatdg:
-    assume {:captureState "$main$__0__$sQQ_g_3GSW~3KrITchatdg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_3) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 0bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1884$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    R1_2, Gamma_R1_2 := bvadd32(R0_6, 1bv32), Gamma_R0_6;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_8) ==> Gamma_R1_2);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_8, R1_2), gamma_store32(Gamma_mem, R0_8, Gamma_R1_2);
+    assert ((R0_8 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_3, Gamma_R1_3 := memory_load32_le(mem, R0_10), (gamma_load32(Gamma_mem, R0_10) || L(mem, R0_10));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_12, Gamma_R0_12 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_12) ==> Gamma_R1_3);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_12, R1_3), gamma_store32(Gamma_mem, R0_12, Gamma_R1_3);
+    assert ((R0_12 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1936$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_14, Gamma_R0_14 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
+    assert (L(mem, R0_14) ==> true);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_14, 0bv32), gamma_store32(Gamma_mem, R0_14, true);
+    assert ((R0_14 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1948$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_16, Gamma_R0_16 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R1, Gamma_R1 := zero_extend32_32(bvadd32(R0[32:0], 1bv32)), Gamma_R0;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_17, Gamma_R0_17 := memory_load32_le(mem, R0_16), (gamma_load32(Gamma_mem, R0_16) || L(mem, R0_16));
+    R1_4, Gamma_R1_4 := zero_extend32_32(bvadd32(R0_17, 1bv32)), Gamma_R0_17;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_19, Gamma_R0_19 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_19) ==> Gamma_R1_4);
     z_old := memory_load32_le(mem, $z_addr);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_19, R1_4[32:0]), gamma_store32(Gamma_mem, R0_19, Gamma_R1_4);
+    assert ((R0_19 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "1976$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_4;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_4;
     return;
 }
 
diff --git a/src/test/correct/switch/clang/switch.expected b/src/test/correct/switch/clang/switch.expected
index f6a079d18..f580c26f2 100644
--- a/src/test/correct/switch/clang/switch.expected
+++ b/src/test/correct/switch/clang/switch.expected
@@ -1,34 +1,29 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1936bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -44,12 +39,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -79,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R31, R8, VF, ZF, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1936bv64) == 1bv8);
@@ -91,8 +83,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1936bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1937bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1938bv64) == 2bv8);
@@ -102,128 +92,73 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_18: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R8_8: bool;
+  var R8_13: bv64;
+  var R8_18: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
+  var R8_8: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%00000323"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%0000032a"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%00000339"} true;
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967294bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_2, Gamma_R8_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), Gamma_R8_2);
+    assert Gamma_R8_2;
     goto lmain_goto_l0000035a, lmain_goto_l0000035d;
-  l0000035d:
-    assume {:captureState "l0000035d"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l0000035d:
+    assume (R8_2 == 1bv32);
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l00000360;
-  l0000035a:
-    assume {:captureState "l0000035a"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000035a:
+    assume (!(R8_2 == 1bv32));
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l00000360;
   l00000360:
-    assume {:captureState "l00000360"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l00000360_goto_l00000368, l00000360_goto_l0000039a;
-  l0000039a:
-    assume {:captureState "l0000039a"} true;
-    goto l0000039b;
-  l0000039b:
-    assume {:captureState "l0000039b"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    #5, Gamma_#5 := bvadd32(R8[32:0], 4294967292bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 8589934589bv33))), (Gamma_R8 && Gamma_#5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967293bv33))), (Gamma_R8 && Gamma_#5);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#5, 1bv32)), Gamma_#5;
-    assert Gamma_ZF;
+  l00000360_goto_l0000039a:
+    assume (!(R8_7[1:0] == 1bv1));
+    R8_8, Gamma_R8_8 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    assert Gamma_R8_8;
     goto l0000039b_goto_l000003c4, l0000039b_goto_l000003c7;
-  l000003c7:
-    assume {:captureState "l000003c7"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  l0000039b_goto_l000003c7:
+    assume (!(R8_8 == 3bv32));
+    R8_13, Gamma_R8_13 := 1bv64, true;
     goto l000003ca;
-  l000003c4:
-    assume {:captureState "l000003c4"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  l0000039b_goto_l000003c4:
+    assume (R8_8 == 3bv32);
+    R8_13, Gamma_R8_13 := 0bv64, true;
     goto l000003ca;
   l000003ca:
-    assume {:captureState "l000003ca"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_13;
     goto l000003ca_goto_l00000389, l000003ca_goto_l000003d7;
-  l00000389:
-    assume {:captureState "l00000389"} true;
-    R8, Gamma_R8 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000394"} true;
+  l000003ca_goto_l000003d7:
+    assume (!(R8_13[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    goto l00000368;
+  l000003ca_goto_l00000389:
+    assume (R8_13[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_18, Gamma_R8_18 := 5bv64, true;
     goto l0000037b;
-  l000003d7:
-    assume {:captureState "l000003d7"} true;
-    goto l000003d8;
-  l000003d8:
-    assume {:captureState "l000003d8"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%000003e6"} true;
+  l00000360_goto_l00000368:
+    assume (R8_7[1:0] == 1bv1);
     goto l00000368;
   l00000368:
-    assume {:captureState "l00000368"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000378"} true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_18, Gamma_R8_18 := 1bv64, true;
     goto l0000037b;
   l0000037b:
-    assume {:captureState "l0000037b"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  lmain_goto_l0000035a:
-    assume {:captureState "lmain_goto_l0000035a"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l0000035a;
-  lmain_goto_l0000035d:
-    assume {:captureState "lmain_goto_l0000035d"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000035d;
-  l00000360_goto_l00000368:
-    assume {:captureState "l00000360_goto_l00000368"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000368;
-  l00000360_goto_l0000039a:
-    assume {:captureState "l00000360_goto_l0000039a"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000039a;
-  l0000039b_goto_l000003c4:
-    assume {:captureState "l0000039b_goto_l000003c4"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000003c4;
-  l0000039b_goto_l000003c7:
-    assume {:captureState "l0000039b_goto_l000003c7"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000003c7;
-  l000003ca_goto_l00000389:
-    assume {:captureState "l000003ca_goto_l00000389"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000389;
-  l000003ca_goto_l000003d7:
-    assume {:captureState "l000003ca_goto_l000003d7"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l000003d7;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R31_out, R8_out := R31_in, R8_18;
+    Gamma_R31_out, Gamma_R8_out := Gamma_R31_in, Gamma_R8_18;
     return;
 }
 
diff --git a/src/test/correct/switch/clang/switch_gtirb.expected b/src/test/correct/switch/clang/switch_gtirb.expected
index bbfae8da5..4b0a44f01 100644
--- a/src/test/correct/switch/clang/switch_gtirb.expected
+++ b/src/test/correct/switch/clang/switch_gtirb.expected
@@ -1,33 +1,29 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1936bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,12 +39,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -78,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R31, R8, VF, ZF, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1936bv64) == 1bv8);
@@ -90,8 +83,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1936bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1937bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1938bv64) == 2bv8);
@@ -101,112 +92,99 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$2$1: bv32;
-  var Cse0__5$3$6: bv32;
-  var Gamma_Cse0__5$2$1: bool;
-  var Gamma_Cse0__5$3$6: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_17: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_20: bool;
+  var Gamma_R8_22: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R8_9: bool;
+  var R8_15: bv64;
+  var R8_17: bv64;
+  var R8_2: bv32;
+  var R8_20: bv64;
+  var R8_22: bv64;
+  var R8_8: bv64;
+  var R8_9: bv32;
   $main$__0__$3GlaOF1MR7aaQai1pc2v2g:
-    assume {:captureState "$main$__0__$3GlaOF1MR7aaQai1pc2v2g"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1820$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1824$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1832$0"} true;
-    Cse0__5$3$6, Gamma_Cse0__5$3$6 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$3$6), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_Cse0__5$3$6);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$6), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_Cse0__5$3$6);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$6, 0bv32), Gamma_Cse0__5$3$6;
-    NF, Gamma_NF := Cse0__5$3$6[32:31], Gamma_Cse0__5$3$6;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$6), Gamma_Cse0__5$3$6;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_2, Gamma_R8_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), Gamma_R8_2);
+    assert Gamma_R8_2;
     goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0, $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1;
-  $main$__1__$4x~lmTLbT2auzSCUAlHDag:
-    assume {:captureState "$main$__1__$4x~lmTLbT2auzSCUAlHDag"} true;
-    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA;
-  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA:
-    assume {:captureState "$main$__2__$jyrJQYSIS2Ws80LCkGPZrA"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    Cse0__5$2$1, Gamma_Cse0__5$2$1 := bvadd32(R8[32:0], 4294967293bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$2$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934589bv33))), (Gamma_R8 && Gamma_Cse0__5$2$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967293bv33))), (Gamma_R8 && Gamma_Cse0__5$2$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$1, 0bv32), Gamma_Cse0__5$2$1;
-    NF, Gamma_NF := Cse0__5$2$1[32:31], Gamma_Cse0__5$2$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$2$1), Gamma_Cse0__5$2$1;
-    assert Gamma_ZF;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1:
+    assume (R8_2 == 1bv32);
+    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1_phi_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ, $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1_phi_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1_phi_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag:
+    R8_8, Gamma_R8_8 := 1bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1_phi_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ:
+    R8_20, Gamma_R8_20 := 1bv64, true;
+    assert Gamma_R8_20;
+    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0:
+    assume (!(R8_2 == 1bv32));
+    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag, $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ:
+    R8_20, Gamma_R8_20 := 0bv64, true;
+    assert Gamma_R8_20;
+    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ:
+    assume (R8_20[1:0] == 1bv1);
+    goto $main$__5__$24PniileSwWTb~gBPRo3qQ;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0_phi_back_$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag:
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag;
+  $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag:
+    assume (!(R8_8[1:0] == 1bv1));
+    R8_9, Gamma_R8_9 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    assert Gamma_R8_9;
     goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0, $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1;
-  $main$__3__$XW5NfPfUQ4KyEikucDTunQ:
-    assume {:captureState "$main$__3__$XW5NfPfUQ4KyEikucDTunQ"} true;
-    goto $main$__4__$gwXdF75eT4Ou~FTT7cThmQ;
-  $main$__4__$gwXdF75eT4Ou~FTT7cThmQ:
-    assume {:captureState "$main$__4__$gwXdF75eT4Ou~FTT7cThmQ"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1876$0"} true;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1:
+    assume (!(R8_9 == 3bv32));
+    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1_phi_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw, $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1_phi_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1_phi_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ:
+    R8_15, Gamma_R8_15 := 1bv64, true;
+    assert Gamma_R8_15;
+    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1_phi_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw:
+    R8_17, Gamma_R8_17 := 1bv64, true;
+    assert Gamma_R8_17;
+    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0:
+    assume (R8_9 == 3bv32);
+    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ, $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw:
+    R8_17, Gamma_R8_17 := 0bv64, true;
+    assert Gamma_R8_17;
+    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw:
+    assume (R8_17[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_22, Gamma_R8_22 := 5bv64, true;
+    goto $main$__7__$Imv7ODlKQ3y~H7OMiSSR_w;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0_phi_back_$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ:
+    R8_15, Gamma_R8_15 := 0bv64, true;
+    assert Gamma_R8_15;
+    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ;
+  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ:
+    assume (!(R8_15[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     goto $main$__5__$24PniileSwWTb~gBPRo3qQ;
   $main$__5__$24PniileSwWTb~gBPRo3qQ:
-    assume {:captureState "$main$__5__$24PniileSwWTb~gBPRo3qQ"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1888$0"} true;
-    goto $main$__7__$Imv7ODlKQ3y~H7OMiSSR_w;
-  $main$__6__$M0Alxdx8S_6NyJoZnSXkvw:
-    assume {:captureState "$main$__6__$M0Alxdx8S_6NyJoZnSXkvw"} true;
-    R8, Gamma_R8 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1900$0"} true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R8_22, Gamma_R8_22 := 1bv64, true;
     goto $main$__7__$Imv7ODlKQ3y~H7OMiSSR_w;
   $main$__7__$Imv7ODlKQ3y~H7OMiSSR_w:
-    assume {:captureState "$main$__7__$Imv7ODlKQ3y~H7OMiSSR_w"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw:
-    assume {:captureState "$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__6__$M0Alxdx8S_6NyJoZnSXkvw;
-  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ:
-    assume {:captureState "$main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__3__$XW5NfPfUQ4KyEikucDTunQ;
-  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0:
-    assume {:captureState "$main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw, $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ;
-  $main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1:
-    assume {:captureState "$main$__2__$jyrJQYSIS2Ws80LCkGPZrA$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__6__$M0Alxdx8S_6NyJoZnSXkvw, $main$__2__$jyrJQYSIS2Ws80LCkGPZrA_goto_$main$__3__$XW5NfPfUQ4KyEikucDTunQ;
-  $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ:
-    assume {:captureState "$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__5__$24PniileSwWTb~gBPRo3qQ;
-  $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag:
-    assume {:captureState "$main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$4x~lmTLbT2auzSCUAlHDag;
-  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0:
-    assume {:captureState "$main$__0__$3GlaOF1MR7aaQai1pc2v2g$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ, $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag;
-  $main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1:
-    assume {:captureState "$main$__0__$3GlaOF1MR7aaQai1pc2v2g$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__5__$24PniileSwWTb~gBPRo3qQ, $main$__0__$3GlaOF1MR7aaQai1pc2v2g_goto_$main$__1__$4x~lmTLbT2auzSCUAlHDag;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R31_out, R8_out := R31_in, R8_22;
+    Gamma_R31_out, Gamma_R8_out := Gamma_R31_in, Gamma_R8_22;
     return;
 }
 
diff --git a/src/test/correct/switch/clang_O2/switch.expected b/src/test/correct/switch/clang_O2/switch.expected
index 074ebb121..4202ee31f 100644
--- a/src/test/correct/switch/clang_O2/switch.expected
+++ b/src/test/correct/switch/clang_O2/switch.expected
@@ -40,7 +40,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1836bv64) == 1bv8);
@@ -60,13 +60,13 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   lmain:
-    assume {:captureState "lmain"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R12_out, R13_out, R14_out, R15_out, R16_out, R17_out, R18_out, R19_out, R1_out, R20_out, R21_out, R22_out, R23_out, R24_out, R25_out, R26_out, R27_out, R28_out, R29_out, R2_out, R30_out, R31_out, R3_out, R4_out, R5_out, R6_out, R7_out, R8_out, R9_out := R0_in, R10_in, R11_in, R12_in, R13_in, R14_in, R15_in, R16_in, R17_in, R18_in, R19_in, R1_in, R20_in, R21_in, R22_in, R23_in, R24_in, R25_in, R26_in, R27_in, R28_in, R29_in, R2_in, R30_in, R31_in, R3_in, R4_in, R5_in, R6_in, R7_in, R8_in, R9_in;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R12_out, Gamma_R13_out, Gamma_R14_out, Gamma_R15_out, Gamma_R16_out, Gamma_R17_out, Gamma_R18_out, Gamma_R19_out, Gamma_R1_out, Gamma_R20_out, Gamma_R21_out, Gamma_R22_out, Gamma_R23_out, Gamma_R24_out, Gamma_R25_out, Gamma_R26_out, Gamma_R27_out, Gamma_R28_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R3_out, Gamma_R4_out, Gamma_R5_out, Gamma_R6_out, Gamma_R7_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_in, Gamma_R10_in, Gamma_R11_in, Gamma_R12_in, Gamma_R13_in, Gamma_R14_in, Gamma_R15_in, Gamma_R16_in, Gamma_R17_in, Gamma_R18_in, Gamma_R19_in, Gamma_R1_in, Gamma_R20_in, Gamma_R21_in, Gamma_R22_in, Gamma_R23_in, Gamma_R24_in, Gamma_R25_in, Gamma_R26_in, Gamma_R27_in, Gamma_R28_in, Gamma_R29_in, Gamma_R2_in, Gamma_R30_in, Gamma_R31_in, Gamma_R3_in, Gamma_R4_in, Gamma_R5_in, Gamma_R6_in, Gamma_R7_in, Gamma_R8_in, Gamma_R9_in;
     return;
 }
 
diff --git a/src/test/correct/switch/clang_O2/switch_gtirb.expected b/src/test/correct/switch/clang_O2/switch_gtirb.expected
index 1f07e5df7..87d33b382 100644
--- a/src/test/correct/switch/clang_O2/switch_gtirb.expected
+++ b/src/test/correct/switch/clang_O2/switch_gtirb.expected
@@ -40,7 +40,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1836bv64) == 1bv8);
@@ -60,13 +60,13 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   $main$__0__$qfp8WI3CQQKrYS27mbga8Q:
-    assume {:captureState "$main$__0__$qfp8WI3CQQKrYS27mbga8Q"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R12_out, R13_out, R14_out, R15_out, R16_out, R17_out, R18_out, R19_out, R1_out, R20_out, R21_out, R22_out, R23_out, R24_out, R25_out, R26_out, R27_out, R28_out, R29_out, R2_out, R30_out, R31_out, R3_out, R4_out, R5_out, R6_out, R7_out, R8_out, R9_out := R0_in, R10_in, R11_in, R12_in, R13_in, R14_in, R15_in, R16_in, R17_in, R18_in, R19_in, R1_in, R20_in, R21_in, R22_in, R23_in, R24_in, R25_in, R26_in, R27_in, R28_in, R29_in, R2_in, R30_in, R31_in, R3_in, R4_in, R5_in, R6_in, R7_in, R8_in, R9_in;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R12_out, Gamma_R13_out, Gamma_R14_out, Gamma_R15_out, Gamma_R16_out, Gamma_R17_out, Gamma_R18_out, Gamma_R19_out, Gamma_R1_out, Gamma_R20_out, Gamma_R21_out, Gamma_R22_out, Gamma_R23_out, Gamma_R24_out, Gamma_R25_out, Gamma_R26_out, Gamma_R27_out, Gamma_R28_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R3_out, Gamma_R4_out, Gamma_R5_out, Gamma_R6_out, Gamma_R7_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_in, Gamma_R10_in, Gamma_R11_in, Gamma_R12_in, Gamma_R13_in, Gamma_R14_in, Gamma_R15_in, Gamma_R16_in, Gamma_R17_in, Gamma_R18_in, Gamma_R19_in, Gamma_R1_in, Gamma_R20_in, Gamma_R21_in, Gamma_R22_in, Gamma_R23_in, Gamma_R24_in, Gamma_R25_in, Gamma_R26_in, Gamma_R27_in, Gamma_R28_in, Gamma_R29_in, Gamma_R2_in, Gamma_R30_in, Gamma_R31_in, Gamma_R3_in, Gamma_R4_in, Gamma_R5_in, Gamma_R6_in, Gamma_R7_in, Gamma_R8_in, Gamma_R9_in;
     return;
 }
 
diff --git a/src/test/correct/switch/gcc/switch.expected b/src/test/correct/switch/gcc/switch.expected
index af33e269d..a42a938b9 100644
--- a/src/test/correct/switch/gcc/switch.expected
+++ b/src/test/correct/switch/gcc/switch.expected
@@ -1,34 +1,29 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1916bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -44,12 +39,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -79,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, VF, ZF, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -91,8 +83,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -102,78 +92,46 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var R0_2: bv32;
+  var R0_3: bv32;
+  var R0_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%0000030f"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000316"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R0_2;
     goto lmain_goto_l00000339, lmain_goto_l0000036b;
-  l0000036b:
-    assume {:captureState "l0000036b"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    #5, Gamma_#5 := bvadd32(R0[32:0], 4294967292bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 8589934589bv33))), (Gamma_R0 && Gamma_#5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967293bv33))), (Gamma_R0 && Gamma_#5);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    assert Gamma_ZF;
+  lmain_goto_l0000036b:
+    assume (!(R0_2 == 1bv32));
+    R0_3, Gamma_R0_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R0_3;
     goto l0000036b_goto_l0000035c, l0000036b_goto_l00000391;
-  l0000035c:
-    assume {:captureState "l0000035c"} true;
-    R0, Gamma_R0 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000367"} true;
+  l0000036b_goto_l00000391:
+    assume (R0_3 == 3bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    goto l00000339;
+  l0000036b_goto_l0000035c:
+    assume (!(R0_3 == 3bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_8, Gamma_R0_8 := 5bv64, true;
     goto l0000034c;
-  l00000391:
-    assume {:captureState "l00000391"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000039c"} true;
+  lmain_goto_l00000339:
+    assume (R0_2 == 1bv32);
     goto l00000339;
   l00000339:
-    assume {:captureState "l00000339"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000349"} true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_8, Gamma_R0_8 := 1bv64, true;
     goto l0000034c;
   l0000034c:
-    assume {:captureState "l0000034c"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  lmain_goto_l00000339:
-    assume {:captureState "lmain_goto_l00000339"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000339;
-  lmain_goto_l0000036b:
-    assume {:captureState "lmain_goto_l0000036b"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000036b;
-  l0000036b_goto_l0000035c:
-    assume {:captureState "l0000036b_goto_l0000035c"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l0000035c;
-  l0000036b_goto_l00000391:
-    assume {:captureState "l0000036b_goto_l00000391"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000391;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_8, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_8, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/switch/gcc/switch_gtirb.expected b/src/test/correct/switch/gcc/switch_gtirb.expected
index 36195f0ef..6d313c5f6 100644
--- a/src/test/correct/switch/gcc/switch_gtirb.expected
+++ b/src/test/correct/switch/gcc/switch_gtirb.expected
@@ -1,33 +1,29 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1916bv64);
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,12 +39,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -78,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, VF, ZF, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -90,8 +83,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -101,78 +92,46 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$5: bv32;
-  var Cse0__5$5$1: bv32;
-  var Gamma_Cse0__5$1$5: bool;
-  var Gamma_Cse0__5$5$1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var R0_2: bv32;
+  var R0_3: bv32;
+  var R0_8: bv64;
   $main$__0__$fTP6a10DRkW0uClOUn3VYg:
-    assume {:captureState "$main$__0__$fTP6a10DRkW0uClOUn3VYg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1820$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    Cse0__5$1$5, Gamma_Cse0__5$1$5 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$1$5), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_Cse0__5$1$5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_Cse0__5$1$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$5, 0bv32), Gamma_Cse0__5$1$5;
-    NF, Gamma_NF := Cse0__5$1$5[32:31], Gamma_Cse0__5$1$5;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R0_2;
     goto $main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__3__$K4NVIb_2TLqhdwKQk4e4yQ, $main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__1__$qKMMRobvQhOFWJ6vLsAXWw;
-  $main$__1__$qKMMRobvQhOFWJ6vLsAXWw:
-    assume {:captureState "$main$__1__$qKMMRobvQhOFWJ6vLsAXWw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    Cse0__5$5$1, Gamma_Cse0__5$5$1 := bvadd32(R0[32:0], 4294967293bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$5$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934589bv33))), (Gamma_R0 && Gamma_Cse0__5$5$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$5$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967293bv33))), (Gamma_R0 && Gamma_Cse0__5$5$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$5$1, 0bv32), Gamma_Cse0__5$5$1;
-    NF, Gamma_NF := Cse0__5$5$1[32:31], Gamma_Cse0__5$5$1;
-    assert Gamma_ZF;
+  $main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__1__$qKMMRobvQhOFWJ6vLsAXWw:
+    assume (!(R0_2 == 1bv32));
+    R0_3, Gamma_R0_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    assert Gamma_R0_3;
     goto $main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__4__$DonY551VSjGOjsGSDV0czQ, $main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__2__$0NcRUSBiRJiPUYrDF8NHDQ;
-  $main$__2__$0NcRUSBiRJiPUYrDF8NHDQ:
-    assume {:captureState "$main$__2__$0NcRUSBiRJiPUYrDF8NHDQ"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1856$0"} true;
+  $main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__2__$0NcRUSBiRJiPUYrDF8NHDQ:
+    assume (R0_3 == 3bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     goto $main$__3__$K4NVIb_2TLqhdwKQk4e4yQ;
-  $main$__3__$K4NVIb_2TLqhdwKQk4e4yQ:
-    assume {:captureState "$main$__3__$K4NVIb_2TLqhdwKQk4e4yQ"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
+  $main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__4__$DonY551VSjGOjsGSDV0czQ:
+    assume (!(R0_3 == 3bv32));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_8, Gamma_R0_8 := 5bv64, true;
     goto $main$__5__$9WeRIM9VQHukMzVZYtgvQA;
-  $main$__4__$DonY551VSjGOjsGSDV0czQ:
-    assume {:captureState "$main$__4__$DonY551VSjGOjsGSDV0czQ"} true;
-    R0, Gamma_R0 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1876$0"} true;
+  $main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__3__$K4NVIb_2TLqhdwKQk4e4yQ:
+    assume (R0_2 == 1bv32);
+    goto $main$__3__$K4NVIb_2TLqhdwKQk4e4yQ;
+  $main$__3__$K4NVIb_2TLqhdwKQk4e4yQ:
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_8, Gamma_R0_8 := 1bv64, true;
     goto $main$__5__$9WeRIM9VQHukMzVZYtgvQA;
   $main$__5__$9WeRIM9VQHukMzVZYtgvQA:
-    assume {:captureState "$main$__5__$9WeRIM9VQHukMzVZYtgvQA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
     goto main_basil_return;
-  $main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__3__$K4NVIb_2TLqhdwKQk4e4yQ:
-    assume {:captureState "$main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__3__$K4NVIb_2TLqhdwKQk4e4yQ"} true;
-    assume (ZF == 1bv1);
-    goto $main$__3__$K4NVIb_2TLqhdwKQk4e4yQ;
-  $main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__1__$qKMMRobvQhOFWJ6vLsAXWw:
-    assume {:captureState "$main$__0__$fTP6a10DRkW0uClOUn3VYg_goto_$main$__1__$qKMMRobvQhOFWJ6vLsAXWw"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$qKMMRobvQhOFWJ6vLsAXWw;
-  $main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__4__$DonY551VSjGOjsGSDV0czQ:
-    assume {:captureState "$main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__4__$DonY551VSjGOjsGSDV0czQ"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__4__$DonY551VSjGOjsGSDV0czQ;
-  $main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__2__$0NcRUSBiRJiPUYrDF8NHDQ:
-    assume {:captureState "$main$__1__$qKMMRobvQhOFWJ6vLsAXWw_goto_$main$__2__$0NcRUSBiRJiPUYrDF8NHDQ"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__2__$0NcRUSBiRJiPUYrDF8NHDQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_8, R31_in;
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_8, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/correct/switch/gcc_O2/switch.expected b/src/test/correct/switch/gcc_O2/switch.expected
index f5fe2a468..579f58cfd 100644
--- a/src/test/correct/switch/gcc_O2/switch.expected
+++ b/src/test/correct/switch/gcc_O2/switch.expected
@@ -40,7 +40,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -60,13 +60,13 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   lmain:
-    assume {:captureState "lmain"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R12_out, R13_out, R14_out, R15_out, R16_out, R17_out, R18_out, R19_out, R1_out, R20_out, R21_out, R22_out, R23_out, R24_out, R25_out, R26_out, R27_out, R28_out, R29_out, R2_out, R30_out, R31_out, R3_out, R4_out, R5_out, R6_out, R7_out, R8_out, R9_out := R0_in, R10_in, R11_in, R12_in, R13_in, R14_in, R15_in, R16_in, R17_in, R18_in, R19_in, R1_in, R20_in, R21_in, R22_in, R23_in, R24_in, R25_in, R26_in, R27_in, R28_in, R29_in, R2_in, R30_in, R31_in, R3_in, R4_in, R5_in, R6_in, R7_in, R8_in, R9_in;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R12_out, Gamma_R13_out, Gamma_R14_out, Gamma_R15_out, Gamma_R16_out, Gamma_R17_out, Gamma_R18_out, Gamma_R19_out, Gamma_R1_out, Gamma_R20_out, Gamma_R21_out, Gamma_R22_out, Gamma_R23_out, Gamma_R24_out, Gamma_R25_out, Gamma_R26_out, Gamma_R27_out, Gamma_R28_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R3_out, Gamma_R4_out, Gamma_R5_out, Gamma_R6_out, Gamma_R7_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_in, Gamma_R10_in, Gamma_R11_in, Gamma_R12_in, Gamma_R13_in, Gamma_R14_in, Gamma_R15_in, Gamma_R16_in, Gamma_R17_in, Gamma_R18_in, Gamma_R19_in, Gamma_R1_in, Gamma_R20_in, Gamma_R21_in, Gamma_R22_in, Gamma_R23_in, Gamma_R24_in, Gamma_R25_in, Gamma_R26_in, Gamma_R27_in, Gamma_R28_in, Gamma_R29_in, Gamma_R2_in, Gamma_R30_in, Gamma_R31_in, Gamma_R3_in, Gamma_R4_in, Gamma_R5_in, Gamma_R6_in, Gamma_R7_in, Gamma_R8_in, Gamma_R9_in;
     return;
 }
 
diff --git a/src/test/correct/switch/gcc_O2/switch_gtirb.expected b/src/test/correct/switch/gcc_O2/switch_gtirb.expected
index a87f9b510..39c88e37d 100644
--- a/src/test/correct/switch/gcc_O2/switch_gtirb.expected
+++ b/src/test/correct/switch/gcc_O2/switch_gtirb.expected
@@ -40,7 +40,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -60,13 +60,13 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   $main$__0__$DWpLJcPSSFO5KWiSANP3Qw:
-    assume {:captureState "$main$__0__$DWpLJcPSSFO5KWiSANP3Qw"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R12_out, R13_out, R14_out, R15_out, R16_out, R17_out, R18_out, R19_out, R1_out, R20_out, R21_out, R22_out, R23_out, R24_out, R25_out, R26_out, R27_out, R28_out, R29_out, R2_out, R30_out, R31_out, R3_out, R4_out, R5_out, R6_out, R7_out, R8_out, R9_out := R0_in, R10_in, R11_in, R12_in, R13_in, R14_in, R15_in, R16_in, R17_in, R18_in, R19_in, R1_in, R20_in, R21_in, R22_in, R23_in, R24_in, R25_in, R26_in, R27_in, R28_in, R29_in, R2_in, R30_in, R31_in, R3_in, R4_in, R5_in, R6_in, R7_in, R8_in, R9_in;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R12_out, Gamma_R13_out, Gamma_R14_out, Gamma_R15_out, Gamma_R16_out, Gamma_R17_out, Gamma_R18_out, Gamma_R19_out, Gamma_R1_out, Gamma_R20_out, Gamma_R21_out, Gamma_R22_out, Gamma_R23_out, Gamma_R24_out, Gamma_R25_out, Gamma_R26_out, Gamma_R27_out, Gamma_R28_out, Gamma_R29_out, Gamma_R2_out, Gamma_R30_out, Gamma_R31_out, Gamma_R3_out, Gamma_R4_out, Gamma_R5_out, Gamma_R6_out, Gamma_R7_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_in, Gamma_R10_in, Gamma_R11_in, Gamma_R12_in, Gamma_R13_in, Gamma_R14_in, Gamma_R15_in, Gamma_R16_in, Gamma_R17_in, Gamma_R18_in, Gamma_R19_in, Gamma_R1_in, Gamma_R20_in, Gamma_R21_in, Gamma_R22_in, Gamma_R23_in, Gamma_R24_in, Gamma_R25_in, Gamma_R26_in, Gamma_R27_in, Gamma_R28_in, Gamma_R29_in, Gamma_R2_in, Gamma_R30_in, Gamma_R31_in, Gamma_R3_in, Gamma_R4_in, Gamma_R5_in, Gamma_R6_in, Gamma_R7_in, Gamma_R8_in, Gamma_R9_in;
     return;
 }
 
diff --git a/src/test/correct/syscall/clang/syscall.expected b/src/test/correct/syscall/clang/syscall.expected
index 54a9d6eea..d2eb7549d 100644
--- a/src/test/correct/syscall/clang/syscall.expected
+++ b/src/test/correct/syscall/clang/syscall.expected
@@ -1,24 +1,28 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1944bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -28,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -48,11 +56,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -85,7 +93,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 1944bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1945bv64) == 0bv8);
@@ -104,8 +112,8 @@ procedure fork();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_stack, R0, R16, R17, R29, R30, R31, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_stack, R16, R17, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 1944bv64) == 1bv8);
@@ -116,10 +124,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1944bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1945bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1946bv64) == 2bv8);
@@ -129,42 +133,149 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var #5: bv64;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_2: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    #4, Gamma_#4 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002ea"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002f0"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "%000002fd"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551608bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R0);
-    assume {:captureState "%00000305"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "%0000030d"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call fork();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_2, Gamma_R1_2, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := fork(R0_in, Gamma_R0_in, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1_in, Gamma_R1_in, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in, R2, Gamma_R2, 1904bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000317;
   l00000317:
-    assume {:captureState "l00000317"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000031d"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    #5, Gamma_#5 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_3, 12bv64), R0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_3, 12bv64), Gamma_R0_2);
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 12bv64));
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, bvadd64(R31_3, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 32bv64));
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 40bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out := R0_3, R29_4, R30_4, bvadd64(R31_3, 48bv64);
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := Gamma_R0_3, Gamma_R29_4, Gamma_R30_4, Gamma_R31_3;
     return;
 }
 
diff --git a/src/test/correct/syscall/clang/syscall_gtirb.expected b/src/test/correct/syscall/clang/syscall_gtirb.expected
index 1b662d317..1fce2cbcf 100644
--- a/src/test/correct/syscall/clang/syscall_gtirb.expected
+++ b/src/test/correct/syscall/clang/syscall_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +56,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -89,8 +93,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 1944bv64) == 1bv8);
@@ -101,10 +105,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1944bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1945bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1946bv64) == 2bv8);
@@ -114,47 +114,42 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$1: bv64;
-  var Cse0__5$1$2: bv64;
-  var Gamma_Cse0__5$0$1: bool;
-  var Gamma_Cse0__5$1$2: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$NmHi4RAWSYmKU32HkJ0NXQ:
-    assume {:captureState "$main$__0__$NmHi4RAWSYmKU32HkJ0NXQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    Cse0__5$0$1, Gamma_Cse0__5$0$1 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$1, R29), gamma_store64(Gamma_stack, Cse0__5$0$1, Gamma_R29);
-    assume {:captureState "1880$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$1, 8bv64), Gamma_R30);
-    assume {:captureState "1880$2"} true;
-    R29, Gamma_R29 := bvadd64(R31, 32bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551612bv64), true);
-    assume {:captureState "1888$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R29, 18446744073709551608bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "1896$0"} true;
-    R30, Gamma_R30 := 1904bv64, true;
-    call FUN_610();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551600bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_610(R16, Gamma_R16);
     goto $main$__1__$ttg35E3ATxG9q5C2p8wnzQ;
   $main$__1__$ttg35E3ATxG9q5C2p8wnzQ:
-    assume {:captureState "$main$__1__$ttg35E3ATxG9q5C2p8wnzQ"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1904$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    Cse0__5$1$2, Gamma_Cse0__5$1$2 := bvadd64(R31, 32bv64), Gamma_R31;
-    R29, Gamma_R29 := memory_load64_le(stack, Cse0__5$1$2), gamma_load64(Gamma_stack, Cse0__5$1$2);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(Cse0__5$1$2, 8bv64)), gamma_load64(Gamma_stack, bvadd64(Cse0__5$1$2, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551580bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551580bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551580bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551600bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551600bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out := R0_2, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := Gamma_R0_2, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
-procedure FUN_610();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 1944bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1945bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1946bv64) == 2bv8);
@@ -172,19 +167,142 @@ procedure FUN_610();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation FUN_610()
+implementation FUN_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_610$__0__$3ABOOETYTria~jSyU9mmbQ:
-    assume {:captureState "$FUN_610$__0__$3ABOOETYTria~jSyU9mmbQ"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call fork();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := fork(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 1944bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1945bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1946bv64) == 2bv8);
diff --git a/src/test/correct/syscall/clang_O2/syscall_gtirb.expected b/src/test/correct/syscall/clang_O2/syscall_gtirb.expected
index 0c9d7d48d..2c07d6457 100644
--- a/src/test/correct/syscall/clang_O2/syscall_gtirb.expected
+++ b/src/test/correct/syscall/clang_O2/syscall_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1900bv64);
@@ -52,8 +48,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69672bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69680bv64) == 69680bv64);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
@@ -73,16 +69,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R16_2: bool;
+  var Gamma_R17_2: bool;
+  var R16_2: bv64;
+  var R17_2: bv64;
   $main$__0__$noLlJkgwRnOvXgJivIONmQ:
-    assume {:captureState "$main$__0__$noLlJkgwRnOvXgJivIONmQ"} true;
-    call .L_610();
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := .L_610(R16_in, Gamma_R16_in);
     assume false;
 }
 
-procedure .L_610();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure .L_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1901bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1902bv64) == 2bv8);
@@ -100,19 +99,142 @@ procedure .L_610();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69680bv64) == 69680bv64);
 
-implementation .L_610()
+implementation .L_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $.L_610$__0__$gey1dltDQsGWPLJ2NyIKRg:
-    assume {:captureState "$.L_610$__0__$gey1dltDQsGWPLJ2NyIKRg"} true;
-    R16, Gamma_R16 := 69632bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 16bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 16bv64)) || L(mem, bvadd64(R16, 16bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 16bv64), Gamma_R16;
-    call fork();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69648bv64), (gamma_load64(Gamma_mem, 69648bv64) || L(mem, 69648bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := fork(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69648bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 1900bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1901bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1902bv64) == 2bv8);
diff --git a/src/test/correct/syscall/gcc/syscall.expected b/src/test/correct/syscall/gcc/syscall.expected
index eee352c79..c75acc620 100644
--- a/src/test/correct/syscall/gcc/syscall.expected
+++ b/src/test/correct/syscall/gcc/syscall.expected
@@ -1,24 +1,28 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_R16: bool;
 var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} R16: bv64;
 var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1932bv64);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -28,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -48,11 +56,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -85,7 +93,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1933bv64) == 0bv8);
@@ -104,8 +112,8 @@ procedure fork();
   free ensures (memory_load64_le(mem, 69616bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_stack, R0, R16, R17, R29, R30, R31, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_R16, Gamma_R17, Gamma_stack, R16, R17, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
@@ -116,10 +124,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1932bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1933bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -129,37 +133,148 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv64;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R29_4: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30_3: bool;
+  var Gamma_R30_4: bool;
+  var Gamma_R31_3: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17: bv64;
+  var R17_1: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_2: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29_3: bv64;
+  var R29_4: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30_3: bv64;
+  var R30_4: bv64;
+  var R31_3: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    #4, Gamma_#4 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29);
-    assume {:captureState "%000002d8"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30);
-    assume {:captureState "%000002de"} true;
-    R31, Gamma_R31 := #4, Gamma_#4;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%000002f0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "%000002f8"} true;
-    R30, Gamma_R30 := 1896bv64, true;
-    call fork();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    call R0_2, Gamma_R0_2, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_1, Gamma_R16_1, R17_1, Gamma_R17_1, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_2, Gamma_R1_2, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_3, Gamma_R29_3, R2_1, Gamma_R2_1, R30_3, Gamma_R30_3, R31_3, Gamma_R31_3, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := fork(R0_in, Gamma_R0_in, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, R16, Gamma_R16, R17, Gamma_R17, R18, Gamma_R18, R19, Gamma_R19, R1_in, Gamma_R1_in, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R2, Gamma_R2, 1896bv64, true, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R31_in, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     goto l00000302;
   l00000302:
-    assume {:captureState "l00000302"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 44bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 44bv64), Gamma_R0);
-    assume {:captureState "%00000308"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 44bv64));
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_3, 44bv64), R0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_3, 44bv64), Gamma_R0_2);
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_3, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31_3, 44bv64));
+    R29_4, Gamma_R29_4 := memory_load64_le(stack, R31_3), gamma_load64(Gamma_stack, R31_3);
+    R30_4, Gamma_R30_4 := memory_load64_le(stack, bvadd64(R31_3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_3, 8bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R29_out, R30_out, R31_out := R0_3, R29_4, R30_4, bvadd64(R31_3, 48bv64);
+    Gamma_R0_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := Gamma_R0_3, Gamma_R29_4, Gamma_R30_4, Gamma_R31_3;
     return;
 }
 
diff --git a/src/test/correct/syscall/gcc/syscall_gtirb.expected b/src/test/correct/syscall/gcc/syscall_gtirb.expected
index bff162b41..c94df9814 100644
--- a/src/test/correct/syscall/gcc/syscall_gtirb.expected
+++ b/src/test/correct/syscall/gcc/syscall_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
-var {:extern} Gamma_R29: bool;
-var {:extern} Gamma_R30: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
-var {:extern} R29: bv64;
-var {:extern} R30: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
@@ -23,6 +9,20 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -32,11 +32,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +56,11 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -89,8 +93,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure FUN_610();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure FUN_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1933bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -108,20 +112,143 @@ procedure FUN_610();
   free ensures (memory_load64_le(mem, 69616bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation FUN_610()
+implementation FUN_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $FUN_610$__0__$w_DgyGR~RVC8g46zYhiiEg:
-    assume {:captureState "$FUN_610$__0__$w_DgyGR~RVC8g46zYhiiEg"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4024bv64)) || L(mem, bvadd64(R16, 4024bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4024bv64), Gamma_R16;
-    call fork();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := fork(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69560bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_mem, Gamma_stack, R0, R16, R17, R29, R30, R31, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
@@ -132,10 +259,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69016bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R29 == old(Gamma_R29));
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R29 == old(R29));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1932bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1933bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1934bv64) == 2bv8);
@@ -145,41 +268,40 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool, R29_in: bv64, Gamma_R29_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R29_out: bv64, Gamma_R29_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$0$0: bv64;
-  var Gamma_Cse0__5$0$0: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R16: bool;
+  var Gamma_R16_1: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R29_3: bool;
+  var Gamma_R30_3: bool;
+  var R0_2: bv64;
+  var R16: bv64;
+  var R16_1: bv64;
+  var R17_1: bv64;
+  var R29_3: bv64;
+  var R30_3: bv64;
   $main$__0__$B56wTC6STE~1xacxBcjikg:
-    assume {:captureState "$main$__0__$B56wTC6STE~1xacxBcjikg"} true;
-    Cse0__5$0$0, Gamma_Cse0__5$0$0 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store64_le(stack, Cse0__5$0$0, R29), gamma_store64(Gamma_stack, Cse0__5$0$0, Gamma_R29);
-    assume {:captureState "1876$1"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(Cse0__5$0$0, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(Cse0__5$0$0, 8bv64), Gamma_R30);
-    assume {:captureState "1876$2"} true;
-    R31, Gamma_R31 := Cse0__5$0$0, Gamma_Cse0__5$0$0;
-    R29, Gamma_R29 := R31, Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1884$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R1), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R1);
-    assume {:captureState "1888$0"} true;
-    R30, Gamma_R30 := 1896bv64, true;
-    call FUN_610();
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551568bv64), R29_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64), Gamma_R29_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551576bv64), R30_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64), Gamma_R30_in);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551584bv64), R1_in), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551584bv64), Gamma_R1_in);
+    call R16_1, Gamma_R16_1, R17_1, Gamma_R17_1 := FUN_610(R16, Gamma_R16);
     goto $main$__1__$gXScKm7ETUm9MNcMqMU~Og;
   $main$__1__$gXScKm7ETUm9MNcMqMU~Og:
-    assume {:captureState "$main$__1__$gXScKm7ETUm9MNcMqMU~Og"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 44bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 44bv64), Gamma_R0);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 44bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 44bv64));
-    R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31);
-    R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    R29_3, Gamma_R29_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551568bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551568bv64));
+    R30_3, Gamma_R30_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551576bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551576bv64));
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R16_out, R17_out, R29_out, R30_out, R31_out := R0_2, R16_1, R17_1, R29_3, R30_3, R31_in;
+    Gamma_R0_out, Gamma_R16_out, Gamma_R17_out, Gamma_R29_out, Gamma_R30_out, Gamma_R31_out := Gamma_R0_2, Gamma_R16_1, Gamma_R17_1, Gamma_R29_3, Gamma_R30_3, Gamma_R31_in;
     return;
 }
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 1932bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1933bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1934bv64) == 2bv8);
diff --git a/src/test/correct/syscall/gcc_O2/syscall.expected b/src/test/correct/syscall/gcc_O2/syscall.expected
index fcb66403d..4c308f6a8 100644
--- a/src/test/correct/syscall/gcc_O2/syscall.expected
+++ b/src/test/correct/syscall/gcc_O2/syscall.expected
@@ -44,7 +44,7 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   modifies Gamma_R16, Gamma_R17, R16, R17;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
diff --git a/src/test/correct/syscall/gcc_O2/syscall_gtirb.expected b/src/test/correct/syscall/gcc_O2/syscall_gtirb.expected
index ef48faa8c..801dbd10a 100644
--- a/src/test/correct/syscall/gcc_O2/syscall_gtirb.expected
+++ b/src/test/correct/syscall/gcc_O2/syscall_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R16: bool;
-var {:extern} Gamma_R17: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R16: bv64;
-var {:extern} R17: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $_IO_stdin_used_addr: bv64;
 axiom ($_IO_stdin_used_addr == 1960bv64);
@@ -52,8 +48,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
@@ -73,16 +69,19 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1600bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R16_2: bool;
+  var Gamma_R17_2: bool;
+  var R16_2: bv64;
+  var R17_2: bv64;
   $main$__0__$LN79XLVpSMWduuQh58xTyg:
-    assume {:captureState "$main$__0__$LN79XLVpSMWduuQh58xTyg"} true;
-    call .L_610();
+    call R16_2, Gamma_R16_2, R17_2, Gamma_R17_2 := .L_610(R16_in, Gamma_R16_in);
     assume false;
 }
 
-procedure .L_610();
-  modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem;
+procedure .L_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1961bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1962bv64) == 2bv8);
@@ -100,19 +99,142 @@ procedure .L_610();
   free ensures (memory_load64_le(mem, 69616bv64) == 1600bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation .L_610()
+implementation .L_610(R16_in: bv64, Gamma_R16_in: bool) returns (R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool)
 {
+  var Gamma_R0: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R1: bool;
+  var Gamma_R10: bool;
+  var Gamma_R10_1: bool;
+  var Gamma_R11: bool;
+  var Gamma_R11_1: bool;
+  var Gamma_R12: bool;
+  var Gamma_R12_1: bool;
+  var Gamma_R13: bool;
+  var Gamma_R13_1: bool;
+  var Gamma_R14: bool;
+  var Gamma_R14_1: bool;
+  var Gamma_R15: bool;
+  var Gamma_R15_1: bool;
+  var Gamma_R16_4: bool;
+  var Gamma_R17_1: bool;
+  var Gamma_R17_2: bool;
+  var Gamma_R18: bool;
+  var Gamma_R18_1: bool;
+  var Gamma_R19: bool;
+  var Gamma_R19_1: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R2: bool;
+  var Gamma_R20: bool;
+  var Gamma_R20_1: bool;
+  var Gamma_R21: bool;
+  var Gamma_R21_1: bool;
+  var Gamma_R22: bool;
+  var Gamma_R22_1: bool;
+  var Gamma_R23: bool;
+  var Gamma_R23_1: bool;
+  var Gamma_R24: bool;
+  var Gamma_R24_1: bool;
+  var Gamma_R25: bool;
+  var Gamma_R25_1: bool;
+  var Gamma_R26: bool;
+  var Gamma_R26_1: bool;
+  var Gamma_R27: bool;
+  var Gamma_R27_1: bool;
+  var Gamma_R28: bool;
+  var Gamma_R28_1: bool;
+  var Gamma_R29: bool;
+  var Gamma_R29_1: bool;
+  var Gamma_R2_1: bool;
+  var Gamma_R3: bool;
+  var Gamma_R30: bool;
+  var Gamma_R30_1: bool;
+  var Gamma_R31: bool;
+  var Gamma_R31_1: bool;
+  var Gamma_R3_1: bool;
+  var Gamma_R4: bool;
+  var Gamma_R4_1: bool;
+  var Gamma_R5: bool;
+  var Gamma_R5_1: bool;
+  var Gamma_R6: bool;
+  var Gamma_R6_1: bool;
+  var Gamma_R7: bool;
+  var Gamma_R7_1: bool;
+  var Gamma_R8: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R9: bool;
+  var Gamma_R9_1: bool;
+  var R0: bv64;
+  var R0_1: bv64;
+  var R1: bv64;
+  var R10: bv64;
+  var R10_1: bv64;
+  var R11: bv64;
+  var R11_1: bv64;
+  var R12: bv64;
+  var R12_1: bv64;
+  var R13: bv64;
+  var R13_1: bv64;
+  var R14: bv64;
+  var R14_1: bv64;
+  var R15: bv64;
+  var R15_1: bv64;
+  var R16_4: bv64;
+  var R17_1: bv64;
+  var R17_2: bv64;
+  var R18: bv64;
+  var R18_1: bv64;
+  var R19: bv64;
+  var R19_1: bv64;
+  var R1_1: bv64;
+  var R2: bv64;
+  var R20: bv64;
+  var R20_1: bv64;
+  var R21: bv64;
+  var R21_1: bv64;
+  var R22: bv64;
+  var R22_1: bv64;
+  var R23: bv64;
+  var R23_1: bv64;
+  var R24: bv64;
+  var R24_1: bv64;
+  var R25: bv64;
+  var R25_1: bv64;
+  var R26: bv64;
+  var R26_1: bv64;
+  var R27: bv64;
+  var R27_1: bv64;
+  var R28: bv64;
+  var R28_1: bv64;
+  var R29: bv64;
+  var R29_1: bv64;
+  var R2_1: bv64;
+  var R3: bv64;
+  var R30: bv64;
+  var R30_1: bv64;
+  var R31: bv64;
+  var R31_1: bv64;
+  var R3_1: bv64;
+  var R4: bv64;
+  var R4_1: bv64;
+  var R5: bv64;
+  var R5_1: bv64;
+  var R6: bv64;
+  var R6_1: bv64;
+  var R7: bv64;
+  var R7_1: bv64;
+  var R8: bv64;
+  var R8_1: bv64;
+  var R9: bv64;
+  var R9_1: bv64;
   $.L_610$__0__$RiGyG5O~QPG2HCmgeNO63Q:
-    assume {:captureState "$.L_610$__0__$RiGyG5O~QPG2HCmgeNO63Q"} true;
-    R16, Gamma_R16 := 65536bv64, true;
     call rely();
-    R17, Gamma_R17 := memory_load64_le(mem, bvadd64(R16, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R16, 4024bv64)) || L(mem, bvadd64(R16, 4024bv64)));
-    R16, Gamma_R16 := bvadd64(R16, 4024bv64), Gamma_R16;
-    call fork();
+    R17_1, Gamma_R17_1 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
+    call R0_1, Gamma_R0_1, R10_1, Gamma_R10_1, R11_1, Gamma_R11_1, R12_1, Gamma_R12_1, R13_1, Gamma_R13_1, R14_1, Gamma_R14_1, R15_1, Gamma_R15_1, R16_4, Gamma_R16_4, R17_2, Gamma_R17_2, R18_1, Gamma_R18_1, R19_1, Gamma_R19_1, R1_1, Gamma_R1_1, R20_1, Gamma_R20_1, R21_1, Gamma_R21_1, R22_1, Gamma_R22_1, R23_1, Gamma_R23_1, R24_1, Gamma_R24_1, R25_1, Gamma_R25_1, R26_1, Gamma_R26_1, R27_1, Gamma_R27_1, R28_1, Gamma_R28_1, R29_1, Gamma_R29_1, R2_1, Gamma_R2_1, R30_1, Gamma_R30_1, R31_1, Gamma_R31_1, R3_1, Gamma_R3_1, R4_1, Gamma_R4_1, R5_1, Gamma_R5_1, R6_1, Gamma_R6_1, R7_1, Gamma_R7_1, R8_1, Gamma_R8_1, R9_1, Gamma_R9_1 := fork(R0, Gamma_R0, R10, Gamma_R10, R11, Gamma_R11, R12, Gamma_R12, R13, Gamma_R13, R14, Gamma_R14, R15, Gamma_R15, 69560bv64, true, R17_1, Gamma_R17_1, R18, Gamma_R18, R19, Gamma_R19, R1, Gamma_R1, R20, Gamma_R20, R21, Gamma_R21, R22, Gamma_R22, R23, Gamma_R23, R24, Gamma_R24, R25, Gamma_R25, R26, Gamma_R26, R27, Gamma_R27, R28, Gamma_R28, R29, Gamma_R29, R2, Gamma_R2, R30, Gamma_R30, R31, Gamma_R31, R3, Gamma_R3, R4, Gamma_R4, R5, Gamma_R5, R6, Gamma_R6, R7, Gamma_R7, R8, Gamma_R8, R9, Gamma_R9);
     assume false;
 }
 
-procedure fork();
+procedure fork(R0_in: bv64, Gamma_R0_in: bool, R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R12_in: bv64, Gamma_R12_in: bool, R13_in: bv64, Gamma_R13_in: bool, R14_in: bv64, Gamma_R14_in: bool, R15_in: bv64, Gamma_R15_in: bool, R16_in: bv64, Gamma_R16_in: bool, R17_in: bv64, Gamma_R17_in: bool, R18_in: bv64, Gamma_R18_in: bool, R19_in: bv64, Gamma_R19_in: bool, R1_in: bv64, Gamma_R1_in: bool, R20_in: bv64, Gamma_R20_in: bool, R21_in: bv64, Gamma_R21_in: bool, R22_in: bv64, Gamma_R22_in: bool, R23_in: bv64, Gamma_R23_in: bool, R24_in: bv64, Gamma_R24_in: bool, R25_in: bv64, Gamma_R25_in: bool, R26_in: bv64, Gamma_R26_in: bool, R27_in: bv64, Gamma_R27_in: bool, R28_in: bv64, Gamma_R28_in: bool, R29_in: bv64, Gamma_R29_in: bool, R2_in: bv64, Gamma_R2_in: bool, R30_in: bv64, Gamma_R30_in: bool, R31_in: bv64, Gamma_R31_in: bool, R3_in: bv64, Gamma_R3_in: bool, R4_in: bv64, Gamma_R4_in: bool, R5_in: bv64, Gamma_R5_in: bool, R6_in: bv64, Gamma_R6_in: bool, R7_in: bv64, Gamma_R7_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R12_out: bv64, Gamma_R12_out: bool, R13_out: bv64, Gamma_R13_out: bool, R14_out: bv64, Gamma_R14_out: bool, R15_out: bv64, Gamma_R15_out: bool, R16_out: bv64, Gamma_R16_out: bool, R17_out: bv64, Gamma_R17_out: bool, R18_out: bv64, Gamma_R18_out: bool, R19_out: bv64, Gamma_R19_out: bool, R1_out: bv64, Gamma_R1_out: bool, R20_out: bv64, Gamma_R20_out: bool, R21_out: bv64, Gamma_R21_out: bool, R22_out: bv64, Gamma_R22_out: bool, R23_out: bv64, Gamma_R23_out: bool, R24_out: bv64, Gamma_R24_out: bool, R25_out: bv64, Gamma_R25_out: bool, R26_out: bv64, Gamma_R26_out: bool, R27_out: bv64, Gamma_R27_out: bool, R28_out: bv64, Gamma_R28_out: bool, R29_out: bv64, Gamma_R29_out: bool, R2_out: bv64, Gamma_R2_out: bool, R30_out: bv64, Gamma_R30_out: bool, R31_out: bv64, Gamma_R31_out: bool, R3_out: bv64, Gamma_R3_out: bool, R4_out: bv64, Gamma_R4_out: bool, R5_out: bv64, Gamma_R5_out: bool, R6_out: bv64, Gamma_R6_out: bool, R7_out: bv64, Gamma_R7_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
   free requires (memory_load8_le(mem, 1960bv64) == 1bv8);
   free requires (memory_load8_le(mem, 1961bv64) == 0bv8);
   free requires (memory_load8_le(mem, 1962bv64) == 2bv8);
diff --git a/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional.expected b/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional.expected
index 5531435ab..053f9afb7 100644
--- a/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional.expected
+++ b/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,19 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -96,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -109,8 +100,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -120,75 +109,49 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f5"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l00000322, lmain_goto_l00000325;
-  l00000325:
-    assume {:captureState "l00000325"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000325:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l00000328;
-  l00000322:
-    assume {:captureState "l00000322"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000322:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l00000328;
   l00000328:
-    assume {:captureState "l00000328"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l00000328_goto_l00000330, l00000328_goto_l00000358;
-  l00000330:
-    assume {:captureState "l00000330"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%00000340"} true;
+  l00000328_goto_l00000358:
+    assume (!(R8_7[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_10, Gamma_R8_10 := R8_7, Gamma_R8_7;
     goto l00000343;
-  l00000358:
-    assume {:captureState "l00000358"} true;
-    goto l00000359;
-  l00000359:
-    assume {:captureState "l00000359"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000361"} true;
+  l00000328_goto_l00000330:
+    assume (R8_7[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_10, Gamma_R8_10 := 1bv64, true;
     goto l00000343;
   l00000343:
-    assume {:captureState "l00000343"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l00000322:
-    assume {:captureState "lmain_goto_l00000322"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000322;
-  lmain_goto_l00000325:
-    assume {:captureState "lmain_goto_l00000325"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000325;
-  l00000328_goto_l00000330:
-    assume {:captureState "l00000328_goto_l00000330"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l00000330;
-  l00000328_goto_l00000358:
-    assume {:captureState "l00000328_goto_l00000358"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000358;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_10;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_10;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional_gtirb.expected b/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional_gtirb.expected
index c1eb2bbc9..a07a216ba 100644
--- a/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional_gtirb.expected
+++ b/src/test/correct/using_gamma_conditional/clang/using_gamma_conditional_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,18 +10,26 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,10 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -94,8 +87,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -107,8 +100,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -118,67 +109,62 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$3$4: bv32;
-  var Gamma_Cse0__5$3$4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_10: bv64;
+  var R8_12: bv64;
+  var R8_2: bv32;
+  var R8_8: bv64;
   $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q:
-    assume {:captureState "$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$3$4, Gamma_Cse0__5$3$4 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$4, Cse0__5$3$4)), Gamma_Cse0__5$3$4;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$4), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$3$4);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$4, 0bv32), Gamma_Cse0__5$3$4;
-    NF, Gamma_NF := Cse0__5$3$4[32:31], Gamma_Cse0__5$3$4;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$4), Gamma_Cse0__5$3$4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0, $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1;
-  $main$__1__$xuuJL1lASei7mFxWPiiMDQ:
-    assume {:captureState "$main$__1__$xuuJL1lASei7mFxWPiiMDQ"} true;
-    goto $main$__2__$lw6YF3ynQySaNA9zxekV6Q;
-  $main$__2__$lw6YF3ynQySaNA9zxekV6Q:
-    assume {:captureState "$main$__2__$lw6YF3ynQySaNA9zxekV6Q"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1844$0"} true;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1:
+    assume (R8_2 == 0bv32);
+    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1_phi_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w, $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1_phi_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1_phi_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ:
+    R8_8, Gamma_R8_8 := 1bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1_phi_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w:
+    R8_10, Gamma_R8_10 := 1bv64, true;
+    assert Gamma_R8_10;
+    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0:
+    assume (!(R8_2 == 0bv32));
+    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ, $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w:
+    R8_10, Gamma_R8_10 := 0bv64, true;
+    assert Gamma_R8_10;
+    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w:
+    assume (R8_10[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_12, Gamma_R8_12 := 1bv64, true;
     goto $main$__4__$iCJDxo4mS1WWxijWWu0_Pg;
-  $main$__3__$jjgsO_vVSHaixByd_HFc4w:
-    assume {:captureState "$main$__3__$jjgsO_vVSHaixByd_HFc4w"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1856$0"} true;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0_phi_back_$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ:
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    assert Gamma_R8_8;
+    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ;
+  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ:
+    assume (!(R8_8[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_12, Gamma_R8_12 := R8_8, Gamma_R8_8;
     goto $main$__4__$iCJDxo4mS1WWxijWWu0_Pg;
   $main$__4__$iCJDxo4mS1WWxijWWu0_Pg:
-    assume {:captureState "$main$__4__$iCJDxo4mS1WWxijWWu0_Pg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w:
-    assume {:captureState "$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$jjgsO_vVSHaixByd_HFc4w;
-  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ:
-    assume {:captureState "$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$xuuJL1lASei7mFxWPiiMDQ;
-  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0:
-    assume {:captureState "$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w, $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ;
-  $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1:
-    assume {:captureState "$main$__0__$2UJDyJD_RrSHL2vo1BbK8Q$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__3__$jjgsO_vVSHaixByd_HFc4w, $main$__0__$2UJDyJD_RrSHL2vo1BbK8Q_goto_$main$__1__$xuuJL1lASei7mFxWPiiMDQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_12;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_12;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional.expected b/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional.expected
index 3df066045..5f01e4f89 100644
--- a/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional.expected
+++ b/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -20,13 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -43,8 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -84,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -106,43 +86,30 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var R0_4: bv64;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto lmain_goto_l000002e5, lmain_goto_l000002e8;
-  l000002e8:
-    assume {:captureState "l000002e8"} true;
-    R0, Gamma_R0 := 1bv64, true;
+  lmain_goto_l000002e8:
+    assume (R8_3[32:0] == 0bv32);
+    R0_4, Gamma_R0_4 := 1bv64, true;
     goto l000002eb;
-  l000002e5:
-    assume {:captureState "l000002e5"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002e5:
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto l000002eb;
   l000002eb:
-    assume {:captureState "l000002eb"} true;
     goto main_basil_return;
-  lmain_goto_l000002e5:
-    assume {:captureState "lmain_goto_l000002e5"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l000002e5;
-  lmain_goto_l000002e8:
-    assume {:captureState "lmain_goto_l000002e8"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l000002e8;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out := R0_4, R8_3;
+    Gamma_R0_out, Gamma_R8_out := Gamma_R0_4, Gamma_R8_3;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional_gtirb.expected b/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional_gtirb.expected
index 5480a19ca..27d068c09 100644
--- a/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional_gtirb.expected
+++ b/src/test/correct/using_gamma_conditional/clang_O2/using_gamma_conditional_gtirb.expected
@@ -1,16 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69684bv64);
@@ -20,12 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -42,7 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -82,8 +64,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, R8, VF, ZF, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -104,34 +86,28 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$0$2: bv32;
-  var Gamma_Cse0__5$0$2: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R8_3: bool;
+  var R0_4: bv64;
+  var R8_3: bv64;
   $main$__0__$Xci9C6~RSgeAKtB8I~m3wg:
-    assume {:captureState "$main$__0__$Xci9C6~RSgeAKtB8I~m3wg"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$0$2, Gamma_Cse0__5$0$2 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$0$2, Cse0__5$0$2)), Gamma_Cse0__5$0$2;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$0$2), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$0$2);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$0$2, 0bv32), Gamma_Cse0__5$0$2;
-    NF, Gamma_NF := Cse0__5$0$2[32:31], Gamma_Cse0__5$0$2;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_3;
     goto $main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__0, $main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__1;
-  $main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__0:
-    assume {:captureState "$main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__0"} true;
-    assume (!(ZF == 1bv1));
-    R0, Gamma_R0 := 0bv64, true;
-    goto main_basil_return;
   $main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__1:
-    assume {:captureState "$main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R0, Gamma_R0 := 1bv64, true;
+    assume (R8_3[32:0] == 0bv32);
+    R0_4, Gamma_R0_4 := 1bv64, true;
+    goto main_basil_return;
+  $main$__0__$Xci9C6~RSgeAKtB8I~m3wg$__0:
+    assume (!(R8_3[32:0] == 0bv32));
+    R0_4, Gamma_R0_4 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out := R0_4, R8_3;
+    Gamma_R0_out, Gamma_R8_out := Gamma_R0_4, Gamma_R8_3;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional.expected b/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional.expected
index ca1acc493..050ddb860 100644
--- a/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional.expected
+++ b/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,13 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -56,11 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -101,8 +92,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -115,8 +106,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -127,77 +116,53 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_8: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f9"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto lmain_goto_l0000032d, lmain_goto_l00000330;
-  l00000330:
-    assume {:captureState "l00000330"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000330:
+    assume (R8_3 == 0bv32);
+    R8_8, Gamma_R8_8 := 1bv64, true;
     goto l00000333;
-  l0000032d:
-    assume {:captureState "l0000032d"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l0000032d:
+    assume (!(R8_3 == 0bv32));
+    R8_8, Gamma_R8_8 := 0bv64, true;
     goto l00000333;
   l00000333:
-    assume {:captureState "l00000333"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_8;
     goto l00000333_goto_l0000033b, l00000333_goto_l00000363;
-  l0000033b:
-    assume {:captureState "l0000033b"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%0000034b"} true;
+  l00000333_goto_l00000363:
+    assume (!(R8_8[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_11, Gamma_R8_11 := R8_8, Gamma_R8_8;
     goto l0000034e;
-  l00000363:
-    assume {:captureState "l00000363"} true;
-    goto l00000364;
-  l00000364:
-    assume {:captureState "l00000364"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%0000036c"} true;
+  l00000333_goto_l0000033b:
+    assume (R8_8[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_11, Gamma_R8_11 := 1bv64, true;
     goto l0000034e;
   l0000034e:
-    assume {:captureState "l0000034e"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  lmain_goto_l0000032d:
-    assume {:captureState "lmain_goto_l0000032d"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l0000032d;
-  lmain_goto_l00000330:
-    assume {:captureState "lmain_goto_l00000330"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000330;
-  l00000333_goto_l0000033b:
-    assume {:captureState "l00000333_goto_l0000033b"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l0000033b;
-  l00000333_goto_l00000363:
-    assume {:captureState "l00000333_goto_l00000363"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000363;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_11;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_11;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional_gtirb.expected b/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional_gtirb.expected
index 988281be0..16b630f46 100644
--- a/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional_gtirb.expected
+++ b/src/test/correct/using_gamma_conditional/clang_pic/using_gamma_conditional_gtirb.expected
@@ -1,19 +1,5 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $x_addr: bv64;
@@ -24,12 +10,16 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -39,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -55,10 +49,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -99,8 +92,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, VF, ZF, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -113,8 +106,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69056bv64) == 1872bv64);
   free requires (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -125,69 +116,66 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$1$5: bv32;
-  var Gamma_Cse0__5$1$5: bool;
+  var Gamma_R0_1: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_9: bool;
+  var R0_1: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_9: bv64;
   $main$__0__$WvserH3~TZmxgcnn~OP60A:
-    assume {:captureState "$main$__0__$WvserH3~TZmxgcnn~OP60A"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1880$0"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$1$5, Gamma_Cse0__5$1$5 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$5, Cse0__5$1$5)), Gamma_Cse0__5$1$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$5), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$1$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$5, 0bv32), Gamma_Cse0__5$1$5;
-    NF, Gamma_NF := Cse0__5$1$5[32:31], Gamma_Cse0__5$1$5;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$1$5), Gamma_Cse0__5$1$5;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto $main$__0__$WvserH3~TZmxgcnn~OP60A$__0, $main$__0__$WvserH3~TZmxgcnn~OP60A$__1;
-  $main$__1__$G0q4wFaXSHCrjXIW8xOBDQ:
-    assume {:captureState "$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ"} true;
-    goto $main$__2__$z5KdSl61QzyIK9muKLFxgQ;
-  $main$__2__$z5KdSl61QzyIK9muKLFxgQ:
-    assume {:captureState "$main$__2__$z5KdSl61QzyIK9muKLFxgQ"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1912$0"} true;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A$__1:
+    assume (R8_3 == 0bv32);
+    goto $main$__0__$WvserH3~TZmxgcnn~OP60A$__1_phi_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw, $main$__0__$WvserH3~TZmxgcnn~OP60A$__1_phi_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A$__1_phi_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ:
+    R8_9, Gamma_R8_9 := 1bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A$__1_phi_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw:
+    R8_11, Gamma_R8_11 := 1bv64, true;
+    assert Gamma_R8_11;
+    goto $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A$__0:
+    assume (!(R8_3 == 0bv32));
+    goto $main$__0__$WvserH3~TZmxgcnn~OP60A$__0_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ, $main$__0__$WvserH3~TZmxgcnn~OP60A$__0_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A$__0_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw:
+    R8_11, Gamma_R8_11 := 0bv64, true;
+    assert Gamma_R8_11;
+    goto $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw:
+    assume (R8_11[1:0] == 1bv1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_13, Gamma_R8_13 := 1bv64, true;
     goto $main$__4__$5nmLw0UdTXyYfW~alw3bBw;
-  $main$__3__$GuPi8JNBSIam340giZcdIw:
-    assume {:captureState "$main$__3__$GuPi8JNBSIam340giZcdIw"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1924$0"} true;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A$__0_phi_back_$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ:
+    R8_9, Gamma_R8_9 := 0bv64, true;
+    assert Gamma_R8_9;
+    goto $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ;
+  $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ:
+    assume (!(R8_9[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R8_13, Gamma_R8_13 := R8_9, Gamma_R8_9;
     goto $main$__4__$5nmLw0UdTXyYfW~alw3bBw;
   $main$__4__$5nmLw0UdTXyYfW~alw3bBw:
-    assume {:captureState "$main$__4__$5nmLw0UdTXyYfW~alw3bBw"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_1, Gamma_R0_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     goto main_basil_return;
-  $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw:
-    assume {:captureState "$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$GuPi8JNBSIam340giZcdIw;
-  $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ:
-    assume {:captureState "$main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$G0q4wFaXSHCrjXIW8xOBDQ;
-  $main$__0__$WvserH3~TZmxgcnn~OP60A$__0:
-    assume {:captureState "$main$__0__$WvserH3~TZmxgcnn~OP60A$__0"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw, $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ;
-  $main$__0__$WvserH3~TZmxgcnn~OP60A$__1:
-    assume {:captureState "$main$__0__$WvserH3~TZmxgcnn~OP60A$__1"} true;
-    assume (!(!(ZF == 1bv1)));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__3__$GuPi8JNBSIam340giZcdIw, $main$__0__$WvserH3~TZmxgcnn~OP60A_goto_$main$__1__$G0q4wFaXSHCrjXIW8xOBDQ;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_1, R31_in, R8_13;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_1, Gamma_R31_in, Gamma_R8_13;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional.expected b/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional.expected
index ca310ac5a..47a26d845 100644
--- a/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional.expected
+++ b/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional.expected
@@ -1,14 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,13 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -41,9 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -82,8 +63,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -104,44 +85,30 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_8: bool;
+  var R0_4: bv32;
+  var R0_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_4;
     goto lmain_goto_l000002fa, lmain_goto_l00000309;
-  l000002fa:
-    assume {:captureState "l000002fa"} true;
-    R0, Gamma_R0 := 1bv64, true;
+  lmain_goto_l00000309:
+    assume (!(R0_4 == 0bv32));
+    R0_8, Gamma_R0_8 := 0bv64, true;
     goto l00000304;
-  l00000309:
-    assume {:captureState "l00000309"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002fa:
+    assume (R0_4 == 0bv32);
+    R0_8, Gamma_R0_8 := 1bv64, true;
     goto l00000304;
   l00000304:
-    assume {:captureState "l00000304"} true;
     goto main_basil_return;
-  lmain_goto_l000002fa:
-    assume {:captureState "lmain_goto_l000002fa"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000002fa;
-  lmain_goto_l00000309:
-    assume {:captureState "lmain_goto_l00000309"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000309;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_8;
+    Gamma_R0_out := Gamma_R0_8;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional_gtirb.expected b/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional_gtirb.expected
index 65aa5243e..9ac9aa57a 100644
--- a/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional_gtirb.expected
+++ b/src/test/correct/using_gamma_conditional/gcc/using_gamma_conditional_gtirb.expected
@@ -1,14 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,12 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -40,8 +25,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -80,8 +63,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -102,44 +85,30 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
-  var Cse0__5$3$3: bv32;
-  var Gamma_Cse0__5$3$3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_8: bool;
+  var R0_4: bv32;
+  var R0_8: bv64;
   $main$__0__$0Z93XS38RGCWcCuYAn4Wlg:
-    assume {:captureState "$main$__0__$0Z93XS38RGCWcCuYAn4Wlg"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$3$3, Gamma_Cse0__5$3$3 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$3, Cse0__5$3$3)), Gamma_Cse0__5$3$3;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$3), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$3$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$3, 0bv32), Gamma_Cse0__5$3$3;
-    NF, Gamma_NF := Cse0__5$3$3[32:31], Gamma_Cse0__5$3$3;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_4;
     goto $main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA, $main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__1__$Nfpd5K~xSA6Q~xrcC34K8w;
-  $main$__1__$Nfpd5K~xSA6Q~xrcC34K8w:
-    assume {:captureState "$main$__1__$Nfpd5K~xSA6Q~xrcC34K8w"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  $main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__1__$Nfpd5K~xSA6Q~xrcC34K8w:
+    assume (!(R0_4 == 0bv32));
+    R0_8, Gamma_R0_8 := 0bv64, true;
     goto $main$__3__$R27N5eQARYq8nJdevhUAeQ;
-  $main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA:
-    assume {:captureState "$main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA"} true;
-    R0, Gamma_R0 := 1bv64, true;
+  $main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA:
+    assume (R0_4 == 0bv32);
+    R0_8, Gamma_R0_8 := 1bv64, true;
     goto $main$__3__$R27N5eQARYq8nJdevhUAeQ;
   $main$__3__$R27N5eQARYq8nJdevhUAeQ:
-    assume {:captureState "$main$__3__$R27N5eQARYq8nJdevhUAeQ"} true;
     goto main_basil_return;
-  $main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA:
-    assume {:captureState "$main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA"} true;
-    assume (ZF == 1bv1);
-    goto $main$__2__$dFUCtpaoQFSZ3wSzJ5ELFA;
-  $main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__1__$Nfpd5K~xSA6Q~xrcC34K8w:
-    assume {:captureState "$main$__0__$0Z93XS38RGCWcCuYAn4Wlg_goto_$main$__1__$Nfpd5K~xSA6Q~xrcC34K8w"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$Nfpd5K~xSA6Q~xrcC34K8w;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_8;
+    Gamma_R0_out := Gamma_R0_8;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional.expected b/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional.expected
index c8746d547..17e4f4d50 100644
--- a/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional.expected
+++ b/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional.expected
@@ -1,14 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,13 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -45,9 +29,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -87,8 +68,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -111,45 +92,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_8: bool;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_8: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    assert Gamma_R0_4;
     goto lmain_goto_l000002fb, lmain_goto_l0000030a;
-  l000002fb:
-    assume {:captureState "l000002fb"} true;
-    R0, Gamma_R0 := 1bv64, true;
+  lmain_goto_l0000030a:
+    assume (!(R0_4 == 0bv32));
+    R0_8, Gamma_R0_8 := 0bv64, true;
     goto l00000305;
-  l0000030a:
-    assume {:captureState "l0000030a"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  lmain_goto_l000002fb:
+    assume (R0_4 == 0bv32);
+    R0_8, Gamma_R0_8 := 1bv64, true;
     goto l00000305;
   l00000305:
-    assume {:captureState "l00000305"} true;
     goto main_basil_return;
-  lmain_goto_l000002fb:
-    assume {:captureState "lmain_goto_l000002fb"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000002fb;
-  lmain_goto_l0000030a:
-    assume {:captureState "lmain_goto_l0000030a"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000030a;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_8;
+    Gamma_R0_out := Gamma_R0_8;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional_gtirb.expected b/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional_gtirb.expected
index 3fc47285f..2f615d045 100644
--- a/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional_gtirb.expected
+++ b/src/test/correct/using_gamma_conditional/gcc_pic/using_gamma_conditional_gtirb.expected
@@ -1,14 +1,4 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -18,12 +8,7 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   (if (index == $z_addr) then true else (if (index == $x_addr) then (memory_load32_le(memory, $z_addr) == 0bv32) else false))
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -44,8 +29,6 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
   memory[index]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (forall i: bv64 :: (((mem[i] == old(mem[i])) ==> (Gamma_mem[i] == old(Gamma_mem[i])))));
@@ -85,8 +68,8 @@ implementation {:extern} guarantee_reflexive()
   assert ((memory_load32_le(mem, $x_addr) == memory_load32_le(mem, $x_addr)) && (memory_load32_le(mem, $z_addr) == memory_load32_le(mem, $z_addr)));
 }
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_VF, Gamma_ZF, Gamma_mem, NF, R0, VF, ZF, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool);
+  modifies Gamma_mem, mem;
   requires (gamma_load32(Gamma_mem, $x_addr) == true);
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -109,45 +92,34 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool)
 {
-  var Cse0__5$3$3: bv32;
-  var Gamma_Cse0__5$3$3: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_4: bool;
+  var Gamma_R0_8: bool;
+  var R0_3: bv64;
+  var R0_4: bv32;
+  var R0_8: bv64;
   $main$__0__$0opbVr6FSKqk~SauZFq~bg:
-    assume {:captureState "$main$__0__$0opbVr6FSKqk~SauZFq~bg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$3$3, Gamma_Cse0__5$3$3 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$3$3, Cse0__5$3$3)), Gamma_Cse0__5$3$3;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$3), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$3$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$3, 0bv32), Gamma_Cse0__5$3$3;
-    NF, Gamma_NF := Cse0__5$3$3[32:31], Gamma_Cse0__5$3$3;
-    assert Gamma_ZF;
+    R0_4, Gamma_R0_4 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    assert Gamma_R0_4;
     goto $main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__2__$PU15ptK8QmqsodwKTutr4A, $main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__1__$MkdgQZmORkuq9AzG1tEbvg;
-  $main$__1__$MkdgQZmORkuq9AzG1tEbvg:
-    assume {:captureState "$main$__1__$MkdgQZmORkuq9AzG1tEbvg"} true;
-    R0, Gamma_R0 := 0bv64, true;
+  $main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__1__$MkdgQZmORkuq9AzG1tEbvg:
+    assume (!(R0_4 == 0bv32));
+    R0_8, Gamma_R0_8 := 0bv64, true;
     goto $main$__3__$rmk1cd0ERD~sxbsj_Z3~5Q;
-  $main$__2__$PU15ptK8QmqsodwKTutr4A:
-    assume {:captureState "$main$__2__$PU15ptK8QmqsodwKTutr4A"} true;
-    R0, Gamma_R0 := 1bv64, true;
+  $main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__2__$PU15ptK8QmqsodwKTutr4A:
+    assume (R0_4 == 0bv32);
+    R0_8, Gamma_R0_8 := 1bv64, true;
     goto $main$__3__$rmk1cd0ERD~sxbsj_Z3~5Q;
   $main$__3__$rmk1cd0ERD~sxbsj_Z3~5Q:
-    assume {:captureState "$main$__3__$rmk1cd0ERD~sxbsj_Z3~5Q"} true;
     goto main_basil_return;
-  $main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__2__$PU15ptK8QmqsodwKTutr4A:
-    assume {:captureState "$main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__2__$PU15ptK8QmqsodwKTutr4A"} true;
-    assume (ZF == 1bv1);
-    goto $main$__2__$PU15ptK8QmqsodwKTutr4A;
-  $main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__1__$MkdgQZmORkuq9AzG1tEbvg:
-    assume {:captureState "$main$__0__$0opbVr6FSKqk~SauZFq~bg_goto_$main$__1__$MkdgQZmORkuq9AzG1tEbvg"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__1__$MkdgQZmORkuq9AzG1tEbvg;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out := R0_8;
+    Gamma_R0_out := Gamma_R0_8;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z.expected b/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z.expected
index 880ccabaf..737601deb 100644
--- a/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z.expected
+++ b/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -99,24 +106,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var Gamma_x_old: bool;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "%000002ce"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z_gtirb.expected b/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z_gtirb.expected
index 91ed7e5d7..c52bcbabd 100644
--- a/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z_gtirb.expected
+++ b/src/test/correct/using_gamma_write_z/clang/using_gamma_write_z_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -99,24 +106,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
   var Gamma_x_old: bool;
   $main$__0__$ap7BIakXQIKH6aKZFtlpAw:
-    assume {:captureState "$main$__0__$ap7BIakXQIKH6aKZFtlpAw"} true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R8, Gamma_R8 := 1bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R9, 52bv64)) ==> Gamma_R8);
+    assert (L(mem, 69684bv64) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, 1bv32), gamma_store32(Gamma_mem, 69684bv64, true);
+    assert ((69684bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "1820$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z.expected b/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z.expected
index 8787d7ffc..6d695e426 100644
--- a/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z.expected
+++ b/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -82,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -106,26 +113,24 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
   var Gamma_x_old: bool;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z_gtirb.expected b/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z_gtirb.expected
index 797dd348e..2266a9a80 100644
--- a/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z_gtirb.expected
+++ b/src/test/correct/using_gamma_write_z/clang_pic/using_gamma_write_z_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69688bv64);
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -82,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
@@ -106,26 +113,24 @@ procedure main();
   free ensures (memory_load64_le(mem, 69064bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R9_3: bool;
   var Gamma_x_old: bool;
+  var R9_3: bv64;
   $main$__0__$biI7cD_YRjyqxfg99RZiSw:
-    assume {:captureState "$main$__0__$biI7cD_YRjyqxfg99RZiSw"} true;
-    R9, Gamma_R9 := 65536bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4040bv64)) || L(mem, bvadd64(R9, 4040bv64)));
-    R8, Gamma_R8 := 1bv64, true;
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
+    assert (L(mem, R9_3) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assert ((R9 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, 1bv32), gamma_store32(Gamma_mem, R9_3, true);
+    assert ((R9_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, 1bv64, R9_3;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z.expected b/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z.expected
index 7ce4c193c..2b306dcd7 100644
--- a/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z.expected
+++ b/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -75,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -97,25 +106,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var Gamma_x_old: bool;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "%000002d8"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z_gtirb.expected b/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z_gtirb.expected
index e3fef2e26..3874f3820 100644
--- a/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z_gtirb.expected
+++ b/src/test/correct/using_gamma_write_z/gcc/using_gamma_write_z_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -75,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -97,25 +106,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
   var Gamma_x_old: bool;
   $main$__0__$nQskxO9URuKUrmpkeGLfhQ:
-    assume {:captureState "$main$__0__$nQskxO9URuKUrmpkeGLfhQ"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := 1bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, 69656bv64) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, 1bv32), gamma_store32(Gamma_mem, 69656bv64, true);
+    assert ((69656bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z.expected b/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z.expected
index a5be3e625..0ebb4b62d 100644
--- a/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z.expected
+++ b/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -99,24 +106,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var Gamma_x_old: bool;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
-    assert ((bvadd64(R1, 20bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "%000001bd"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z_gtirb.expected b/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z_gtirb.expected
index 6ae6f75eb..63d4ae83f 100644
--- a/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z_gtirb.expected
+++ b/src/test/correct/using_gamma_write_z/gcc_O2/using_gamma_write_z_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69656bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -77,8 +84,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -99,24 +106,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
   var Gamma_x_old: bool;
   $main$__0__$5Y8e~5V6Ssy1xVGyOZzCzw:
-    assume {:captureState "$main$__0__$5Y8e~5V6Ssy1xVGyOZzCzw"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := 1bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
+    assert (L(mem, 69652bv64) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
-    assert ((bvadd64(R1, 20bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 1bv32), gamma_store32(Gamma_mem, 69652bv64, true);
+    assert ((69652bv64 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "1548$0"} true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z.expected b/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z.expected
index addc3d272..758399338 100644
--- a/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z.expected
+++ b/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -22,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -80,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -104,26 +113,24 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
   var Gamma_x_old: bool;
+  var R0_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "%000002d9"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z_gtirb.expected b/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z_gtirb.expected
index fda018aa5..4fdbb1e25 100644
--- a/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z_gtirb.expected
+++ b/src/test/correct/using_gamma_write_z/gcc_pic/using_gamma_write_z_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $x_addr: bv64;
 axiom ($x_addr == 69652bv64);
@@ -13,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -22,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -80,8 +89,8 @@ implementation {:extern} guarantee_reflexive()
   assert (gamma_load32(Gamma_mem, $x_addr) ==> gamma_load32(Gamma_mem, $x_addr));
 }
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   requires ((memory_load32_le(mem, $z_addr) == 0bv32) ==> gamma_load32(Gamma_mem, $x_addr));
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
@@ -104,26 +113,24 @@ procedure main();
   free ensures (memory_load64_le(mem, 69600bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69008bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_3: bool;
   var Gamma_x_old: bool;
+  var R0_3: bv64;
   $main$__0__$wzE5390IST~kmbO~2Ze3Kw:
-    assume {:captureState "$main$__0__$wzE5390IST~kmbO~2Ze3Kw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := 1bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
+    assert (L(mem, R0_3) ==> true);
     Gamma_x_old := (gamma_load32(Gamma_mem, $x_addr) || L(mem, $x_addr));
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, 1bv32), gamma_store32(Gamma_mem, R0_3, true);
+    assert ((R0_3 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert (Gamma_x_old ==> gamma_load32(Gamma_mem, $x_addr));
-    assume {:captureState "1888$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, 1bv64;
+    Gamma_R0_out, Gamma_R1_out := true, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/clang/basicassign.expected b/src/test/incorrect/basicassign/clang/basicassign.expected
index 60367a8c0..9ec8af73d 100644
--- a/src/test/incorrect/basicassign/clang/basicassign.expected
+++ b/src/test/incorrect/basicassign/clang/basicassign.expected
@@ -1,14 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -79,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R11, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -100,45 +103,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_3: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
+  var R10_3: bv64;
+  var R11_2: bv64;
+  var R8_3: bv64;
+  var R9_2: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R10, Gamma_R10 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R10, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R10, 52bv64)) || L(mem, bvadd64(R10, 52bv64)));
-    R8, Gamma_R8 := 69632bv64, true;
+    R9_2, Gamma_R9_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R9);
-    assume {:captureState "%000002f9"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69688bv64) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R9_2), gamma_store32(Gamma_mem, 69688bv64, Gamma_R9_2);
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
-    assume {:captureState "%00000305"} true;
+    assert (L(mem, 69688bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     call rely();
-    R11, Gamma_R11 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    R9, Gamma_R9 := 69632bv64, true;
+    R11_2, Gamma_R11_2 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 60bv64)) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 60bv64), R11[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 60bv64), Gamma_R11);
-    assume {:captureState "%00000319"} true;
+    assert (L(mem, 69692bv64) ==> Gamma_R11_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R11_2[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R11_2);
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, bvadd64(R10, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R10, 52bv64)) || L(mem, bvadd64(R10, 52bv64)));
+    R10_3, Gamma_R10_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R10);
-    assume {:captureState "%00000328"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R10_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_3);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 60bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 60bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 60bv64), Gamma_R8);
-    assume {:captureState "%00000337"} true;
+    assert (L(mem, 69692bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R8_out, R9_out := 0bv64, R10_3, R11_2, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_3, Gamma_R11_2, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/clang/basicassign_gtirb.expected b/src/test/incorrect/basicassign/clang/basicassign_gtirb.expected
index 7338ab0ff..760d55f22 100644
--- a/src/test/incorrect/basicassign/clang/basicassign_gtirb.expected
+++ b/src/test/incorrect/basicassign/clang/basicassign_gtirb.expected
@@ -1,14 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -79,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R11, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1888bv64) == 1bv8);
@@ -100,45 +103,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_3: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_2: bool;
+  var R10_3: bv64;
+  var R11_2: bv64;
+  var R8_3: bv64;
+  var R9_2: bv64;
   $main$__0__$5TUZGs9lQbqOTt1I7Z4dfw:
-    assume {:captureState "$main$__0__$5TUZGs9lQbqOTt1I7Z4dfw"} true;
-    R10, Gamma_R10 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R10, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R10, 52bv64)) || L(mem, bvadd64(R10, 52bv64)));
-    R8, Gamma_R8 := 69632bv64, true;
+    R9_2, Gamma_R9_2 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R9);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69688bv64) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R9_2[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R9_2);
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), 0bv32), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), true);
-    assume {:captureState "1832$0"} true;
+    assert (L(mem, 69688bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, 0bv32), gamma_store32(Gamma_mem, 69688bv64, true);
     call rely();
-    R11, Gamma_R11 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    R9, Gamma_R9 := 69632bv64, true;
+    R11_2, Gamma_R11_2 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 60bv64)) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 60bv64), R11[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 60bv64), Gamma_R11);
-    assume {:captureState "1844$0"} true;
+    assert (L(mem, 69692bv64) ==> Gamma_R11_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R11_2[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R11_2);
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, bvadd64(R10, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R10, 52bv64)) || L(mem, bvadd64(R10, 52bv64)));
+    R10_3, Gamma_R10_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 56bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 56bv64), Gamma_R10);
-    assume {:captureState "1852$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R10_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_3);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 60bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 60bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 60bv64), Gamma_R8);
-    assume {:captureState "1860$0"} true;
+    assert (L(mem, 69692bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R8_out, R9_out := 0bv64, R10_3, R11_2, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_3, Gamma_R11_2, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/clang_O2/basicassign.expected b/src/test/incorrect/basicassign/clang_O2/basicassign.expected
index 3de01bcab..80b3708bc 100644
--- a/src/test/incorrect/basicassign/clang_O2/basicassign.expected
+++ b/src/test/incorrect/basicassign/clang_O2/basicassign.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -19,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1864bv64) == 1bv8);
@@ -98,27 +103,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R10, Gamma_R10 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%000002eb"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     call rely();
-    assert (L(mem, bvadd64(R10, 60bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 60bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 60bv64), Gamma_R8);
-    assume {:captureState "%000002f3"} true;
+    assert (L(mem, 69692bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, 69632bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/clang_O2/basicassign_gtirb.expected b/src/test/incorrect/basicassign/clang_O2/basicassign_gtirb.expected
index ecdc0fe3d..bf69fc090 100644
--- a/src/test/incorrect/basicassign/clang_O2/basicassign_gtirb.expected
+++ b/src/test/incorrect/basicassign/clang_O2/basicassign_gtirb.expected
@@ -1,12 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -19,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -77,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1864bv64) == 1bv8);
@@ -98,27 +103,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   $main$__0__$u9YlOfvWQuymdyQoiJ6f2w:
-    assume {:captureState "$main$__0__$u9YlOfvWQuymdyQoiJ6f2w"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R10, Gamma_R10 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1832$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     call rely();
-    assert (L(mem, bvadd64(R10, 60bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R10, 60bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R10, 60bv64), Gamma_R8);
-    assume {:captureState "1836$0"} true;
+    assert (L(mem, 69692bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69692bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69692bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R8_out, R9_out := 0bv64, 69632bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R8_out, Gamma_R9_out := true, true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/clang_pic/basicassign.expected b/src/test/incorrect/basicassign/clang_pic/basicassign.expected
index 2482ec834..64fc2fbbe 100644
--- a/src/test/incorrect/basicassign/clang_pic/basicassign.expected
+++ b/src/test/incorrect/basicassign/clang_pic/basicassign.expected
@@ -1,14 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -21,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -86,8 +89,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R11, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -113,51 +116,56 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69560bv64) == 69692bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_4: bool;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R11_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_2: bv32;
+  var R9_4: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R10, Gamma_R10 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R10, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R10, 4048bv64)) || L(mem, bvadd64(R10, 4048bv64)));
+    R10_3, Gamma_R10_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
+    R9_2, Gamma_R9_2 := memory_load32_le(mem, R10_3), (gamma_load32(Gamma_mem, R10_3) || L(mem, R10_3));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assume {:captureState "%00000313"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R8_3) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R9_2), gamma_store32(Gamma_mem, R8_3, Gamma_R9_2);
     call rely();
-    assert (L(mem, R8) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assume {:captureState "%0000031f"} true;
+    assert (L(mem, R8_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, 0bv32), gamma_store32(Gamma_mem, R8_3, true);
     call rely();
-    R11, Gamma_R11 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R9, Gamma_R9 := 65536bv64, true;
+    R11_2, Gamma_R11_2 := zero_extend32_32(memory_load32_le(mem, R8_3)), (gamma_load32(Gamma_mem, R8_3) || L(mem, R8_3));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4024bv64)) || L(mem, bvadd64(R9, 4024bv64)));
+    R9_4, Gamma_R9_4 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R11[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R11);
-    assume {:captureState "%0000033a"} true;
+    assert (L(mem, R9_4) ==> Gamma_R11_2);
+    mem, Gamma_mem := memory_store32_le(mem, R9_4, R11_2[32:0]), gamma_store32(Gamma_mem, R9_4, Gamma_R11_2);
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
+    R10_4, Gamma_R10_4 := zero_extend32_32(memory_load32_le(mem, R10_3)), (gamma_load32(Gamma_mem, R10_3) || L(mem, R10_3));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R10[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R10);
-    assume {:captureState "%00000349"} true;
+    assert (L(mem, R8_3) ==> Gamma_R10_4);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R10_4[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R10_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
+    R8_4, Gamma_R8_4 := zero_extend32_32(memory_load32_le(mem, R8_3)), (gamma_load32(Gamma_mem, R8_3) || L(mem, R8_3));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000358"} true;
+    assert (L(mem, R9_4) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, R9_4, R8_4[32:0]), gamma_store32(Gamma_mem, R9_4, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R8_out, R9_out := 0bv64, R10_4, R11_2, R8_4, R9_4;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_4, Gamma_R11_2, Gamma_R8_4, Gamma_R9_4;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/clang_pic/basicassign_gtirb.expected b/src/test/incorrect/basicassign/clang_pic/basicassign_gtirb.expected
index 5584a3882..592b892b6 100644
--- a/src/test/incorrect/basicassign/clang_pic/basicassign_gtirb.expected
+++ b/src/test/incorrect/basicassign/clang_pic/basicassign_gtirb.expected
@@ -1,14 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R11: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R11: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -21,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -30,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -46,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -86,8 +89,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R11, Gamma_R8, Gamma_R9, Gamma_mem, R0, R10, R11, R8, R9, mem;
+procedure main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -113,51 +116,56 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69560bv64) == 69692bv64);
 
-implementation main()
+implementation main(R10_in: bv64, Gamma_R10_in: bool, R11_in: bv64, Gamma_R11_in: bool, R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R11_out: bv64, Gamma_R11_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_3: bool;
+  var Gamma_R10_4: bool;
+  var Gamma_R11_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_2: bool;
+  var Gamma_R9_4: bool;
+  var R10_3: bv64;
+  var R10_4: bv64;
+  var R11_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_2: bv64;
+  var R9_4: bv64;
   $main$__0__$fMW2XwMARUyjjFoB482nbQ:
-    assume {:captureState "$main$__0__$fMW2XwMARUyjjFoB482nbQ"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
-    R10, Gamma_R10 := 65536bv64, true;
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R10, Gamma_R10 := memory_load64_le(mem, bvadd64(R10, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R10, 4048bv64)) || L(mem, bvadd64(R10, 4048bv64)));
+    R10_3, Gamma_R10_3 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
+    R9_2, Gamma_R9_2 := zero_extend32_32(memory_load32_le(mem, R10_3)), (gamma_load32(Gamma_mem, R10_3) || L(mem, R10_3));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R8_3) ==> Gamma_R9_2);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R9_2[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R9_2);
     call rely();
-    assert (L(mem, R8) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R8, 0bv32), gamma_store32(Gamma_mem, R8, true);
-    assume {:captureState "1904$0"} true;
+    assert (L(mem, R8_3) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, 0bv32), gamma_store32(Gamma_mem, R8_3, true);
     call rely();
-    R11, Gamma_R11 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R9, Gamma_R9 := 65536bv64, true;
+    R11_2, Gamma_R11_2 := zero_extend32_32(memory_load32_le(mem, R8_3)), (gamma_load32(Gamma_mem, R8_3) || L(mem, R8_3));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4024bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4024bv64)) || L(mem, bvadd64(R9, 4024bv64)));
+    R9_4, Gamma_R9_4 := memory_load64_le(mem, 69560bv64), (gamma_load64(Gamma_mem, 69560bv64) || L(mem, 69560bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R11);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R11[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R11);
-    assume {:captureState "1920$0"} true;
+    assert (L(mem, R9_4) ==> Gamma_R11_2);
+    mem, Gamma_mem := memory_store32_le(mem, R9_4, R11_2[32:0]), gamma_store32(Gamma_mem, R9_4, Gamma_R11_2);
     call rely();
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(mem, R10)), (gamma_load32(Gamma_mem, R10) || L(mem, R10));
+    R10_4, Gamma_R10_4 := zero_extend32_32(memory_load32_le(mem, R10_3)), (gamma_load32(Gamma_mem, R10_3) || L(mem, R10_3));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R10[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R10);
-    assume {:captureState "1928$0"} true;
+    assert (L(mem, R8_3) ==> Gamma_R10_4);
+    mem, Gamma_mem := memory_store32_le(mem, R8_3, R10_4[32:0]), gamma_store32(Gamma_mem, R8_3, Gamma_R10_4);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
+    R8_4, Gamma_R8_4 := zero_extend32_32(memory_load32_le(mem, R8_3)), (gamma_load32(Gamma_mem, R8_3) || L(mem, R8_3));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1936$0"} true;
+    assert (L(mem, R9_4) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, R9_4, R8_4[32:0]), gamma_store32(Gamma_mem, R9_4, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R11_out, R8_out, R9_out := 0bv64, R10_4, R11_2, R8_4, R9_4;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R11_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_4, Gamma_R11_2, Gamma_R8_4, Gamma_R9_4;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/gcc/basicassign.expected b/src/test/incorrect/basicassign/gcc/basicassign.expected
index 404564f37..8ed7c0fd0 100644
--- a/src/test/incorrect/basicassign/gcc/basicassign.expected
+++ b/src/test/incorrect/basicassign/gcc/basicassign.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -15,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1948bv64) == 1bv8);
@@ -94,60 +103,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv32;
+  var R1_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 28bv64), Gamma_R0;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_2, Gamma_R1_2 := memory_load32_le(mem, 69660bv64), (gamma_load32(Gamma_mem, 69660bv64) || L(mem, 69660bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000341"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assume {:captureState "%00000353"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, 0bv32), gamma_store32(Gamma_mem, 69652bv64, true);
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_3, Gamma_R1_3 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000378"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 28bv64), Gamma_R0;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_3), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_3);
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_4, Gamma_R1_4 := memory_load32_le(mem, 69660bv64), (gamma_load32(Gamma_mem, 69660bv64) || L(mem, 69660bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000039d"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_4), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_4);
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003c2"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R1_5[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/gcc/basicassign_gtirb.expected b/src/test/incorrect/basicassign/gcc/basicassign_gtirb.expected
index 095bf3adc..5f9770acf 100644
--- a/src/test/incorrect/basicassign/gcc/basicassign_gtirb.expected
+++ b/src/test/incorrect/basicassign/gcc/basicassign_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -15,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1948bv64) == 1bv8);
@@ -94,60 +103,71 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_11: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_11: bv64;
+  var R0_13: bv64;
+  var R0_15: bv64;
+  var R0_17: bv64;
+  var R0_19: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_4: bv64;
+  var R1_5: bv64;
   $main$__0__$BKOmkvhNSN~7Fh58nX3c2Q:
-    assume {:captureState "$main$__0__$BKOmkvhNSN~7Fh58nX3c2Q"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 28bv64), Gamma_R0;
+    R0_3, Gamma_R0_3 := 69660bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, R0_3)), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
+    R0_5, Gamma_R0_5 := 69652bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
+    R0_7, Gamma_R0_7 := 69652bv64, true;
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assume {:captureState "1844$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, R0_7) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
+    R0_9, Gamma_R0_9 := 69652bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(mem, R0_9)), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
+    R0_11, Gamma_R0_11 := 69656bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1868$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 28bv64), Gamma_R0;
+    assert (L(mem, R0_11) ==> Gamma_R1_3);
+    mem, Gamma_mem := memory_store32_le(mem, R0_11, R1_3[32:0]), gamma_store32(Gamma_mem, R0_11, Gamma_R1_3);
+    R0_13, Gamma_R0_13 := 69660bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R1_4, Gamma_R1_4 := zero_extend32_32(memory_load32_le(mem, R0_13)), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
+    R0_15, Gamma_R0_15 := 69652bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, R0_15) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, R0_15, R1_4[32:0]), gamma_store32(Gamma_mem, R0_15, Gamma_R1_4);
+    R0_17, Gamma_R0_17 := 69652bv64, true;
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(mem, R0_17)), (gamma_load32(Gamma_mem, R0_17) || L(mem, R0_17));
+    R0_19, Gamma_R0_19 := 69656bv64, true;
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1916$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_19) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store32_le(mem, R0_19, R1_5[32:0]), gamma_store32(Gamma_mem, R0_19, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/gcc_O2/basicassign.expected b/src/test/incorrect/basicassign/gcc_O2/basicassign.expected
index 49c578a07..54eedf6a0 100644
--- a/src/test/incorrect/basicassign/gcc_O2/basicassign.expected
+++ b/src/test/incorrect/basicassign/gcc_O2/basicassign.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69652bv64);
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -75,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -96,29 +103,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
-  var #1: bv64;
-  var Gamma_#1: bool;
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R2, Gamma_R2 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R2, 20bv64), Gamma_R2;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 20bv64)) || L(mem, bvadd64(R2, 20bv64)));
-    #1, Gamma_#1 := bvadd64(R1, 4bv64), Gamma_R1;
+    R2_3, Gamma_R2_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
     call rely();
-    assert (L(mem, #1) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, #1, R2[32:0]), gamma_store32(Gamma_mem, #1, Gamma_R2);
-    assume {:captureState "%000001c9"} true;
+    assert (L(mem, 69656bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69656bv64, R2_3[32:0]), gamma_store32(Gamma_mem, 69656bv64, Gamma_R2_3);
     call rely();
-    assert (L(mem, bvadd64(#1, 4bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(#1, 4bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(#1, 4bv64), Gamma_R2);
-    assume {:captureState "%000001cf"} true;
+    assert (L(mem, 69660bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69660bv64, R2_3[32:0]), gamma_store32(Gamma_mem, 69660bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69652bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/gcc_O2/basicassign_gtirb.expected b/src/test/incorrect/basicassign/gcc_O2/basicassign_gtirb.expected
index 9669ae7ca..1a2a419af 100644
--- a/src/test/incorrect/basicassign/gcc_O2/basicassign_gtirb.expected
+++ b/src/test/incorrect/basicassign/gcc_O2/basicassign_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69652bv64);
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -38,7 +45,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -75,8 +82,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -96,29 +103,26 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
-  var Cse0__5$1$4: bv64;
-  var Gamma_Cse0__5$1$4: bool;
+  var Cse0__5$1$4_1: bv64;
+  var Gamma_Cse0__5$1$4_1: bool;
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   $main$__0__$10UzS393SWKTYt~mTNe_uw:
-    assume {:captureState "$main$__0__$10UzS393SWKTYt~mTNe_uw"} true;
-    R2, Gamma_R2 := 69632bv64, true;
-    R1, Gamma_R1 := bvadd64(R2, 20bv64), Gamma_R2;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 20bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 20bv64)) || L(mem, bvadd64(R2, 20bv64)));
-    Cse0__5$1$4, Gamma_Cse0__5$1$4 := bvadd64(R1, 4bv64), Gamma_R1;
+    R2_3, Gamma_R2_3 := zero_extend32_32(memory_load32_le(mem, 69652bv64)), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    Cse0__5$1$4_1, Gamma_Cse0__5$1$4_1 := 69656bv64, true;
     call rely();
-    assert (L(mem, Cse0__5$1$4) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, Cse0__5$1$4, R2[32:0]), gamma_store32(Gamma_mem, Cse0__5$1$4, Gamma_R2);
-    assume {:captureState "1552$1"} true;
+    assert (L(mem, Cse0__5$1$4_1) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, Cse0__5$1$4_1, R2_3[32:0]), gamma_store32(Gamma_mem, Cse0__5$1$4_1, Gamma_R2_3);
     call rely();
-    assert (L(mem, bvadd64(Cse0__5$1$4, 4bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(Cse0__5$1$4, 4bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(Cse0__5$1$4, 4bv64), Gamma_R2);
-    assume {:captureState "1552$2"} true;
+    assert (L(mem, bvadd64(Cse0__5$1$4_1, 4bv64)) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, bvadd64(Cse0__5$1$4_1, 4bv64), R2_3[32:0]), gamma_store32(Gamma_mem, bvadd64(Cse0__5$1$4_1, 4bv64), Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69652bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/gcc_pic/basicassign.expected b/src/test/incorrect/basicassign/gcc_pic/basicassign.expected
index f87155f7a..557f24c5b 100644
--- a/src/test/incorrect/basicassign/gcc_pic/basicassign.expected
+++ b/src/test/incorrect/basicassign/gcc_pic/basicassign.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -15,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,8 +89,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2012bv64) == 1bv8);
@@ -107,69 +116,80 @@ procedure main();
   free ensures (memory_load64_le(mem, 69000bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 68992bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_11: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_11: bv64;
+  var R0_13: bv64;
+  var R0_15: bv64;
+  var R0_17: bv64;
+  var R0_19: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv32;
+  var R1_3: bv32;
+  var R1_4: bv32;
+  var R1_5: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_2, Gamma_R1_2 := memory_load32_le(mem, R0_3), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000343"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assume {:captureState "%00000356"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_7) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_3, Gamma_R1_3 := memory_load32_le(mem, R0_9), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_11, Gamma_R0_11 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000037d"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_11) ==> Gamma_R1_3);
+    mem, Gamma_mem := memory_store32_le(mem, R0_11, R1_3), gamma_store32(Gamma_mem, R0_11, Gamma_R1_3);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_13, Gamma_R0_13 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_4, Gamma_R1_4 := memory_load32_le(mem, R0_13), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_15, Gamma_R0_15 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003a4"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_15) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, R0_15, R1_4), gamma_store32(Gamma_mem, R0_15, Gamma_R1_4);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_17, Gamma_R0_17 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(mem, R0_17)), (gamma_load32(Gamma_mem, R0_17) || L(mem, R0_17));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_19, Gamma_R0_19 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%000003cb"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_19) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store32_le(mem, R0_19, R1_5[32:0]), gamma_store32(Gamma_mem, R0_19, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign/gcc_pic/basicassign_gtirb.expected b/src/test/incorrect/basicassign/gcc_pic/basicassign_gtirb.expected
index 5d4ca47a0..af4f512d5 100644
--- a/src/test/incorrect/basicassign/gcc_pic/basicassign_gtirb.expected
+++ b/src/test/incorrect/basicassign/gcc_pic/basicassign_gtirb.expected
@@ -1,8 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69660bv64);
@@ -15,6 +11,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +29,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +49,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -80,8 +89,8 @@ implementation {:extern} rely_reflexive()
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_mem, R0, R1, mem;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2012bv64) == 1bv8);
@@ -107,69 +116,80 @@ procedure main();
   free ensures (memory_load64_le(mem, 69000bv64) == 1792bv64);
   free ensures (memory_load64_le(mem, 68992bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R1_in: bv64, Gamma_R1_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool)
 {
+  var Gamma_R0_11: bool;
+  var Gamma_R0_13: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_19: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_2: bool;
+  var Gamma_R1_3: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_5: bool;
+  var R0_11: bv64;
+  var R0_13: bv64;
+  var R0_15: bv64;
+  var R0_17: bv64;
+  var R0_19: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_9: bv64;
+  var R1_2: bv64;
+  var R1_3: bv64;
+  var R1_4: bv64;
+  var R1_5: bv64;
   $main$__0__$yYC26iBgTbWc565tG_Ztxg:
-    assume {:captureState "$main$__0__$yYC26iBgTbWc565tG_Ztxg"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(mem, R0_3)), (gamma_load32(Gamma_mem, R0_3) || L(mem, R0_3));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_2[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_2);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> true);
-    mem, Gamma_mem := memory_store32_le(mem, R0, 0bv32), gamma_store32(Gamma_mem, R0, true);
-    assume {:captureState "1908$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_7) ==> true);
+    mem, Gamma_mem := memory_store32_le(mem, R0_7, 0bv32), gamma_store32(Gamma_mem, R0_7, true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_3, Gamma_R1_3 := zero_extend32_32(memory_load32_le(mem, R0_9)), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_11, Gamma_R0_11 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1932$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_11) ==> Gamma_R1_3);
+    mem, Gamma_mem := memory_store32_le(mem, R0_11, R1_3[32:0]), gamma_store32(Gamma_mem, R0_11, Gamma_R1_3);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_13, Gamma_R0_13 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_4, Gamma_R1_4 := zero_extend32_32(memory_load32_le(mem, R0_13)), (gamma_load32(Gamma_mem, R0_13) || L(mem, R0_13));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_15, Gamma_R0_15 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1956$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_15) ==> Gamma_R1_4);
+    mem, Gamma_mem := memory_store32_le(mem, R0_15, R1_4[32:0]), gamma_store32(Gamma_mem, R0_15, Gamma_R1_4);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_17, Gamma_R0_17 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R0, Gamma_R0 := 65536bv64, true;
+    R1_5, Gamma_R1_5 := zero_extend32_32(memory_load32_le(mem, R0_17)), (gamma_load32(Gamma_mem, R0_17) || L(mem, R0_17));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4048bv64)) || L(mem, bvadd64(R0, 4048bv64)));
+    R0_19, Gamma_R0_19 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1980$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
+    assert (L(mem, R0_19) ==> Gamma_R1_5);
+    mem, Gamma_mem := memory_store32_le(mem, R0_19, R1_5[32:0]), gamma_store32(Gamma_mem, R0_19, Gamma_R1_5);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out := 0bv64, R1_5;
+    Gamma_R0_out, Gamma_R1_out := true, Gamma_R1_5;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/clang/basicassign1.expected b/src/test/incorrect/basicassign1/clang/basicassign1.expected
index afb87ecdb..0d8f48e88 100644
--- a/src/test/incorrect/basicassign1/clang/basicassign1.expected
+++ b/src/test/incorrect/basicassign1/clang/basicassign1.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -19,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +76,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -85,8 +88,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -96,38 +97,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var R10_1: bv64;
+  var R8_2: bv32;
+  var R8_3: bv64;
+  var R9_1: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R9);
-    assume {:captureState "%000002fe"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%0000030a"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R9_1, Gamma_R9_1 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R9_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R10);
-    assume {:captureState "%0000031e"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%0000032d"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_2);
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%0000033c"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/clang/basicassign1_gtirb.expected b/src/test/incorrect/basicassign1/clang/basicassign1_gtirb.expected
index 27c5c8876..b9e970ece 100644
--- a/src/test/incorrect/basicassign1/clang/basicassign1_gtirb.expected
+++ b/src/test/incorrect/basicassign1/clang/basicassign1_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -19,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -73,8 +76,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -85,8 +88,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -96,38 +97,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_1: bv64;
   $main$__0__$DfHVfCMXSoudSko_BS89Jw:
-    assume {:captureState "$main$__0__$DfHVfCMXSoudSko_BS89Jw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R9);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1832$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R9_1, Gamma_R9_1 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R9_1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R10[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R10);
-    assume {:captureState "1844$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R10_1[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1852$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R8_2, Gamma_R8_2 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_2);
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1860$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/clang_O2/basicassign1.expected b/src/test/incorrect/basicassign1/clang_O2/basicassign1.expected
index af9853960..29ab8c1bf 100644
--- a/src/test/incorrect/basicassign1/clang_O2/basicassign1.expected
+++ b/src/test/incorrect/basicassign1/clang_O2/basicassign1.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $z_addr: bv64;
 axiom ($z_addr == 69688bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -67,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -88,22 +95,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%000002de"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/clang_O2/basicassign1_gtirb.expected b/src/test/incorrect/basicassign1/clang_O2/basicassign1_gtirb.expected
index d74bb0aff..4d2dcbcce 100644
--- a/src/test/incorrect/basicassign1/clang_O2/basicassign1_gtirb.expected
+++ b/src/test/incorrect/basicassign1/clang_O2/basicassign1_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $z_addr: bv64;
 axiom ($z_addr == 69688bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -67,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -88,22 +95,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   $main$__0__$Od2M3mwNQ0~eUkXl2xVFHw:
-    assume {:captureState "$main$__0__$Od2M3mwNQ0~eUkXl2xVFHw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 56bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69688bv64, R8_3[32:0]), gamma_store32(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/clang_pic/basicassign1.expected b/src/test/incorrect/basicassign1/clang_pic/basicassign1.expected
index 0158c8e2d..cada793b0 100644
--- a/src/test/incorrect/basicassign1/clang_pic/basicassign1.expected
+++ b/src/test/incorrect/basicassign1/clang_pic/basicassign1.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -19,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -28,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -44,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -79,8 +82,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -93,8 +96,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -106,42 +107,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_3: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv32;
+  var R8_4: bv64;
+  var R9_1: bv32;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R9);
-    assume {:captureState "%0000030d"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000319"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R9_1, Gamma_R9_1 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R9_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R10[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R10);
-    assume {:captureState "%00000334"} true;
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R10_1[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "%00000343"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_3);
+    R8_4, Gamma_R8_4 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%00000352"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_4[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/clang_pic/basicassign1_gtirb.expected b/src/test/incorrect/basicassign1/clang_pic/basicassign1_gtirb.expected
index 4aa8567fc..f1f986a0b 100644
--- a/src/test/incorrect/basicassign1/clang_pic/basicassign1_gtirb.expected
+++ b/src/test/incorrect/basicassign1/clang_pic/basicassign1_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -19,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -28,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -44,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -79,8 +82,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -93,8 +96,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -106,42 +107,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_3: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_1: bv64;
+  var R9_3: bv64;
   $main$__0__$_~KgWfivQ2SPbqUNX0Vjkg:
-    assume {:captureState "$main$__0__$_~KgWfivQ2SPbqUNX0Vjkg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R9[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R9);
-    assume {:captureState "1892$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1900$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R9_1, Gamma_R9_1 := zero_extend32_32(memory_load32_le(mem, R8_2)), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R9_1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R10[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R10);
-    assume {:captureState "1916$0"} true;
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R10_1[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R8);
-    assume {:captureState "1924$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, R8_2)), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R8_3[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R8_3);
+    R8_4, Gamma_R8_4 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store32_le(mem, R9, R8[32:0]), gamma_store32(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1932$0"} true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store32_le(mem, R9_3, R8_4[32:0]), gamma_store32(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/gcc/basicassign1.expected b/src/test/incorrect/basicassign1/gcc/basicassign1.expected
index 192c82d15..035f58763 100644
--- a/src/test/incorrect/basicassign1/gcc/basicassign1.expected
+++ b/src/test/incorrect/basicassign1/gcc/basicassign1.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -69,8 +76,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -81,8 +88,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -92,44 +97,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv32;
+  var R0_8: bv32;
+  var R1_1: bv32;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000031c"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000323"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R1_1, Gamma_R1_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000033d"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_1), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000357"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_8, Gamma_R0_8 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000371"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_2[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/gcc/basicassign1_gtirb.expected b/src/test/incorrect/basicassign1/gcc/basicassign1_gtirb.expected
index 92d417367..4970cd7a0 100644
--- a/src/test/incorrect/basicassign1/gcc/basicassign1_gtirb.expected
+++ b/src/test/incorrect/basicassign1/gcc/basicassign1_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -36,7 +43,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -69,8 +76,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -81,8 +88,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -92,44 +97,48 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   $main$__0__$nlp0Z6HpSoKsMKUhBvTrsQ:
-    assume {:captureState "$main$__0__$nlp0Z6HpSoKsMKUhBvTrsQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R0_2, Gamma_R0_2 := 69656bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(mem, R0_2)), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_5, Gamma_R0_5 := 69652bv64, true;
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_1[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_1);
+    R0_7, Gamma_R0_7 := 69656bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_8, Gamma_R0_8 := zero_extend32_32(memory_load32_le(mem, R0_7)), (gamma_load32(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
+    R0_10, Gamma_R0_10 := 69652bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_10, R1_2[32:0]), gamma_store32(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/gcc_O2/basicassign1.expected b/src/test/incorrect/basicassign1/gcc_O2/basicassign1.expected
index 9fcdcc2bc..f7f6488cb 100644
--- a/src/test/incorrect/basicassign1/gcc_O2/basicassign1.expected
+++ b/src/test/incorrect/basicassign1/gcc_O2/basicassign1.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $z_addr: bv64;
 axiom ($z_addr == 69652bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -67,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -88,22 +95,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R2_3, Gamma_R2_3 := zero_extend32_32(memory_load32_le(mem, 69656bv64)), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
-    assume {:captureState "%000001c5"} true;
+    assert (L(mem, 69652bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R2_3[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/gcc_O2/basicassign1_gtirb.expected b/src/test/incorrect/basicassign1/gcc_O2/basicassign1_gtirb.expected
index 7ef5b5223..6ef601020 100644
--- a/src/test/incorrect/basicassign1/gcc_O2/basicassign1_gtirb.expected
+++ b/src/test/incorrect/basicassign1/gcc_O2/basicassign1_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $z_addr: bv64;
 axiom ($z_addr == 69652bv64);
@@ -13,12 +7,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -67,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -88,22 +95,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var R2_2: bv64;
+  var R2_3: bv64;
   $main$__0__$_PNx6V7gRVGINL2khXZ6vg:
-    assume {:captureState "$main$__0__$_PNx6V7gRVGINL2khXZ6vg"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 20bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
+    R2_2, Gamma_R2_2 := 69652bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2, 4bv64)) || L(mem, bvadd64(R2, 4bv64)));
+    R2_3, Gamma_R2_3 := zero_extend32_32(memory_load32_le(mem, bvadd64(R2_2, 4bv64))), (gamma_load32(Gamma_mem, bvadd64(R2_2, 4bv64)) || L(mem, bvadd64(R2_2, 4bv64)));
     call rely();
-    assert (L(mem, bvadd64(R1, 20bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R1, 20bv64), R2[32:0]), gamma_store32(Gamma_mem, bvadd64(R1, 20bv64), Gamma_R2);
-    assume {:captureState "1552$0"} true;
+    assert (L(mem, 69652bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R2_3[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/gcc_pic/basicassign1.expected b/src/test/incorrect/basicassign1/gcc_pic/basicassign1.expected
index 2359fdec8..4f8bcd044 100644
--- a/src/test/incorrect/basicassign1/gcc_pic/basicassign1.expected
+++ b/src/test/incorrect/basicassign1/gcc_pic/basicassign1.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -75,8 +82,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -89,8 +96,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -102,48 +107,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv32;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv32;
+  var R1_1: bv32;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000031d"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000324"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load32_le(mem, R0_2), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_1, Gamma_R1_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000033f"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_1), gamma_store32(Gamma_mem, R0_5, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%0000035a"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_8, Gamma_R0_8 := memory_load32_le(mem, R0_7), (gamma_load32(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000375"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_10, R1_2[32:0]), gamma_store32(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign1/gcc_pic/basicassign1_gtirb.expected b/src/test/incorrect/basicassign1/gcc_pic/basicassign1_gtirb.expected
index c9d86040b..5c934321f 100644
--- a/src/test/incorrect/basicassign1/gcc_pic/basicassign1_gtirb.expected
+++ b/src/test/incorrect/basicassign1/gcc_pic/basicassign1_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $z_addr: bv64;
@@ -15,6 +9,15 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -24,7 +27,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -40,7 +47,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
@@ -75,8 +82,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -89,8 +96,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -102,48 +107,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69652bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   $main$__0__$A8~XTH6JTGm30lc5MnGYaQ:
-    assume {:captureState "$main$__0__$A8~XTH6JTGm30lc5MnGYaQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(mem, R0_2)), (gamma_load32(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_3[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_5, R1_1[32:0]), gamma_store32(Gamma_mem, R0_5, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_8, Gamma_R0_8 := zero_extend32_32(memory_load32_le(mem, R0_7)), (gamma_load32(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_8);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_2, Gamma_R1_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1944$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store32_le(mem, R0_10, R1_2[32:0]), gamma_store32(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/clang/basicassign2.expected b/src/test/incorrect/basicassign2/clang/basicassign2.expected
index 61c920226..024996be5 100644
--- a/src/test/incorrect/basicassign2/clang/basicassign2.expected
+++ b/src/test/incorrect/basicassign2/clang/basicassign2.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -70,8 +73,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -82,8 +85,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -93,38 +94,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R9), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R9);
-    assume {:captureState "%000002fe"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000305"} true;
-    R10, Gamma_R10 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R9_1, Gamma_R9_1 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R9_1), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R10_1, Gamma_R10_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 64bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 64bv64), R10), gamma_store64(Gamma_mem, bvadd64(R9, 64bv64), Gamma_R10);
-    assume {:captureState "%00000319"} true;
+    assert (L(mem, 69696bv64) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store64_le(mem, 69696bv64, R10_1), gamma_store64(Gamma_mem, 69696bv64, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%00000328"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_2), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_2);
+    R8_3, Gamma_R8_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 64bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 64bv64), R8), gamma_store64(Gamma_mem, bvadd64(R9, 64bv64), Gamma_R8);
-    assume {:captureState "%00000337"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69696bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store64_le(mem, 69696bv64, R8_3), gamma_store64(Gamma_mem, 69696bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/clang/basicassign2_gtirb.expected b/src/test/incorrect/basicassign2/clang/basicassign2_gtirb.expected
index 0d8b20ef0..37241d54f 100644
--- a/src/test/incorrect/basicassign2/clang/basicassign2_gtirb.expected
+++ b/src/test/incorrect/basicassign2/clang/basicassign2_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -70,8 +73,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -82,8 +85,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -93,38 +94,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_1: bv64;
   $main$__0__$YYWIvImmSVCq8LWicwynYQ:
-    assume {:captureState "$main$__0__$YYWIvImmSVCq8LWicwynYQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R9), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R9);
-    assume {:captureState "1824$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1828$0"} true;
-    R10, Gamma_R10 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R9_1, Gamma_R9_1 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R9_1), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R10_1, Gamma_R10_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 64bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 64bv64), R10), gamma_store64(Gamma_mem, bvadd64(R9, 64bv64), Gamma_R10);
-    assume {:captureState "1840$0"} true;
+    assert (L(mem, 69696bv64) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store64_le(mem, 69696bv64, R10_1), gamma_store64(Gamma_mem, 69696bv64, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1848$0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_2), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_2);
+    R8_3, Gamma_R8_3 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 64bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 64bv64), R8), gamma_store64(Gamma_mem, bvadd64(R9, 64bv64), Gamma_R8);
-    assume {:captureState "1856$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69696bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store64_le(mem, 69696bv64, R8_3), gamma_store64(Gamma_mem, 69696bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/clang_O2/basicassign2.expected b/src/test/incorrect/basicassign2/clang_O2/basicassign2.expected
index 9b9dc95d6..fcf49f75c 100644
--- a/src/test/incorrect/basicassign2/clang_O2/basicassign2.expected
+++ b/src/test/incorrect/basicassign2/clang_O2/basicassign2.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -64,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -85,22 +92,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 64bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 64bv64), R8), gamma_store64(Gamma_mem, bvadd64(R9, 64bv64), Gamma_R8);
-    assume {:captureState "%000002de"} true;
+    assert (L(mem, 69696bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store64_le(mem, 69696bv64, R8_3), gamma_store64(Gamma_mem, 69696bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/clang_O2/basicassign2_gtirb.expected b/src/test/incorrect/basicassign2/clang_O2/basicassign2_gtirb.expected
index b79b4ebee..be3257a11 100644
--- a/src/test/incorrect/basicassign2/clang_O2/basicassign2_gtirb.expected
+++ b/src/test/incorrect/basicassign2/clang_O2/basicassign2_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69688bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -64,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -85,22 +92,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   $main$__0__$NDJX6ve4TTG0FoXJqQLDfQ:
-    assume {:captureState "$main$__0__$NDJX6ve4TTG0FoXJqQLDfQ"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 56bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, 69688bv64), (gamma_load64(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 64bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R9, 64bv64), R8), gamma_store64(Gamma_mem, bvadd64(R9, 64bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
+    assert (L(mem, 69696bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store64_le(mem, 69696bv64, R8_3), gamma_store64(Gamma_mem, 69696bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/clang_pic/basicassign2.expected b/src/test/incorrect/basicassign2/clang_pic/basicassign2.expected
index ab4b6e7ec..61cb76c6d 100644
--- a/src/test/incorrect/basicassign2/clang_pic/basicassign2.expected
+++ b/src/test/incorrect/basicassign2/clang_pic/basicassign2.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -72,8 +75,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -86,8 +89,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -99,42 +100,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_3: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_1: bv64;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, R8), (gamma_load64(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R9), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R9);
-    assume {:captureState "%0000030d"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000314"} true;
-    R10, Gamma_R10 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R9_1, Gamma_R9_1 := memory_load64_le(mem, R8_2), (gamma_load64(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R9_1), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R10_1, Gamma_R10_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store64_le(mem, R9, R10), gamma_store64(Gamma_mem, R9, Gamma_R10);
-    assume {:captureState "%0000032f"} true;
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store64_le(mem, R9_3, R10_1), gamma_store64(Gamma_mem, R9_3, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, R8), (gamma_load64(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%0000033e"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, R8_2), (gamma_load64(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_3);
+    R8_4, Gamma_R8_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, R9, R8), gamma_store64(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%0000034d"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store64_le(mem, R9_3, R8_4), gamma_store64(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/clang_pic/basicassign2_gtirb.expected b/src/test/incorrect/basicassign2/clang_pic/basicassign2_gtirb.expected
index 6fa316b8c..457440d8d 100644
--- a/src/test/incorrect/basicassign2/clang_pic/basicassign2_gtirb.expected
+++ b/src/test/incorrect/basicassign2/clang_pic/basicassign2_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -21,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -38,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -72,8 +75,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -86,8 +89,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69696bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -99,42 +100,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_3: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_1: bv64;
+  var R9_3: bv64;
   $main$__0__$BA9VRiRVRpCw4REE15gPpA:
-    assume {:captureState "$main$__0__$BA9VRiRVRpCw4REE15gPpA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, R8), (gamma_load64(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R9), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R9);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1896$0"} true;
-    R10, Gamma_R10 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R9_1, Gamma_R9_1 := memory_load64_le(mem, R8_2), (gamma_load64(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R9_1), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R10_1, Gamma_R10_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store64_le(mem, R9, R10), gamma_store64(Gamma_mem, R9, Gamma_R10);
-    assume {:captureState "1912$0"} true;
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store64_le(mem, R9_3, R10_1), gamma_store64(Gamma_mem, R9_3, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, R8), (gamma_load64(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1920$0"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_3, Gamma_R8_3 := memory_load64_le(mem, R8_2), (gamma_load64(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R8_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R8_3);
+    R8_4, Gamma_R8_4 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store64_le(mem, R9, R8), gamma_store64(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store64_le(mem, R9_3, R8_4), gamma_store64(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/gcc/basicassign2.expected b/src/test/incorrect/basicassign2/gcc/basicassign2.expected
index 23656ef15..f16f659bf 100644
--- a/src/test/incorrect/basicassign2/gcc/basicassign2.expected
+++ b/src/test/incorrect/basicassign2/gcc/basicassign2.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -66,8 +73,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -78,8 +85,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -89,44 +94,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%0000031c"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000323"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R1_1, Gamma_R1_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000033d"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, R1_1), gamma_store64(Gamma_mem, 69656bv64, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%00000357"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_8), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_8);
+    R1_2, Gamma_R1_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000371"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69656bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, R1_2), gamma_store64(Gamma_mem, 69656bv64, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/gcc/basicassign2_gtirb.expected b/src/test/incorrect/basicassign2/gcc/basicassign2_gtirb.expected
index 1b74dea32..2bb2561a7 100644
--- a/src/test/incorrect/basicassign2/gcc/basicassign2_gtirb.expected
+++ b/src/test/incorrect/basicassign2/gcc/basicassign2_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -66,8 +73,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -78,8 +85,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -89,44 +94,48 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   $main$__0__$RSR08m7kSH6UIQCFKlRaqg:
-    assume {:captureState "$main$__0__$RSR08m7kSH6UIQCFKlRaqg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    R0_2, Gamma_R0_2 := 69664bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, R0_2), (gamma_load64(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
+    R0_5, Gamma_R0_5 := 69656bv64, true;
+    R1_1, Gamma_R1_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 32bv64), Gamma_R0;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store64_le(mem, R0_5, R1_1), gamma_store64(Gamma_mem, R0_5, Gamma_R1_1);
+    R0_7, Gamma_R0_7 := 69664bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, R0_7), (gamma_load64(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_8), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_8);
+    R0_10, Gamma_R0_10 := 69656bv64, true;
+    R1_2, Gamma_R1_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store64_le(mem, R0_10, R1_2), gamma_store64(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/gcc_O2/basicassign2.expected b/src/test/incorrect/basicassign2/gcc_O2/basicassign2.expected
index cbb173f38..9c7ffa048 100644
--- a/src/test/incorrect/basicassign2/gcc_O2/basicassign2.expected
+++ b/src/test/incorrect/basicassign2/gcc_O2/basicassign2.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69664bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -64,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -85,22 +92,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 24bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := memory_load64_le(mem, bvadd64(R2, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R2, 8bv64)) || L(mem, bvadd64(R2, 8bv64)));
+    R2_3, Gamma_R2_3 := memory_load64_le(mem, 69664bv64), (gamma_load64(Gamma_mem, 69664bv64) || L(mem, 69664bv64));
     call rely();
-    assert (L(mem, bvadd64(R1, 24bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R1, 24bv64), R2), gamma_store64(Gamma_mem, bvadd64(R1, 24bv64), Gamma_R2);
-    assume {:captureState "%000001c5"} true;
+    assert (L(mem, 69656bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, R2_3), gamma_store64(Gamma_mem, 69656bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/gcc_O2/basicassign2_gtirb.expected b/src/test/incorrect/basicassign2/gcc_O2/basicassign2_gtirb.expected
index 8e67f332d..4a4eac155 100644
--- a/src/test/incorrect/basicassign2/gcc_O2/basicassign2_gtirb.expected
+++ b/src/test/incorrect/basicassign2/gcc_O2/basicassign2_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69664bv64);
@@ -15,12 +9,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -32,7 +39,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -64,8 +71,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -85,22 +92,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var R2_2: bv64;
+  var R2_3: bv64;
   $main$__0__$ebQhd7tnS62etDAtES6e5g:
-    assume {:captureState "$main$__0__$ebQhd7tnS62etDAtES6e5g"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 24bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
+    R2_2, Gamma_R2_2 := 69656bv64, true;
     call rely();
-    R2, Gamma_R2 := memory_load64_le(mem, bvadd64(R2, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R2, 8bv64)) || L(mem, bvadd64(R2, 8bv64)));
+    R2_3, Gamma_R2_3 := memory_load64_le(mem, bvadd64(R2_2, 8bv64)), (gamma_load64(Gamma_mem, bvadd64(R2_2, 8bv64)) || L(mem, bvadd64(R2_2, 8bv64)));
     call rely();
-    assert (L(mem, bvadd64(R1, 24bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store64_le(mem, bvadd64(R1, 24bv64), R2), gamma_store64(Gamma_mem, bvadd64(R1, 24bv64), Gamma_R2);
-    assume {:captureState "1552$0"} true;
+    assert (L(mem, 69656bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store64_le(mem, 69656bv64, R2_3), gamma_store64(Gamma_mem, 69656bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/gcc_pic/basicassign2.expected b/src/test/incorrect/basicassign2/gcc_pic/basicassign2.expected
index f75604861..5b6ffa8e6 100644
--- a/src/test/incorrect/basicassign2/gcc_pic/basicassign2.expected
+++ b/src/test/incorrect/basicassign2/gcc_pic/basicassign2.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -68,8 +75,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -82,8 +89,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -95,48 +100,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%0000031d"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "%00000324"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, R0_2), (gamma_load64(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_1, Gamma_R1_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000033f"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store64_le(mem, R0_5, R1_1), gamma_store64(Gamma_mem, R0_5, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%0000035a"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, R0_7), (gamma_load64(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_8), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_8);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_2, Gamma_R1_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000375"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store64_le(mem, R0_10, R1_2), gamma_store64(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign2/gcc_pic/basicassign2_gtirb.expected b/src/test/incorrect/basicassign2/gcc_pic/basicassign2_gtirb.expected
index 5b858de70..0aa99fccc 100644
--- a/src/test/incorrect/basicassign2/gcc_pic/basicassign2_gtirb.expected
+++ b/src/test/incorrect/basicassign2/gcc_pic/basicassign2_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -17,12 +11,25 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
 }
 
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))))))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) {
@@ -34,7 +41,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 procedure {:extern} rely();
@@ -68,8 +75,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -82,8 +89,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -95,48 +100,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   $main$__0__$cAr~xZczTJ6UG_oTonnnNw:
-    assume {:captureState "$main$__0__$cAr~xZczTJ6UG_oTonnnNw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), true);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, R0_2), (gamma_load64(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_3), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_1, Gamma_R1_1 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store64_le(mem, R0_5, R1_1), gamma_store64(Gamma_mem, R0_5, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_8, Gamma_R0_8 := memory_load64_le(mem, R0_7), (gamma_load64(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_8), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_8);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_2, Gamma_R1_2 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1944$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store64_le(mem, R0_10, R1_2), gamma_store64(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/clang/basicassign3.expected b/src/test/incorrect/basicassign3/clang/basicassign3.expected
index 573fcf38f..b6c27f670 100644
--- a/src/test/incorrect/basicassign3/clang/basicassign3.expected
+++ b/src/test/incorrect/basicassign3/clang/basicassign3.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -38,7 +28,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
@@ -71,8 +61,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -83,8 +73,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -94,38 +82,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var R10_1: bv64;
+  var R8_2: bv8;
+  var R8_3: bv64;
+  var R9_1: bv8;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend56_8(memory_load8_le(mem, bvadd64(R8, 49bv64))), (gamma_load8(Gamma_mem, bvadd64(R8, 49bv64)) || L(mem, bvadd64(R8, 49bv64)));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R9[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R9);
-    assume {:captureState "%000002fe"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "%00000305"} true;
-    R10, Gamma_R10 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R9_1, Gamma_R9_1 := memory_load8_le(mem, 69681bv64), (gamma_load8(Gamma_mem, 69681bv64) || L(mem, 69681bv64));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R9_1), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 50bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 50bv64), R10[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 50bv64), Gamma_R10);
-    assume {:captureState "%00000319"} true;
+    assert (L(mem, 69682bv64) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store8_le(mem, 69682bv64, R10_1[8:0]), gamma_store8(Gamma_mem, 69682bv64, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, bvadd64(R8, 49bv64))), (gamma_load8(Gamma_mem, bvadd64(R8, 49bv64)) || L(mem, bvadd64(R8, 49bv64)));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R8[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R8);
-    assume {:captureState "%00000328"} true;
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R8_2, Gamma_R8_2 := memory_load8_le(mem, 69681bv64), (gamma_load8(Gamma_mem, 69681bv64) || L(mem, 69681bv64));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R8_2), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R8_2);
+    R8_3, Gamma_R8_3 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 50bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 50bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 50bv64), Gamma_R8);
-    assume {:captureState "%00000337"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69682bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69682bv64, R8_3[8:0]), gamma_store8(Gamma_mem, 69682bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/clang/basicassign3_gtirb.expected b/src/test/incorrect/basicassign3/clang/basicassign3_gtirb.expected
index 9ded6dd3f..af2d46f4d 100644
--- a/src/test/incorrect/basicassign3/clang/basicassign3_gtirb.expected
+++ b/src/test/incorrect/basicassign3/clang/basicassign3_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -38,11 +28,10 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -72,8 +61,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1892bv64) == 1bv8);
@@ -84,8 +73,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1892bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1893bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1894bv64) == 2bv8);
@@ -95,38 +82,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R9_1: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R9_1: bv64;
   $main$__0__$MRIfZSIyTFWNRJjkc4x55g:
-    assume {:captureState "$main$__0__$MRIfZSIyTFWNRJjkc4x55g"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R8, 49bv64)))), (gamma_load8(Gamma_mem, bvadd64(R8, 49bv64)) || L(mem, bvadd64(R8, 49bv64)));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R9[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R9);
-    assume {:captureState "1824$0"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "1828$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R9, Gamma_R9 := 69632bv64, true;
+    R9_1, Gamma_R9_1 := zero_extend56_8(memory_load8_le(mem, 69681bv64)), (gamma_load8(Gamma_mem, 69681bv64) || L(mem, 69681bv64));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R9_1[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 50bv64)) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 50bv64), R10[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 50bv64), Gamma_R10);
-    assume {:captureState "1840$0"} true;
+    assert (L(mem, 69682bv64) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store8_le(mem, 69682bv64, R10_1[8:0]), gamma_store8(Gamma_mem, 69682bv64, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R8, 49bv64)))), (gamma_load8(Gamma_mem, bvadd64(R8, 49bv64)) || L(mem, bvadd64(R8, 49bv64)));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R8[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R8);
-    assume {:captureState "1848$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R8_2, Gamma_R8_2 := zero_extend56_8(memory_load8_le(mem, 69681bv64)), (gamma_load8(Gamma_mem, 69681bv64) || L(mem, 69681bv64));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R8_2[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R8_2);
+    R8_3, Gamma_R8_3 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 50bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 50bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 50bv64), Gamma_R8);
-    assume {:captureState "1856$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69682bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69682bv64, R8_3[8:0]), gamma_store8(Gamma_mem, 69682bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/clang_O2/basicassign3.expected b/src/test/incorrect/basicassign3/clang_O2/basicassign3.expected
index d8dec4426..28391042a 100644
--- a/src/test/incorrect/basicassign3/clang_O2/basicassign3.expected
+++ b/src/test/incorrect/basicassign3/clang_O2/basicassign3.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -32,7 +26,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
@@ -65,8 +59,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -86,22 +80,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, bvadd64(R8, 52bv64))), (gamma_load8(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend56_8(memory_load8_le(mem, 69684bv64)), (gamma_load8(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 56bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "%000002de"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69688bv64, R8_3[8:0]), gamma_store8(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/clang_O2/basicassign3_gtirb.expected b/src/test/incorrect/basicassign3/clang_O2/basicassign3_gtirb.expected
index a00e3afa0..a4a9e0465 100644
--- a/src/test/incorrect/basicassign3/clang_O2/basicassign3_gtirb.expected
+++ b/src/test/incorrect/basicassign3/clang_O2/basicassign3_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69684bv64);
@@ -32,11 +26,10 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -66,8 +59,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R8, Gamma_R9, Gamma_mem, R0, R8, R9, mem;
+procedure main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1856bv64) == 1bv8);
@@ -87,22 +80,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R8_in: bv64, Gamma_R8_in: bool, R9_in: bv64, Gamma_R9_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R8_3: bool;
+  var R8_3: bv64;
   $main$__0__$i980uv9RSgi73HJREH52Kw:
-    assume {:captureState "$main$__0__$i980uv9RSgi73HJREH52Kw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
-    R9, Gamma_R9 := 69632bv64, true;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R8, 52bv64)))), (gamma_load8(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
+    R8_3, Gamma_R8_3 := zero_extend56_8(memory_load8_le(mem, 69684bv64)), (gamma_load8(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
     call rely();
-    assert (L(mem, bvadd64(R9, 56bv64)) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R9, 56bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R9, 56bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
+    assert (L(mem, 69688bv64) ==> Gamma_R8_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69688bv64, R8_3[8:0]), gamma_store8(Gamma_mem, 69688bv64, Gamma_R8_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R8_out, R9_out := 0bv64, R8_3, 69632bv64;
+    Gamma_R0_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R8_3, true;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/clang_pic/basicassign3.expected b/src/test/incorrect/basicassign3/clang_pic/basicassign3.expected
index d85f4196c..cdf27aee7 100644
--- a/src/test/incorrect/basicassign3/clang_pic/basicassign3.expected
+++ b/src/test/incorrect/basicassign3/clang_pic/basicassign3.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -42,7 +32,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
@@ -77,8 +67,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -91,8 +81,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69682bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -104,42 +92,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_3: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv8;
+  var R8_4: bv64;
+  var R9_1: bv8;
+  var R9_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend56_8(memory_load8_le(mem, R8)), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R9[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R9);
-    assume {:captureState "%0000030d"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "%00000314"} true;
-    R10, Gamma_R10 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R9_1, Gamma_R9_1 := memory_load8_le(mem, R8_2), (gamma_load8(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R9_1), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R10[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R10);
-    assume {:captureState "%0000032f"} true;
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store8_le(mem, R9_3, R10_1[8:0]), gamma_store8(Gamma_mem, R9_3, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, R8)), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R8[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R8);
-    assume {:captureState "%0000033e"} true;
-    R8, Gamma_R8 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R8_3, Gamma_R8_3 := memory_load8_le(mem, R8_2), (gamma_load8(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R8_3), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R8_3);
+    R8_4, Gamma_R8_4 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "%0000034d"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store8_le(mem, R9_3, R8_4[8:0]), gamma_store8(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/clang_pic/basicassign3_gtirb.expected b/src/test/incorrect/basicassign3/clang_pic/basicassign3_gtirb.expected
index 3af45974b..152e468d8 100644
--- a/src/test/incorrect/basicassign3/clang_pic/basicassign3_gtirb.expected
+++ b/src/test/incorrect/basicassign3/clang_pic/basicassign3_gtirb.expected
@@ -1,15 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R10: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R10: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -42,11 +32,10 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -78,8 +67,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R10, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_mem, Gamma_stack, R0, R10, R31, R8, R9, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -92,8 +81,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69682bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -105,42 +92,44 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R10_out: bv64, Gamma_R10_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
+  var Gamma_R10_1: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_3: bool;
+  var R10_1: bv64;
+  var R8_2: bv64;
+  var R8_3: bv64;
+  var R8_4: bv64;
+  var R9_1: bv64;
+  var R9_3: bv64;
   $main$__0__$3y3_IhBrScqKSl092foduA:
-    assume {:captureState "$main$__0__$3y3_IhBrScqKSl092foduA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4048bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4048bv64)) || L(mem, bvadd64(R8, 4048bv64)));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69584bv64), (gamma_load64(Gamma_mem, 69584bv64) || L(mem, 69584bv64));
     call rely();
-    R9, Gamma_R9 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R8))), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R9[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R9);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "1896$0"} true;
-    R10, Gamma_R10 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
-    R9, Gamma_R9 := 65536bv64, true;
+    R9_1, Gamma_R9_1 := zero_extend56_8(memory_load8_le(mem, R8_2)), (gamma_load8(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R9_1[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R9_1);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
+    R10_1, Gamma_R10_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R9, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R9, 4032bv64)) || L(mem, bvadd64(R9, 4032bv64)));
+    R9_3, Gamma_R9_3 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R10);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R10[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R10);
-    assume {:captureState "1912$0"} true;
+    assert (L(mem, R9_3) ==> Gamma_R10_1);
+    mem, Gamma_mem := memory_store8_le(mem, R9_3, R10_1[8:0]), gamma_store8(Gamma_mem, R9_3, Gamma_R10_1);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R8))), (gamma_load8(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R8[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R8);
-    assume {:captureState "1920$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R8_3, Gamma_R8_3 := zero_extend56_8(memory_load8_le(mem, R8_2)), (gamma_load8(Gamma_mem, R8_2) || L(mem, R8_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R8_3[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R8_3);
+    R8_4, Gamma_R8_4 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R9) ==> Gamma_R8);
-    mem, Gamma_mem := memory_store8_le(mem, R9, R8[8:0]), gamma_store8(Gamma_mem, R9, Gamma_R8);
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R9_3) ==> Gamma_R8_4);
+    mem, Gamma_mem := memory_store8_le(mem, R9_3, R8_4[8:0]), gamma_store8(Gamma_mem, R9_3, Gamma_R8_4);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R10_out, R31_out, R8_out, R9_out := 0bv64, R10_1, R31_in, R8_4, R9_3;
+    Gamma_R0_out, Gamma_R10_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := true, Gamma_R10_1, Gamma_R31_in, Gamma_R8_4, Gamma_R9_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/gcc/basicassign3.expected b/src/test/incorrect/basicassign3/gcc/basicassign3.expected
index 45ac95591..88c06ce97 100644
--- a/src/test/incorrect/basicassign3/gcc/basicassign3.expected
+++ b/src/test/incorrect/basicassign3/gcc/basicassign3.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -34,7 +28,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
@@ -67,8 +61,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -79,8 +73,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -90,44 +82,36 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_3: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_3: bv8;
+  var R0_8: bv8;
+  var R1_1: bv8;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 18bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "%0000031c"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "%00000323"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 17bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_3, Gamma_R0_3 := memory_load8_le(mem, 69650bv64), (gamma_load8(Gamma_mem, 69650bv64) || L(mem, 69650bv64));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_3), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
+    R1_1, Gamma_R1_1 := memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64)), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000033d"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 18bv64), Gamma_R0;
+    assert (L(mem, 69649bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store8_le(mem, 69649bv64, R1_1), gamma_store8(Gamma_mem, 69649bv64, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "%00000357"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 17bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_8, Gamma_R0_8 := memory_load8_le(mem, 69650bv64), (gamma_load8(Gamma_mem, 69650bv64) || L(mem, 69650bv64));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_8);
+    R1_2, Gamma_R1_2 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000371"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, 69649bv64) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store8_le(mem, 69649bv64, R1_2[8:0]), gamma_store8(Gamma_mem, 69649bv64, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/gcc/basicassign3_gtirb.expected b/src/test/incorrect/basicassign3/gcc/basicassign3_gtirb.expected
index 6518433ba..1b8e0df10 100644
--- a/src/test/incorrect/basicassign3/gcc/basicassign3_gtirb.expected
+++ b/src/test/incorrect/basicassign3/gcc/basicassign3_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -34,11 +28,10 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -68,8 +61,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1916bv64) == 1bv8);
@@ -80,8 +73,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1916bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1917bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1918bv64) == 2bv8);
@@ -91,44 +82,48 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   $main$__0__$6KyTrn2fQai0rTadNoNzYA:
-    assume {:captureState "$main$__0__$6KyTrn2fQai0rTadNoNzYA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 18bv64), Gamma_R0;
+    R0_2, Gamma_R0_2 := 69650bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "1828$0"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "1832$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 17bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_3, Gamma_R0_3 := zero_extend56_8(memory_load8_le(mem, R0_2)), (gamma_load8(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_3[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
+    R0_5, Gamma_R0_5 := 69649bv64, true;
+    R1_1, Gamma_R1_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1848$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 18bv64), Gamma_R0;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store8_le(mem, R0_5, R1_1[8:0]), gamma_store8(Gamma_mem, R0_5, Gamma_R1_1);
+    R0_7, Gamma_R0_7 := 69650bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 17bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_8, Gamma_R0_8 := zero_extend56_8(memory_load8_le(mem, R0_7)), (gamma_load8(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_8[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_8);
+    R0_10, Gamma_R0_10 := 69649bv64, true;
+    R1_2, Gamma_R1_2 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store8_le(mem, R0_10, R1_2[8:0]), gamma_store8(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/gcc_O2/basicassign3.expected b/src/test/incorrect/basicassign3/gcc_O2/basicassign3.expected
index 2e74e5ca1..d9a7dd372 100644
--- a/src/test/incorrect/basicassign3/gcc_O2/basicassign3.expected
+++ b/src/test/incorrect/basicassign3/gcc_O2/basicassign3.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69650bv64);
@@ -32,7 +26,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
@@ -65,8 +59,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -86,22 +80,20 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_3: bool;
+  var R2_3: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 17bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend56_8(memory_load8_le(mem, bvadd64(R2, 1bv64))), (gamma_load8(Gamma_mem, bvadd64(R2, 1bv64)) || L(mem, bvadd64(R2, 1bv64)));
+    R2_3, Gamma_R2_3 := zero_extend56_8(memory_load8_le(mem, 69650bv64)), (gamma_load8(Gamma_mem, 69650bv64) || L(mem, 69650bv64));
     call rely();
-    assert (L(mem, bvadd64(R1, 17bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R1, 17bv64), R2[8:0]), gamma_store8(Gamma_mem, bvadd64(R1, 17bv64), Gamma_R2);
-    assume {:captureState "%000001c5"} true;
+    assert (L(mem, 69649bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69649bv64, R2_3[8:0]), gamma_store8(Gamma_mem, 69649bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/gcc_O2/basicassign3_gtirb.expected b/src/test/incorrect/basicassign3/gcc_O2/basicassign3_gtirb.expected
index e83d081a2..e807a4595 100644
--- a/src/test/incorrect/basicassign3/gcc_O2/basicassign3_gtirb.expected
+++ b/src/test/incorrect/basicassign3/gcc_O2/basicassign3_gtirb.expected
@@ -1,10 +1,4 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R2: bool;
 var {:extern} Gamma_mem: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R2: bv64;
 var {:extern} mem: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
 axiom ($secret_addr == 69650bv64);
@@ -32,11 +26,10 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -66,8 +59,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R2, Gamma_mem, R0, R1, R2, mem;
+procedure main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool);
+  modifies Gamma_mem, mem;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -87,22 +80,23 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1536bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R1_in: bv64, Gamma_R1_in: bool, R2_in: bv64, Gamma_R2_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R2_out: bv64, Gamma_R2_out: bool)
 {
+  var Gamma_R2_2: bool;
+  var Gamma_R2_3: bool;
+  var R2_2: bv64;
+  var R2_3: bv64;
   $main$__0__$C40bGhKMQsKtBZRFrd1r0w:
-    assume {:captureState "$main$__0__$C40bGhKMQsKtBZRFrd1r0w"} true;
-    R1, Gamma_R1 := 69632bv64, true;
-    R2, Gamma_R2 := bvadd64(R1, 17bv64), Gamma_R1;
-    R0, Gamma_R0 := 0bv64, true;
+    R2_2, Gamma_R2_2 := 69649bv64, true;
     call rely();
-    R2, Gamma_R2 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, bvadd64(R2, 1bv64)))), (gamma_load8(Gamma_mem, bvadd64(R2, 1bv64)) || L(mem, bvadd64(R2, 1bv64)));
+    R2_3, Gamma_R2_3 := zero_extend56_8(memory_load8_le(mem, bvadd64(R2_2, 1bv64))), (gamma_load8(Gamma_mem, bvadd64(R2_2, 1bv64)) || L(mem, bvadd64(R2_2, 1bv64)));
     call rely();
-    assert (L(mem, bvadd64(R1, 17bv64)) ==> Gamma_R2);
-    mem, Gamma_mem := memory_store8_le(mem, bvadd64(R1, 17bv64), R2[8:0]), gamma_store8(Gamma_mem, bvadd64(R1, 17bv64), Gamma_R2);
-    assume {:captureState "1552$0"} true;
+    assert (L(mem, 69649bv64) ==> Gamma_R2_3);
+    mem, Gamma_mem := memory_store8_le(mem, 69649bv64, R2_3[8:0]), gamma_store8(Gamma_mem, 69649bv64, Gamma_R2_3);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R2_out := 0bv64, 69632bv64, R2_3;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R2_out := true, true, Gamma_R2_3;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/gcc_pic/basicassign3.expected b/src/test/incorrect/basicassign3/gcc_pic/basicassign3.expected
index c53177c2b..37a75bdeb 100644
--- a/src/test/incorrect/basicassign3/gcc_pic/basicassign3.expected
+++ b/src/test/incorrect/basicassign3/gcc_pic/basicassign3.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -38,7 +32,7 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
 function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
@@ -73,8 +67,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -87,8 +81,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69649bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -100,48 +92,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69649bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv8;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv8;
+  var R1_1: bv8;
+  var R1_2: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "%0000031d"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "%00000324"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := memory_load8_le(mem, R0_2), (gamma_load8(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_3), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_1, Gamma_R1_1 := memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64)), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000033f"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store8_le(mem, R0_5, R1_1), gamma_store8(Gamma_mem, R0_5, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend56_8(memory_load8_le(mem, R0)), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "%0000035a"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_8, Gamma_R0_8 := memory_load8_le(mem, R0_7), (gamma_load8(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_8);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31, 15bv64))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_2, Gamma_R1_2 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%00000375"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store8_le(mem, R0_10, R1_2[8:0]), gamma_store8(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/basicassign3/gcc_pic/basicassign3_gtirb.expected b/src/test/incorrect/basicassign3/gcc_pic/basicassign3_gtirb.expected
index ccf993008..8ec9d45ea 100644
--- a/src/test/incorrect/basicassign3/gcc_pic/basicassign3_gtirb.expected
+++ b/src/test/incorrect/basicassign3/gcc_pic/basicassign3_gtirb.expected
@@ -1,11 +1,5 @@
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 const {:extern} $secret_addr: bv64;
@@ -38,11 +32,10 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) {
-  memory[index := value[8:0]]
+  memory[index := value]
 }
 
-function {:extern} {:bvbuiltin "zero_extend 24"} zero_extend24_8(bv8) returns (bv32);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
+function {:extern} {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -74,8 +67,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies Gamma_R0, Gamma_R1, Gamma_R31, Gamma_mem, Gamma_stack, R0, R1, R31, mem, stack;
+procedure main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -88,8 +81,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69649bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -101,48 +92,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69649bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
+  var Gamma_R0_10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_7: bool;
+  var Gamma_R0_8: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_2: bool;
+  var R0_10: bv64;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_7: bv64;
+  var R0_8: bv64;
+  var R1_1: bv64;
+  var R1_2: bv64;
   $main$__0__$rtcpQtj9TBywq60y1zeDfg:
-    assume {:captureState "$main$__0__$rtcpQtj9TBywq60y1zeDfg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_2, Gamma_R0_2 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), true);
-    assume {:captureState "1896$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_3, Gamma_R0_3 := zero_extend56_8(memory_load8_le(mem, R0_2)), (gamma_load8(Gamma_mem, R0_2) || L(mem, R0_2));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_3[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_3);
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), 0bv8), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_1, Gamma_R1_1 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1912$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_5) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store8_le(mem, R0_5, R1_1[8:0]), gamma_store8(Gamma_mem, R0_5, Gamma_R1_1);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4072bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4072bv64)) || L(mem, bvadd64(R0, 4072bv64)));
+    R0_7, Gamma_R0_7 := memory_load64_le(mem, 69608bv64), (gamma_load64(Gamma_mem, 69608bv64) || L(mem, 69608bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(zero_extend24_8(memory_load8_le(mem, R0))), (gamma_load8(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31, 15bv64), R0[8:0]), gamma_store8(Gamma_stack, bvadd64(R31, 15bv64), Gamma_R0);
-    assume {:captureState "1928$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R0_8, Gamma_R0_8 := zero_extend56_8(memory_load8_le(mem, R0_7)), (gamma_load8(Gamma_mem, R0_7) || L(mem, R0_7));
+    stack, Gamma_stack := memory_store8_le(stack, bvadd64(R31_in, 18446744073709551615bv64), R0_8[8:0]), gamma_store8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64), Gamma_R0_8);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
-    R1, Gamma_R1 := zero_extend32_32(zero_extend24_8(memory_load8_le(stack, bvadd64(R31, 15bv64)))), gamma_load8(Gamma_stack, bvadd64(R31, 15bv64));
+    R0_10, Gamma_R0_10 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
+    R1_2, Gamma_R1_2 := zero_extend56_8(memory_load8_le(stack, bvadd64(R31_in, 18446744073709551615bv64))), gamma_load8(Gamma_stack, bvadd64(R31_in, 18446744073709551615bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store8_le(mem, R0, R1[8:0]), gamma_store8(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1944$0"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    assert (L(mem, R0_10) ==> Gamma_R1_2);
+    mem, Gamma_mem := memory_store8_le(mem, R0_10, R1_2[8:0]), gamma_store8(Gamma_mem, R0_10, Gamma_R1_2);
     goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_2, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_2, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/iflocal/clang/iflocal.expected b/src/test/incorrect/iflocal/clang/iflocal.expected
index 0bee67490..7952630cc 100644
--- a/src/test/incorrect/iflocal/clang/iflocal.expected
+++ b/src/test/incorrect/iflocal/clang/iflocal.expected
@@ -1,34 +1,27 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -44,11 +37,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -79,8 +70,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, R8, VF, ZF, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -91,8 +82,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -102,73 +91,52 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_7: bool;
+  var R0_2: bv64;
+  var R8_1: bv32;
+  var R8_10: bv64;
+  var R8_2: bv32;
+  var R8_7: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%000002f5"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%000002fd"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%0000030c"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), R8_1), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), Gamma_R8_1);
+    R8_2, Gamma_R8_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l00000334, lmain_goto_l00000337;
-  l00000337:
-    assume {:captureState "l00000337"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000337:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l0000033a;
-  l00000334:
-    assume {:captureState "l00000334"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000334:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l0000033a;
   l0000033a:
-    assume {:captureState "l0000033a"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l0000033a_goto_l00000342, l0000033a_goto_l00000359;
-  l00000359:
-    assume {:captureState "l00000359"} true;
-    goto l0000035a;
-  l0000035a:
-    assume {:captureState "l0000035a"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%00000368"} true;
+  l0000033a_goto_l00000359:
+    assume (!(R8_7[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    R8_10, Gamma_R8_10 := 1bv64, true;
     goto l00000342;
-  l00000342:
-    assume {:captureState "l00000342"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000334:
-    assume {:captureState "lmain_goto_l00000334"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000334;
-  lmain_goto_l00000337:
-    assume {:captureState "lmain_goto_l00000337"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000337;
   l0000033a_goto_l00000342:
-    assume {:captureState "l0000033a_goto_l00000342"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_7[1:0] == 1bv1);
+    R8_10, Gamma_R8_10 := R8_7, Gamma_R8_7;
     goto l00000342;
-  l0000033a_goto_l00000359:
-    assume {:captureState "l0000033a_goto_l00000359"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000359;
+  l00000342:
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_2, R31_in, R8_10;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_2, Gamma_R31_in, Gamma_R8_10;
     return;
 }
 
diff --git a/src/test/incorrect/iflocal/clang/iflocal_gtirb.expected b/src/test/incorrect/iflocal/clang/iflocal_gtirb.expected
index 27f877960..c54d33daa 100644
--- a/src/test/incorrect/iflocal/clang/iflocal_gtirb.expected
+++ b/src/test/incorrect/iflocal/clang/iflocal_gtirb.expected
@@ -1,33 +1,27 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -43,10 +37,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -77,8 +70,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, R8, VF, ZF, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1896bv64) == 1bv8);
@@ -89,8 +82,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1896bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1897bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1898bv64) == 2bv8);
@@ -100,65 +91,89 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool)
 {
-  var Cse0__5$1$6: bv32;
-  var Gamma_Cse0__5$1$6: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R31_11: bool;
+  var Gamma_R31_2: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R8_1: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_7: bool;
+  var R0_2: bv64;
+  var R31_11: bv64;
+  var R31_2: bv64;
+  var R31_7: bv64;
+  var R31_9: bv64;
+  var R8_1: bv64;
+  var R8_10: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_15: bv64;
+  var R8_2: bv64;
+  var R8_4: bv64;
+  var R8_7: bv64;
   $main$__0__$dITIp_QuTySaVuiLkGLLoQ:
-    assume {:captureState "$main$__0__$dITIp_QuTySaVuiLkGLLoQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1820$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1828$0"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    Cse0__5$1$6, Gamma_Cse0__5$1$6 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$6, Cse0__5$1$6)), Gamma_Cse0__5$1$6;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$6), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$1$6);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$6, 0bv32), Gamma_Cse0__5$1$6;
-    NF, Gamma_NF := Cse0__5$1$6[32:31], Gamma_Cse0__5$1$6;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$1$6), Gamma_Cse0__5$1$6;
-    assert Gamma_ZF;
+    R31_2, Gamma_R31_2 := bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R8_1, Gamma_R8_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), R8_1[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), Gamma_R8_1);
+    R8_2, Gamma_R8_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0, $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1;
-  $main$__1__$9yZxYvkWSfeMd9LhgBu42A:
-    assume {:captureState "$main$__1__$9yZxYvkWSfeMd9LhgBu42A"} true;
-    goto $main$__2__$imxUF1WxQcO7w5yQCfBNQw;
-  $main$__2__$imxUF1WxQcO7w5yQCfBNQw:
-    assume {:captureState "$main$__2__$imxUF1WxQcO7w5yQCfBNQw"} true;
-    R8, Gamma_R8 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1856$0"} true;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1:
+    assume (!(R8_2[32:0] == 0bv32));
+    R8_4, Gamma_R8_4 := 1bv64, true;
+    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg, $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A:
+    R31_7, Gamma_R31_7 := R31_2, Gamma_R31_2;
+    R8_10, Gamma_R8_10 := R8_4, Gamma_R8_4;
+    assert Gamma_R8_10;
+    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg:
+    R31_9, Gamma_R31_9 := R31_2, Gamma_R31_2;
+    R8_13, Gamma_R8_13 := R8_4, Gamma_R8_4;
+    assert Gamma_R8_13;
+    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0:
+    assume (R8_2[32:0] == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
+    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg, $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A:
+    R31_7, Gamma_R31_7 := R31_2, Gamma_R31_2;
+    R8_10, Gamma_R8_10 := R8_7, Gamma_R8_7;
+    assert Gamma_R8_10;
+    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A:
+    assume (!(R8_10[1:0] == 1bv1));
+    R8_11, Gamma_R8_11 := 1bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_7, 4bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_7, 4bv64), true);
+    R31_11, Gamma_R31_11 := R31_7, Gamma_R31_7;
+    R8_15, Gamma_R8_15 := R8_11, Gamma_R8_11;
     goto $main$__3__$VzkdJ~gQQUaAj8nayCsAQg;
-  $main$__3__$VzkdJ~gQQUaAj8nayCsAQg:
-    assume {:captureState "$main$__3__$VzkdJ~gQQUaAj8nayCsAQg"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
+  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0_phi_$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg:
+    R31_9, Gamma_R31_9 := R31_2, Gamma_R31_2;
+    R8_13, Gamma_R8_13 := R8_7, Gamma_R8_7;
+    assert Gamma_R8_13;
+    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg;
   $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg:
-    assume {:captureState "$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg"} true;
-    assume (R8[1:0] == 1bv1);
+    assume (R8_13[1:0] == 1bv1);
+    R31_11, Gamma_R31_11 := R31_9, Gamma_R31_9;
+    R8_15, Gamma_R8_15 := R8_13, Gamma_R8_13;
     goto $main$__3__$VzkdJ~gQQUaAj8nayCsAQg;
-  $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A:
-    assume {:captureState "$main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$9yZxYvkWSfeMd9LhgBu42A;
-  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0:
-    assume {:captureState "$main$__0__$dITIp_QuTySaVuiLkGLLoQ$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg, $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A;
-  $main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1:
-    assume {:captureState "$main$__0__$dITIp_QuTySaVuiLkGLLoQ$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__3__$VzkdJ~gQQUaAj8nayCsAQg, $main$__0__$dITIp_QuTySaVuiLkGLLoQ_goto_$main$__1__$9yZxYvkWSfeMd9LhgBu42A;
+  $main$__3__$VzkdJ~gQQUaAj8nayCsAQg:
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_11, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31_11, 4bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out := R0_2, bvadd64(R31_11, 16bv64), R8_15;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out := Gamma_R0_2, Gamma_R31_11, Gamma_R8_15;
     return;
 }
 
diff --git a/src/test/incorrect/iflocal/gcc/iflocal.expected b/src/test/incorrect/iflocal/gcc/iflocal.expected
index 56c7ab8a8..0d865e532 100644
--- a/src/test/incorrect/iflocal/gcc/iflocal.expected
+++ b/src/test/incorrect/iflocal/gcc/iflocal.expected
@@ -1,32 +1,27 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -42,12 +37,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
   ensures (mem == old(mem));
@@ -77,8 +69,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, VF, ZF, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1880bv64) == 1bv8);
@@ -89,8 +81,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1880bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1881bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1882bv64) == 2bv8);
@@ -100,47 +90,31 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var Gamma_#4: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var R0_2: bv32;
+  var R0_3: bv32;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%000002e6"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%000002f5"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_2), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_2);
+    R0_3, Gamma_R0_3 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    assert Gamma_R0_3;
     goto lmain_goto_l00000318, lmain_goto_l0000032d;
-  l0000032d:
-    assume {:captureState "l0000032d"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000338"} true;
+  lmain_goto_l0000032d:
+    assume (R0_3 == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     goto l00000318;
-  l00000318:
-    assume {:captureState "l00000318"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
-    goto main_basil_return;
   lmain_goto_l00000318:
-    assume {:captureState "lmain_goto_l00000318"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_3 == 0bv32));
     goto l00000318;
-  lmain_goto_l0000032d:
-    assume {:captureState "lmain_goto_l0000032d"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000032d;
+  l00000318:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := 0bv64, R31_in;
+    Gamma_R0_out, Gamma_R31_out := true, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/iflocal/gcc/iflocal_gtirb.expected b/src/test/incorrect/iflocal/gcc/iflocal_gtirb.expected
index ff10eb358..9f4d658f1 100644
--- a/src/test/incorrect/iflocal/gcc/iflocal_gtirb.expected
+++ b/src/test/incorrect/iflocal/gcc/iflocal_gtirb.expected
@@ -1,31 +1,27 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -41,10 +37,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -75,8 +70,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_stack, NF, R0, R31, VF, ZF, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_stack, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1880bv64) == 1bv8);
@@ -87,8 +82,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1880bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1881bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1882bv64) == 2bv8);
@@ -98,47 +91,41 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$5: bv32;
-  var Gamma_Cse0__5$1$5: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R31_2: bool;
+  var Gamma_R31_5: bool;
+  var R0_2: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R31_2: bv64;
+  var R31_5: bv64;
   $main$__0__$JHsGwNfGRCOpiUZHeubweA:
-    assume {:captureState "$main$__0__$JHsGwNfGRCOpiUZHeubweA"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1824$0"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$1$5, Gamma_Cse0__5$1$5 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$5, Cse0__5$1$5)), Gamma_Cse0__5$1$5;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$5), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$1$5);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$5, 0bv32), Gamma_Cse0__5$1$5;
-    NF, Gamma_NF := Cse0__5$1$5[32:31], Gamma_Cse0__5$1$5;
-    assert Gamma_ZF;
+    R31_2, Gamma_R31_2 := bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_2[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_2);
+    R0_3, Gamma_R0_3 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    assert Gamma_R0_3;
     goto $main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__2__$ISicwCLjQ0aYINQWknU4Ug, $main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__1__$f08glPMzTSyyoBl6Ituc2w;
-  $main$__1__$f08glPMzTSyyoBl6Ituc2w:
-    assume {:captureState "$main$__1__$f08glPMzTSyyoBl6Ituc2w"} true;
-    R0, Gamma_R0 := 1bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1844$0"} true;
+  $main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__1__$f08glPMzTSyyoBl6Ituc2w:
+    assume (R0_3[32:0] == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 1bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R31_5, Gamma_R31_5 := R31_2, Gamma_R31_2;
     goto $main$__2__$ISicwCLjQ0aYINQWknU4Ug;
-  $main$__2__$ISicwCLjQ0aYINQWknU4Ug:
-    assume {:captureState "$main$__2__$ISicwCLjQ0aYINQWknU4Ug"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
-    goto main_basil_return;
   $main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__2__$ISicwCLjQ0aYINQWknU4Ug:
-    assume {:captureState "$main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__2__$ISicwCLjQ0aYINQWknU4Ug"} true;
-    assume (!(ZF == 1bv1));
+    assume (!(R0_3[32:0] == 0bv32));
+    R31_5, Gamma_R31_5 := R31_2, Gamma_R31_2;
     goto $main$__2__$ISicwCLjQ0aYINQWknU4Ug;
-  $main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__1__$f08glPMzTSyyoBl6Ituc2w:
-    assume {:captureState "$main$__0__$JHsGwNfGRCOpiUZHeubweA_goto_$main$__1__$f08glPMzTSyyoBl6Ituc2w"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$f08glPMzTSyyoBl6Ituc2w;
+  $main$__2__$ISicwCLjQ0aYINQWknU4Ug:
+    R0_5, Gamma_R0_5 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_5, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_5, 28bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out := R0_5, bvadd64(R31_5, 32bv64);
+    Gamma_R0_out, Gamma_R31_out := Gamma_R0_5, Gamma_R31_5;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/clang/nestedifglobal.expected b/src/test/incorrect/nestedifglobal/clang/nestedifglobal.expected
index 53de1f20f..3beced949 100644
--- a/src/test/incorrect/nestedifglobal/clang/nestedifglobal.expected
+++ b/src/test/incorrect/nestedifglobal/clang/nestedifglobal.expected
@@ -1,40 +1,31 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -50,11 +41,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -85,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1976bv64) == 1bv8);
@@ -97,8 +86,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1976bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1977bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1978bv64) == 2bv8);
@@ -108,183 +95,113 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var #6: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
-  var Gamma_#6: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_17: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_22: bool;
+  var Gamma_R8_24: bool;
+  var Gamma_R8_26: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9_1: bool;
+  var R0_2: bv64;
+  var R8_10: bv32;
+  var R8_15: bv64;
+  var R8_17: bv32;
+  var R8_2: bv32;
+  var R8_22: bv64;
+  var R8_24: bv64;
+  var R8_26: bv64;
+  var R8_7: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "%00000345"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "%0000034d"} true;
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 69632bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R9_1, Gamma_R9_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assume {:captureState "%00000361"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), true);
-    assume {:captureState "%00000368"} true;
+    assert (L(mem, 69684bv64) ==> Gamma_R9_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R9_1[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto lmain_goto_l00000390, lmain_goto_l00000393;
-  l00000393:
-    assume {:captureState "l00000393"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l00000393:
+    assume (!(R8_2 == 0bv32));
+    R8_7, Gamma_R8_7 := 1bv64, true;
     goto l00000396;
-  l00000390:
-    assume {:captureState "l00000390"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l00000390:
+    assume (R8_2 == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
     goto l00000396;
   l00000396:
-    assume {:captureState "l00000396"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_7;
     goto l00000396_goto_l0000039e, l00000396_goto_l0000045d;
-  l0000045d:
-    assume {:captureState "l0000045d"} true;
-    goto l0000045e;
-  l0000045e:
-    assume {:captureState "l0000045e"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%0000046c"} true;
+  l00000396_goto_l0000045d:
+    assume (!(R8_7[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    goto l0000039e;
+  l00000396_goto_l0000039e:
+    assume (R8_7[1:0] == 1bv1);
     goto l0000039e;
   l0000039e:
-    assume {:captureState "l0000039e"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    #5, Gamma_#5 := bvadd32(R8[32:0], 4294967294bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_#5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_#5);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#5, 1bv32)), Gamma_#5;
-    assert Gamma_ZF;
+    R8_10, Gamma_R8_10 := memory_load32_le(mem, 69684bv64), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_10;
     goto l0000039e_goto_l000003ce, l0000039e_goto_l000003d1;
-  l000003d1:
-    assume {:captureState "l000003d1"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  l0000039e_goto_l000003d1:
+    assume (!(R8_10 == 1bv32));
+    R8_15, Gamma_R8_15 := 1bv64, true;
     goto l000003d4;
-  l000003ce:
-    assume {:captureState "l000003ce"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  l0000039e_goto_l000003ce:
+    assume (R8_10 == 1bv32);
+    R8_15, Gamma_R8_15 := 0bv64, true;
     goto l000003d4;
   l000003d4:
-    assume {:captureState "l000003d4"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_15;
     goto l000003d4_goto_l000003dc, l000003d4_goto_l00000448;
-  l00000448:
-    assume {:captureState "l00000448"} true;
-    goto l00000449;
-  l00000449:
-    assume {:captureState "l00000449"} true;
-    R8, Gamma_R8 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%00000457"} true;
+  l000003d4_goto_l00000448:
+    assume (!(R8_15[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    goto l000003dc;
+  l000003d4_goto_l000003dc:
+    assume (R8_15[1:0] == 1bv1);
     goto l000003dc;
   l000003dc:
-    assume {:captureState "l000003dc"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    #6, Gamma_#6 := bvadd32(R8[32:0], 4294967292bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#6, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 8589934589bv33))), (Gamma_R8 && Gamma_#6);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#6, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967293bv33))), (Gamma_R8 && Gamma_#6);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#6, 1bv32), 0bv32), Gamma_#6;
-    NF, Gamma_NF := bvadd32(#6, 1bv32)[32:31], Gamma_#6;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#6, 1bv32)), Gamma_#6;
-    assert Gamma_ZF;
+    R8_17, Gamma_R8_17 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    assert Gamma_R8_17;
     goto l000003dc_goto_l00000407, l000003dc_goto_l0000040a;
-  l0000040a:
-    assume {:captureState "l0000040a"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  l000003dc_goto_l0000040a:
+    assume (!(R8_17 == 3bv32));
+    R8_22, Gamma_R8_22 := 1bv64, true;
     goto l0000040d;
-  l00000407:
-    assume {:captureState "l00000407"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  l000003dc_goto_l00000407:
+    assume (R8_17 == 3bv32);
+    R8_22, Gamma_R8_22 := 0bv64, true;
     goto l0000040d;
   l0000040d:
-    assume {:captureState "l0000040d"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_22;
     goto l0000040d_goto_l00000415, l0000040d_goto_l0000042c;
-  l0000042c:
-    assume {:captureState "l0000042c"} true;
-    goto l0000042d;
-  l0000042d:
-    assume {:captureState "l0000042d"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  l0000040d_goto_l0000042c:
+    assume (!(R8_22[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "%00000442"} true;
+    R8_24, Gamma_R8_24 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), R8_24[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), Gamma_R8_24);
+    R8_26, Gamma_R8_26 := R8_24, Gamma_R8_24;
     goto l00000415;
-  l00000415:
-    assume {:captureState "l00000415"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000390:
-    assume {:captureState "lmain_goto_l00000390"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000390;
-  lmain_goto_l00000393:
-    assume {:captureState "lmain_goto_l00000393"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000393;
-  l00000396_goto_l0000039e:
-    assume {:captureState "l00000396_goto_l0000039e"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l0000039e;
-  l00000396_goto_l0000045d:
-    assume {:captureState "l00000396_goto_l0000045d"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000045d;
-  l0000039e_goto_l000003ce:
-    assume {:captureState "l0000039e_goto_l000003ce"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000003ce;
-  l0000039e_goto_l000003d1:
-    assume {:captureState "l0000039e_goto_l000003d1"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000003d1;
-  l000003d4_goto_l000003dc:
-    assume {:captureState "l000003d4_goto_l000003dc"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l000003dc;
-  l000003d4_goto_l00000448:
-    assume {:captureState "l000003d4_goto_l00000448"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000448;
-  l000003dc_goto_l00000407:
-    assume {:captureState "l000003dc_goto_l00000407"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000407;
-  l000003dc_goto_l0000040a:
-    assume {:captureState "l000003dc_goto_l0000040a"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l0000040a;
   l0000040d_goto_l00000415:
-    assume {:captureState "l0000040d_goto_l00000415"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_22[1:0] == 1bv1);
+    R8_26, Gamma_R8_26 := R8_22, Gamma_R8_22;
     goto l00000415;
-  l0000040d_goto_l0000042c:
-    assume {:captureState "l0000040d_goto_l0000042c"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000042c;
+  l00000415:
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_2, R31_in, R8_26, R9_1;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R31_in, Gamma_R8_26, Gamma_R9_1;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/clang/nestedifglobal_gtirb.expected b/src/test/incorrect/nestedifglobal/clang/nestedifglobal_gtirb.expected
index d813bfa91..dfbaf1f3b 100644
--- a/src/test/incorrect/nestedifglobal/clang/nestedifglobal_gtirb.expected
+++ b/src/test/incorrect/nestedifglobal/clang/nestedifglobal_gtirb.expected
@@ -1,39 +1,31 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -49,11 +41,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -84,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 1980bv64) == 1bv8);
@@ -96,8 +86,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69072bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1980bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1981bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1982bv64) == 2bv8);
@@ -107,161 +95,242 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69672bv64) == 69672bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$1$2: bv32;
-  var Cse0__5$2$8: bv32;
-  var Cse0__5$4$1: bv32;
-  var Gamma_Cse0__5$1$2: bool;
-  var Gamma_Cse0__5$2$8: bool;
-  var Gamma_Cse0__5$4$1: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R31_11: bool;
+  var Gamma_R31_16: bool;
+  var Gamma_R31_18: bool;
+  var Gamma_R31_2: bool;
+  var Gamma_R31_20: bool;
+  var Gamma_R31_25: bool;
+  var Gamma_R31_27: bool;
+  var Gamma_R31_29: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_12: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_16: bool;
+  var Gamma_R8_19: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_22: bool;
+  var Gamma_R8_24: bool;
+  var Gamma_R8_25: bool;
+  var Gamma_R8_27: bool;
+  var Gamma_R8_30: bool;
+  var Gamma_R8_33: bool;
+  var Gamma_R8_35: bool;
+  var Gamma_R8_36: bool;
+  var Gamma_R8_4: bool;
+  var Gamma_R8_7: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_10: bool;
+  var Gamma_R9_15: bool;
+  var Gamma_R9_17: bool;
+  var Gamma_R9_19: bool;
+  var Gamma_R9_24: bool;
+  var Gamma_R9_26: bool;
+  var Gamma_R9_28: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_8: bool;
+  var R0_2: bv64;
+  var R31_11: bv64;
+  var R31_16: bv64;
+  var R31_18: bv64;
+  var R31_2: bv64;
+  var R31_20: bv64;
+  var R31_25: bv64;
+  var R31_27: bv64;
+  var R31_29: bv64;
+  var R31_7: bv64;
+  var R31_9: bv64;
+  var R8_10: bv64;
+  var R8_12: bv64;
+  var R8_14: bv64;
+  var R8_16: bv64;
+  var R8_19: bv64;
+  var R8_2: bv64;
+  var R8_22: bv64;
+  var R8_24: bv64;
+  var R8_25: bv64;
+  var R8_27: bv64;
+  var R8_30: bv64;
+  var R8_33: bv64;
+  var R8_35: bv64;
+  var R8_36: bv64;
+  var R8_4: bv64;
+  var R8_7: bv64;
+  var R9_1: bv64;
+  var R9_10: bv64;
+  var R9_15: bv64;
+  var R9_17: bv64;
+  var R9_19: bv64;
+  var R9_24: bv64;
+  var R9_26: bv64;
+  var R9_28: bv64;
+  var R9_6: bv64;
+  var R9_8: bv64;
   $main$__0__$5~JKHoJWR8~6Qpjlk4xLag:
-    assume {:captureState "$main$__0__$5~JKHoJWR8~6Qpjlk4xLag"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551600bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), true);
-    assume {:captureState "1816$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 8bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R0);
-    assume {:captureState "1820$0"} true;
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 8bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 8bv64));
-    R8, Gamma_R8 := 69632bv64, true;
+    R31_2, Gamma_R31_2 := bvadd64(R31_in, 18446744073709551600bv64), Gamma_R31_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R9_1, Gamma_R9_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, bvadd64(R8, 52bv64)) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R8, 52bv64), R9[32:0]), gamma_store32(Gamma_mem, bvadd64(R8, 52bv64), Gamma_R9);
-    assume {:captureState "1832$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), true);
-    assume {:captureState "1836$0"} true;
+    assert (L(mem, 69684bv64) ==> Gamma_R9_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69684bv64, R9_1[32:0]), gamma_store32(Gamma_mem, 69684bv64, Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$2$8, Gamma_Cse0__5$2$8 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$2$8, Cse0__5$2$8)), Gamma_Cse0__5$2$8;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$2$8), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$2$8);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$2$8, 0bv32), Gamma_Cse0__5$2$8;
-    NF, Gamma_NF := Cse0__5$2$8[32:31], Gamma_Cse0__5$2$8;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$2$8), Gamma_Cse0__5$2$8;
-    assert Gamma_ZF;
+    R8_2, Gamma_R8_2 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_2;
     goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0, $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1;
-  $main$__1__$KuIORB~IS7~W8tkjfAUb_Q:
-    assume {:captureState "$main$__1__$KuIORB~IS7~W8tkjfAUb_Q"} true;
-    goto $main$__2__$YnjHRw7ZSTa3I0Dc55xViw;
-  $main$__2__$YnjHRw7ZSTa3I0Dc55xViw:
-    assume {:captureState "$main$__2__$YnjHRw7ZSTa3I0Dc55xViw"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1864$0"} true;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1:
+    assume (!(R8_2[32:0] == 0bv32));
+    R8_4, Gamma_R8_4 := 1bv64, true;
+    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg, $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q:
+    R9_6, Gamma_R9_6 := R9_1, Gamma_R9_1;
+    R31_7, Gamma_R31_7 := R31_2, Gamma_R31_2;
+    R8_10, Gamma_R8_10 := R8_4, Gamma_R8_4;
+    assert Gamma_R8_10;
+    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg:
+    R9_8, Gamma_R9_8 := R9_1, Gamma_R9_1;
+    R31_9, Gamma_R31_9 := R31_2, Gamma_R31_2;
+    R8_12, Gamma_R8_12 := R8_4, Gamma_R8_4;
+    assert Gamma_R8_12;
+    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0:
+    assume (R8_2[32:0] == 0bv32);
+    R8_7, Gamma_R8_7 := 0bv64, true;
+    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg, $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q:
+    R9_6, Gamma_R9_6 := R9_1, Gamma_R9_1;
+    R31_7, Gamma_R31_7 := R31_2, Gamma_R31_2;
+    R8_10, Gamma_R8_10 := R8_7, Gamma_R8_7;
+    assert Gamma_R8_10;
+    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q:
+    assume (!(R8_10[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_7, 4bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_7, 4bv64), true);
+    R9_10, Gamma_R9_10 := R9_6, Gamma_R9_6;
+    R31_11, Gamma_R31_11 := R31_7, Gamma_R31_7;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0_phi_$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg:
+    R9_8, Gamma_R9_8 := R9_1, Gamma_R9_1;
+    R31_9, Gamma_R31_9 := R31_2, Gamma_R31_2;
+    R8_12, Gamma_R8_12 := R8_7, Gamma_R8_7;
+    assert Gamma_R8_12;
+    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg;
+  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg:
+    assume (R8_12[1:0] == 1bv1);
+    R9_10, Gamma_R9_10 := R9_8, Gamma_R9_8;
+    R31_11, Gamma_R31_11 := R31_9, Gamma_R31_9;
     goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg;
   $main$__3__$4zQQ78p3RBGN7NOzIYTxvg:
-    assume {:captureState "$main$__3__$4zQQ78p3RBGN7NOzIYTxvg"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 52bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 52bv64)) || L(mem, bvadd64(R8, 52bv64)));
-    Cse0__5$1$2, Gamma_Cse0__5$1$2 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$1$2), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_Cse0__5$1$2);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$2), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_Cse0__5$1$2);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$2, 0bv32), Gamma_Cse0__5$1$2;
-    NF, Gamma_NF := Cse0__5$1$2[32:31], Gamma_Cse0__5$1$2;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$1$2), Gamma_Cse0__5$1$2;
-    assert Gamma_ZF;
+    R8_14, Gamma_R8_14 := zero_extend32_32(memory_load32_le(mem, 69684bv64)), (gamma_load32(Gamma_mem, 69684bv64) || L(mem, 69684bv64));
+    assert Gamma_R8_14;
     goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0, $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1;
-  $main$__4__$mvvj12GjRhuZDH0mklvA1Q:
-    assume {:captureState "$main$__4__$mvvj12GjRhuZDH0mklvA1Q"} true;
-    goto $main$__5__$qyZYtjM~TZG82G5a2M8umw;
-  $main$__5__$qyZYtjM~TZG82G5a2M8umw:
-    assume {:captureState "$main$__5__$qyZYtjM~TZG82G5a2M8umw"} true;
-    R8, Gamma_R8 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1900$0"} true;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1:
+    assume (!(R8_14[32:0] == 1bv32));
+    R8_16, Gamma_R8_16 := 1bv64, true;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg, $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q:
+    R9_15, Gamma_R9_15 := R9_10, Gamma_R9_10;
+    R31_16, Gamma_R31_16 := R31_11, Gamma_R31_11;
+    R8_22, Gamma_R8_22 := R8_16, Gamma_R8_16;
+    assert Gamma_R8_22;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg:
+    R9_17, Gamma_R9_17 := R9_10, Gamma_R9_10;
+    R31_18, Gamma_R31_18 := R31_11, Gamma_R31_11;
+    R8_24, Gamma_R8_24 := R8_16, Gamma_R8_16;
+    assert Gamma_R8_24;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0:
+    assume (R8_14[32:0] == 1bv32);
+    R8_19, Gamma_R8_19 := 0bv64, true;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg, $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q:
+    R9_15, Gamma_R9_15 := R9_10, Gamma_R9_10;
+    R31_16, Gamma_R31_16 := R31_11, Gamma_R31_11;
+    R8_22, Gamma_R8_22 := R8_19, Gamma_R8_19;
+    assert Gamma_R8_22;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q:
+    assume (!(R8_22[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_16, 4bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_16, 4bv64), true);
+    R9_19, Gamma_R9_19 := R9_15, Gamma_R9_15;
+    R31_20, Gamma_R31_20 := R31_16, Gamma_R31_16;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0_phi_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg:
+    R9_17, Gamma_R9_17 := R9_10, Gamma_R9_10;
+    R31_18, Gamma_R31_18 := R31_11, Gamma_R31_11;
+    R8_24, Gamma_R8_24 := R8_19, Gamma_R8_19;
+    assert Gamma_R8_24;
+    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg;
+  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg:
+    assume (R8_24[1:0] == 1bv1);
+    R9_19, Gamma_R9_19 := R9_17, Gamma_R9_17;
+    R31_20, Gamma_R31_20 := R31_18, Gamma_R31_18;
     goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg;
   $main$__6__$Bi8U6733SjiyOwaLV4yoGg:
-    assume {:captureState "$main$__6__$Bi8U6733SjiyOwaLV4yoGg"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 4bv64));
-    Cse0__5$4$1, Gamma_Cse0__5$4$1 := bvadd32(R8[32:0], 4294967293bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$4$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934589bv33))), (Gamma_R8 && Gamma_Cse0__5$4$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$4$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967293bv33))), (Gamma_R8 && Gamma_Cse0__5$4$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$4$1, 0bv32), Gamma_Cse0__5$4$1;
-    NF, Gamma_NF := Cse0__5$4$1[32:31], Gamma_Cse0__5$4$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$4$1), Gamma_Cse0__5$4$1;
-    assert Gamma_ZF;
+    R8_25, Gamma_R8_25 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_20, 4bv64))), gamma_load32(Gamma_stack, bvadd64(R31_20, 4bv64));
+    assert Gamma_R8_25;
     goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0, $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1;
-  $main$__7__$Ke1U9A74QzyX5d6~BvAXuA:
-    assume {:captureState "$main$__7__$Ke1U9A74QzyX5d6~BvAXuA"} true;
-    goto $main$__8__$Y0H3mt1KQG6tdER4yPd20Q;
-  $main$__8__$Y0H3mt1KQG6tdER4yPd20Q:
-    assume {:captureState "$main$__8__$Y0H3mt1KQG6tdER4yPd20Q"} true;
-    R8, Gamma_R8 := 69632bv64, true;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1:
+    assume (!(R8_25[32:0] == 3bv32));
+    R8_27, Gamma_R8_27 := 1bv64, true;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw, $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA:
+    R9_24, Gamma_R9_24 := R9_19, Gamma_R9_19;
+    R31_25, Gamma_R31_25 := R31_20, Gamma_R31_20;
+    R8_33, Gamma_R8_33 := R8_27, Gamma_R8_27;
+    assert Gamma_R8_33;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw:
+    R9_26, Gamma_R9_26 := R9_19, Gamma_R9_19;
+    R31_27, Gamma_R31_27 := R31_20, Gamma_R31_20;
+    R8_36, Gamma_R8_36 := R8_27, Gamma_R8_27;
+    assert Gamma_R8_36;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0:
+    assume (R8_25[32:0] == 3bv32);
+    R8_30, Gamma_R8_30 := 0bv64, true;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw, $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA:
+    R9_24, Gamma_R9_24 := R9_19, Gamma_R9_19;
+    R31_25, Gamma_R31_25 := R31_20, Gamma_R31_20;
+    R8_33, Gamma_R8_33 := R8_30, Gamma_R8_30;
+    assert Gamma_R8_33;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA:
+    assume (!(R8_33[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 4bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 4bv64), Gamma_R8);
-    assume {:captureState "1936$0"} true;
+    R8_35, Gamma_R8_35 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_25, 4bv64), R8_35[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_25, 4bv64), Gamma_R8_35);
+    R9_28, Gamma_R9_28 := R9_24, Gamma_R9_24;
+    R31_29, Gamma_R31_29 := R31_25, Gamma_R31_25;
+    goto $main$__9__$ZE4m7PzcQaiZtThKfMYMbw;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0_phi_$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw:
+    R9_26, Gamma_R9_26 := R9_19, Gamma_R9_19;
+    R31_27, Gamma_R31_27 := R31_20, Gamma_R31_20;
+    R8_36, Gamma_R8_36 := R8_30, Gamma_R8_30;
+    assert Gamma_R8_36;
+    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw;
+  $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw:
+    assume (R8_36[1:0] == 1bv1);
+    R9_28, Gamma_R9_28 := R9_26, Gamma_R9_26;
+    R31_29, Gamma_R31_29 := R31_27, Gamma_R31_27;
     goto $main$__9__$ZE4m7PzcQaiZtThKfMYMbw;
   $main$__9__$ZE4m7PzcQaiZtThKfMYMbw:
-    assume {:captureState "$main$__9__$ZE4m7PzcQaiZtThKfMYMbw"} true;
-    R8, Gamma_R8 := 69632bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, bvadd64(R8, 56bv64))), (gamma_load32(Gamma_mem, bvadd64(R8, 56bv64)) || L(mem, bvadd64(R8, 56bv64)));
-    R31, Gamma_R31 := bvadd64(R31, 16bv64), Gamma_R31;
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(mem, 69688bv64)), (gamma_load32(Gamma_mem, 69688bv64) || L(mem, 69688bv64));
     goto main_basil_return;
-  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg:
-    assume {:captureState "$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg;
-  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q:
-    assume {:captureState "$main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__4__$mvvj12GjRhuZDH0mklvA1Q;
-  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0:
-    assume {:captureState "$main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg, $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q;
-  $main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1:
-    assume {:captureState "$main$__3__$4zQQ78p3RBGN7NOzIYTxvg$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__6__$Bi8U6733SjiyOwaLV4yoGg, $main$__3__$4zQQ78p3RBGN7NOzIYTxvg_goto_$main$__4__$mvvj12GjRhuZDH0mklvA1Q;
-  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg:
-    assume {:captureState "$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$4zQQ78p3RBGN7NOzIYTxvg;
-  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q:
-    assume {:captureState "$main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
-  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0:
-    assume {:captureState "$main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg, $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
-  $main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1:
-    assume {:captureState "$main$__0__$5~JKHoJWR8~6Qpjlk4xLag$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__3__$4zQQ78p3RBGN7NOzIYTxvg, $main$__0__$5~JKHoJWR8~6Qpjlk4xLag_goto_$main$__1__$KuIORB~IS7~W8tkjfAUb_Q;
-  $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw:
-    assume {:captureState "$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__9__$ZE4m7PzcQaiZtThKfMYMbw;
-  $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA:
-    assume {:captureState "$main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
-  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0:
-    assume {:captureState "$main$__6__$Bi8U6733SjiyOwaLV4yoGg$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw, $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
-  $main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1:
-    assume {:captureState "$main$__6__$Bi8U6733SjiyOwaLV4yoGg$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__9__$ZE4m7PzcQaiZtThKfMYMbw, $main$__6__$Bi8U6733SjiyOwaLV4yoGg_goto_$main$__7__$Ke1U9A74QzyX5d6~BvAXuA;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_2, bvadd64(R31_29, 16bv64), 69632bv64, R9_28;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R31_29, true, Gamma_R9_28;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal.expected b/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal.expected
index 8f50a130a..68709cfcb 100644
--- a/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal.expected
+++ b/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal.expected
@@ -1,34 +1,26 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -38,11 +30,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -58,15 +54,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -99,8 +93,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 2052bv64) == 1bv8);
@@ -113,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2052bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2053bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2054bv64) == 2bv8);
@@ -126,189 +118,125 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var #6: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
-  var Gamma_#6: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R8_10: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_16: bool;
+  var Gamma_R8_18: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_23: bool;
+  var Gamma_R8_25: bool;
+  var Gamma_R8_26: bool;
+  var Gamma_R8_28: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9_1: bool;
+  var R0_2: bv64;
+  var R8_10: bv64;
+  var R8_11: bv32;
+  var R8_16: bv64;
+  var R8_18: bv32;
+  var R8_2: bv64;
+  var R8_23: bv64;
+  var R8_25: bv64;
+  var R8_26: bv64;
+  var R8_28: bv64;
+  var R8_3: bv32;
+  var R8_8: bv64;
+  var R9_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "%0000035e"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "%00000365"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "%0000036d"} true;
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_2), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R9_1, Gamma_R9_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assume {:captureState "%0000037c"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), true);
-    assume {:captureState "%00000383"} true;
+    assert (L(mem, R8_2) ==> Gamma_R9_1);
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, R9_1[32:0]), gamma_store32(Gamma_mem, R8_2, Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #4, Gamma_#4 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 0bv33))), (Gamma_R8 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#4, 1bv32)), Gamma_#4;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := memory_load32_le(mem, R8_2), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto lmain_goto_l000003ab, lmain_goto_l000003ae;
-  l000003ae:
-    assume {:captureState "l000003ae"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  lmain_goto_l000003ae:
+    assume (!(R8_3 == 0bv32));
+    R8_8, Gamma_R8_8 := 1bv64, true;
     goto l000003b1;
-  l000003ab:
-    assume {:captureState "l000003ab"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  lmain_goto_l000003ab:
+    assume (R8_3 == 0bv32);
+    R8_8, Gamma_R8_8 := 0bv64, true;
     goto l000003b1;
   l000003b1:
-    assume {:captureState "l000003b1"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_8;
     goto l000003b1_goto_l000003b9, l000003b1_goto_l00000481;
-  l00000481:
-    assume {:captureState "l00000481"} true;
-    goto l00000482;
-  l00000482:
-    assume {:captureState "l00000482"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "%00000490"} true;
+  l000003b1_goto_l00000481:
+    assume (!(R8_8[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    goto l000003b9;
+  l000003b1_goto_l000003b9:
+    assume (R8_8[1:0] == 1bv1);
     goto l000003b9;
   l000003b9:
-    assume {:captureState "l000003b9"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_10, Gamma_R8_10 := memory_load64_le(stack, bvadd64(R31_in, 18446744073709551592bv64)), gamma_load64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    #5, Gamma_#5 := bvadd32(R8[32:0], 4294967294bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_#5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_#5);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#5, 1bv32)), Gamma_#5;
-    assert Gamma_ZF;
+    R8_11, Gamma_R8_11 := memory_load32_le(mem, R8_10), (gamma_load32(Gamma_mem, R8_10) || L(mem, R8_10));
+    assert Gamma_R8_11;
     goto l000003b9_goto_l000003eb, l000003b9_goto_l000003ee;
-  l000003ee:
-    assume {:captureState "l000003ee"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  l000003b9_goto_l000003ee:
+    assume (!(R8_11 == 1bv32));
+    R8_16, Gamma_R8_16 := 1bv64, true;
     goto l000003f1;
-  l000003eb:
-    assume {:captureState "l000003eb"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  l000003b9_goto_l000003eb:
+    assume (R8_11 == 1bv32);
+    R8_16, Gamma_R8_16 := 0bv64, true;
     goto l000003f1;
   l000003f1:
-    assume {:captureState "l000003f1"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_16;
     goto l000003f1_goto_l000003f9, l000003f1_goto_l0000046c;
-  l0000046c:
-    assume {:captureState "l0000046c"} true;
-    goto l0000046d;
-  l0000046d:
-    assume {:captureState "l0000046d"} true;
-    R8, Gamma_R8 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "%0000047b"} true;
+  l000003f1_goto_l0000046c:
+    assume (!(R8_16[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
+    goto l000003f9;
+  l000003f1_goto_l000003f9:
+    assume (R8_16[1:0] == 1bv1);
     goto l000003f9;
   l000003f9:
-    assume {:captureState "l000003f9"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    #6, Gamma_#6 := bvadd32(R8[32:0], 4294967292bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#6, 1bv32)), bvadd33(sign_extend1_32(R8[32:0]), 8589934589bv33))), (Gamma_R8 && Gamma_#6);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#6, 1bv32)), bvadd33(zero_extend1_32(R8[32:0]), 4294967293bv33))), (Gamma_R8 && Gamma_#6);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#6, 1bv32), 0bv32), Gamma_#6;
-    NF, Gamma_NF := bvadd32(#6, 1bv32)[32:31], Gamma_#6;
-    R8, Gamma_R8 := zero_extend32_32(bvadd32(#6, 1bv32)), Gamma_#6;
-    assert Gamma_ZF;
+    R8_18, Gamma_R8_18 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551604bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64));
+    assert Gamma_R8_18;
     goto l000003f9_goto_l00000424, l000003f9_goto_l00000427;
-  l00000427:
-    assume {:captureState "l00000427"} true;
-    R8, Gamma_R8 := 1bv64, true;
+  l000003f9_goto_l00000427:
+    assume (!(R8_18 == 3bv32));
+    R8_23, Gamma_R8_23 := 1bv64, true;
     goto l0000042a;
-  l00000424:
-    assume {:captureState "l00000424"} true;
-    R8, Gamma_R8 := 0bv64, true;
+  l000003f9_goto_l00000424:
+    assume (R8_18 == 3bv32);
+    R8_23, Gamma_R8_23 := 0bv64, true;
     goto l0000042a;
   l0000042a:
-    assume {:captureState "l0000042a"} true;
-    assert Gamma_R8;
+    assert Gamma_R8_23;
     goto l0000042a_goto_l00000432, l0000042a_goto_l00000449;
-  l00000449:
-    assume {:captureState "l00000449"} true;
-    goto l0000044a;
-  l0000044a:
-    assume {:captureState "l0000044a"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  l0000042a_goto_l00000449:
+    assume (!(R8_23[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_25, Gamma_R8_25 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "%00000466"} true;
+    R8_26, Gamma_R8_26 := zero_extend32_32(memory_load32_le(mem, R8_25)), (gamma_load32(Gamma_mem, R8_25) || L(mem, R8_25));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), R8_26[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), Gamma_R8_26);
+    R8_28, Gamma_R8_28 := R8_26, Gamma_R8_26;
     goto l00000432;
-  l00000432:
-    assume {:captureState "l00000432"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l000003ab:
-    assume {:captureState "lmain_goto_l000003ab"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000003ab;
-  lmain_goto_l000003ae:
-    assume {:captureState "lmain_goto_l000003ae"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000003ae;
-  l000003b1_goto_l000003b9:
-    assume {:captureState "l000003b1_goto_l000003b9"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l000003b9;
-  l000003b1_goto_l00000481:
-    assume {:captureState "l000003b1_goto_l00000481"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000481;
-  l000003b9_goto_l000003eb:
-    assume {:captureState "l000003b9_goto_l000003eb"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l000003eb;
-  l000003b9_goto_l000003ee:
-    assume {:captureState "l000003b9_goto_l000003ee"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l000003ee;
-  l000003f1_goto_l000003f9:
-    assume {:captureState "l000003f1_goto_l000003f9"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
-    goto l000003f9;
-  l000003f1_goto_l0000046c:
-    assume {:captureState "l000003f1_goto_l0000046c"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l0000046c;
-  l000003f9_goto_l00000424:
-    assume {:captureState "l000003f9_goto_l00000424"} true;
-    assume (bvcomp1(ZF, 1bv1) != 0bv1);
-    goto l00000424;
-  l000003f9_goto_l00000427:
-    assume {:captureState "l000003f9_goto_l00000427"} true;
-    assume (bvcomp1(ZF, 1bv1) == 0bv1);
-    goto l00000427;
   l0000042a_goto_l00000432:
-    assume {:captureState "l0000042a_goto_l00000432"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) != 0bv1);
+    assume (R8_23[1:0] == 1bv1);
+    R8_28, Gamma_R8_28 := R8_23, Gamma_R8_23;
     goto l00000432;
-  l0000042a_goto_l00000449:
-    assume {:captureState "l0000042a_goto_l00000449"} true;
-    assume (bvcomp1(R8[1:0], 1bv1) == 0bv1);
-    goto l00000449;
+  l00000432:
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_2, R31_in, R8_28, R9_1;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R31_in, Gamma_R8_28, Gamma_R9_1;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal_gtirb.expected b/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal_gtirb.expected
index 8bce8a767..5b1296d4b 100644
--- a/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal_gtirb.expected
+++ b/src/test/incorrect/nestedifglobal/clang_pic/nestedifglobal_gtirb.expected
@@ -1,33 +1,26 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_R8: bool;
-var {:extern} Gamma_R9: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R31: bv64;
-var {:extern} R8: bv64;
-var {:extern} R9: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
+function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) {
+  bvlshr64(value,bvmul64(offset,8bv64))[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -37,11 +30,15 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
 }
 
 function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -57,15 +54,13 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
 function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -98,8 +93,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R31, R8, R9, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69664bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69672bv64) == 69672bv64);
   free requires (memory_load8_le(mem, 2060bv64) == 1bv8);
@@ -112,8 +107,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69568bv64) == 69688bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free requires (memory_load64_le(mem, 69056bv64) == 1792bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2060bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2061bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2062bv64) == 2bv8);
@@ -125,169 +118,258 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 1876bv64);
   free ensures (memory_load64_le(mem, 69056bv64) == 1792bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R31_out: bv64, Gamma_R31_out: bool, R8_out: bv64, Gamma_R8_out: bool, R9_out: bv64, Gamma_R9_out: bool)
 {
-  var Cse0__5$3$1: bv32;
-  var Cse0__5$4$2: bv32;
-  var Cse0__5$7$10: bv32;
-  var Gamma_Cse0__5$3$1: bool;
-  var Gamma_Cse0__5$4$2: bool;
-  var Gamma_Cse0__5$7$10: bool;
+  var Gamma_R0_2: bool;
+  var Gamma_R31_11: bool;
+  var Gamma_R31_16: bool;
+  var Gamma_R31_18: bool;
+  var Gamma_R31_2: bool;
+  var Gamma_R31_20: bool;
+  var Gamma_R31_25: bool;
+  var Gamma_R31_27: bool;
+  var Gamma_R31_29: bool;
+  var Gamma_R31_7: bool;
+  var Gamma_R31_9: bool;
+  var Gamma_R8_11: bool;
+  var Gamma_R8_13: bool;
+  var Gamma_R8_14: bool;
+  var Gamma_R8_15: bool;
+  var Gamma_R8_17: bool;
+  var Gamma_R8_2: bool;
+  var Gamma_R8_20: bool;
+  var Gamma_R8_23: bool;
+  var Gamma_R8_25: bool;
+  var Gamma_R8_26: bool;
+  var Gamma_R8_28: bool;
+  var Gamma_R8_3: bool;
+  var Gamma_R8_31: bool;
+  var Gamma_R8_34: bool;
+  var Gamma_R8_36: bool;
+  var Gamma_R8_37: bool;
+  var Gamma_R8_38: bool;
+  var Gamma_R8_40: bool;
+  var Gamma_R8_5: bool;
+  var Gamma_R8_8: bool;
+  var Gamma_R9_1: bool;
+  var Gamma_R9_10: bool;
+  var Gamma_R9_15: bool;
+  var Gamma_R9_17: bool;
+  var Gamma_R9_19: bool;
+  var Gamma_R9_24: bool;
+  var Gamma_R9_26: bool;
+  var Gamma_R9_28: bool;
+  var Gamma_R9_6: bool;
+  var Gamma_R9_8: bool;
+  var R0_2: bv64;
+  var R31_11: bv64;
+  var R31_16: bv64;
+  var R31_18: bv64;
+  var R31_2: bv64;
+  var R31_20: bv64;
+  var R31_25: bv64;
+  var R31_27: bv64;
+  var R31_29: bv64;
+  var R31_7: bv64;
+  var R31_9: bv64;
+  var R8_11: bv64;
+  var R8_13: bv64;
+  var R8_14: bv64;
+  var R8_15: bv64;
+  var R8_17: bv64;
+  var R8_2: bv64;
+  var R8_20: bv64;
+  var R8_23: bv64;
+  var R8_25: bv64;
+  var R8_26: bv64;
+  var R8_28: bv64;
+  var R8_3: bv64;
+  var R8_31: bv64;
+  var R8_34: bv64;
+  var R8_36: bv64;
+  var R8_37: bv64;
+  var R8_38: bv64;
+  var R8_40: bv64;
+  var R8_5: bv64;
+  var R8_8: bv64;
+  var R9_1: bv64;
+  var R9_10: bv64;
+  var R9_15: bv64;
+  var R9_17: bv64;
+  var R9_19: bv64;
+  var R9_24: bv64;
+  var R9_26: bv64;
+  var R9_28: bv64;
+  var R9_6: bv64;
+  var R9_8: bv64;
   $main$__0__$T93CJsvjRiGkLGM3lm~zUw:
-    assume {:captureState "$main$__0__$T93CJsvjRiGkLGM3lm~zUw"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    R8, Gamma_R8 := 65536bv64, true;
+    R31_2, Gamma_R31_2 := bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4040bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4040bv64)) || L(mem, bvadd64(R8, 4040bv64)));
-    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8);
-    assume {:captureState "1888$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "1892$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 24bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0);
-    assume {:captureState "1896$0"} true;
-    R9, Gamma_R9 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 24bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 24bv64));
+    R8_2, Gamma_R8_2 := memory_load64_le(mem, 69576bv64), (gamma_load64(Gamma_mem, 69576bv64) || L(mem, 69576bv64));
+    stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31_in, 18446744073709551592bv64), R8_2), gamma_store64(Gamma_stack, bvadd64(R31_in, 18446744073709551592bv64), Gamma_R8_2);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551608bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64), Gamma_R0_in);
+    R9_1, Gamma_R9_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551608bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551608bv64));
     call rely();
-    assert (L(mem, R8) ==> Gamma_R9);
-    mem, Gamma_mem := memory_store32_le(mem, R8, R9[32:0]), gamma_store32(Gamma_mem, R8, Gamma_R9);
-    assume {:captureState "1904$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), true);
-    assume {:captureState "1908$0"} true;
+    assert (L(mem, R8_2) ==> Gamma_R9_1);
+    mem, Gamma_mem := memory_store32_le(mem, R8_2, R9_1[32:0]), gamma_store32(Gamma_mem, R8_2, Gamma_R9_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551604bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551604bv64), true);
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$7$10, Gamma_Cse0__5$7$10 := bvadd32(R8[32:0], 0bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$7$10, Cse0__5$7$10)), Gamma_Cse0__5$7$10;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$7$10), bvadd33(zero_extend1_32(R8[32:0]), 4294967296bv33))), (Gamma_R8 && Gamma_Cse0__5$7$10);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$7$10, 0bv32), Gamma_Cse0__5$7$10;
-    NF, Gamma_NF := Cse0__5$7$10[32:31], Gamma_Cse0__5$7$10;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$7$10), Gamma_Cse0__5$7$10;
-    assert Gamma_ZF;
+    R8_3, Gamma_R8_3 := zero_extend32_32(memory_load32_le(mem, R8_2)), (gamma_load32(Gamma_mem, R8_2) || L(mem, R8_2));
+    assert Gamma_R8_3;
     goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0, $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1;
-  $main$__1__$XR5j_yKuQR24HXECGUTTaw:
-    assume {:captureState "$main$__1__$XR5j_yKuQR24HXECGUTTaw"} true;
-    goto $main$__2__$StfBUB0KQESSUkJf_60bAQ;
-  $main$__2__$StfBUB0KQESSUkJf_60bAQ:
-    assume {:captureState "$main$__2__$StfBUB0KQESSUkJf_60bAQ"} true;
-    R8, Gamma_R8 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "1936$0"} true;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1:
+    assume (!(R8_3[32:0] == 0bv32));
+    R8_5, Gamma_R8_5 := 1bv64, true;
+    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ, $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw:
+    R9_6, Gamma_R9_6 := R9_1, Gamma_R9_1;
+    R31_7, Gamma_R31_7 := R31_2, Gamma_R31_2;
+    R8_11, Gamma_R8_11 := R8_5, Gamma_R8_5;
+    assert Gamma_R8_11;
+    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ:
+    R9_8, Gamma_R9_8 := R9_1, Gamma_R9_1;
+    R31_9, Gamma_R31_9 := R31_2, Gamma_R31_2;
+    R8_13, Gamma_R8_13 := R8_5, Gamma_R8_5;
+    assert Gamma_R8_13;
+    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0:
+    assume (R8_3[32:0] == 0bv32);
+    R8_8, Gamma_R8_8 := 0bv64, true;
+    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ, $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw:
+    R9_6, Gamma_R9_6 := R9_1, Gamma_R9_1;
+    R31_7, Gamma_R31_7 := R31_2, Gamma_R31_2;
+    R8_11, Gamma_R8_11 := R8_8, Gamma_R8_8;
+    assert Gamma_R8_11;
+    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw:
+    assume (!(R8_11[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_7, 20bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_7, 20bv64), true);
+    R9_10, Gamma_R9_10 := R9_6, Gamma_R9_6;
+    R31_11, Gamma_R31_11 := R31_7, Gamma_R31_7;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0_phi_$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ:
+    R9_8, Gamma_R9_8 := R9_1, Gamma_R9_1;
+    R31_9, Gamma_R31_9 := R31_2, Gamma_R31_2;
+    R8_13, Gamma_R8_13 := R8_8, Gamma_R8_8;
+    assert Gamma_R8_13;
+    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ;
+  $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ:
+    assume (R8_13[1:0] == 1bv1);
+    R9_10, Gamma_R9_10 := R9_8, Gamma_R9_8;
+    R31_11, Gamma_R31_11 := R31_9, Gamma_R31_9;
     goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ;
   $main$__3__$BQu4h3vlSRawGkdd3zg0DQ:
-    assume {:captureState "$main$__3__$BQu4h3vlSRawGkdd3zg0DQ"} true;
-    R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64));
+    R8_14, Gamma_R8_14 := memory_load64_le(stack, bvadd64(R31_11, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31_11, 8bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    Cse0__5$4$2, Gamma_Cse0__5$4$2 := bvadd32(R8[32:0], 4294967295bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$4$2), bvadd33(sign_extend1_32(R8[32:0]), 8589934591bv33))), (Gamma_R8 && Gamma_Cse0__5$4$2);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$4$2), bvadd33(zero_extend1_32(R8[32:0]), 4294967295bv33))), (Gamma_R8 && Gamma_Cse0__5$4$2);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$4$2, 0bv32), Gamma_Cse0__5$4$2;
-    NF, Gamma_NF := Cse0__5$4$2[32:31], Gamma_Cse0__5$4$2;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$4$2), Gamma_Cse0__5$4$2;
-    assert Gamma_ZF;
+    R8_15, Gamma_R8_15 := zero_extend32_32(memory_load32_le(mem, R8_14)), (gamma_load32(Gamma_mem, R8_14) || L(mem, R8_14));
+    assert Gamma_R8_15;
     goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0, $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1;
-  $main$__4__$kgyF7X0vQAeoGY79WFpAXw:
-    assume {:captureState "$main$__4__$kgyF7X0vQAeoGY79WFpAXw"} true;
-    goto $main$__5__$La5W_bn0QnSJ~MnvpXFWoA;
-  $main$__5__$La5W_bn0QnSJ~MnvpXFWoA:
-    assume {:captureState "$main$__5__$La5W_bn0QnSJ~MnvpXFWoA"} true;
-    R8, Gamma_R8 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "1972$0"} true;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1:
+    assume (!(R8_15[32:0] == 1bv32));
+    R8_17, Gamma_R8_17 := 1bv64, true;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog, $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw:
+    R9_15, Gamma_R9_15 := R9_10, Gamma_R9_10;
+    R31_16, Gamma_R31_16 := R31_11, Gamma_R31_11;
+    R8_23, Gamma_R8_23 := R8_17, Gamma_R8_17;
+    assert Gamma_R8_23;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog:
+    R9_17, Gamma_R9_17 := R9_10, Gamma_R9_10;
+    R31_18, Gamma_R31_18 := R31_11, Gamma_R31_11;
+    R8_25, Gamma_R8_25 := R8_17, Gamma_R8_17;
+    assert Gamma_R8_25;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0:
+    assume (R8_15[32:0] == 1bv32);
+    R8_20, Gamma_R8_20 := 0bv64, true;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog, $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw:
+    R9_15, Gamma_R9_15 := R9_10, Gamma_R9_10;
+    R31_16, Gamma_R31_16 := R31_11, Gamma_R31_11;
+    R8_23, Gamma_R8_23 := R8_20, Gamma_R8_20;
+    assert Gamma_R8_23;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw:
+    assume (!(R8_23[1:0] == 1bv1));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_16, 20bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_16, 20bv64), true);
+    R9_19, Gamma_R9_19 := R9_15, Gamma_R9_15;
+    R31_20, Gamma_R31_20 := R31_16, Gamma_R31_16;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0_phi_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog:
+    R9_17, Gamma_R9_17 := R9_10, Gamma_R9_10;
+    R31_18, Gamma_R31_18 := R31_11, Gamma_R31_11;
+    R8_25, Gamma_R8_25 := R8_20, Gamma_R8_20;
+    assert Gamma_R8_25;
+    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog;
+  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog:
+    assume (R8_25[1:0] == 1bv1);
+    R9_19, Gamma_R9_19 := R9_17, Gamma_R9_17;
+    R31_20, Gamma_R31_20 := R31_18, Gamma_R31_18;
     goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog;
   $main$__6__$ScgHlHhCS1WcMwxSLBCjog:
-    assume {:captureState "$main$__6__$ScgHlHhCS1WcMwxSLBCjog"} true;
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 20bv64));
-    Cse0__5$3$1, Gamma_Cse0__5$3$1 := bvadd32(R8[32:0], 4294967293bv32), Gamma_R8;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$3$1), bvadd33(sign_extend1_32(R8[32:0]), 8589934589bv33))), (Gamma_R8 && Gamma_Cse0__5$3$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$1), bvadd33(zero_extend1_32(R8[32:0]), 4294967293bv33))), (Gamma_R8 && Gamma_Cse0__5$3$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$1, 0bv32), Gamma_Cse0__5$3$1;
-    NF, Gamma_NF := Cse0__5$3$1[32:31], Gamma_Cse0__5$3$1;
-    R8, Gamma_R8 := zero_extend32_32(Cse0__5$3$1), Gamma_Cse0__5$3$1;
-    assert Gamma_ZF;
+    R8_26, Gamma_R8_26 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_20, 20bv64))), gamma_load32(Gamma_stack, bvadd64(R31_20, 20bv64));
+    assert Gamma_R8_26;
     goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0, $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1;
-  $main$__7__$PJQQ~S5hQ3isxVg_lohkuQ:
-    assume {:captureState "$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ"} true;
-    goto $main$__8__$iZUB7usbTzOrpOA3bSaAkg;
-  $main$__8__$iZUB7usbTzOrpOA3bSaAkg:
-    assume {:captureState "$main$__8__$iZUB7usbTzOrpOA3bSaAkg"} true;
-    R8, Gamma_R8 := 65536bv64, true;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1:
+    assume (!(R8_26[32:0] == 3bv32));
+    R8_28, Gamma_R8_28 := 1bv64, true;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A, $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ:
+    R9_24, Gamma_R9_24 := R9_19, Gamma_R9_19;
+    R31_25, Gamma_R31_25 := R31_20, Gamma_R31_20;
+    R8_34, Gamma_R8_34 := R8_28, Gamma_R8_28;
+    assert Gamma_R8_34;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A:
+    R9_26, Gamma_R9_26 := R9_19, Gamma_R9_19;
+    R31_27, Gamma_R31_27 := R31_20, Gamma_R31_20;
+    R8_38, Gamma_R8_38 := R8_28, Gamma_R8_28;
+    assert Gamma_R8_38;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0:
+    assume (R8_26[32:0] == 3bv32);
+    R8_31, Gamma_R8_31 := 0bv64, true;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A, $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ:
+    R9_24, Gamma_R9_24 := R9_19, Gamma_R9_19;
+    R31_25, Gamma_R31_25 := R31_20, Gamma_R31_20;
+    R8_34, Gamma_R8_34 := R8_31, Gamma_R8_31;
+    assert Gamma_R8_34;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ:
+    assume (!(R8_34[1:0] == 1bv1));
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_36, Gamma_R8_36 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R8, Gamma_R8 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 20bv64), R8[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 20bv64), Gamma_R8);
-    assume {:captureState "2012$0"} true;
+    R8_37, Gamma_R8_37 := zero_extend32_32(memory_load32_le(mem, R8_36)), (gamma_load32(Gamma_mem, R8_36) || L(mem, R8_36));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_25, 20bv64), R8_37[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_25, 20bv64), Gamma_R8_37);
+    R9_28, Gamma_R9_28 := R9_24, Gamma_R9_24;
+    R31_29, Gamma_R31_29 := R31_25, Gamma_R31_25;
+    goto $main$__9__$WNf_4UJFTCupBtDlyt4H0A;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0_phi_$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A:
+    R9_26, Gamma_R9_26 := R9_19, Gamma_R9_19;
+    R31_27, Gamma_R31_27 := R31_20, Gamma_R31_20;
+    R8_38, Gamma_R8_38 := R8_31, Gamma_R8_31;
+    assert Gamma_R8_38;
+    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A;
+  $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A:
+    assume (R8_38[1:0] == 1bv1);
+    R9_28, Gamma_R9_28 := R9_26, Gamma_R9_26;
+    R31_29, Gamma_R31_29 := R31_27, Gamma_R31_27;
     goto $main$__9__$WNf_4UJFTCupBtDlyt4H0A;
   $main$__9__$WNf_4UJFTCupBtDlyt4H0A:
-    assume {:captureState "$main$__9__$WNf_4UJFTCupBtDlyt4H0A"} true;
-    R8, Gamma_R8 := 65536bv64, true;
     call rely();
-    R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 4032bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 4032bv64)) || L(mem, bvadd64(R8, 4032bv64)));
+    R8_40, Gamma_R8_40 := memory_load64_le(mem, 69568bv64), (gamma_load64(Gamma_mem, 69568bv64) || L(mem, 69568bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R8)), (gamma_load32(Gamma_mem, R8) || L(mem, R8));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R0_2, Gamma_R0_2 := zero_extend32_32(memory_load32_le(mem, R8_40)), (gamma_load32(Gamma_mem, R8_40) || L(mem, R8_40));
     goto main_basil_return;
-  $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A:
-    assume {:captureState "$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__9__$WNf_4UJFTCupBtDlyt4H0A;
-  $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ:
-    assume {:captureState "$main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
-  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0:
-    assume {:captureState "$main$__6__$ScgHlHhCS1WcMwxSLBCjog$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A, $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
-  $main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1:
-    assume {:captureState "$main$__6__$ScgHlHhCS1WcMwxSLBCjog$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__9__$WNf_4UJFTCupBtDlyt4H0A, $main$__6__$ScgHlHhCS1WcMwxSLBCjog_goto_$main$__7__$PJQQ~S5hQ3isxVg_lohkuQ;
-  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog:
-    assume {:captureState "$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__6__$ScgHlHhCS1WcMwxSLBCjog;
-  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw:
-    assume {:captureState "$main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__4__$kgyF7X0vQAeoGY79WFpAXw;
-  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0:
-    assume {:captureState "$main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog, $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw;
-  $main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1:
-    assume {:captureState "$main$__3__$BQu4h3vlSRawGkdd3zg0DQ$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__6__$ScgHlHhCS1WcMwxSLBCjog, $main$__3__$BQu4h3vlSRawGkdd3zg0DQ_goto_$main$__4__$kgyF7X0vQAeoGY79WFpAXw;
-  $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ:
-    assume {:captureState "$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ"} true;
-    assume (R8[1:0] == 1bv1);
-    goto $main$__3__$BQu4h3vlSRawGkdd3zg0DQ;
-  $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw:
-    assume {:captureState "$main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw"} true;
-    assume (!(R8[1:0] == 1bv1));
-    goto $main$__1__$XR5j_yKuQR24HXECGUTTaw;
-  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0:
-    assume {:captureState "$main$__0__$T93CJsvjRiGkLGM3lm~zUw$__0"} true;
-    assume (ZF == 1bv1);
-    R8, Gamma_R8 := 0bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ, $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw;
-  $main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1:
-    assume {:captureState "$main$__0__$T93CJsvjRiGkLGM3lm~zUw$__1"} true;
-    assume (!(ZF == 1bv1));
-    R8, Gamma_R8 := 1bv64, true;
-    assert Gamma_R8;
-    goto $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__3__$BQu4h3vlSRawGkdd3zg0DQ, $main$__0__$T93CJsvjRiGkLGM3lm~zUw_goto_$main$__1__$XR5j_yKuQR24HXECGUTTaw;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R31_out, R8_out, R9_out := R0_2, bvadd64(R31_29, 32bv64), R8_40, R9_28;
+    Gamma_R0_out, Gamma_R31_out, Gamma_R8_out, Gamma_R9_out := Gamma_R0_2, Gamma_R31_29, Gamma_R8_40, Gamma_R9_28;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/gcc/nestedifglobal.expected b/src/test/incorrect/nestedifglobal/gcc/nestedifglobal.expected
index e2f024896..a0f236369 100644
--- a/src/test/incorrect/nestedifglobal/gcc/nestedifglobal.expected
+++ b/src/test/incorrect/nestedifglobal/gcc/nestedifglobal.expected
@@ -1,38 +1,31 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -48,11 +41,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -83,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R31, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1956bv64) == 1bv8);
@@ -95,8 +86,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1956bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1957bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1958bv64) == 2bv8);
@@ -106,114 +95,66 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var #6: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
-  var Gamma_#6: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R1_1: bool;
+  var R0_10: bv32;
+  var R0_12: bv32;
+  var R0_15: bv32;
+  var R0_6: bv32;
+  var R1_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000332"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000034c"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "%00000353"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, 69652bv64) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, 69652bv64, R1_1[32:0]), gamma_store32(Gamma_mem, 69652bv64, Gamma_R1_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_6;
     goto lmain_goto_l00000381, lmain_goto_l00000414;
-  l00000414:
-    assume {:captureState "l00000414"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%0000041f"} true;
+  lmain_goto_l00000414:
+    assume (R0_6 == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    goto l00000381;
+  lmain_goto_l00000381:
+    assume (!(R0_6 == 0bv32));
     goto l00000381;
   l00000381:
-    assume {:captureState "l00000381"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #5, Gamma_#5 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_#5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_#5);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    assert Gamma_ZF;
+    R0_10, Gamma_R0_10 := memory_load32_le(mem, 69652bv64), (gamma_load32(Gamma_mem, 69652bv64) || L(mem, 69652bv64));
+    assert Gamma_R0_10;
     goto l00000381_goto_l000003b2, l00000381_goto_l00000407;
-  l00000407:
-    assume {:captureState "l00000407"} true;
-    R0, Gamma_R0 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000412"} true;
+  l00000381_goto_l00000407:
+    assume (R0_10 == 1bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    goto l000003b2;
+  l00000381_goto_l000003b2:
+    assume (!(R0_10 == 1bv32));
     goto l000003b2;
   l000003b2:
-    assume {:captureState "l000003b2"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    #6, Gamma_#6 := bvadd32(R0[32:0], 4294967292bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#6, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 8589934589bv33))), (Gamma_R0 && Gamma_#6);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#6, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967293bv33))), (Gamma_R0 && Gamma_#6);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#6, 1bv32), 0bv32), Gamma_#6;
-    NF, Gamma_NF := bvadd32(#6, 1bv32)[32:31], Gamma_#6;
-    assert Gamma_ZF;
+    R0_12, Gamma_R0_12 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    assert Gamma_R0_12;
     goto l000003b2_goto_l000003d8, l000003b2_goto_l000003ed;
-  l000003ed:
-    assume {:captureState "l000003ed"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+  l000003b2_goto_l000003ed:
+    assume (R0_12 == 3bv32);
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000405"} true;
+    R0_15, Gamma_R0_15 := memory_load32_le(mem, 69656bv64), (gamma_load32(Gamma_mem, 69656bv64) || L(mem, 69656bv64));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_15), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_15);
     goto l000003d8;
-  l000003d8:
-    assume {:captureState "l000003d8"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000381:
-    assume {:captureState "lmain_goto_l00000381"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000381;
-  lmain_goto_l00000414:
-    assume {:captureState "lmain_goto_l00000414"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000414;
-  l00000381_goto_l000003b2:
-    assume {:captureState "l00000381_goto_l000003b2"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l000003b2;
-  l00000381_goto_l00000407:
-    assume {:captureState "l00000381_goto_l00000407"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000407;
   l000003b2_goto_l000003d8:
-    assume {:captureState "l000003b2_goto_l000003d8"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_12 == 3bv32));
     goto l000003d8;
-  l000003b2_goto_l000003ed:
-    assume {:captureState "l000003b2_goto_l000003ed"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l000003ed;
+  l000003d8:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_1, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_1, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/gcc/nestedifglobal_gtirb.expected b/src/test/incorrect/nestedifglobal/gcc/nestedifglobal_gtirb.expected
index df7992d44..9e6306814 100644
--- a/src/test/incorrect/nestedifglobal/gcc/nestedifglobal_gtirb.expected
+++ b/src/test/incorrect/nestedifglobal/gcc/nestedifglobal_gtirb.expected
@@ -1,37 +1,31 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -47,11 +41,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -82,8 +74,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R31, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 1964bv64) == 1bv8);
@@ -94,8 +86,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69024bv64) == 1728bv64);
   free requires (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 1964bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 1965bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 1966bv64) == 2bv8);
@@ -105,117 +95,112 @@ procedure main();
   free ensures (memory_load64_le(mem, 69616bv64) == 1812bv64);
   free ensures (memory_load64_le(mem, 69640bv64) == 69640bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$4$1: bv32;
-  var Cse0__5$5$3: bv32;
-  var Cse0__5$6$10: bv32;
-  var Gamma_Cse0__5$4$1: bool;
-  var Gamma_Cse0__5$5$3: bool;
-  var Gamma_Cse0__5$6$10: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R31_11: bool;
+  var Gamma_R31_2: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_8: bool;
+  var R0_10: bv64;
+  var R0_12: bv64;
+  var R0_14: bv64;
+  var R0_15: bv64;
+  var R0_17: bv64;
+  var R0_18: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R0_9: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_4: bv64;
+  var R1_7: bv64;
+  var R31_11: bv64;
+  var R31_2: bv64;
+  var R31_5: bv64;
+  var R31_8: bv64;
   $main$__0__$9yseNFkhTuK04TK0yW3DZQ:
-    assume {:captureState "$main$__0__$9yseNFkhTuK04TK0yW3DZQ"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1816$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R31_2, Gamma_R31_2 := bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
+    R0_3, Gamma_R0_3 := 69652bv64, true;
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1832$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "1836$0"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    assert (L(mem, R0_3) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, R1_1[32:0]), gamma_store32(Gamma_mem, R0_3, Gamma_R1_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R0_5, Gamma_R0_5 := 69652bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$6$10, Gamma_Cse0__5$6$10 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$6$10, Cse0__5$6$10)), Gamma_Cse0__5$6$10;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$6$10), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$6$10);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$6$10, 0bv32), Gamma_Cse0__5$6$10;
-    NF, Gamma_NF := Cse0__5$6$10[32:31], Gamma_Cse0__5$6$10;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := zero_extend32_32(memory_load32_le(mem, R0_5)), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto $main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__2__$yfXOQSPfSoG_R~3nzeQfBw, $main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__1__$hCnLZz43RxuSXmdEBY0pRw;
-  $main$__1__$hCnLZz43RxuSXmdEBY0pRw:
-    assume {:captureState "$main$__1__$hCnLZz43RxuSXmdEBY0pRw"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1864$0"} true;
+  $main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__1__$hCnLZz43RxuSXmdEBY0pRw:
+    assume (R0_6[32:0] == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R31_5, Gamma_R31_5 := R31_2, Gamma_R31_2;
+    R1_4, Gamma_R1_4 := R1_1, Gamma_R1_1;
+    goto $main$__2__$yfXOQSPfSoG_R~3nzeQfBw;
+  $main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__2__$yfXOQSPfSoG_R~3nzeQfBw:
+    assume (!(R0_6[32:0] == 0bv32));
+    R31_5, Gamma_R31_5 := R31_2, Gamma_R31_2;
+    R1_4, Gamma_R1_4 := R1_1, Gamma_R1_1;
     goto $main$__2__$yfXOQSPfSoG_R~3nzeQfBw;
   $main$__2__$yfXOQSPfSoG_R~3nzeQfBw:
-    assume {:captureState "$main$__2__$yfXOQSPfSoG_R~3nzeQfBw"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 20bv64), Gamma_R0;
+    R0_9, Gamma_R0_9 := 69652bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$5$3, Gamma_Cse0__5$5$3 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$5$3), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_Cse0__5$5$3);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$5$3), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_Cse0__5$5$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$5$3, 0bv32), Gamma_Cse0__5$5$3;
-    NF, Gamma_NF := Cse0__5$5$3[32:31], Gamma_Cse0__5$5$3;
-    assert Gamma_ZF;
+    R0_10, Gamma_R0_10 := zero_extend32_32(memory_load32_le(mem, R0_9)), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
+    assert Gamma_R0_10;
     goto $main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__4__$oqZU9BW6TP6kbuw3LSxXQA, $main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__3__$9kAXtc8KTiCv7~xlE1Ofpg;
-  $main$__3__$9kAXtc8KTiCv7~xlE1Ofpg:
-    assume {:captureState "$main$__3__$9kAXtc8KTiCv7~xlE1Ofpg"} true;
-    R0, Gamma_R0 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1892$0"} true;
+  $main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__3__$9kAXtc8KTiCv7~xlE1Ofpg:
+    assume (R0_10[32:0] == 1bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_5, 28bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_5, 28bv64), true);
+    R31_8, Gamma_R31_8 := R31_5, Gamma_R31_5;
+    R1_7, Gamma_R1_7 := R1_4, Gamma_R1_4;
+    goto $main$__4__$oqZU9BW6TP6kbuw3LSxXQA;
+  $main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__4__$oqZU9BW6TP6kbuw3LSxXQA:
+    assume (!(R0_10[32:0] == 1bv32));
+    R31_8, Gamma_R31_8 := R31_5, Gamma_R31_5;
+    R1_7, Gamma_R1_7 := R1_4, Gamma_R1_4;
     goto $main$__4__$oqZU9BW6TP6kbuw3LSxXQA;
   $main$__4__$oqZU9BW6TP6kbuw3LSxXQA:
-    assume {:captureState "$main$__4__$oqZU9BW6TP6kbuw3LSxXQA"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$4$1, Gamma_Cse0__5$4$1 := bvadd32(R0[32:0], 4294967293bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$4$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934589bv33))), (Gamma_R0 && Gamma_Cse0__5$4$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$4$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967293bv33))), (Gamma_R0 && Gamma_Cse0__5$4$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$4$1, 0bv32), Gamma_Cse0__5$4$1;
-    NF, Gamma_NF := Cse0__5$4$1[32:31], Gamma_Cse0__5$4$1;
-    assert Gamma_ZF;
+    R0_12, Gamma_R0_12 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_8, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_8, 28bv64));
+    assert Gamma_R0_12;
     goto $main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__6__$dkXkbQHUTxKWR8e~2scKWw, $main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__5__$NGQwXgNySXKcztP0lKywGA;
-  $main$__5__$NGQwXgNySXKcztP0lKywGA:
-    assume {:captureState "$main$__5__$NGQwXgNySXKcztP0lKywGA"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+  $main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__5__$NGQwXgNySXKcztP0lKywGA:
+    assume (R0_12[32:0] == 3bv32);
+    R0_14, Gamma_R0_14 := 69656bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1920$0"} true;
+    R0_15, Gamma_R0_15 := zero_extend32_32(memory_load32_le(mem, R0_14)), (gamma_load32(Gamma_mem, R0_14) || L(mem, R0_14));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_8, 28bv64), R0_15[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_8, 28bv64), Gamma_R0_15);
+    R31_11, Gamma_R31_11 := R31_8, Gamma_R31_8;
+    R1_10, Gamma_R1_10 := R1_7, Gamma_R1_7;
+    goto $main$__6__$dkXkbQHUTxKWR8e~2scKWw;
+  $main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__6__$dkXkbQHUTxKWR8e~2scKWw:
+    assume (!(R0_12[32:0] == 3bv32));
+    R31_11, Gamma_R31_11 := R31_8, Gamma_R31_8;
+    R1_10, Gamma_R1_10 := R1_7, Gamma_R1_7;
     goto $main$__6__$dkXkbQHUTxKWR8e~2scKWw;
   $main$__6__$dkXkbQHUTxKWR8e~2scKWw:
-    assume {:captureState "$main$__6__$dkXkbQHUTxKWR8e~2scKWw"} true;
-    R0, Gamma_R0 := 69632bv64, true;
-    R0, Gamma_R0 := bvadd64(R0, 24bv64), Gamma_R0;
+    R0_17, Gamma_R0_17 := 69656bv64, true;
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R0_18, Gamma_R0_18 := zero_extend32_32(memory_load32_le(mem, R0_17)), (gamma_load32(Gamma_mem, R0_17) || L(mem, R0_17));
     goto main_basil_return;
-  $main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__6__$dkXkbQHUTxKWR8e~2scKWw:
-    assume {:captureState "$main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__6__$dkXkbQHUTxKWR8e~2scKWw"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__6__$dkXkbQHUTxKWR8e~2scKWw;
-  $main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__5__$NGQwXgNySXKcztP0lKywGA:
-    assume {:captureState "$main$__4__$oqZU9BW6TP6kbuw3LSxXQA_goto_$main$__5__$NGQwXgNySXKcztP0lKywGA"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__5__$NGQwXgNySXKcztP0lKywGA;
-  $main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__4__$oqZU9BW6TP6kbuw3LSxXQA:
-    assume {:captureState "$main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__4__$oqZU9BW6TP6kbuw3LSxXQA"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__4__$oqZU9BW6TP6kbuw3LSxXQA;
-  $main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__3__$9kAXtc8KTiCv7~xlE1Ofpg:
-    assume {:captureState "$main$__2__$yfXOQSPfSoG_R~3nzeQfBw_goto_$main$__3__$9kAXtc8KTiCv7~xlE1Ofpg"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__3__$9kAXtc8KTiCv7~xlE1Ofpg;
-  $main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__2__$yfXOQSPfSoG_R~3nzeQfBw:
-    assume {:captureState "$main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__2__$yfXOQSPfSoG_R~3nzeQfBw"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__2__$yfXOQSPfSoG_R~3nzeQfBw;
-  $main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__1__$hCnLZz43RxuSXmdEBY0pRw:
-    assume {:captureState "$main$__0__$9yseNFkhTuK04TK0yW3DZQ_goto_$main$__1__$hCnLZz43RxuSXmdEBY0pRw"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$hCnLZz43RxuSXmdEBY0pRw;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := R0_18, R1_10, bvadd64(R31_11, 32bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := Gamma_R0_18, Gamma_R1_10, Gamma_R31_11;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal.expected b/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal.expected
index 03cb61a25..2020a2fd3 100644
--- a/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal.expected
+++ b/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal.expected
@@ -1,32 +1,21 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp1(bv1, bv1) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -36,7 +25,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -52,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -89,8 +80,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R31, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2020bv64) == 1bv8);
@@ -103,8 +94,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2020bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2021bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2022bv64) == 2bv8);
@@ -116,118 +105,82 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var #4: bv32;
-  var #5: bv32;
-  var #6: bv32;
-  var Gamma_#4: bool;
-  var Gamma_#5: bool;
-  var Gamma_#6: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_1: bool;
+  var R0_10: bv32;
+  var R0_12: bv32;
+  var R0_14: bv64;
+  var R0_15: bv32;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv32;
+  var R0_9: bv64;
+  var R1_1: bv64;
   lmain:
-    assume {:captureState "lmain"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "%00000332"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "%0000034d"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "%00000354"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_3) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, R1_1[32:0]), gamma_store32(Gamma_mem, R0_3, Gamma_R1_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #4, Gamma_#4 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#4, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 0bv33))), (Gamma_R0 && Gamma_#4);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#4, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_#4);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#4, 1bv32), 0bv32), Gamma_#4;
-    NF, Gamma_NF := bvadd32(#4, 1bv32)[32:31], Gamma_#4;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := memory_load32_le(mem, R0_5), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto lmain_goto_l00000383, lmain_goto_l00000418;
-  l00000418:
-    assume {:captureState "l00000418"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000423"} true;
+  lmain_goto_l00000418:
+    assume (R0_6 == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    goto l00000383;
+  lmain_goto_l00000383:
+    assume (!(R0_6 == 0bv32));
     goto l00000383;
   l00000383:
-    assume {:captureState "l00000383"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    #5, Gamma_#5 := bvadd32(R0[32:0], 4294967294bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#5, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_#5);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#5, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_#5);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#5, 1bv32), 0bv32), Gamma_#5;
-    NF, Gamma_NF := bvadd32(#5, 1bv32)[32:31], Gamma_#5;
-    assert Gamma_ZF;
+    R0_10, Gamma_R0_10 := memory_load32_le(mem, R0_9), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
+    assert Gamma_R0_10;
     goto l00000383_goto_l000003b5, l00000383_goto_l0000040b;
-  l0000040b:
-    assume {:captureState "l0000040b"} true;
-    R0, Gamma_R0 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000416"} true;
+  l00000383_goto_l0000040b:
+    assume (R0_10 == 1bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    goto l000003b5;
+  l00000383_goto_l000003b5:
+    assume (!(R0_10 == 1bv32));
     goto l000003b5;
   l000003b5:
-    assume {:captureState "l000003b5"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    #6, Gamma_#6 := bvadd32(R0[32:0], 4294967292bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(bvadd32(#6, 1bv32)), bvadd33(sign_extend1_32(R0[32:0]), 8589934589bv33))), (Gamma_R0 && Gamma_#6);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(bvadd32(#6, 1bv32)), bvadd33(zero_extend1_32(R0[32:0]), 4294967293bv33))), (Gamma_R0 && Gamma_#6);
-    ZF, Gamma_ZF := bvcomp32(bvadd32(#6, 1bv32), 0bv32), Gamma_#6;
-    NF, Gamma_NF := bvadd32(#6, 1bv32)[32:31], Gamma_#6;
-    assert Gamma_ZF;
+    R0_12, Gamma_R0_12 := memory_load32_le(stack, bvadd64(R31_in, 18446744073709551612bv64)), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64));
+    assert Gamma_R0_12;
     goto l000003b5_goto_l000003db, l000003b5_goto_l000003f0;
-  l000003f0:
-    assume {:captureState "l000003f0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  l000003b5_goto_l000003f0:
+    assume (R0_12 == 3bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_14, Gamma_R0_14 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "%00000409"} true;
+    R0_15, Gamma_R0_15 := memory_load32_le(mem, R0_14), (gamma_load32(Gamma_mem, R0_14) || L(mem, R0_14));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), R0_15), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), Gamma_R0_15);
     goto l000003db;
-  l000003db:
-    assume {:captureState "l000003db"} true;
-    R0, Gamma_R0 := 0bv64, true;
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
-    goto main_basil_return;
-  lmain_goto_l00000383:
-    assume {:captureState "lmain_goto_l00000383"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l00000383;
-  lmain_goto_l00000418:
-    assume {:captureState "lmain_goto_l00000418"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l00000418;
-  l00000383_goto_l000003b5:
-    assume {:captureState "l00000383_goto_l000003b5"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
-    goto l000003b5;
-  l00000383_goto_l0000040b:
-    assume {:captureState "l00000383_goto_l0000040b"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l0000040b;
   l000003b5_goto_l000003db:
-    assume {:captureState "l000003b5_goto_l000003db"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) != 0bv1);
+    assume (!(R0_12 == 3bv32));
     goto l000003db;
-  l000003b5_goto_l000003f0:
-    assume {:captureState "l000003b5_goto_l000003f0"} true;
-    assume (bvnot1(bvcomp1(ZF, 1bv1)) == 0bv1);
-    goto l000003f0;
+  l000003db:
+    goto main_basil_return;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := 0bv64, R1_1, R31_in;
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := true, Gamma_R1_1, Gamma_R31_in;
     return;
 }
 
diff --git a/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal_gtirb.expected b/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal_gtirb.expected
index 1c44677d8..efb2272ad 100644
--- a/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal_gtirb.expected
+++ b/src/test/incorrect/nestedifglobal/gcc_pic/nestedifglobal_gtirb.expected
@@ -1,31 +1,21 @@
-var {:extern} CF: bv1;
-var {:extern} Gamma_CF: bool;
-var {:extern} Gamma_NF: bool;
-var {:extern} Gamma_R0: bool;
-var {:extern} Gamma_R1: bool;
-var {:extern} Gamma_R31: bool;
-var {:extern} Gamma_VF: bool;
-var {:extern} Gamma_ZF: bool;
 var {:extern} Gamma_mem: [bv64]bool;
 var {:extern} Gamma_stack: [bv64]bool;
-var {:extern} NF: bv1;
-var {:extern} R0: bv64;
-var {:extern} R1: bv64;
-var {:extern} R31: bv64;
-var {:extern} VF: bv1;
-var {:extern} ZF: bv1;
 var {:extern} mem: [bv64]bv8;
 var {:extern} stack: [bv64]bv8;
 function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) {
   false
 }
 
-function {:extern} {:bvbuiltin "bvadd"} bvadd32(bv32, bv32) returns (bv32);
-function {:extern} {:bvbuiltin "bvadd"} bvadd33(bv33, bv33) returns (bv33);
 function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp32(bv32, bv32) returns (bv1);
-function {:extern} {:bvbuiltin "bvcomp"} bvcomp33(bv33, bv33) returns (bv1);
-function {:extern} {:bvbuiltin "bvnot"} bvnot1(bv1) returns (bv1);
+function {:extern} {:bvbuiltin "bvlshr"} bvlshr32(bv32, bv32) returns (bv32);
+function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64);
+function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool);
+function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool);
+function {:inline} byte_extract32_64(value: bv32, offset: bv64) returns (bv8) {
+  bvlshr32(value,bvmul64(offset,8bv64)[32:0])[8:0]
+}
+
 function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) {
   (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index])))
 }
@@ -35,7 +25,11 @@ function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool
 }
 
 function {:extern} gamma_store32(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) {
-  gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then value else gammaMap[i])))
+}
+
+function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) {
+  (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len))))
 }
 
 function {:extern} memory_load32_le(memory: [bv64]bv8, index: bv64) returns (bv32) {
@@ -51,11 +45,9 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8)
 }
 
 function {:extern} memory_store32_le(memory: [bv64]bv8, index: bv64, value: bv32) returns ([bv64]bv8) {
-  memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]]
+  (lambda i: bv64 :: ((if in_bounds64_le(index, 4bv64, i) then byte_extract32_64(value, bvsub64(i, index)) else memory[i])))
 }
 
-function {:extern} {:bvbuiltin "sign_extend 1"} sign_extend1_32(bv32) returns (bv33);
-function {:extern} {:bvbuiltin "zero_extend 1"} zero_extend1_32(bv32) returns (bv33);
 function {:extern} {:bvbuiltin "zero_extend 32"} zero_extend32_32(bv32) returns (bv64);
 procedure {:extern} rely();
   modifies Gamma_mem, mem;
@@ -88,8 +80,8 @@ procedure {:extern} rely_reflexive();
 procedure {:extern} guarantee_reflexive();
   modifies Gamma_mem, mem;
 
-procedure main();
-  modifies CF, Gamma_CF, Gamma_NF, Gamma_R0, Gamma_R1, Gamma_R31, Gamma_VF, Gamma_ZF, Gamma_mem, Gamma_stack, NF, R0, R1, R31, VF, ZF, mem, stack;
+procedure main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool);
+  modifies Gamma_mem, Gamma_stack, mem, stack;
   free requires (memory_load64_le(mem, 69632bv64) == 0bv64);
   free requires (memory_load64_le(mem, 69640bv64) == 69640bv64);
   free requires (memory_load8_le(mem, 2028bv64) == 1bv8);
@@ -102,8 +94,6 @@ procedure main();
   free requires (memory_load64_le(mem, 69008bv64) == 1792bv64);
   free requires (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free requires (memory_load64_le(mem, 69000bv64) == 1872bv64);
-  free ensures (Gamma_R31 == old(Gamma_R31));
-  free ensures (R31 == old(R31));
   free ensures (memory_load8_le(mem, 2028bv64) == 1bv8);
   free ensures (memory_load8_le(mem, 2029bv64) == 0bv8);
   free ensures (memory_load8_le(mem, 2030bv64) == 2bv8);
@@ -115,122 +105,117 @@ procedure main();
   free ensures (memory_load64_le(mem, 69592bv64) == 69656bv64);
   free ensures (memory_load64_le(mem, 69000bv64) == 1872bv64);
 
-implementation main()
+implementation main(R0_in: bv64, Gamma_R0_in: bool, R31_in: bv64, Gamma_R31_in: bool) returns (R0_out: bv64, Gamma_R0_out: bool, R1_out: bv64, Gamma_R1_out: bool, R31_out: bv64, Gamma_R31_out: bool)
 {
-  var Cse0__5$1$10: bv32;
-  var Cse0__5$3$1: bv32;
-  var Cse0__5$5$3: bv32;
-  var Gamma_Cse0__5$1$10: bool;
-  var Gamma_Cse0__5$3$1: bool;
-  var Gamma_Cse0__5$5$3: bool;
+  var Gamma_R0_10: bool;
+  var Gamma_R0_12: bool;
+  var Gamma_R0_14: bool;
+  var Gamma_R0_15: bool;
+  var Gamma_R0_17: bool;
+  var Gamma_R0_18: bool;
+  var Gamma_R0_3: bool;
+  var Gamma_R0_5: bool;
+  var Gamma_R0_6: bool;
+  var Gamma_R0_9: bool;
+  var Gamma_R1_1: bool;
+  var Gamma_R1_10: bool;
+  var Gamma_R1_4: bool;
+  var Gamma_R1_7: bool;
+  var Gamma_R31_11: bool;
+  var Gamma_R31_2: bool;
+  var Gamma_R31_5: bool;
+  var Gamma_R31_8: bool;
+  var R0_10: bv64;
+  var R0_12: bv64;
+  var R0_14: bv64;
+  var R0_15: bv64;
+  var R0_17: bv64;
+  var R0_18: bv64;
+  var R0_3: bv64;
+  var R0_5: bv64;
+  var R0_6: bv64;
+  var R0_9: bv64;
+  var R1_1: bv64;
+  var R1_10: bv64;
+  var R1_4: bv64;
+  var R1_7: bv64;
+  var R31_11: bv64;
+  var R31_2: bv64;
+  var R31_5: bv64;
+  var R31_8: bv64;
   $main$__0__$_4YKHPc_R16UBSwXbttMHg:
-    assume {:captureState "$main$__0__$_4YKHPc_R16UBSwXbttMHg"} true;
-    R31, Gamma_R31 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 12bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 12bv64), Gamma_R0);
-    assume {:captureState "1880$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    R31_2, Gamma_R31_2 := bvadd64(R31_in, 18446744073709551584bv64), Gamma_R31_in;
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551596bv64), R0_in[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64), Gamma_R0_in);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
-    R1, Gamma_R1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 12bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 12bv64));
+    R0_3, Gamma_R0_3 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
+    R1_1, Gamma_R1_1 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_in, 18446744073709551596bv64))), gamma_load32(Gamma_stack, bvadd64(R31_in, 18446744073709551596bv64));
     call rely();
-    assert (L(mem, R0) ==> Gamma_R1);
-    mem, Gamma_mem := memory_store32_le(mem, R0, R1[32:0]), gamma_store32(Gamma_mem, R0, Gamma_R1);
-    assume {:captureState "1896$0"} true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), true);
-    assume {:captureState "1900$0"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+    assert (L(mem, R0_3) ==> Gamma_R1_1);
+    mem, Gamma_mem := memory_store32_le(mem, R0_3, R1_1[32:0]), gamma_store32(Gamma_mem, R0_3, Gamma_R1_1);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 0bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_5, Gamma_R0_5 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$1$10, Gamma_Cse0__5$1$10 := bvadd32(R0[32:0], 0bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp32(Cse0__5$1$10, Cse0__5$1$10)), Gamma_Cse0__5$1$10;
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$1$10), bvadd33(zero_extend1_32(R0[32:0]), 4294967296bv33))), (Gamma_R0 && Gamma_Cse0__5$1$10);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$1$10, 0bv32), Gamma_Cse0__5$1$10;
-    NF, Gamma_NF := Cse0__5$1$10[32:31], Gamma_Cse0__5$1$10;
-    assert Gamma_ZF;
+    R0_6, Gamma_R0_6 := zero_extend32_32(memory_load32_le(mem, R0_5)), (gamma_load32(Gamma_mem, R0_5) || L(mem, R0_5));
+    assert Gamma_R0_6;
     goto $main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__2__$suhWjK9FQk6egl8Kq7bkzA, $main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__1__$JFpnTYKyQUOhK~aVMxMB9w;
-  $main$__1__$JFpnTYKyQUOhK~aVMxMB9w:
-    assume {:captureState "$main$__1__$JFpnTYKyQUOhK~aVMxMB9w"} true;
-    R0, Gamma_R0 := 3bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1928$0"} true;
+  $main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__1__$JFpnTYKyQUOhK~aVMxMB9w:
+    assume (R0_6[32:0] == 0bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_in, 18446744073709551612bv64), 3bv32), gamma_store32(Gamma_stack, bvadd64(R31_in, 18446744073709551612bv64), true);
+    R31_5, Gamma_R31_5 := R31_2, Gamma_R31_2;
+    R1_4, Gamma_R1_4 := R1_1, Gamma_R1_1;
+    goto $main$__2__$suhWjK9FQk6egl8Kq7bkzA;
+  $main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__2__$suhWjK9FQk6egl8Kq7bkzA:
+    assume (!(R0_6[32:0] == 0bv32));
+    R31_5, Gamma_R31_5 := R31_2, Gamma_R31_2;
+    R1_4, Gamma_R1_4 := R1_1, Gamma_R1_1;
     goto $main$__2__$suhWjK9FQk6egl8Kq7bkzA;
   $main$__2__$suhWjK9FQk6egl8Kq7bkzA:
-    assume {:captureState "$main$__2__$suhWjK9FQk6egl8Kq7bkzA"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4064bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4064bv64)) || L(mem, bvadd64(R0, 4064bv64)));
+    R0_9, Gamma_R0_9 := memory_load64_le(mem, 69600bv64), (gamma_load64(Gamma_mem, 69600bv64) || L(mem, 69600bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    Cse0__5$5$3, Gamma_Cse0__5$5$3 := bvadd32(R0[32:0], 4294967295bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$5$3), bvadd33(sign_extend1_32(R0[32:0]), 8589934591bv33))), (Gamma_R0 && Gamma_Cse0__5$5$3);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$5$3), bvadd33(zero_extend1_32(R0[32:0]), 4294967295bv33))), (Gamma_R0 && Gamma_Cse0__5$5$3);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$5$3, 0bv32), Gamma_Cse0__5$5$3;
-    NF, Gamma_NF := Cse0__5$5$3[32:31], Gamma_Cse0__5$5$3;
-    assert Gamma_ZF;
+    R0_10, Gamma_R0_10 := zero_extend32_32(memory_load32_le(mem, R0_9)), (gamma_load32(Gamma_mem, R0_9) || L(mem, R0_9));
+    assert Gamma_R0_10;
     goto $main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__4__$pjW61HZrTOmndoem0ZAjmQ, $main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__3__$25~YyveSSxKjFiy3ZvDL7w;
-  $main$__3__$25~YyveSSxKjFiy3ZvDL7w:
-    assume {:captureState "$main$__3__$25~YyveSSxKjFiy3ZvDL7w"} true;
-    R0, Gamma_R0 := 5bv64, true;
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1956$0"} true;
+  $main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__3__$25~YyveSSxKjFiy3ZvDL7w:
+    assume (R0_10[32:0] == 1bv32);
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_5, 28bv64), 5bv32), gamma_store32(Gamma_stack, bvadd64(R31_5, 28bv64), true);
+    R31_8, Gamma_R31_8 := R31_5, Gamma_R31_5;
+    R1_7, Gamma_R1_7 := R1_4, Gamma_R1_4;
+    goto $main$__4__$pjW61HZrTOmndoem0ZAjmQ;
+  $main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__4__$pjW61HZrTOmndoem0ZAjmQ:
+    assume (!(R0_10[32:0] == 1bv32));
+    R31_8, Gamma_R31_8 := R31_5, Gamma_R31_5;
+    R1_7, Gamma_R1_7 := R1_4, Gamma_R1_4;
     goto $main$__4__$pjW61HZrTOmndoem0ZAjmQ;
   $main$__4__$pjW61HZrTOmndoem0ZAjmQ:
-    assume {:captureState "$main$__4__$pjW61HZrTOmndoem0ZAjmQ"} true;
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31, 28bv64));
-    Cse0__5$3$1, Gamma_Cse0__5$3$1 := bvadd32(R0[32:0], 4294967293bv32), Gamma_R0;
-    VF, Gamma_VF := bvnot1(bvcomp33(sign_extend1_32(Cse0__5$3$1), bvadd33(sign_extend1_32(R0[32:0]), 8589934589bv33))), (Gamma_R0 && Gamma_Cse0__5$3$1);
-    CF, Gamma_CF := bvnot1(bvcomp33(zero_extend1_32(Cse0__5$3$1), bvadd33(zero_extend1_32(R0[32:0]), 4294967293bv33))), (Gamma_R0 && Gamma_Cse0__5$3$1);
-    ZF, Gamma_ZF := bvcomp32(Cse0__5$3$1, 0bv32), Gamma_Cse0__5$3$1;
-    NF, Gamma_NF := Cse0__5$3$1[32:31], Gamma_Cse0__5$3$1;
-    assert Gamma_ZF;
+    R0_12, Gamma_R0_12 := zero_extend32_32(memory_load32_le(stack, bvadd64(R31_8, 28bv64))), gamma_load32(Gamma_stack, bvadd64(R31_8, 28bv64));
+    assert Gamma_R0_12;
     goto $main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__6__$~1v8YRimTzWott7vgkSlCw, $main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__5__$7jJxdga~TUGdn0Pj55GVWw;
-  $main$__5__$7jJxdga~TUGdn0Pj55GVWw:
-    assume {:captureState "$main$__5__$7jJxdga~TUGdn0Pj55GVWw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
+  $main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__5__$7jJxdga~TUGdn0Pj55GVWw:
+    assume (R0_12[32:0] == 3bv32);
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_14, Gamma_R0_14 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31, 28bv64), R0[32:0]), gamma_store32(Gamma_stack, bvadd64(R31, 28bv64), Gamma_R0);
-    assume {:captureState "1984$0"} true;
+    R0_15, Gamma_R0_15 := zero_extend32_32(memory_load32_le(mem, R0_14)), (gamma_load32(Gamma_mem, R0_14) || L(mem, R0_14));
+    stack, Gamma_stack := memory_store32_le(stack, bvadd64(R31_8, 28bv64), R0_15[32:0]), gamma_store32(Gamma_stack, bvadd64(R31_8, 28bv64), Gamma_R0_15);
+    R31_11, Gamma_R31_11 := R31_8, Gamma_R31_8;
+    R1_10, Gamma_R1_10 := R1_7, Gamma_R1_7;
+    goto $main$__6__$~1v8YRimTzWott7vgkSlCw;
+  $main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__6__$~1v8YRimTzWott7vgkSlCw:
+    assume (!(R0_12[32:0] == 3bv32));
+    R31_11, Gamma_R31_11 := R31_8, Gamma_R31_8;
+    R1_10, Gamma_R1_10 := R1_7, Gamma_R1_7;
     goto $main$__6__$~1v8YRimTzWott7vgkSlCw;
   $main$__6__$~1v8YRimTzWott7vgkSlCw:
-    assume {:captureState "$main$__6__$~1v8YRimTzWott7vgkSlCw"} true;
-    R0, Gamma_R0 := 65536bv64, true;
     call rely();
-    R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R0, 4056bv64)), (gamma_load64(Gamma_mem, bvadd64(R0, 4056bv64)) || L(mem, bvadd64(R0, 4056bv64)));
+    R0_17, Gamma_R0_17 := memory_load64_le(mem, 69592bv64), (gamma_load64(Gamma_mem, 69592bv64) || L(mem, 69592bv64));
     call rely();
-    R0, Gamma_R0 := zero_extend32_32(memory_load32_le(mem, R0)), (gamma_load32(Gamma_mem, R0) || L(mem, R0));
-    R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31;
+    R0_18, Gamma_R0_18 := zero_extend32_32(memory_load32_le(mem, R0_17)), (gamma_load32(Gamma_mem, R0_17) || L(mem, R0_17));
     goto main_basil_return;
-  $main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__2__$suhWjK9FQk6egl8Kq7bkzA:
-    assume {:captureState "$main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__2__$suhWjK9FQk6egl8Kq7bkzA"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__2__$suhWjK9FQk6egl8Kq7bkzA;
-  $main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__1__$JFpnTYKyQUOhK~aVMxMB9w:
-    assume {:captureState "$main$__0__$_4YKHPc_R16UBSwXbttMHg_goto_$main$__1__$JFpnTYKyQUOhK~aVMxMB9w"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__1__$JFpnTYKyQUOhK~aVMxMB9w;
-  $main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__6__$~1v8YRimTzWott7vgkSlCw:
-    assume {:captureState "$main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__6__$~1v8YRimTzWott7vgkSlCw"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__6__$~1v8YRimTzWott7vgkSlCw;
-  $main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__5__$7jJxdga~TUGdn0Pj55GVWw:
-    assume {:captureState "$main$__4__$pjW61HZrTOmndoem0ZAjmQ_goto_$main$__5__$7jJxdga~TUGdn0Pj55GVWw"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__5__$7jJxdga~TUGdn0Pj55GVWw;
-  $main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__4__$pjW61HZrTOmndoem0ZAjmQ:
-    assume {:captureState "$main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__4__$pjW61HZrTOmndoem0ZAjmQ"} true;
-    assume (!(ZF == 1bv1));
-    goto $main$__4__$pjW61HZrTOmndoem0ZAjmQ;
-  $main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__3__$25~YyveSSxKjFiy3ZvDL7w:
-    assume {:captureState "$main$__2__$suhWjK9FQk6egl8Kq7bkzA_goto_$main$__3__$25~YyveSSxKjFiy3ZvDL7w"} true;
-    assume (!(!(ZF == 1bv1)));
-    goto $main$__3__$25~YyveSSxKjFiy3ZvDL7w;
   main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    R0_out, R1_out, R31_out := R0_18, R1_10, bvadd64(R31_11, 32bv64);
+    Gamma_R0_out, Gamma_R1_out, Gamma_R31_out := Gamma_R0_18, Gamma_R1_10, Gamma_R31_11;
     return;
 }
 

From 983597cfcd5cd41b79ee2ab75920f4d820bcd7b7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 11 Nov 2024 17:28:04 +1000
Subject: [PATCH 097/127] new prettyprinter

---
 src/main/scala/ir/IRCursor.scala              |   2 +-
 src/main/scala/translating/ILtoIL.scala       |   2 +-
 src/main/scala/translating/IRExpToSMT2.scala  | 176 +++++++++++++++---
 .../scala/translating/PrettyPrinter.scala     | 138 ++++++++++++++
 src/main/scala/util/RunUtils.scala            |  11 +-
 5 files changed, 296 insertions(+), 33 deletions(-)
 create mode 100644 src/main/scala/translating/PrettyPrinter.scala

diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 165e946f1..21944d4f1 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -289,7 +289,7 @@ def toDot[T <: CFGPosition](
 
   def nodeText(node: CFGPosition): String = {
     var text = node match {
-      case s: Block => f"[Block] (prec ${s.rpoOrder}) ${s.label}"
+      case s: Block => f"[Block] ${s.label}"
       case s        => s.toString
     }
     if (labels.contains(node)) {
diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala
index ad843f4d1..585897c7c 100644
--- a/src/main/scala/translating/ILtoIL.scala
+++ b/src/main/scala/translating/ILtoIL.scala
@@ -1,5 +1,6 @@
 package translating
 import ir._
+import ir.cilvisitor.*
 
 private class ILSerialiser extends ReadOnlyVisitor {
   var program: StringBuilder = StringBuilder()
@@ -243,7 +244,6 @@ private class ILSerialiser extends ReadOnlyVisitor {
 
 }
 
-
 def serialiseIL(p: Procedure): String = {
   val s = ILSerialiser()
   s.visitProcedure(p)
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 340def412..9e3b7a5f8 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -5,26 +5,143 @@ import specification.*
 import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion}
 import ir.cilvisitor.*
 
-trait BasilIRExp[Repr[_]] {
-  def vexpr(e: Expr): Repr[Expr] 
+trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
+  // def vstmt(s: Statement) : Repr[Statement]
+
+  def vstmt(s: Statement): Repr[Statement] = {
+    s match {
+      case a: Assign       => vassign(vlvar(a.lhs), vexpr(a.rhs))
+      case m: MemoryAssign => vstore(m.mem.name, vexpr(m.index), vexpr(m.value), m.endian, m.size)
+      case c: DirectCall =>
+        vcall(
+          c.outParams.toList.map((l, r) => (vlvar(l), vexpr(r))),
+          c.target.name,
+          c.actualParams.toList.map((l, r) => (vlvar(l), vexpr(r)))
+        )
+      case i: IndirectCall => vindirect(vrvar(i.target))
+      case a: Assert       => vassert(vexpr(a.body))
+      case a: Assume       => vassume(vexpr(a.body))
+      case n: NOP          => vnop()
+    }
+  }
+
+  def vjump(j: Jump): Repr[Jump] = {
+    j match {
+      case g: GoTo        => vgoto(g.targets.toList.map(_.label))
+      case g: Unreachable => vunreachable()
+      case r: Return      => vreturn(r.outParams.toList.map((l, r) => (vlvar(l), vexpr(r))))
+    }
+  }
+
+
+  def vexpr(e: Expr): Repr[Expr] = {
+    e match {
+      case n: Literal                               => vliteral(n)
+      case m @ MemoryLoad(mem, index, endian, size) => vload(m)
+      case Extract(ed, start, arg)                  => vextract(ed, start, vexpr(arg))
+      case Repeat(repeats, arg)                     => vrepeat(repeats, vexpr(arg))
+      case ZeroExtend(bits, arg)                    => vzeroextend(bits, vexpr(arg))
+      case SignExtend(bits, arg)                    => vsignextend(bits, vexpr(arg))
+      case BinaryExpr(op, arg, arg2)                => vbinary_expr(op, vexpr(arg), vexpr(arg2))
+      case UnaryExpr(op, arg)                       => vunary_expr(op, vexpr(arg))
+      case v: Variable                              => vrvar(v)
+      case f @ UninterpretedFunction(n, params, rt) => vuninterp_function(n, params.map(vexpr))
+    }
+  }
+
+  def vblock(b: Block): Repr[Block] = vblock(b.label, b.statements.toList.map(vstmt), vjump(b.jump))
+  def vproc(p: Procedure): Repr[Procedure] = vproc(
+    p.name,
+    p.formalInParam.toList.map(vrvar),
+    p.formalOutParam.toList.map(vlvar),
+    p.entryBlock.map(vblock),
+    (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy( x => -x.rpoOrder).map(vblock),
+    p.returnBlock.map(vblock)
+  )
+
+  def vblock(label: String, statements: List[Repr[Statement]], terminator: Repr[Jump]): Repr[Block]
+
+  def vprog(p: Program) : Repr[Program] = vprog(p.mainProcedure.name, p.procedures.toList.map(vproc))
+  def vprog(mainProc: String, procedures: List[Repr[Procedure]]) : Repr[Program]
+
+  def vproc(
+      name: String,
+      inParams: List[Repr[Variable]],
+      outParams: List[Repr[Variable]],
+      entryBlock: Option[Repr[Block]],
+      middleBlocks: List[Repr[Block]],
+      returnBlock: Option[Repr[Block]]
+  ): Repr[Procedure]
+
+  def vassign(lhs: Repr[Variable], rhs: Repr[Expr]): Repr[Assign]
+  def vstore(mem: String, index: Repr[Expr], value: Repr[Expr], endian: Endian, size: Int): Repr[MemoryAssign]
+  def vcall(
+      outParams: List[(Repr[Variable], Repr[Expr])],
+      procname: String,
+      inparams: List[(Repr[Variable], Repr[Expr])]
+  ): Repr[DirectCall]
+  def vindirect(target: Repr[Variable]): Repr[IndirectCall]
+  def vassert(body: Repr[Expr]): Repr[Assert]
+  def vassume(body: Repr[Expr]): Repr[Assume]
+  def vnop(): Repr[NOP]
+
+  def vgoto(t: List[String]): Repr[GoTo]
+  def vunreachable(): Repr[Unreachable]
+  def vreturn(outs: List[(Repr[Variable], Repr[Expr])]): Repr[Return]
+
+  def vlvar(e: Variable): Repr[Variable]
+
+}
+
+trait BasilIRExp[Repr[+_]] {
+  def vexpr(e: Expr): Repr[Expr]
   def vextract(ed: Int, start: Int, a: Repr[Expr]): Repr[Expr]
+  def vzeroextend(bits: Int, b: Repr[Expr]): Repr[Expr]
+  def vsignextend(bits: Int, b: Repr[Expr]): Repr[Expr]
   def vbinary_expr(e: BinOp, l: Repr[Expr], r: Repr[Expr]): Repr[Expr]
   def vunary_expr(e: UnOp, arg: Repr[Expr]): Repr[Expr]
-  def vliteral(arg: Literal): Repr[Expr]
+  def vliteral(l: Literal) : Repr[Literal] = {
+    l match {
+      case TrueLiteral      => vboollit(true)
+      case FalseLiteral     => vboollit(false)
+      case v: IntLiteral    => vintlit(v.value)
+      case b: BitVecLiteral => vbvlit(b)
+    }
+  }
+
+  def vboollit(b: Boolean): Repr[BoolLit]
+  def vbvlit(b: BitVecLiteral): Repr[BitVecLiteral]
+  def vintlit(b: BigInt): Repr[IntLiteral]
+  def vrepeat(reps: Int, value: Repr[Expr]): Repr[Expr]
+
   def vuninterp_function(name: String, args: Seq[Repr[Expr]]): Repr[Expr]
 
-  def vrvar(e: Variable): Repr[Expr]
+  def vrvar(e: Variable): Repr[Variable]
   def vload(arg: MemoryLoad): Repr[Expr]
 }
 
-trait BasilIRExpWithVis[Repr[_]] extends BasilIRExp[Repr] {
-  /**
-   * Performs some simple reductions to fit basil IR into SMT2.
-   */
+trait BasilIRExpWithVis[Repr[+_]] extends BasilIRExp[Repr] {
+
+  /** Performs some simple reductions to fit basil IR into SMT2.
+    */
+
+  def vprog(mainProc: String, procedures: List[Repr[Procedure]]) : Repr[Program] = ???
+  def vrepeat(reps: Int, value: Repr[Expr]): Repr[Expr] = ???
+  def vzeroextend(bits: Int, b: Repr[Expr]): Repr[Expr] = ???
+  def vsignextend(bits: Int, b: Repr[Expr]): Repr[Expr] = ???
+  def vboollit(b: Boolean): Repr[BoolLit] = ???
+  def vbvlit(b: BitVecLiteral): Repr[BitVecLiteral] = ???
+  def vintlit(b: BigInt): Repr[IntLiteral] = ???
 
   def vexpr(e: Expr): Repr[Expr] = {
     e match {
-      case n: Literal                               => vliteral(n)
+      case n: Literal =>
+        n match {
+          case TrueLiteral      => vboollit(true)
+          case FalseLiteral     => vboollit(false)
+          case v: IntLiteral    => vintlit(v.value)
+          case b: BitVecLiteral => vbvlit(b)
+        }
       case m @ MemoryLoad(mem, index, endian, size) => vload(m)
       case Extract(ed, start, arg)                  => vextract(ed, start, vexpr(arg))
       case Repeat(repeats, arg) => {
@@ -65,18 +182,17 @@ object Sexp {
 def sym[T](l: String): Sexp[T] = Sexp.Symb[T](l)
 def list[T](l: Sexp[T]*): Sexp[T] = Sexp.Slist(l.toList)
 
-
 object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
 
-  def exprUnsat(e: Expr, name : Option[String] = None): String = {
+  def exprUnsat(e: Expr, name: Option[String] = None): String = {
 
-    val assert = if (name.isDefined ) {
-        list(sym("assert"), list(sym("!"), BasilIRToSMT2.vexpr(e), sym(":named"), sym(name.get)))
+    val assert = if (name.isDefined) {
+      list(sym("assert"), list(sym("!"), BasilIRToSMT2.vexpr(e), sym(":named"), sym(name.get)))
     } else {
-        list(sym("assert"), BasilIRToSMT2.vexpr(e))
+      list(sym("assert"), BasilIRToSMT2.vexpr(e))
     }
 
-    val terms = list(sym("push"))::BasilIRToSMT2.extractDecls(e)
+    val terms = list(sym("push")) :: BasilIRToSMT2.extractDecls(e)
       ++ List(
         assert,
         list(sym("set-option"), sym(":smt.timeout"), sym("1")),
@@ -91,10 +207,10 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
 
   def unaryOpnameToFun(b: UnOp) = {
     b match {
-      case BoolNOT => "not"
-      case BVNOT   => "bvnot"
-      case BVNEG   => "bvneg"
-      case IntNEG  => "-"
+      case BoolNOT   => "not"
+      case BVNOT     => "bvnot"
+      case BVNEG     => "bvneg"
+      case IntNEG    => "-"
       case BoolToBV1 => "bool2bv1"
     }
   }
@@ -131,7 +247,8 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     list(list(sym("_"), sym("extract"), int2smt(ed - 1), int2smt(start)), a)
   override def vbinary_expr(e: BinOp, l: Sexp[Expr], r: Sexp[Expr]): Sexp[Expr] = list(sym(opnameToFun(e)), l, r)
   override def vunary_expr(e: UnOp, arg: Sexp[Expr]): Sexp[Expr] = list(sym(unaryOpnameToFun(e)), arg)
-  override def vliteral(arg: Literal): Sexp[Expr] = arg match {
+
+  override def vliteral(arg: Literal): Sexp[Literal] = arg match {
     case bv @ BitVecLiteral(value, size) => bv2smt(bv)
     case IntLiteral(i)                   => sym(i.toString)
     case TrueLiteral                     => sym("true")
@@ -149,7 +266,7 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     }
   }
 
-  override def vrvar(e: Variable): Sexp[Expr] = sym(fixVname(e.name))
+  override def vrvar(e: Variable): Sexp[Variable] = sym(fixVname(e.name))
   override def vload(l: MemoryLoad): Sexp[Expr] =
     list(sym("memoryload"), sym(l.mem.name), vexpr(l.index), endianToBool(l.endian), int2smt(l.size))
 
@@ -162,8 +279,7 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     }
   }
 
-
-  def booltoBVDef : Sexp[Expr] = {
+  def booltoBVDef: Sexp[Expr] = {
     list(
       sym("define-fun"),
       sym("bool2bv1"),
@@ -180,12 +296,14 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
       }
       case "bvsaddo" => None
       case _ => {
-        Some(list(
-          sym("declare-fun"),
-          sym(x.name),
-          Sexp.Slist(x.params.toList.map(a => basilTypeToSMTType(a.getType))),
-          basilTypeToSMTType(x.returnType)
-        ))
+        Some(
+          list(
+            sym("declare-fun"),
+            sym(x.name),
+            Sexp.Slist(x.params.toList.map(a => basilTypeToSMTType(a.getType))),
+            basilTypeToSMTType(x.returnType)
+          )
+        )
       }
     }
   }
diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
new file mode 100644
index 000000000..52ac06895
--- /dev/null
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -0,0 +1,138 @@
+package translating
+import ir.*
+import scala.collection.mutable
+
+
+case class BST[+T](val v: String) {
+  def ++(s: String) = BST(v ++ s)
+  override def toString = v
+}
+
+class BasilIRPrettyPrinter() extends BasilIR[BST] {
+  val blockIndent = "  " 
+  val statementIndent = "    " 
+  val seenVars = mutable.HashSet[Variable]()
+
+  def apply(x: Block) : String = {
+    vblock(x).v
+  }
+  def apply(x: Procedure) : String = {
+    vproc(x).v
+  }
+  def apply(x: Statement) : String = {
+    vstmt(x).v
+  }
+  def apply(x: Jump) : String = {
+    vjump(x).v
+  }
+  def apply(x: Expr) : String = {
+    vexpr(x).v
+  }
+  def apply(x: Program) : String = {
+    vprog(x).v
+  }
+
+  def vprog(mainProc: String, procedures: List[BST[Procedure]]) : BST[Program] = {
+    BST(s"(main_procedure ${mainProc})\n" + procedures.mkString("\n\n"))
+  }
+
+  override def vblock(label: String, statements: List[BST[Statement]], terminator: BST[Jump]): BST[Block] = {
+    BST(s"${blockIndent}block ${label} {\n"
+    ++ statements.map(statementIndent + _ + ";").mkString("\n") 
+    ++ "\n" ++ statementIndent + terminator + ";\n"
+    ++ blockIndent + "}")
+  }
+
+  override def vproc(p: Procedure) : BST[Procedure] = {
+    seenVars.clear()
+    super.vproc(p)
+  }
+
+  override def vproc(
+      name: String,
+      inParams: List[BST[Variable]],
+      outParams: List[BST[Variable]],
+      entryBlock: Option[BST[Block]],
+      middleBlocks: List[BST[Block]],
+      returnBlock: Option[BST[Block]]
+    ): BST[Procedure] = {
+
+    val entry = entryBlock.map(b => {
+      b.toString + "\n"
+    }).getOrElse("")
+    val ret = returnBlock.map(b => {
+      "\n" + b.toString
+    }).getOrElse("")
+
+    BST(s"proc $name(${inParams.mkString(", ")}) -> (${outParams.mkString(", ")}) {\n$entry${middleBlocks.mkString("\n")}$ret\n}")
+  }
+
+  override def vassign(lhs: BST[Variable], rhs: BST[Expr]): BST[Assign] = BST(s"${lhs} := ${rhs}")
+
+  override def vstore(mem: String, index: BST[Expr], value: BST[Expr], endian: Endian, size: Int): BST[MemoryAssign] = {
+    val le = if endian == Endian.LittleEndian then "le" else "be"
+    BST(s"store_$le(${mem}, ${index}, ${value}, ${size})")
+  }
+
+  override def vcall(
+      outParams: List[(BST[Variable], BST[Expr])],
+      procname: String,
+      inparams: List[(BST[Variable], BST[Expr])]
+  ): BST[DirectCall] = {
+    BST(s"(${outParams.map((l,r) => l).mkString(", ")} := call $procname ${inparams.map((l,r) => r).mkString(", ")})")
+  }
+
+
+  override def vindirect(target: BST[Variable]): BST[IndirectCall] = BST(s"indirect_call(${target})")
+  override def vassert(body: BST[Expr]): BST[Assert] = BST(s"assert $body")
+  override def vassume(body: BST[Expr]): BST[Assume] = BST(s"assume $body")
+  override def vnop(): BST[NOP] = BST("nop")
+
+  override def vgoto(t: List[String]): BST[GoTo] = BST(s"goto(${t.mkString(", ")})")
+  override def vunreachable(): BST[Unreachable] = BST("unreachable")
+  override def vreturn(outs: List[(BST[Variable], BST[Expr])]) = BST(s"return (${outs.map((l, r) => r).mkString(", ")})")
+
+  def vtype(t: IRType): String = t match {
+    case BitVecType(sz) => s"bv$sz"
+    case IntType => "nat"
+    case BoolType => "bool"
+  }
+
+  override def vrvar(e: Variable): BST[Variable] = vlvar(e) 
+  override def vlvar(e: Variable): BST[Variable] = {
+    if (seenVars.contains(e)) {
+      BST(e.name)
+    } else {
+      seenVars.add(e)
+      BST(e.name + s": ${vtype(e.getType)}")
+    }
+  }
+
+  override def vextract(ed: Int, start: Int, a: BST[Expr]): BST[Expr] = BST(s"${a}[$ed:$start]")
+  override def vzeroextend(bits: Int, b: BST[Expr]): BST[Expr]  = BST(s"zero_extend($bits, $b)")
+  override def vsignextend(bits: Int, b: BST[Expr]): BST[Expr] = BST(s"sign_extend($bits, $b)")
+  override def vrepeat(reps: Int, b: BST[Expr]) = BST(s"repeat($reps, $b)")
+  override def vbinary_expr(e: BinOp, l: BST[Expr], r: BST[Expr]): BST[Expr] = {
+    val opn = e.getClass.getSimpleName.toLowerCase.stripSuffix("$")
+    BST(s"$opn($l $r)")
+  }
+  override def vunary_expr(e: UnOp, arg: BST[Expr]): BST[Expr] = {
+    val opn = e.getClass.getSimpleName.toLowerCase.stripSuffix("$")
+    BST(s"$opn($arg)")
+  }
+
+
+  override def vboollit(b: Boolean) = BST(b.toString)
+  override def vintlit(i: BigInt) = BST("%x".format(i))
+  override def vbvlit(i: BitVecLiteral) = BST("%x".format(i.value) + s"bv${i.size}")
+  override def vuninterp_function(name: String, args: Seq[BST[Expr]]): BST[Expr] = BST(s"$name(${args.mkString(", ")})")
+
+  override def vload(arg: MemoryLoad): BST[Expr] = {
+    val le = if Endian == Endian.LittleEndian then "le" else "be"
+    BST(s"load_${le}(${arg.mem.name}, ${vexpr(arg.index)}, ${arg.size})")
+  }
+
+
+}
+
+
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 2ca777498..9d6f7b6ba 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -532,14 +532,17 @@ object RunUtils {
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
-    val write = false
+    val write = true
+
 
     transforms.applyRPO(ctx.program)
 
     transforms.removeEmptyBlocks(ctx.program)
     transforms.coalesceBlocks(ctx.program)
     transforms.removeEmptyBlocks(ctx.program)
-    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-dsa.dot")
+    if write then writeToFile(dotBlockGraph(ctx.program, (ctx.program.collect {
+      case b : Block => b -> translating.BasilIRPrettyPrinter()(b)
+    }).toMap), s"blockgraph-before-dsa.dot")
     
     Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
@@ -596,6 +599,10 @@ object RunUtils {
     if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-second-dsa.dot")
 
 
+    if (write) {
+      writeToFile(translating.BasilIRPrettyPrinter()(ctx.program), "prettyprinted.il")
+    }
+
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("[!] Simplify :: Writing simplification validation")
       val w = BufferedWriter(FileWriter("rewrites.smt2"))

From 08af7a3f3e15a5b9b1b4d4bffc3d16802b4bbbe6 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 12 Nov 2024 15:56:19 +1000
Subject: [PATCH 098/127] docs and cleanup

---
 docs/basil-ir.md                              |  54 ++++-
 docs/development/simplification-solvers.md    | 172 +++++++++++++
 src/main/scala/cfg_visualiser/DotTools.scala  |  21 +-
 src/main/scala/ir/IRCursor.scala              |  37 ++-
 src/main/scala/ir/eval/ExprEval.scala         |  12 +-
 ...atement.scala => SingleCallBlockEnd.scala} |   0
 src/main/scala/ir/transforms/AbsInt.scala     | 173 +++++++++++++
 src/main/scala/ir/transforms/Simp.scala       | 228 ++----------------
 src/main/scala/translating/IRExpToSMT2.scala  |  49 ++--
 .../scala/translating/PrettyPrinter.scala     |  12 +-
 src/main/scala/util/RunUtils.scala            |  21 +-
 src/main/scala/util/z3/z3process.scala        |  23 ++
 src/test/scala/SATTest.scala                  |  18 ++
 13 files changed, 552 insertions(+), 268 deletions(-)
 create mode 100644 docs/development/simplification-solvers.md
 rename src/main/scala/ir/invariant/{EarlyCallStatement.scala => SingleCallBlockEnd.scala} (100%)
 create mode 100644 src/main/scala/ir/transforms/AbsInt.scala
 create mode 100644 src/main/scala/util/z3/z3process.scala
 create mode 100644 src/test/scala/SATTest.scala

diff --git a/docs/basil-ir.md b/docs/basil-ir.md
index 4c152db8d..7bbd1a60c 100644
--- a/docs/basil-ir.md
+++ b/docs/basil-ir.md
@@ -25,8 +25,9 @@ BlockID ::=&~ String \\
 \\
 Jump ::=&~ GoTo ~|~ Unreachable ~|~ Return \\
 GoTo ::=&~ \text{goto } BlockID* \\
+Return::=&! \text{return } (outparams)
 Call ::=&~ DirectCall ~|~ IndirectCall  \\
-DirectCall ::=&~ \text{call } ProcID \\
+DirectCall ::=&~ (outparams) := \text{ call } ProcID \; (inparams) \\
 IndirectCall ::=&~ \text{call } Expr \\
 \\
           &~ loads(e: Expr) = \{x |  x:MemoryLoad, x \in e \} \\
@@ -55,8 +56,17 @@ Endian ::=&~ BigEndian ~|~ LittleEndian \\
 - The `Unreachable` jump is used to signify the absence of successors, it has the semantics of `assume false`.
 - The `Return` jump passes control to the calling function, often this is over-approximated to all functions which call the statement's parent procedure.
 
+### Indirect Calls
+
+An indirect call is a dynamic jump, to either a procedure or a block.
+
 ## Translation Phases
 
+We have invariant checkers to validate the structure of the IR's bidirectional CFG is correct, see `src/main/scala/ir/invariant`. This includes:
+
+- blocks belong to exactly one procedure: `invariant/BlocksUniqueToProcedure.scala`
+- forwards block CFG links match backwards block CFG links: `invariant/CFGCorrect.scala`
+
 #### IR With Returns
 
 - Immediately after loading the IR return statements may appear in any block, or may be represented by indirect calls. 
@@ -73,10 +83,21 @@ This ensures that all returning, non-stub procedures have exactly one return sta
 
 #### Calls appear only as the last statement in a block 
 
+- Checked by `invariant/SingleCallBlockEnd.scala`
 - The structure of the IR allows a call may appear anywhere in the block but for all the analysis passes we hold the invariant that it 
   only appears as the last statement. This is checked with the function `singleCallBlockEnd(p: Program)`.
   And it means for any call statement `c` we may `assert(c.parent.statements.lastOption.contains(c))`.
 
+## IR With Parameters
+
+The higher level IR containing parameters is established by `ir.transforms.liftProcedureCallAbstraction(ctx)`.
+This makes registers local variables, which are passed into procedures through prameters, and then returned from 
+procedures. Calls to these procedure must provide as input parameters the local variables corresponding to the
+values passed, and assign the output parameters to local variables also. Note now we must consider indirect calls
+as possibly assigning to everything, even though this is not explicitly represented syntactically.
+
+- Actual parameters to calls and returns match formal parameters is checked by `invariant/CorrectCallParameters.scala`
+
 ## Interaction with BASIL IR
 
 ### Constructing Programs in Code
@@ -127,20 +148,27 @@ label, the dsl constructor will likely throw a match error.
 
 Some additional constants are defined for convenience, Eg. `R0 = Register(R0, 64)`, see [the source file](../src/main/scala/ir/dsl/DSL.scala) for the full list.
 
-### Static Analysis / Abstract Interpretation
 
-- For static analysis the Il-CFG-Iterator is the current well-supported way to iterate the IR.
-  This currently uses the TIP framework, so you do not need to interact with the IR visitor directly. 
-  See [BasicIRConstProp.scala](../src/main/scala/analysis/BasicIRConstProp.scala) for an example on its useage.
-- This visits all procedures, blocks and statements in the IR program.
+### Pretty printing
 
-### Modifying and Visiting the IR with Visitor Pattern
+The ir can be printed with the overloaded function below, which can take a procedure, block, or statement and returns a string.
 
-[src/main/scala/ir/Visitor.scala](../src/main/scala/ir/Visitor.scala) defines visitors which can be used
-for extracting specific features from an IR program. This is useful if you want to modify all instances of a specific 
-IR construct.
-  
-### CFG 
+```scala
+translating.BasilIRPrettyPrinter()(b)
+```
+
+It is also possible to dump a `dot/graphviz` digraph containing just the blocks in the program
+using the functions:
+
+```scala
+ir.dotBlockGraph(prog: Program) : String
+ir.dotBlockGraph(proc: Procedure) : String
+```
 
-The cfg is a control-flow graph constructed from the IR, it wraps each statement in a `Node`.
+### Static Analysis / Abstract Interpretation / IR Rewriting and modification
 
+- See [development/simplification-solvers.md](development/simplification-solvers.md)
+- For static analysis the Il-CFG-Iterator is the current well-supported way to iterate the IR.
+  This currently uses the TIP framework, so you do not need to interact with the IR visitor directly. 
+  See [BasicIRConstProp.scala](../src/main/scala/analysis/BasicIRConstProp.scala) for an example on its useage.
+- This visits all procedures, blocks and statements in the IR program.
diff --git a/docs/development/simplification-solvers.md b/docs/development/simplification-solvers.md
new file mode 100644
index 000000000..b283ed701
--- /dev/null
+++ b/docs/development/simplification-solvers.md
@@ -0,0 +1,172 @@
+## New Anslysis & Transforms
+
+This page describes the framework for static analysis used by the `--simplify` pass. 
+
+## DSA Form
+
+We have a transform that establishes a dynamic single assignment form.
+The DSA form makes it possible to perform a flow-insensitive analysis with some flow-sensitive precision,
+with a single global abstract state, and one pass over the IR in control-flow order.
+
+This form is established once, and should be maintained by subsequent transforms. 
+
+```
+transforms.OnePassDSA().applyTransform(ctx.program)
+```
+
+This provides a property similar to SSA: that every use of a variable is defined by all syntactic definitions of the variable. 
+I.e. you never have the pattern below, where `x` has a different identity at different points in the program:
+this only occurs if `x` is involved in a join, in which case all definitions are reached by the subsequent uses. 
+
+```c
+x = 2
+y = f(x)
+x = 3
+z = f(x)
+```
+
+i.e. the below is allowed
+
+```c
+if (c) {
+  x = 2
+} else {
+  x = 3
+}
+y = f(x)
+
+```
+
+```c
+x = 0
+while (c) {
+  x = x + 1
+}
+y = x
+
+```
+
+The analysis `transforms.rdDSAProperty(p: Procedure)` uses a relatively expensive 
+reaching definitions analysis to check that this property is satisfied, and is useful for
+debugging.
+
+## Dataflow analysis
+
+See also : abstract interpretation
+
+Most of the dataflow analyses in BASIL---those under `/src/main/scala/analysis`---use the 
+TIP frameork.
+This framework uses a lot of generics in order to compose abstract domains and can be unweildy
+to write new analyses for.
+
+The new framework in `src/main/scala/transforms/Absint.scala` is both simpler to use and more performant.
+
+A good example of usning this framework is the simple live variables analysis. The abstract domain must 
+define a join, a bottom value, and a transfer function. 
+
+This similar analyses using a powerset can use the same root domain: 
+
+```scala
+trait PowerSetDomain[T] extends AbstractDomain[Set[T]] {
+  def bot = Set()
+  def top = ???
+  def join(a: Set[T], b: Set[T], pos: Block) = a.union(b)
+}
+```
+
+Then live variables only has to define the transfer function for commands and jumps. 
+
+```scala
+class IntraLiveVarsDomain extends PowerSetDomain[Variable] {
+  // expected backwards
+
+  def transfer(s: Set[Variable], a: Command): Set[Variable] = {
+    a match {
+      case a: Assign       => (s - a.lhs) ++ a.rhs.variables
+      case m: MemoryAssign => s ++ m.index.variables ++ m.value.variables
+      case a: Assume       => s ++ a.body.variables
+      case a: Assert       => s ++ a.body.variables
+      case i: IndirectCall => s + i.target
+      case c: DirectCall   => (s -- c.outParams.map(_._2)) ++ c.actualParams.flatMap(_._2.variables)
+      case g: GoTo         => s
+      case r: Return       => s ++ r.outParams.flatMap(_._2.variables)
+      case r: Unreachable  => s
+    }
+  }
+}
+```
+
+We then create a solver using this domain, and pass it a procedure to solve to a fixed point.
+The solver returns the abstract state at the beginning and end of every block.
+This solver visits blocks in control flow order, which reduces the number of joins. 
+Passing the backwards flag makes it visit blocks (and statements) in the reverse control 
+flow order.
+
+Ensure the order indexes are defined for every block using the function `transforms.applyRPO(program)`.
+
+```scala
+val liveVarsDom = IntraLiveVarsDomain()
+val liveVarsSolver = worklistSolver(liveVarsDom)
+val (beforeState, afterState) = liveVarsSolver.solveProc(procedure, backwards = true)
+```
+
+### IR AST Transforms
+
+Expressions are immutable so can be freely modified without modifying the IR. 
+Statements are mutable however, so they can be changed by simply assigning to their members.
+
+IR transforms can be applied using the `ir.cilvisitor.CILVisitor`.
+
+This is just a tool for visiting the ast, and optionally modifying it.
+
+At each node, e.g. a statement you can perform the actions:
+
+- `DoChildren()` -- continue recursing
+- `SkipChildren()` -- stop recursing
+- `ChangeTo(e)` -- replace the node with the argument
+- `ChangeDoChildrenPost(e, f: E => E)` -- first replace with the first argument, visit its children, then call function f on the result
+
+Note that using `ChangeTo` on statements is often not desirable as it removes the old statement from the IR; invalidating references 
+to the statement that may be floating around in analysis results; instead the arguments to the statement may be changed by direct assignmet.
+
+#### Variable substitution
+
+The class `ir.transforms.Substitute` can be used to substitute variables into an expression. 
+
+This can be used as a twice-applied function, it first takes a function `Variable => Option[Expr]` 
+which defines the substitutions to perform. Note this matches the type signature of 
+`Map[Variable, Expr].get`, but can also be used to efficiently extract values from an `AbstractDomain[T]`.
+The second application takes an expression and returns the expression with the values substituted.
+
+```
+val substitutions = Map((LocalVar("R3", ...) -> BitVecLiteral(0, 64)))
+Substitute(substitutions.get)(expression)
+```
+
+#### Expression Evaluation / Simplification
+
+The function `ir.eval.evaluateSimp` will perform concrete evaluation of an expression, 
+and returning `Some[Literal]` if it succeeds or `None` if it fails. 
+
+The function `ir.eval.simplifyExprFixpoint(e: Expr)` will simplify, 
+canonicalise, and perform partial evaluation on the expression, returning a new expression. 
+
+The function `ir.eval.cleanupSimplify(p: Procedure)` will further simplify known bits and redundant extends and 
+extracts within an expression.
+
+##### Verification / Testing
+
+Basil IR expressions can be converted so smt queries, for example to prove a basic tautology x = x we can write:
+
+```scala
+import tramslating.BasilIRToSMT2
+val result = BasilIRToSMT2.proveExpr(BinaryExpr(BVEQ, R0, R0))
+assert(result == Some(true))
+```
+
+This will negate the expression, translate it SMT2, invoke Z3, and check whether the result is "unsat". 
+
+We can also simply create the smt query with `BasilIRToSMT2.exprUnsat(expr, None, false)`
+
+Note that statements and control-flow cannot be translated to SMT2 yet.
+This system is currently used to validate the tranforms in the previous section.
diff --git a/src/main/scala/cfg_visualiser/DotTools.scala b/src/main/scala/cfg_visualiser/DotTools.scala
index 0cd7614c5..9162325b8 100644
--- a/src/main/scala/cfg_visualiser/DotTools.scala
+++ b/src/main/scala/cfg_visualiser/DotTools.scala
@@ -11,18 +11,25 @@ object IDGenerator {
   }
 }
 
-def wrap(_input: String, width: Integer = 20): String =
-  var input = _input.replace("\n", "\\l")
+def wrap(_input: String, width: Integer = 20, first : Boolean = true): String =
+  var input = _input
 
   def cannotSplit(c:Char) = {
     c.isLetterOrDigit || ("_$".contains(c))
   }
 
   if (input.length() <= width) {
-    input
+    input.replace("\n", "\\l") + "\\l"
+  } else if ({
+    val index = input.indexOf('\n')
+    index != -1 && index <= width
+    }) {
+    var splitPoint = input.indexOf('\n')
+    val (line, rest) = (input.substring(0, splitPoint).replace("\n", "\\l"), input.substring(splitPoint + 1))
+    (if (!first) then "    " else "") + line  + "\\l" + wrap(rest, width=width, true)
   } else {
     var splitPoint = width
-    while (cannotSplit(input.charAt(splitPoint)) && splitPoint > width / 2) {
+    while (cannotSplit(input.charAt(splitPoint)) && splitPoint > width / 3) {
       // search backwards for a non alphanumeric charcter to split on
       splitPoint -= 1
     }
@@ -30,8 +37,8 @@ def wrap(_input: String, width: Integer = 20): String =
       // didn't find a character to split on
       splitPoint = width
     }
-    val line = input.substring(0, splitPoint)
-    "\\l    " + line + wrap(input.substring(splitPoint), width)
+    val (line, rest) = (input.substring(0, splitPoint).replace("\n", "\\l"), input.substring(splitPoint))
+    (if (!first) then "    " else "") + line  + "\\l" + wrap(rest, width=width, false)
   }
 
 
@@ -57,7 +64,7 @@ class DotNode(val id: String, val label: String) extends DotElement {
   override def toString: String = toDotString
 
   def toDotString: String =
-    s"\"$id\"" + "[label=\"" + wrap(label, 200) + "\", shape=\"box\", fontname=\"Mono\", fontsize=\"5\"]"
+    s"\"$id\"" + "[label=\"" + wrap(label, 100) + "\", shape=\"box\", fontname=\"Mono\", fontsize=\"5\"]"
 
 }
 
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index 21944d4f1..ddcf83faa 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -253,21 +253,50 @@ def stronglyConnectedComponents[T <: CFGPosition, O <: T](walker: IRWalk[T, O],
 
 def toDot(program: Program, labels: Map[CFGPosition, String] = Map.empty): String = {
   val domain = computeDomain[CFGPosition, CFGPosition](IntraProcIRCursor, program.procedures)
-  toDot[CFGPosition](domain, IntraProcIRCursor, labels)
+  toDot[CFGPosition](domain.toSet, IntraProcIRCursor, labels)
 }
 
 def dotCallGraph(program: Program, labels: Map[CFGPosition, String] = Map.empty): String = {
   val domain = computeDomain[Procedure, Procedure](CallGraph, program.procedures)
-  toDot[Procedure](domain, CallGraph, labels)
+  toDot[Procedure](domain.toSet, CallGraph, labels)
+}
+
+
+def dotBlockGraph(proc: Procedure) : String = {
+  dotBlockGraph(proc.collect {
+    case b: Block => b
+  })
+}
+
+def dotBlockGraph(prog: Program) : String = {
+  dotBlockGraph(prog.collect {
+    case b: Block => b
+  })
+}
+
+def dotBlockGraph(blocks: Iterable[Block]) : String = {
+    val printer = translating.BasilIRPrettyPrinter()
+    val labels : Map[CFGPosition, String] = (blocks.collect {
+      case b : Block => b -> {
+        (b.statements.toList.map(printer.apply(_) + ";")  ++ {
+          b.jump match {
+            case g: GoTo => List()
+            case o => List(printer(o) + ";")
+          }
+        }).map("  " + _).mkString("\n")
+      }
+    }).toMap
+
+    toDot[Block](blocks.toSet, IntraProcBlockIRCursor, labels)
 }
 
 def dotBlockGraph(program: Program, labels: Map[CFGPosition, String] = Map.empty): String = {
   val domain = computeDomain[CFGPosition, Block](IntraProcBlockIRCursor, program.procedures.flatMap(_.blocks).toSet)
-  toDot[Block](domain, IntraProcBlockIRCursor, labels)
+  toDot[Block](domain.toSet, IntraProcBlockIRCursor, labels)
 }
 
 def toDot[T <: CFGPosition](
-    domain: mutable.Set[T],
+    domain: Set[T],
     iterator: IRWalk[? >: T, ?],
     labels: Map[CFGPosition, String]
 ): String = {
diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 522d0a342..60ae5d344 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -1,5 +1,6 @@
 package ir.eval
 import ir.eval.BitVectorEval
+import ir.cilvisitor.*
 import util.functional.State
 import ir._
 
@@ -149,6 +150,14 @@ trait Loader[S, E] {
   }
 }
 
+def evaluateExpr(exp: Expr): Option[Literal] = {
+  val (e, _) = SimpExpr(fastPartialEvalExpr)(exp)
+  e match {
+    case l: Literal => Some(l)
+    case _          => None
+  }
+}
+
 def fastPartialEvalExpr(exp: Expr): (Expr, Boolean) = {
   /*
    * Ignore substitutions and parital eval
@@ -157,7 +166,8 @@ def fastPartialEvalExpr(exp: Expr): (Expr, Boolean) = {
   var didAnything = true
   val r = exp match {
     case UnaryExpr(op, l: Literal) => logSimp(exp, evalUnOp(op, l))
-    case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType.isInstanceOf[BitVecType] => logSimp(exp, evalBVBinExpr(op, l, r))
+    case BinaryExpr(op: BVBinOp, l: BitVecLiteral, r: BitVecLiteral) if exp.getType.isInstanceOf[BitVecType] =>
+      logSimp(exp, evalBVBinExpr(op, l, r))
     case BinaryExpr(op: IntBinOp, l: IntLiteral, r: IntLiteral) if exp.getType == IntType =>
       logSimp(exp, IntLiteral(evalIntBinExpr(op, l.value, r.value)))
     case BinaryExpr(op: IntBinOp, l: IntLiteral, r: IntLiteral) if exp.getType == BoolType =>
diff --git a/src/main/scala/ir/invariant/EarlyCallStatement.scala b/src/main/scala/ir/invariant/SingleCallBlockEnd.scala
similarity index 100%
rename from src/main/scala/ir/invariant/EarlyCallStatement.scala
rename to src/main/scala/ir/invariant/SingleCallBlockEnd.scala
diff --git a/src/main/scala/ir/transforms/AbsInt.scala b/src/main/scala/ir/transforms/AbsInt.scala
new file mode 100644
index 000000000..32f06de3a
--- /dev/null
+++ b/src/main/scala/ir/transforms/AbsInt.scala
@@ -0,0 +1,173 @@
+package ir.transforms
+import translating.serialiseIL
+
+import util.Logger
+import ir.eval.AlgebraicSimplifications
+import ir.eval.AssumeConditionSimplifications
+import ir.eval.simplifyExprFixpoint
+import ir.cilvisitor.*
+import ir.*
+import scala.collection.mutable
+import analysis._
+import scala.concurrent.{Await, ExecutionContext, Future}
+import scala.concurrent.duration.*
+import scala.util.{Failure, Success}
+import ExecutionContext.Implicits.global
+
+
+trait AbstractDomain[L] {
+  def join(a: L, b: L, pos: Block): L
+  def widen(a: L, b: L, pos: Block): L = join(a, b, pos) /* not used */
+  def narrow(a: L, b: L): L = a
+  def transfer(a: L, b: Command): L
+
+  def isFixed(prev: L, next: L) : Boolean = (prev == next)
+
+  def transferBlockFwd(a: L, b: Block): L = {
+    transfer(b.statements.foldLeft(a)(transfer), b.jump)
+  }
+  def transferBlockBwd(a: L, b: Block): L = {
+    b.statements.toList.reverse.foldLeft(transfer(a, b.jump))(transfer)
+  }
+
+  def top: L
+  def bot: L
+}
+
+trait PowerSetDomain[T] extends AbstractDomain[Set[T]] {
+  def bot = Set()
+  def top = ???
+  def join(a: Set[T], b: Set[T], pos: Block) = a.union(b)
+}
+
+
+def onePassForwardGlobalStateSolver[L, D <: AbstractDomain[L]](initial: Iterable[Block], domain: D) = {
+    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
+    worklist.addAll(initial)
+    var state = domain.bot
+
+    while (worklist.nonEmpty) {
+      val b: Block = worklist.dequeue
+      val p = state
+
+      for (l <- b.statements) {
+        state = domain.transfer(state, l)
+      }
+      state = domain.transfer(state, b.jump)
+    }
+
+}
+
+class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
+
+  def solveProc(p: Procedure, backwards: Boolean = false) = {
+    solve(p.blocks, Set(), Set(), backwards)
+  }
+
+  def solveProg(
+      p: Program,
+      widenpoints: Set[Block], // set of loop heads
+      narrowpoints: Set[Block] // set of conditions
+  ): Map[Procedure, Map[Block, L]] = {
+    val initDom = p.procedures.map(p => (p, p.blocks))
+
+    val work = initDom.map(d => {
+      (
+        d._1,
+        Future {
+          val t = util.PerformanceTimer(s"solve ${d._1.name}")
+          Logger.info(s"begin ${t.timerName}")
+          val r = solve(d._2, Set(), Set())
+          t.checkPoint("finished")
+          r
+        }
+      )
+    })
+    work
+      .map((prog, x) =>
+        try {
+          (prog, Await.result(x, 10000.millis)._2)
+        } catch {
+          case t: Exception => {
+            Logger.error(s"${prog.name} : $t")
+            (prog, Map())
+          }
+        }
+      )
+      .toMap
+    // Await.result(Future.sequence(work), Duration.Inf).toMap
+  }
+
+  def solve(
+      initial: IterableOnce[Block],
+      widenpoints: Set[Block], // set of loop heads
+      narrowpoints: Set[Block], // set of conditions
+      backwards: Boolean = false
+  ): (Map[Block, L], Map[Block, L]) = {
+    val savedAfter: mutable.HashMap[Block, L] = mutable.HashMap()
+    val savedBefore: mutable.HashMap[Block, L] = mutable.HashMap()
+    val saveCount: mutable.HashMap[Block, Int] = mutable.HashMap()
+    val worklist = {
+      if (backwards) {
+        mutable.PriorityQueue[Block]()(Ordering.by(b => -b.rpoOrder))
+      } else {
+        mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
+      }
+    }
+    worklist.addAll(initial)
+
+    def successors(b: Block) = if backwards then b.prevBlocks else b.nextBlocks
+    def predecessors(b: Block) = if backwards then b.nextBlocks else b.prevBlocks
+
+    while (worklist.nonEmpty) {
+      val b = worklist.dequeue
+
+      while (
+        worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
+                              else (worklist.head.rpoOrder >= b.rpoOrder))
+      ) do {
+        // drop rest of blocks with same priority
+        val m = worklist.dequeue()
+        assert(
+          m == b,
+          s"Different nodes with same priority ${m.rpoOrder} ${b.rpoOrder}, violates PriorityQueueWorklist assumption: $b and $m"
+        )
+      }
+
+      val prev = savedAfter.get(b)
+      val x = {
+        predecessors(b).toList.flatMap(b => savedAfter.get(b).toList) match {
+          case Nil      => domain.bot
+          case h :: Nil => h
+          case h :: tl  => tl.foldLeft(h)((acc, nb) => domain.join(acc, nb, b))
+        }
+      }
+      savedBefore(b) = x
+      val todo = List(b)
+
+      val lastBlock = b // todo.last
+      var nx = todo.foldLeft(x)((x, b) => {
+        savedBefore(b) = x
+        if (backwards) {
+          val ojmp = domain.transfer(x, b.jump)
+          savedAfter(b) = b.statements.toList.reverse.foldLeft(ojmp)(domain.transfer)
+        } else {
+          val stmts = b.statements.foldLeft(x)(domain.transfer)
+          savedAfter(b) = domain.transfer(stmts, b.jump)
+        }
+        savedAfter(b)
+      })
+      savedAfter(lastBlock) = nx
+      saveCount(lastBlock) = saveCount.get(lastBlock).getOrElse(0) + 1
+      if (!prev.contains(nx)) then {
+        if (saveCount(lastBlock) >= 50) {
+          Logger.warn(s"Large join count on block ${lastBlock.label}, no fix point? (-v for mor info)")
+          Logger.debug(lastBlock.label + "    ==> " + x)
+          Logger.debug(lastBlock.label + "    <== " + nx)
+        }
+        worklist.addAll(successors(lastBlock))
+      }
+    }
+    if backwards then (savedAfter.toMap, savedBefore.toMap) else (savedBefore.toMap, savedAfter.toMap)
+  }
+}
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 00983f357..40493a37f 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -14,23 +14,7 @@ import scala.concurrent.duration.*
 import scala.util.{Failure, Success}
 import ExecutionContext.Implicits.global
 
-trait AbstractDomain[L] {
-  def join(a: L, b: L, pos: Block): L
-  def widen(a: L, b: L, pos: Block): L = join(a, b, pos)
-  def narrow(a: L, b: L): L = a
-  def transfer(a: L, b: Command): L
-  def transferBlockFwd(a: L, b: Block): L = {
-    transfer(b.statements.foldLeft(a)(transfer), b.jump)
-  }
-  def transferBlockBwd(a: L, b: Block): L = {
-    b.statements.toList.reverse.foldLeft(transfer(a, b.jump))(transfer)
-  }
-
-  def top: L
-  def bot: L
-}
-
-def getLiveVars(p: Procedure) : (Map[Block, Set[Variable]], Map[Block, Set[Variable]]) = {
+def getLiveVars(p: Procedure): (Map[Block, Set[Variable]], Map[Block, Set[Variable]]) = {
   val liveVarsDom = IntraLiveVarsDomain()
   val liveVarsSolver = worklistSolver(liveVarsDom)
   liveVarsSolver.solveProc(p, backwards = true)
@@ -109,41 +93,6 @@ class DefUseDomain(liveBefore: Map[Block, Set[Variable]])
 
 }
 
-class CollectingDomain[T, D <: AbstractDomain[T]](d: D) extends AbstractDomain[(T, Map[Command, T])] {
-  def bot = (d.bot, Map())
-  def top = ???
-
-  def join(l: (T, Map[Command, T]), r: (T, Map[Command, T]), pos: Block): (T, Map[Command, T]) = {
-    val nr = d.join(l._1, r._1, pos)
-    (
-      nr,
-      (l._2.keySet ++ r._2.keySet)
-        .map((s: Command) => {
-          ((l._2.get(s), r._2.get(s)) match {
-            case (Some(l), Some(r)) if l == r => Seq(s -> l)
-            case (Some(l), Some(r)) if l != r => Seq()
-            case (Some(l), None)              => Seq(s -> l)
-            case (None, Some(l))              => Seq(s -> l)
-            case _                            => ???
-          })
-        })
-        .flatten
-        .toMap
-    )
-  }
-
-  override def transfer(s: (T, Map[Command, T]), c: Command) = {
-    val u = d.transfer(s._1, c)
-    (u, s._2.updated(c, u))
-  }
-}
-
-trait PowerSetDomain[T] extends AbstractDomain[Set[T]] {
-  def bot = Set()
-  def top = ???
-  def join(a: Set[T], b: Set[T], pos: Block) = a.union(b)
-}
-
 class IntraLiveVarsDomain extends PowerSetDomain[Variable] {
   // expected backwards
 
@@ -166,8 +115,8 @@ def removeSlices(p: Program): Unit = {
   p.procedures.foreach(removeSlices)
 }
 
-
 def removeSlices(p: Procedure): Unit = {
+
   /** if for each variable v there is some i:int such that (i) all its assignments have a ZeroExtend(i, x) and (ii) all
     * its uses have Extract(size(v) - i, 0, v) Then we replace v by a variable of bitvector size (size(v) - i)
     *
@@ -287,7 +236,6 @@ def removeSlices(p: Procedure): Unit = {
   visit_proc(ReplaceAlwaysSlicedVars(toSmallen), p)
 }
 
-
 def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
 
   /** Get all assign statements which define a variable never used, assuming ssa form and proc parameters so that
@@ -366,37 +314,6 @@ def getRedundantAssignments(procedure: Procedure): Set[Assign] = {
   var toRemove = assignedNotRead
   var removeOld = toRemove
 
-  // def remove(a: Assign): Boolean = {
-  //   var removed : Boolean = false
-  //   toRemove = toRemove.map((v, s) =>
-  //     v -> {
-  //       s match {
-  //         case VS.Read(defs, uses) if uses.size == 1 && uses.contains(a) => {
-  //           removed = true
-  //           VS.Assigned(defs)
-  //         }
-  //         case VS.Read(defs, uses) if uses.contains(a)                   => {
-  //           removed = true
-  //           VS.Read(defs, uses - a)
-  //         }
-  //         case o                                                         => o
-  //       }
-  //     }
-  //   )
-  //   removed
-  // }
-
-  // while ({
-  //   removeOld = toRemove
-  //   val removed = removeOld.map((v, s) => {
-  //     s match {
-  //       case VS.Assigned(definition) => definition.map(remove).foldLeft(false)((x,y) => x || y)
-  //       case _                       => false
-  //     }
-  //   })
-  //   removed.exists(x => x)
-  // }) {}
-
   val r = toRemove
     .collect { case (v, VS.Assigned(d)) =>
       d
@@ -535,7 +452,6 @@ def doCopyPropTransform(p: Program) = {
 
   applyRPO(p)
 
-
   Logger.info("[!] Simplify :: Expr/Copy-prop Transform")
   val work = p.procedures
     .filter(_.blocks.size > 0)
@@ -602,120 +518,6 @@ def applyRPO(p: Program) = {
   }
 }
 
-class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
-
-  def solveProc(p: Procedure, backwards: Boolean = false) = {
-    solve(p.blocks, Set(), Set(), backwards)
-  }
-
-  def solveProg(
-      p: Program,
-      widenpoints: Set[Block], // set of loop heads
-      narrowpoints: Set[Block] // set of conditions
-  ): Map[Procedure, Map[Block, L]] = {
-    val initDom = p.procedures.map(p => (p, p.blocks))
-
-    val work = initDom.map(d => {
-      (
-        d._1,
-        Future {
-          val t = util.PerformanceTimer(s"solve ${d._1.name}")
-          Logger.info(s"begin ${t.timerName}")
-          val r = solve(d._2, Set(), Set())
-          t.checkPoint("finished")
-          r
-        }
-      )
-    })
-    work
-      .map((prog, x) =>
-        try {
-          (prog, Await.result(x, 10000.millis)._2)
-        } catch {
-          case t: Exception => {
-            Logger.error(s"${prog.name} : $t")
-            (prog, Map())
-          }
-        }
-      )
-      .toMap
-    // Await.result(Future.sequence(work), Duration.Inf).toMap
-  }
-
-  def solve(
-      initial: IterableOnce[Block],
-      widenpoints: Set[Block], // set of loop heads
-      narrowpoints: Set[Block], // set of conditions
-      backwards: Boolean = false
-  ): (Map[Block, L], Map[Block, L]) = {
-    val savedAfter: mutable.HashMap[Block, L] = mutable.HashMap()
-    val savedBefore: mutable.HashMap[Block, L] = mutable.HashMap()
-    val saveCount: mutable.HashMap[Block, Int] = mutable.HashMap()
-    val worklist = {
-      if (backwards) {
-        mutable.PriorityQueue[Block]()(Ordering.by(b => -b.rpoOrder))
-      } else {
-        mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
-      }
-    }
-    worklist.addAll(initial)
-
-    def successors(b: Block) = if backwards then b.prevBlocks else b.nextBlocks
-    def predecessors(b: Block) = if backwards then b.nextBlocks else b.prevBlocks
-
-    while (worklist.nonEmpty) {
-      val b = worklist.dequeue
-
-      while (
-        worklist.nonEmpty && (if backwards then (worklist.head.rpoOrder <= b.rpoOrder)
-                              else (worklist.head.rpoOrder >= b.rpoOrder))
-      ) do {
-        // drop rest of blocks with same priority
-        val m = worklist.dequeue()
-        assert(
-          m == b,
-          s"Different nodes with same priority ${m.rpoOrder} ${b.rpoOrder}, violates PriorityQueueWorklist assumption: $b and $m"
-        )
-      }
-
-      val prev = savedAfter.get(b)
-      val x = {
-        predecessors(b).toList.flatMap(b => savedAfter.get(b).toList) match {
-          case Nil      => domain.bot
-          case h :: Nil => h
-          case h :: tl  => tl.foldLeft(h)((acc, nb) => domain.join(acc, nb, b))
-        }
-      }
-      savedBefore(b) = x
-      val todo = List(b)
-
-      val lastBlock = b // todo.last
-      var nx = todo.foldLeft(x)((x, b) => {
-        savedBefore(b) = x
-        if (backwards) {
-          val ojmp = domain.transfer(x, b.jump)
-          savedAfter(b) = b.statements.toList.reverse.foldLeft(ojmp)(domain.transfer)
-        } else {
-          val stmts = b.statements.foldLeft(x)(domain.transfer)
-          savedAfter(b) = domain.transfer(stmts, b.jump)
-        }
-        savedAfter(b)
-      })
-      savedAfter(lastBlock) = nx
-      saveCount(lastBlock) = saveCount.get(lastBlock).getOrElse(0) + 1
-      if (!prev.contains(nx)) then {
-        if (saveCount(lastBlock) >= 50) {
-          Logger.warn(s"Large join count on block ${lastBlock.label}, no fix point? (-v for mor info)")
-          Logger.debug(lastBlock.label + "    ==> " + x)
-          Logger.debug(lastBlock.label + "    <== " + nx)
-        }
-        worklist.addAll(successors(lastBlock))
-      }
-    }
-    if backwards then (savedAfter.toMap, savedBefore.toMap) else (savedBefore.toMap, savedAfter.toMap)
-  }
-}
-
 // case class CopyProp(from: Expr, expr: Expr, deps: Set[Variable])
 
 enum CopyProp {
@@ -757,7 +559,6 @@ object CCP {
 
 object CopyProp {
 
-
   def forwardFlagCalc(p: Procedure) = {
     val (beforeLive, afterLive) = getLiveVars(p)
     val dom = DefUseDomain(beforeLive)
@@ -780,10 +581,9 @@ object CopyProp {
       val deps: mutable.Set[Variable],
       var clobbered: Boolean,
       var useCount: Int,
-      var isFlagDep: Boolean,
+      var isFlagDep: Boolean
   )
 
-
   def PropFlagCalculations(p: Procedure, initialState: Map[Variable, PropState]) = {
     val state = mutable.HashMap[Variable, PropState]()
 
@@ -806,8 +606,11 @@ object CopyProp {
           ()
         }
         case a: Assign
-            if state.contains(a.lhs) && (a.rhs != state(a.lhs).e) && (canPropTo(state, a.rhs, true) != canPropTo(state, state(a.lhs).e, true))
-             => {
+            if state.contains(a.lhs) && (a.rhs != state(a.lhs).e) && (canPropTo(state, a.rhs, true) != canPropTo(
+              state,
+              state(a.lhs).e,
+              true
+            )) => {
           clobberFull(state, a.lhs)
         }
         case a: Assign if state.contains(a.lhs) => {
@@ -850,10 +653,14 @@ object CopyProp {
     }
   }
 
-  def isTrivial(e: Expr) = e match {
+  def isTrivial(e: Expr): Boolean = e match {
     case l: Literal                              => true
     case l: Variable                             => true
     case BinaryExpr(op, e: Variable, b: Literal) => true
+    case ZeroExtend(_, e) if isTrivial(e)        => true
+    case SignExtend(_, e) if isTrivial(e)        => true
+    case Extract(_, _, e) if isTrivial(e)        => true
+    case UnaryExpr(_, e) if isTrivial(e)         => true
     case _                                       => false
   }
 
@@ -1080,6 +887,15 @@ class ExprComplexity extends CILVisitor {
   }
 }
 
+/**
+ * Use this as a partially applied function. 
+ * Substitute(Map.from(substs).get, recurse = false)
+ *
+ * @res: defines the substitutions to make
+ * @recurse: continue substituting with `res` into each substituted expression
+ * @complexityThreshold: Stop substituting after the AST node count has increased by this much
+ *
+ */
 class Substitute(
     val res: Variable => Option[Expr],
     val recurse: Boolean = true,
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 9e3b7a5f8..9e71771ba 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -4,6 +4,7 @@ import boogie.*
 import specification.*
 import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion}
 import ir.cilvisitor.*
+import scala.sys.process.*
 
 trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
   // def vstmt(s: Statement) : Repr[Statement]
@@ -125,23 +126,10 @@ trait BasilIRExpWithVis[Repr[+_]] extends BasilIRExp[Repr] {
   /** Performs some simple reductions to fit basil IR into SMT2.
     */
 
-  def vprog(mainProc: String, procedures: List[Repr[Procedure]]) : Repr[Program] = ???
-  def vrepeat(reps: Int, value: Repr[Expr]): Repr[Expr] = ???
-  def vzeroextend(bits: Int, b: Repr[Expr]): Repr[Expr] = ???
-  def vsignextend(bits: Int, b: Repr[Expr]): Repr[Expr] = ???
-  def vboollit(b: Boolean): Repr[BoolLit] = ???
-  def vbvlit(b: BitVecLiteral): Repr[BitVecLiteral] = ???
-  def vintlit(b: BigInt): Repr[IntLiteral] = ???
 
   def vexpr(e: Expr): Repr[Expr] = {
     e match {
-      case n: Literal =>
-        n match {
-          case TrueLiteral      => vboollit(true)
-          case FalseLiteral     => vboollit(false)
-          case v: IntLiteral    => vintlit(v.value)
-          case b: BitVecLiteral => vbvlit(b)
-        }
+      case n: Literal => vliteral(n)
       case m @ MemoryLoad(mem, index, endian, size) => vload(m)
       case Extract(ed, start, arg)                  => vextract(ed, start, vexpr(arg))
       case Repeat(repeats, arg) => {
@@ -184,8 +172,30 @@ def list[T](l: Sexp[T]*): Sexp[T] = Sexp.Slist(l.toList)
 
 object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
 
-  def exprUnsat(e: Expr, name: Option[String] = None): String = {
+  def vprog(mainProc: String, procedures: List[Sexp[Procedure]]) : Sexp[Program] = ???
+  def vrepeat(reps: Int, value: Sexp[Expr]): Sexp[Expr] = ???
+  def vzeroextend(bits: Int, b: Sexp[Expr]): Sexp[Expr] = ???
+  def vsignextend(bits: Int, b: Sexp[Expr]): Sexp[Expr] = ???
+  def vboollit(b: Boolean): Sexp[BoolLit] = ???
+  def vbvlit(b: BitVecLiteral): Sexp[BitVecLiteral] = ???
+  def vintlit(b: BigInt): Sexp[IntLiteral] = ???
+
+  /**
+   * Immediately invoke z3 and block until it returns a result.
+   *
+   * Return Some(true) when proven, Some(false) when counterexample found, and None when unknown.
+   */
+  def proveExpr(e: Expr, softTimeoutMillis: Option[Int] = None) : Option[Boolean] = {
+    val query = exprUnsat(e, None, false)
+    val res = util.z3.checkSATSMT2(query, softTimeoutMillis)
+    res match {
+      case util.z3.SatResult.UNSAT => Some(true)
+      case util.z3.SatResult.SAT => Some(false)
+      case util.z3.SatResult.Unknown(_) => None
+    }
+  }
 
+  def exprUnsat(e: Expr, name: Option[String] = None, getModel : Boolean = true): String = {
     val assert = if (name.isDefined) {
       list(sym("assert"), list(sym("!"), BasilIRToSMT2.vexpr(e), sym(":named"), sym(name.get)))
     } else {
@@ -196,11 +206,10 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
       ++ List(
         assert,
         list(sym("set-option"), sym(":smt.timeout"), sym("1")),
-        list(sym("echo"), sym("\"" + name.getOrElse("") + "  ::  " + e + "\"")),
-        list(sym("check-sat")),
-        list(sym("get-model")),
-        list(sym("pop"))
-      )
+        list(sym("check-sat"))
+      ) 
+      ++ (if (getModel) then List(list(sym("echo"), sym("\"" + name.getOrElse("") + "  ::  " + e + "\"")), list(sym("get-model"))) else List())
+      ++ List(list(sym("pop")))
 
     (terms.map(Sexp.print)).mkString("\n")
   }
diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
index 52ac06895..98bbef13a 100644
--- a/src/main/scala/translating/PrettyPrinter.scala
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -79,13 +79,13 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
       procname: String,
       inparams: List[(BST[Variable], BST[Expr])]
   ): BST[DirectCall] = {
-    BST(s"(${outParams.map((l,r) => l).mkString(", ")} := call $procname ${inparams.map((l,r) => r).mkString(", ")})")
+    BST(s"(${outParams.map((l,r) => l).mkString(", ")}) := call $procname (${inparams.map((l,r) => r).mkString(", ")});")
   }
 
 
   override def vindirect(target: BST[Variable]): BST[IndirectCall] = BST(s"indirect_call(${target})")
-  override def vassert(body: BST[Expr]): BST[Assert] = BST(s"assert $body")
-  override def vassume(body: BST[Expr]): BST[Assume] = BST(s"assume $body")
+  override def vassert(body: BST[Expr]): BST[Assert] = BST(s"assert($body)")
+  override def vassume(body: BST[Expr]): BST[Assume] = BST(s"assume($body)")
   override def vnop(): BST[NOP] = BST("nop")
 
   override def vgoto(t: List[String]): BST[GoTo] = BST(s"goto(${t.mkString(", ")})")
@@ -114,7 +114,7 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
   override def vrepeat(reps: Int, b: BST[Expr]) = BST(s"repeat($reps, $b)")
   override def vbinary_expr(e: BinOp, l: BST[Expr], r: BST[Expr]): BST[Expr] = {
     val opn = e.getClass.getSimpleName.toLowerCase.stripSuffix("$")
-    BST(s"$opn($l $r)")
+    BST(s"$opn($l, $r)")
   }
   override def vunary_expr(e: UnOp, arg: BST[Expr]): BST[Expr] = {
     val opn = e.getClass.getSimpleName.toLowerCase.stripSuffix("$")
@@ -123,8 +123,8 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
 
 
   override def vboollit(b: Boolean) = BST(b.toString)
-  override def vintlit(i: BigInt) = BST("%x".format(i))
-  override def vbvlit(i: BitVecLiteral) = BST("%x".format(i.value) + s"bv${i.size}")
+  override def vintlit(i: BigInt) = BST("0x%x".format(i))
+  override def vbvlit(i: BitVecLiteral) = BST("0x%x".format(i.value) + s"bv${i.size}")
   override def vuninterp_function(name: String, args: Seq[BST[Expr]]): BST[Expr] = BST(s"$name(${args.mkString(", ")})")
 
   override def vload(arg: MemoryLoad): BST[Expr] = {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 9d6f7b6ba..bfc0c0b89 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -363,7 +363,7 @@ object StaticAnalysis {
     )
 
     config.analysisDotPath.foreach(f => {
-      val dumpdomain = computeDomain[CFGPosition, CFGPosition](InterProcIRCursor, IRProgram.procedures)
+      val dumpdomain = computeDomain[CFGPosition, CFGPosition](InterProcIRCursor, IRProgram.procedures).toSet
       writeToFile(toDot(dumpdomain, InterProcIRCursor, Map.empty), s"${f}_new_ir_intercfg$iteration.dot")
     })
 
@@ -534,15 +534,13 @@ object RunUtils {
     val timer = PerformanceTimer("Simplify")
     val write = true
 
-
     transforms.applyRPO(ctx.program)
 
     transforms.removeEmptyBlocks(ctx.program)
     transforms.coalesceBlocks(ctx.program)
     transforms.removeEmptyBlocks(ctx.program)
-    if write then writeToFile(dotBlockGraph(ctx.program, (ctx.program.collect {
-      case b : Block => b -> translating.BasilIRPrettyPrinter()(b)
-    }).toMap), s"blockgraph-before-dsa.dot")
+
+    if write then writeToFile(dotBlockGraph(ctx.program.mainProcedure), s"blockgraph-before-dsa.dot")
     
     Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
@@ -551,7 +549,11 @@ object RunUtils {
     // transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
     transforms.OnePassDSA().applyTransform(ctx.program)
     Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
-    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-dsa.dot")
+
+    if write then writeToFile(dotBlockGraph(ctx.program, (ctx.program.collect {
+      case b : Block => b -> translating.BasilIRPrettyPrinter()(b)
+    }).toMap), s"blockgraph-after-dsa.dot")
+
     if (ir.eval.SimplifyValidation.validate) {
       // Logger.info("Live vars difftest")
       // val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
@@ -571,7 +573,8 @@ object RunUtils {
     // brute force run the analysis twice because it cleans up more stuff
     //assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
     transforms.doCopyPropTransform(ctx.program)
-    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
+    if write then writeToFile(dotBlockGraph(ctx.program), s"blockgraph-after-simp.dot")
+
     // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
 
     assert(invariant.blockUniqueLabels(ctx.program))
@@ -592,12 +595,8 @@ object RunUtils {
     // which go away in high level conss
     if write then writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
 
-    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-simp.dot")
-
     // re-apply dsa
     // transforms.OnePassDSA().applyTransform(ctx.program)
-    if write then writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-after-second-dsa.dot")
-
 
     if (write) {
       writeToFile(translating.BasilIRPrettyPrinter()(ctx.program), "prettyprinted.il")
diff --git a/src/main/scala/util/z3/z3process.scala b/src/main/scala/util/z3/z3process.scala
new file mode 100644
index 000000000..cda2f97ad
--- /dev/null
+++ b/src/main/scala/util/z3/z3process.scala
@@ -0,0 +1,23 @@
+package util.z3
+import scala.sys.process.*
+import java.io.ByteArrayInputStream
+import util.Logger
+
+enum SatResult {
+  case SAT
+  case UNSAT
+  case Unknown(s: String)
+}
+
+
+def checkSATSMT2(smt: String, softTimeoutMillis: Option[Int] = None) : SatResult = {
+  val cmd = Seq("z3", "-smt2", "-in") ++ (if (softTimeoutMillis.isDefined) then Seq(s"-t:${softTimeoutMillis.get}") else Seq())
+  val output = (cmd  #< ByteArrayInputStream(smt.getBytes("UTF-8"))).!!
+  if (output == "sat\n") {
+    SatResult.SAT
+  } else if (output == "unsat\n") {
+    SatResult.UNSAT
+  } else {
+    SatResult.Unknown(output)
+  }
+}
diff --git a/src/test/scala/SATTest.scala b/src/test/scala/SATTest.scala
new file mode 100644
index 000000000..ff4a727b0
--- /dev/null
+++ b/src/test/scala/SATTest.scala
@@ -0,0 +1,18 @@
+import analysis.ParamAnalysis
+import ir.dsl.*
+import ir.*
+import org.scalatest.funsuite.AnyFunSuite
+import test_util.BASILTest
+import util.*
+import translating.BasilIRToSMT2
+
+
+
+class SATTest extends AnyFunSuite {
+  test(" basic taut ") {
+    Logger.setLevel(LogLevel.DEBUG)
+    val e = BinaryExpr(BoolEQ, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVEQ, bv64(0), R0))
+    val r = BasilIRToSMT2.proveExpr(e)
+    assert(r == Some(true))
+  }
+}

From d3b817678f78962caa0f3bfb82969b74ce0dff11 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 13 Nov 2024 11:44:57 +1000
Subject: [PATCH 099/127] ccmp and rpo sort

---
 src/main/scala/ir/Program.scala               |   5 +-
 src/main/scala/ir/Visitor.scala               |   2 +-
 src/main/scala/ir/eval/ExprEval.scala         |   2 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     | 266 +++++++++++-------
 .../invariant/BlocksUniqueToProcedure.scala   |   2 +-
 .../transforms/DynamicSingleAssignment.scala  |  14 +-
 src/main/scala/ir/transforms/Simp.scala       |  23 +-
 .../scala/translating/SemanticsLoader.scala   |   2 +-
 src/main/scala/util/RunUtils.scala            |  17 +-
 9 files changed, 201 insertions(+), 132 deletions(-)

diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index 53482bb21..37fb98f19 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -176,7 +176,7 @@ class ProgramThread(val entry: Procedure,
 */
 
 class Procedure private (
-                  var name: String,
+                  var procName: String,
                   var address: Option[BigInt],
                   private var _entryBlock: Option[Block],
                   private var _returnBlock: Option[Block],
@@ -188,6 +188,9 @@ class Procedure private (
                   var requires: List[BExpr],
                   var ensures: List[BExpr],
                 ) extends Iterable[CFGPosition] {
+
+  def name = procName + address.map("_" + _).getOrElse("") 
+
   private val _callers = mutable.HashSet[DirectCall]()
   _blocks.foreach(_.parent = this)
   // class invariant
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index 5ad5daae2..fd350c543 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -382,7 +382,7 @@ class Renamer(reserved: Set[String]) extends Visitor {
 
   override def visitProcedure(node: Procedure): Procedure = {
     if (reserved.contains(node.name)) {
-      node.name = s"#${node.name}"
+      node.procName = s"#${node.name}"
     }
     super.visitProcedure(node)
   }
diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 60ae5d344..b6f23ab16 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -41,7 +41,7 @@ def evalBVBinExpr(b: BVBinOp, l: BitVecLiteral, r: BitVecLiteral): BitVecLiteral
 
 def evalBVLogBinExpr(b: BVBinOp, l: BitVecLiteral, r: BitVecLiteral): Boolean = b match {
   case BVULE => BitVectorEval.smt_bvule(l, r)
-  case BVUGT => BitVectorEval.smt_bvult(l, r)
+  case BVUGT => BitVectorEval.smt_bvugt(l, r)
   case BVUGE => BitVectorEval.smt_bvuge(l, r)
   case BVULT => BitVectorEval.smt_bvult(l, r)
   case BVSLT => BitVectorEval.smt_bvslt(l, r)
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index f8f9b4a69..0baf1abbb 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -10,13 +10,17 @@ import ir.cilvisitor.*
 val assocOps: Set[BinOp] =
   Set(BVADD, BVMUL, BVOR, BVAND, BVEQ, BoolAND, BoolEQ, BoolOR, BoolEQUIV, BoolEQ, IntADD, IntMUL, IntEQ)
 
+var trace = false
+
 class SimpExpr(simplifier: Expr => (Expr, Boolean)) extends CILVisitor {
   var changedAnything = false
   var count = 0
   override def vexpr(e: Expr) =
+    val (ne, changed) = simplifier(e)
+    changedAnything = changedAnything || changed
     ChangeDoChildrenPost(
-      e,
-      e => {
+      ne,
+      (e: Expr) => {
         val one = e
         val (ne, c) = simplifier(e)
         changedAnything = changedAnything || c
@@ -25,23 +29,26 @@ class SimpExpr(simplifier: Expr => (Expr, Boolean)) extends CILVisitor {
     )
 
   def apply(e: Expr) = {
-    changedAnything = false
-    count = 0
-    val ne = visit_expr(this, e)
-    (ne, changedAnything)
+    val ns = SimpExpr(simplifier)
+    val ne = visit_expr(ns, e)
+    (ne, ns.changedAnything)
   }
 }
 
 def sequenceSimp(a: Expr => (Expr, Boolean), b: Expr => (Expr, Boolean))(e: Expr): (Expr, Boolean) = {
   val (ne1, changed1) = a(e)
   if (ne1 == e && changed1) {
-    throw Exception("No simp")
+    Logger.error(s" ${SimplifyValidation.debugTrace.last}")
+    throw Exception(s"No simp $e \n  -> $ne1")
   }
   val (ne2, changed2) = b(ne1)
   if (ne2 == ne1 && changed2) {
-    throw Exception("No simp")
+    // throw Exception("No simp")
+    Logger.error(s" ${SimplifyValidation.debugTrace.last}")
+    throw Exception(s"No simp $ne1 \n  -> $ne2")
   }
   if (ne2 == e && (changed1 || changed2)) {
+    Logger.error(s" ${SimplifyValidation.debugTrace.last}")
     throw Exception(s"No simp $e \n  -> $ne1\n  -> $ne2")
   }
   (ne2, changed1 || changed2)
@@ -61,9 +68,9 @@ def simpFixedPoint(s: Expr => (Expr, Boolean))(e: Expr): (Expr, Boolean) = {
       throw Exception(s"changed flag set but no change \n    $expr\n    $ne\n, ${s.getClass.getSimpleName}")
     }
     if (count > 100) {
-      Logger.error(ne)
+      Logger.error(s"$ne, ${SimplifyValidation.debugTrace.last}")
     }
-    changed = ne != expr
+    changed = ce
     expr = ne
   }
   (expr, changedAny)
@@ -73,8 +80,8 @@ def simplifyExprVis = SimpExpr(simpFixedPoint(sequenceSimp(simplifyExpr, SimpExp
 def simplifyCondVis = SimpExpr(
   simpFixedPoint(
     sequenceSimp(
+      simpFixedPoint(SimpExpr(simpFixedPoint(simplifyCmpInequalities)).apply),
       simplifyExprVis.apply,
-      SimpExpr(simplifyCmpInequalities).apply
     )
   )
 )
@@ -112,7 +119,7 @@ def cleanupSimplify(p: Procedure) = {
 }
 
 object SimplifyValidation {
-  var traceLog = mutable.LinkedHashSet[(Expr, Expr)]()
+  var traceLog = mutable.LinkedHashSet[(Expr, Expr, String)]()
   var validate: Boolean = false
   var debugTrace = mutable.ArrayBuffer[(Expr, Expr, sourcecode.Line, sourcecode.FileName, sourcecode.Name)]()
 
@@ -130,14 +137,14 @@ object SimplifyValidation {
 
     var ind = 0
 
-    for ((o, n) <- traceLog) {
+    for ((o, n, sname) <- traceLog) {
       ind += 1
       if (ir.transforms.ExprComplexity()(n) > 5000) {
         Logger.warn(s"Skipping simplification proof $ind because too large (> 5000)!")
       } else {
         if (ind % 100 == 0) Logger.info(s"Wrote simplification proof $ind / ${traceLog.size}")
         val equal = UnaryExpr(BoolNOT, makeEQ(o, n))
-        val expr = translating.BasilIRToSMT2.exprUnsat(equal, Some(s"simp$ind"))
+        val expr = translating.BasilIRToSMT2.exprUnsat(equal, Some(s"simp.$ind$sname"))
         writer.write(expr)
         writer.write("\n\n")
       }
@@ -166,67 +173,13 @@ def logSimp(e: Expr, ne: Expr, actual: Boolean = true)(implicit
     val normer = VarNameNormalise()
     val a = visit_expr(normer, e)
     val b = visit_expr(normer, ne)
+    val s = s"${file.value}..${line.value}"
 
-    SimplifyValidation.traceLog.add((a, b))
+    SimplifyValidation.traceLog.add((a, b, s))
   }
   ne
 }
 
-//def simplifyExprFixpoint(conditions: Boolean = false)(e: Expr): Expr = {
-//  val begin = e
-//  var pe = e
-//  var count = 0
-//  var ne = e
-//  var changedAny = false
-//  var changed = true
-//  while (changed) {
-//    {
-//      val (x, didAnything) = simplifyExpr(ne)
-//      ne = x
-//      changed = didAnything
-//    }
-//
-//    if (conditions) {
-//      val p = ne
-//      val (cx, didConds) = simplifyCmpInequalities(ne)
-//      changed = changed || didConds
-//      ne = cx
-//
-//      if (SimplifyValidation.validate) {
-//        // normalise to deduplicate log entries
-//        // logSimp(p, ne)
-//      }
-//    }
-//
-//    class peevis extends CILVisitor {
-//      override def vexpr(e: Expr) = ChangeDoChildrenPost(
-//        e,
-//        e => {
-//          val (per, didpe) = ir.eval.fastPartialEvalExpr(e)
-//          changed = changed || didpe
-//          per
-//        }
-//      )
-//    }
-//
-//    changedAny = changedAny || changed
-//    count += 1
-//
-//    try {
-//      ne = visit_expr(peevis(), ne)
-//    } catch {
-//      case ex => {
-//        Logger.error(ne)
-//        throw ex
-//      }
-//    }
-//
-//  }
-//  if (changed) {
-//    Logger.error(s"stopping simp before fixed point: there is likely a simplificatinon loop: $pe !=== $ne")
-//  }
-//  ne
-//}
 
 class VarNameNormalise() extends CILVisitor {
   var count = 1
@@ -279,7 +232,19 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1))  => logSimp(e, body)
     case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => logSimp(e, BinaryExpr(BoolEQ, (l), (r)))
 
-    case BinaryExpr(BVADD, l @ UnaryExpr(BVNEG, x), r) if !r.isInstanceOf[Literal] => BinaryExpr(BVADD, r, l)
+    case BinaryExpr(BVADD, l @ UnaryExpr(BVNEG, x), r) if !r.isInstanceOf[Literal] && !{r match {
+      case UnaryExpr(BVNEG, _) => true
+      case _ => false
+    }} => BinaryExpr(BVADD, r, l)
+
+    case BinaryExpr(BoolAND, l @ BinaryExpr(BVEQ, _, _), r @ BinaryExpr(relop, _, _))
+        if ineqToStrict.contains(relop) || strictIneq.contains(relop) => {
+      BinaryExpr(BoolAND, r, l)
+    }
+    case BinaryExpr(BoolAND, l @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, _, _)), r @ BinaryExpr(relop, _, _))
+        if ineqToStrict.contains(relop) || strictIneq.contains(relop) => {
+      BinaryExpr(BoolAND, r, l)
+    }
 
     /* intro bool2bv */
     case BinaryExpr(
@@ -346,25 +311,82 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     }
 
     // relax bound by 1
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
-        if x == x2 && y.value == z.value => {
+    case BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        if x == x2 && ((y.value + 1) == z.value) => {
       logSimp(e, BinaryExpr(BVULE, x, z))
     }
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
-        if x == x2 && y.value + 1 == z.value => {
+    case BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+        if x == x2 && y.value == z.value => {
       logSimp(e, BinaryExpr(BVULE, x, z))
     }
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+    case BinaryExpr(BoolOR, BinaryExpr(BVUGT, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
         if x == x2 && y.value == z.value => {
       logSimp(e, BinaryExpr(BVUGE, x, z))
     }
-    case e @ BinaryExpr(BoolOR, BinaryExpr(BVUGE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
+    case BinaryExpr(BoolOR, BinaryExpr(BVUGE, x, y: BitVecLiteral), (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
         if x == x2 && y.value - 1 == z.value => {
       logSimp(e, BinaryExpr(BVULE, x, z))
     }
 
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGT, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVUGT, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x2 >= x1) =>
+      logSimp(e, r)
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGT, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVUGT, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x1 >= x2) =>
+      logSimp(e, l)
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGE, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVUGE, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x2 >= x1) =>
+      logSimp(e, r)
+
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGE, e1, BitVecLiteral(x1, _)),
+          r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, e2, BitVecLiteral(x2, _)))
+        ) if e1 == e2 && (x1 > x2) =>
+      logSimp(e, l)
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGT, e1, BitVecLiteral(x1, _)),
+          r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, e2, BitVecLiteral(x2, _)))
+        ) if e1 == e2 && (x1 >= x2) =>
+      logSimp(e, l)
+
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGE, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVEQ, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x1 <= x2) =>
+      logSimp(e, r)
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGT, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVEQ, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x1 > x2) =>
+      logSimp(e, r)
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGE, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVEQ, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x1 > x2) =>
+      logSimp(e, FalseLiteral)
+    case BinaryExpr(
+          BoolAND,
+          l @ BinaryExpr(BVUGT, e1, BitVecLiteral(x1, _)),
+          r @ BinaryExpr(BVEQ, e2, BitVecLiteral(x2, _))
+        ) if e1 == e2 && (x2 <= x1) =>
+      logSimp(e, FalseLiteral)
+
     // tighten bound by 1
-    case e @ BinaryExpr(
+    case BinaryExpr(
           BoolAND,
           BinaryExpr(BVUGT, x, y: BitVecLiteral),
           UnaryExpr(BoolNOT, (BinaryExpr(BVEQ, x2, z: BitVecLiteral)))
@@ -659,18 +681,17 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           BoolAND,
           l @ BinaryExpr(BVUGT, lhs, UnaryExpr(BVNOT, rhs)),
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, nrhs @ UnaryExpr(BVNEG, rhs2)))
-        ) if  rhs == rhs2 && lhs == lhs2 => {
+        ) if rhs == rhs2 && lhs == lhs2 => {
       logSimp(e, BinaryExpr(BVUGT, lhs, nrhs))
     }
     case BinaryExpr(
           BoolAND,
           l @ BinaryExpr(BVULT, lhs, UnaryExpr(BVNEG, rhs)),
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, nrhs @ UnaryExpr(BVNOT, rhs2)))
-        ) if  rhs == rhs2 && lhs == lhs2 => {
+        ) if rhs == rhs2 && lhs == lhs2 => {
       logSimp(e, BinaryExpr(BVULT, lhs, nrhs))
     }
 
-
     // weak to strict inequality
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
@@ -685,16 +706,6 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           lhs == lhs2 && (simplifyCond(UnaryExpr(BVNEG, rhs)) == simplifyCond(rhs2)) => {
       logSimp(e, BinaryExpr(ineqToStrict(op), lhs, rhs))
     }
-    case BinaryExpr(BoolAND, l @ BinaryExpr(BoolOR, a, b), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2))) => {
-      logSimp(
-        e,
-        BinaryExpr(
-          BoolAND,
-          simplifyCond(BinaryExpr(BoolAND, a, r)),
-          simplifyCond(BinaryExpr(BoolAND, b, r))
-        )
-      )
-    }
 
     case BinaryExpr(BoolEQ, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => logSimp(e, BinaryExpr(BoolEQ, x, y))
 
@@ -714,12 +725,6 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
       logSimp(e, BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r)))
     }
-    case BinaryExpr(BoolOR, BinaryExpr(BoolAND, x, y), r @ UnaryExpr(BoolNOT, BinaryExpr(BVEQ, a, b))) => {
-      logSimp(e, BinaryExpr(BoolAND, BinaryExpr(BoolAND, x, r), BinaryExpr(BoolAND, y, r)))
-    }
-    case BinaryExpr(BoolAND, UnaryExpr(BoolNOT, x), UnaryExpr(BoolNOT, y)) => {
-      logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BoolOR, x, y)))
-    }
 
     case BinaryExpr(BoolOR, BinaryExpr(op, lhs, rhs), BinaryExpr(BVEQ, lhs2, rhs2))
         if strictToNonStrict.contains(op) && rhs == rhs2 && lhs == lhs2 => {
@@ -731,6 +736,38 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       logSimp(e, lhs)
     }
 
+    case BinaryExpr(
+          BoolAND,
+          BinaryExpr(BoolAND, a @ BinaryExpr(op1, lhs1, lb: Literal), b @ BinaryExpr(op2, lhs3, rb: Literal)),
+          BinaryExpr(BoolAND, c @ BinaryExpr(op4, lhs2, lb2: Literal), d @ BinaryExpr(op3, lhs4, rb2: Literal))
+        ) if isIneq(op1) && isIneq(op2) && isIneq(op3) && isIneq(op4) && lhs1 == lhs2 && lhs3 != lhs1 => {
+      logSimp(e, BinaryExpr(BoolAND, BinaryExpr(BoolAND, a, c), BinaryExpr(BoolAND, b, d)))
+    }
+
+    case BinaryExpr(BoolOR, BinaryExpr(BVUGT, x, y), BinaryExpr(BVULE, x1, y1)) if x1 == x && y1 == y => TrueLiteral
+    case BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y), BinaryExpr(BVUGE, x1, y1)) if x1 == x && y1 == y => TrueLiteral
+    case BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y), BinaryExpr(BVUGT, x1, y1)) if x1 == x && y1 == y => TrueLiteral
+
+   // case orig @ BinaryExpr(
+   //       BoolAND,
+   //       BinaryExpr(BoolAND, a, b),
+   //       BinaryExpr(BoolOR, c, d)
+   //     )  if {
+   //       //val simpeda = BinaryExpr(BoolAND, BinaryExpr(BoolOR, a, c), BinaryExpr(BoolOR, a, d))
+   //       //val simpedb = BinaryExpr(BoolAND, BinaryExpr(BoolOR, b, c), BinaryExpr(BoolOR, b, d))
+   //       //val s = BinaryExpr(BoolAND, simpeda, simpedb)
+   //       //val r = simplifyCond(s)
+   //       true
+   //     } => {
+   //       trace = true
+   //       val simpeda = (BinaryExpr(BoolAND, (BinaryExpr(BoolAND, c, a)), (BinaryExpr(BoolAND, c, b))))
+   //       val simpedb = (BinaryExpr(BoolAND, (BinaryExpr(BoolAND, d, a)), (BinaryExpr(BoolAND, d, b))))
+   //       val s = simplifyCond(BinaryExpr(BoolOR, simpeda, simpedb))
+   //       val nr =  logSimp(e, s)
+   //       trace = false
+   //       nr
+   //     }
+
     case BinaryExpr(
           BoolOR,
           BinaryExpr(BoolAND, l @ BinaryExpr(op1, lhs1, lb: Literal), r @ BinaryExpr(op2, lhs3, rb: Literal)),
@@ -755,6 +792,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       )
     }
 
+
     case BinaryExpr(
           BoolAND,
           BinaryExpr(op, lhs, rhs),
@@ -828,6 +866,10 @@ def bool2bv1(e: Expr) = {
 
 }
 
+def isRel(b: BinOp) = {
+  isIneq(b) || b == BVEQ || b == BoolEQ
+}
+
 def isIneq(b: BinOp) = {
   ineqToStrict.contains(b) || strictIneq.contains(b)
 }
@@ -893,18 +935,6 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
       n
     }
 
-    // inequality negation
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
-      logSimp(e, UnaryExpr(BVNOT, (body)))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSLT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGE, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLE, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVULT, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGE, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVUGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVULE, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSLE, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGT, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVSGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLT, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGT, lhs, rhs))
-    case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVULT, lhs, rhs))
-
     // redundant extends
     // extract extended zero part
     case Extract(ed, bg, ZeroExtend(x, expr)) if (bg > size(expr).get) => BitVecLiteral(0, ed - bg)
@@ -1096,6 +1126,24 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     //  logSimp(e, BinaryExpr(op, x, y))
 
     case BinaryExpr(BVSUB, x: Expr, y: BitVecLiteral) => logSimp(e, BinaryExpr(BVADD, x, UnaryExpr(BVNEG, y)))
+    // DeMorgans
+    case UnaryExpr(BoolNOT, BinaryExpr(BoolAND, a, b)) =>
+      logSimp(e, BinaryExpr(BoolOR, UnaryExpr(BoolNOT, a), UnaryExpr(BoolNOT, b)))
+    case UnaryExpr(BoolNOT, BinaryExpr(BoolOR, a, b)) =>
+      logSimp(e, BinaryExpr(BoolAND, UnaryExpr(BoolNOT, a), UnaryExpr(BoolNOT, b)))
+
+    // inequality negation
+    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
+      logSimp(e, UnaryExpr(BVNOT, (body)))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSLT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVULT, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVUGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVULE, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSLE, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGT, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVSGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLT, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGT, lhs, rhs))
+    case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVULT, lhs, rhs))
+
 
     case r => {
       didAnything = false
diff --git a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
index e53ae4d30..6250327dc 100644
--- a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
+++ b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
@@ -61,7 +61,7 @@ def blocksUniqueToEachProcedure(p: Program) : Boolean = {
   val v = BVis()
   visit_prog(v, p)
   for (g <- v.gotoViolations) {
-    Logger.error(s"$g has target outside parent block")
+    Logger.error(s"$g has target outside parent procedure ${g.parent.parent.name}")
   }
 
   for (b <- v.blockMultiProcViolations) {
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index cb1dc97ee..c3483af19 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -281,12 +281,20 @@ class OnePassDSA(
   def applyTransform(p: Procedure): Unit = {
     val _st = mutable.Map[Block, BlockState]()
     // ensure order is defined
-    p.entryBlock.map(reversePostOrder)
+    reversePostOrder(p)
 
     val (liveBeforeIn, liveAfterIn) = liveVarsSolver.solveProc(p, backwards = true)
     val liveBefore = mutable.Map.from(liveBeforeIn)
     val liveAfter = mutable.Map.from(liveAfterIn)
 
+    for (b <- p.blocks.filterNot(liveBeforeIn.contains)) {
+      liveBefore(b) = liveVarsDom.bot
+    }
+    for (b <- p.blocks.filterNot(liveAfterIn.contains)) {
+      liveAfter(b) = liveVarsDom.bot
+    }
+
+
     val worklist = mutable.PriorityQueue[Block]()(Ordering.by(b => b.rpoOrder))
     worklist.addAll(p.blocks)
     var seen = Set[Block]()
@@ -302,7 +310,7 @@ class OnePassDSA(
     }
 
     // fix up rpo index of added phi blocks
-    p.entryBlock.map(reversePostOrder)
+    reversePostOrder(p)
   }
 
 }
@@ -360,7 +368,7 @@ def rdDSAProperty(p: Procedure): Boolean = {
 
     override def vrvar(v: Variable) = {
       val allDefs = defs.get(v).toSet.flatten
-      val reachDefs = reachingDefs(stmt).get(v).toSet.flatten
+      val reachDefs = reachingDefs.get(stmt).flatMap(_.get(v)).toSet.flatten
 
       val check = allDefs == reachDefs
       if (!check) {
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 40493a37f..cd1f448ad 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -493,8 +493,20 @@ def doCopyPropTransform(p: Program) = {
 
 }
 
-def reversePostOrder(startBlock: Block): Unit = {
-  var count = 0
+
+def reversePostOrder(p: Procedure) : Unit = {
+  /* Procedures may contain disconnected sets of blocks so we arbitrarily order these with respect to eachother. */
+  for (b <- p.blocks) {
+    b.rpoOrder = -1
+  }
+  var left = p.entryBlock.map(reversePostOrder(_)).getOrElse(0) + 1
+  for (b <- p.blocks.filter(_.rpoOrder == -1)) {
+     left = reversePostOrder(b, true, left) + 1
+  }
+}
+
+def reversePostOrder(startBlock: Block, fixup: Boolean = false, begin : Int = 0): Int = {
+  var count = begin
   val seen = mutable.HashSet[Block]()
   val vcs = mutable.HashMap[Block, Int]()
 
@@ -505,16 +517,19 @@ def reversePostOrder(startBlock: Block): Unit = {
         walk(s)
       }
     }
-    b.rpoOrder = count
+    if (!fixup || b.rpoOrder < count) {
+      b.rpoOrder = count
+    }
     count += 1
   }
 
   walk(startBlock)
+  count
 }
 
 def applyRPO(p: Program) = {
   for (proc <- p.procedures) {
-    proc.entryBlock.map(eb => reversePostOrder(eb))
+    reversePostOrder(proc)
   }
 }
 
diff --git a/src/main/scala/translating/SemanticsLoader.scala b/src/main/scala/translating/SemanticsLoader.scala
index e858a9e85..c79c4ba09 100644
--- a/src/main/scala/translating/SemanticsLoader.scala
+++ b/src/main/scala/translating/SemanticsLoader.scala
@@ -266,7 +266,7 @@ class SemanticsLoader(parserMap: immutable.Map[String, Array[Array[StmtContext]]
             case b: BinaryExpr if b.op == BVEQ => Some(BinaryExpr(BVCOMP, b.arg1, b.arg2))
             case FalseLiteral   => Some(BitVecLiteral(0, 1))
             case TrueLiteral => Some(BitVecLiteral(1, 1))
-            case _ => throw Exception(s"unhandled conversion from bool to bitvector: ${ctx.getText}")
+            case o => Some(UnaryExpr(BoolToBV1, o))
           }
         } else {
           None
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index bfc0c0b89..09bde6d09 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -227,12 +227,7 @@ object IRTransform {
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
     val dupProcNames = (ctx.program.procedures.groupBy(_.name).filter((n,p) => p.size > 1)).toList.flatMap(_._2)
-
-    var dupCounter = 0 
-    for (p <- dupProcNames) {
-      dupCounter += 1
-      p.name = p.name + "$" + p.address.map(_.toString).getOrElse(dupCounter.toString)
-    }
+    assert(dupProcNames.isEmpty)
 
     val stackIdentification = StackSubstituter()
     stackIdentification.visitProgram(ctx.program)
@@ -532,7 +527,7 @@ object RunUtils {
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
-    val write = true
+    val write = false
 
     transforms.applyRPO(ctx.program)
 
@@ -573,7 +568,7 @@ object RunUtils {
     // brute force run the analysis twice because it cleans up more stuff
     //assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
     transforms.doCopyPropTransform(ctx.program)
-    if write then writeToFile(dotBlockGraph(ctx.program), s"blockgraph-after-simp.dot")
+    if write then writeToFile(dotBlockGraph(ctx.program.mainProcedure), s"blockgraph-after-simp.dot")
 
     // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
 
@@ -598,9 +593,9 @@ object RunUtils {
     // re-apply dsa
     // transforms.OnePassDSA().applyTransform(ctx.program)
 
-    if (write) {
-      writeToFile(translating.BasilIRPrettyPrinter()(ctx.program), "prettyprinted.il")
-    }
+    Logger.info("writing")
+
+    if write then writeToFile(translating.BasilIRPrettyPrinter()(ctx.program), "prettyprinted.il")
 
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("[!] Simplify :: Writing simplification validation")

From a452165707a53525d2aee18b596ff0a3e4a3d701 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 29 Nov 2024 16:49:28 +1000
Subject: [PATCH 100/127] work on adding param support to interpreter

---
 src/main/scala/ir/Expr.scala                  |  2 +-
 src/main/scala/ir/eval/InterpretBasilIR.scala | 95 +++++++++++++++----
 src/main/scala/ir/eval/Interpreter.scala      |  2 +
 src/main/scala/util/RunUtils.scala            |  1 -
 .../State.scala}                              |  0
 ...s.scala => DifferentialAnalysisTest.scala} | 84 +++++++---------
 6 files changed, 115 insertions(+), 69 deletions(-)
 rename src/main/scala/util/{functional.scala => functional/State.scala} (100%)
 rename src/test/scala/{DifferentialAnalysis.scala => DifferentialAnalysisTest.scala} (70%)

diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 447ed82a6..6ab939a4b 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -42,7 +42,7 @@ case object FalseLiteral extends BoolLit {
 }
 
 case class BitVecLiteral(value: BigInt, size: Int) extends Literal {
-  assert(size > 0)
+  assert(size >= 0)
   override def toBoogie: BitVecBLiteral = BitVecBLiteral(value, size)
   override def getType: IRType = BitVecType(size)
   override def toString: String = s"${value}bv$size"
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 2c0697e77..24a274fd8 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -70,6 +70,16 @@ case object Eval {
     } yield (res)
   }
 
+  def evalLiteral[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, Literal, InterpreterError] = {
+    for {
+      res <- evalExpr(f)(e)
+      r <- State.pureE(res match {
+        case l: Literal => Right(l)
+        case _          => Left((Errored(s"Eval BV residual $e")))
+      })
+    } yield (r)
+  }
+
   def evalBV[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, BitVecLiteral, InterpreterError] = {
     for {
       res <- evalExpr(f)(e)
@@ -228,12 +238,11 @@ case object Eval {
 
   /** Helper functions * */
 
-  /**
-   * Load all memory cells from pointer until reaching cell containing 0.
-   * Ptr -> List[Bitvector]
-   */
-  def getNullTerminatedString[S, T <: Effects[S, InterpreterError]](f: T)
-    (rgn: String, src: BasilValue, acc: List[BitVecLiteral] = List()): State[S, List[BitVecLiteral], InterpreterError] =
+  /** Load all memory cells from pointer until reaching cell containing 0. Ptr -> List[Bitvector]
+    */
+  def getNullTerminatedString[S, T <: Effects[S, InterpreterError]](
+      f: T
+  )(rgn: String, src: BasilValue, acc: List[BitVecLiteral] = List()): State[S, List[BitVecLiteral], InterpreterError] =
     for {
       srv: BitVecLiteral <- src match {
         case Scalar(b: BitVecLiteral) => State.pure(b)
@@ -262,6 +271,7 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
       r: Boolean <- (next match {
         case Intrinsic(tgt)    => LibcIntrinsic.intrinsics(tgt)(f).map(_ => true)
         case Run(c: Statement) => interpretStatement(f)(c).map(_ => true)
+        case ReturnTo(c)       => interpretReturn(f)(c).map(_ => true)
         case Run(c: Jump)      => interpretJump(f)(c).map(_ => true)
         case Stopped()         => State.pure(false)
         case ErrorStop(e)      => State.pure(false)
@@ -297,16 +307,45 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
             case h :: tl  => State.setError(Errored(s"More than one jump guard satisfied $gt"))
           }
         } yield (res)
-      case r: Return      => f.doReturn()
+      case r: Return => {
+        // eval return values, return to caller, then bind return values to formal out params
+        for {
+          outs <- State.mapM(
+            ((bindout: (LocalVar, Expr)) => {
+              for {
+                rhs <- Eval.evalLiteral(f)(bindout._2)
+              } yield (bindout._1, rhs)
+            }),
+            r.outParams
+          )
+          _ <- f.doReturn()
+          _ <- State.sequence(State.pure(()), outs.map(m => f.storeVar(m._1.name, m._1.toBoogie.scope, Scalar(m._2))))
+        } yield ()
+      }
       case h: Unreachable => State.setError(EscapedControlFlow(h))
     }
   }
 
+  def interpretReturn[S, T <: Effects[S, InterpreterError]](f: T)(s: DirectCall): State[S, Unit, InterpreterError] = {
+    for {
+      outs <- State.mapM(
+        ((bindout: (LocalVar, Variable)) => {
+          for {
+            rhs <- Eval.evalLiteral(f)(bindout._1)
+          } yield (bindout._2, rhs)
+        }),
+        s.outParams
+      )
+      c <- State.sequence(State.pure(()), outs.map(m => f.storeVar(m._1.name, m._1.toBoogie.scope, Scalar(m._2))))
+      _ <- f.setNext(Run(s.successor))
+    } yield (c)
+  }
+
   def interpretStatement[S, T <: Effects[S, InterpreterError]](f: T)(s: Statement): State[S, Unit, InterpreterError] = {
     s match {
       case assign: LocalAssign => {
         for {
-          rhs <- Eval.evalBV(f)(assign.rhs)
+          rhs <- Eval.evalLiteral(f)(assign.rhs)
           st <- f.storeVar(assign.lhs.name, assign.lhs.toBoogie.scope, Scalar(rhs))
           n <- f.setNext(Run(s.successor))
         } yield (st)
@@ -347,14 +386,29 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
              })
         } yield (n)
       case dc: DirectCall => {
-        if (dc.target.entryBlock.isDefined) {
-          val block = dc.target.entryBlock.get
-          f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), Run(dc.successor))
-        } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
-          f.call(dc.target.name, Intrinsic(dc.target.name), Run(dc.successor))
-        } else {
-          State.setError(EscapedControlFlow(dc))
-        }
+        for {
+          actualParams <- State.mapM(
+            (p: (LocalVar, Expr)) =>
+              for {
+                v <- Eval.evalLiteral(f)(p._2)
+              } yield (p._1, v),
+            dc.actualParams
+          )
+          _ <- {
+            if (dc.target.entryBlock.isDefined) {
+              val block = dc.target.entryBlock.get
+              f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), ReturnTo(dc))
+            } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
+              f.call(dc.target.name, Intrinsic(dc.target.name), ReturnTo(dc))
+            } else {
+              State.setError(EscapedControlFlow(dc))
+            }
+          }
+          _ <- State.sequence(
+            State.pure(()),
+            actualParams.map(m => f.storeVar(m._1.name, m._1.toBoogie.scope, Scalar(m._2)))
+          )
+        } yield ()
       }
       case ic: IndirectCall => {
         if (ic.target == Register("R30", 64)) {
@@ -460,6 +514,9 @@ object InterpFuns {
       j <- s.storeVar("R31", Scope.Global, Scalar(SP))
       k <- s.storeVar("R29", Scope.Global, Scalar(FP))
       l <- s.storeVar("R30", Scope.Global, Scalar(LR))
+      j <- s.storeVar("R31_in", Scope.Global, Scalar(SP))
+      k <- s.storeVar("R29_in", Scope.Global, Scalar(FP))
+      l <- s.storeVar("R30_in", Scope.Global, Scalar(LR))
       l <- s.storeVar("R0", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       _ <- s.storeVar("ghost-funtable", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
@@ -503,10 +560,10 @@ object InterpFuns {
       _ <- State.pure(Logger.debug("INITIALISE MEMORY SECTIONS"))
       mem <- initMemory("mem", p.initialMemory.values)
       mem <- initMemory("stack", p.initialMemory.values)
-      mainfun = {
-        p.mainProcedure
-      }
+      mainfun = p.mainProcedure
+      r <- f.call("init_activation", Stopped(), Stopped()) // frame for main to return to
       r <- f.call(mainfun.name, Run(IRWalk.firstInBlock(mainfun.entryBlock.get)), Stopped())
+      l <- State.sequence(State.pure(()), mainfun.formalInParam.toList.map(i => f.storeVar(i.name, i.toBoogie.scope, Scalar(BitVecLiteral(0, size(i).get)))))
     } yield (r)
   }
 
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 6f948269f..e221d2f8a 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -18,6 +18,7 @@ sealed trait ExecutionContinuation
 case class Stopped() extends ExecutionContinuation /* normal program stop  */
 case class ErrorStop(error: InterpreterError) extends ExecutionContinuation /* program stop in error state */
 case class Run(next: Command) extends ExecutionContinuation /* continue by executing next command */
+case class ReturnTo(call: DirectCall) extends ExecutionContinuation /* continue by executing next command */
 case class Intrinsic(name: String) extends ExecutionContinuation /* a named intrinsic instruction */
 
 sealed trait InterpreterError
@@ -312,6 +313,7 @@ case class MemoryState(
 }
 
 object LibcIntrinsic {
+  // TODO: make parameter passing work
 
   /**
    * Part of the intrinsics implementation that lives above the Effects interface 
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 2377515e9..18b8c4648 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -640,7 +640,6 @@ object RunUtils {
     }
 
     if (q.loading.parameterForm) {
-
       ir.transforms.clearParams(ctx.program)
       ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
     } else {
diff --git a/src/main/scala/util/functional.scala b/src/main/scala/util/functional/State.scala
similarity index 100%
rename from src/main/scala/util/functional.scala
rename to src/main/scala/util/functional/State.scala
diff --git a/src/test/scala/DifferentialAnalysis.scala b/src/test/scala/DifferentialAnalysisTest.scala
similarity index 70%
rename from src/test/scala/DifferentialAnalysis.scala
rename to src/test/scala/DifferentialAnalysisTest.scala
index f26e268b3..9ca9b382b 100644
--- a/src/test/scala/DifferentialAnalysis.scala
+++ b/src/test/scala/DifferentialAnalysisTest.scala
@@ -19,7 +19,7 @@ import util.RunUtils.loadAndTranslate
 
 import scala.collection.mutable
 
-class DifferentialTest extends AnyFunSuite {
+class DifferentialAnalysisTest extends AnyFunSuite {
 
   Logger.setLevel(LogLevel.WARN)
 
@@ -72,10 +72,17 @@ class DifferentialTest extends AnyFunSuite {
     ictx = IRTransform.doCleanup(ictx)
 
     var comparectx = IRLoading.load(loading)
-    comparectx = IRTransform.doCleanup(ictx)
+    comparectx = IRTransform.doCleanup(comparectx)
+
+    ir.transforms.clearParams(ictx.program)
+
+    ir.transforms.clearParams(comparectx.program)
+
     val analysisres = RunUtils.staticAnalysis(staticAnalysisConfig, comparectx)
 
     if (simplify) {
+      ictx = ir.transforms.liftProcedureCallAbstraction(ictx)
+      comparectx = ir.transforms.liftProcedureCallAbstraction(comparectx)
       RunUtils.doSimplify(ictx, Some(staticAnalysisConfig))
     }
 
@@ -87,41 +94,6 @@ class DifferentialTest extends AnyFunSuite {
 
 class DifferentialTestAnalysis extends DifferentialTest {
 
-  test("indirect_call_example") {
-    val testName = "indirect_call"
-    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
-    testProgram(testName, examplePath)
-  }
-
-
-  test("jumptable2_example") {
-    val testName = "jumptable2"
-    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
-    testProgram(testName, examplePath)
-  }
-
-
-  test("jumptable_example") {
-    val testName = "jumptable"
-    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
-    testProgram(testName, examplePath)
-  }
-
-  test("functionpointer_example") {
-    val testName = "functionpointer"
-    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
-    testProgram(testName, examplePath)
-  }
-
-
-
-  test("function_got_example") {
-    val testName = "function_got"
-    val examplePath = System.getProperty("user.dir") + s"/examples/$testName/"
-    testProgram(testName, examplePath)
-  }
-
-
   def runSystemTests(): Unit = {
 
     val path = System.getProperty("user.dir") + s"/src/test/correct/"
@@ -132,12 +104,20 @@ class DifferentialTestAnalysis extends DifferentialTest {
       val programPath = path + "/" + p
       val variations = getSubdirectories(programPath)
       variations.foreach(variation => {
-        test("analysis_differential:" + p + "/" + variation + ":BAP") {
-          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt")
+        val bapPath = path + "/" + p + "/" + variation + "/" + p + ".adt"
+        val gtirbPath = path + "/" + p + "/" + variation + "/" + p + ".gts"
+
+        if (File(bapPath).exists) {
+          test("analysis_differential:" + p + "/" + variation + ":BAP") {
+            testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt")
+          }
+        }
+        if (File(gtirbPath).exists) {
+          test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
+            testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
+          }
         }
-        //test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
-        //  testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
-        //}
+
       }
       )
     }
@@ -147,7 +127,7 @@ class DifferentialTestAnalysis extends DifferentialTest {
   runSystemTests()
 }
 
-class DifferentialTestSimplification extends DifferentialTest {
+class DifferentialAnalysisTestSimplification extends DifferentialTest {
 
   def runSystemTests(): Unit = {
 
@@ -159,12 +139,20 @@ class DifferentialTestSimplification extends DifferentialTest {
       val programPath = path + "/" + p
       val variations = getSubdirectories(programPath)
       variations.foreach(variation => {
-        test("analysis_differential:" + p + "/" + variation + ":BAP") {
-          testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt", simplify=true)
+
+        val bapPath = path + "/" + p + "/" + variation + "/" + p + ".adt"
+        val gtirbPath = path + "/" + p + "/" + variation + "/" + p + ".gts"
+        if (File(bapPath).exists) {
+          test("analysis_differential:" + p + "/" + variation + ":BAP") {
+            testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".adt")
+          }
+        }
+        if (File(gtirbPath).exists) {
+          test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
+            testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
+          }
         }
-        //test("analysis_differential:" +  p + "/" + variation + ":GTIRB") {
-        //  testProgram(p, path + "/" + p + "/" + variation + "/", suffix=".gts")
-        //}
+
       }
       )
     }

From b9c549c612fbe02c7046100f8d8d07749db3d312 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 2 Dec 2024 16:55:02 +1000
Subject: [PATCH 101/127] multiple loggers

---
 src/main/scala/Main.scala                     |  18 +-
 .../InterprocSteensgaardAnalysis.scala        |  10 +-
 .../scala/analysis/IrreducibleLoops.scala     |  12 +-
 src/main/scala/analysis/Lattice.scala         |   4 +-
 src/main/scala/analysis/MemoryModelMap.scala  |  36 ++--
 .../scala/analysis/MemoryRegionAnalysis.scala |   8 +-
 src/main/scala/analysis/RegionInjector.scala  |   1 -
 .../scala/analysis/SummaryGenerator.scala     |   3 +-
 src/main/scala/analysis/TaintAnalysis.scala   |   1 -
 src/main/scala/analysis/VSA.scala             |   9 +-
 .../analysis/VariableDependencyAnalysis.scala |   4 +-
 src/main/scala/ir/eval/Interpreter.scala      |   6 +-
 src/main/scala/ir/transforms/Simp.scala       |  26 +--
 src/main/scala/translating/IRExpToSMT2.scala  |   2 +-
 .../scala/translating/PrettyPrinter.scala     |  32 ++--
 src/main/scala/util/Logging.scala             | 166 ++++++++++++++----
 src/main/scala/util/RunUtils.scala            | 154 ++++++++--------
 src/test/scala/DifferentialAnalysisTest.scala |   4 +-
 18 files changed, 309 insertions(+), 187 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 4a6630ce3..0568b594d 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -28,8 +28,10 @@ object Main {
       lambdaStores: Flag,
       @arg(name = "boogie-procedure-rg", doc = "Switch version of procedure rely/guarantee checks to emit. (function|ifblock)")
       procedureRG: Option[String],
-      @arg(name = "verbose", short = 'v', doc = "Show extra debugging logs.")
+      @arg(name = "verbose", short = 'v', doc = "Show extra debugging logs (the same as -vl log)")
       verbose: Flag,
+      @arg(name = "vl", doc = s"Show extra debugging logs for a specific logger (${Logger.allLoggers.map(_.name).mkString(", ")}).")
+      verboseLog: Seq[String] = Seq(),
       @arg(name = "analyse", doc = "Run static analysis pass.")
       analyse: Flag,
       @arg(name = "interpret", doc = "Run BASIL IL interpreter.")
@@ -79,7 +81,19 @@ object Main {
 
     Logger.setLevel(LogLevel.INFO)
     if (conf.verbose.value) {
-      Logger.setLevel(LogLevel.DEBUG)
+        Logger.setLevel(LogLevel.DEBUG, true)
+    }
+    for (v <- conf.verboseLog) {
+        Logger.findLoggerByName(v) match {
+            case None => throw Exception(s"Unknown logger: '${v}': allowed are ${Logger.allLoggers.map(_.name).mkString(", ")}")
+            case Some(v) => v.setLevel(LogLevel.DEBUG, true)
+        }
+    }
+
+    if (conf.analysisResults.isDefined || conf.analysisResultsDot.isDefined) {
+        DebugDumpIRLogger.setLevel(LogLevel.INFO)
+    } else {
+        DebugDumpIRLogger.setLevel(LogLevel.OFF)
     }
 
     val rely = conf.procedureRG match {
diff --git a/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala b/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
index 0817628a6..f5e6d416c 100644
--- a/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
+++ b/src/main/scala/analysis/InterprocSteensgaardAnalysis.scala
@@ -2,7 +2,7 @@ package analysis
 
 import analysis.solvers.{Cons, Term, UnionFindSolver, Var}
 import ir.*
-import util.Logger
+import util.SteensLogger
 import scala.collection.mutable
 
 /** Wrapper for variables so we can have Steensgaard-specific equals method indirectly
@@ -142,7 +142,7 @@ class InterprocSteensgaardAnalysis(
   }
 
   private def unify(t1: Term[StTerm], t2: Term[StTerm]): Unit = {
-    //Logger.info(s"univfying constraint $t1 = $t2\n")
+    //SteensLogger.info(s"univfying constraint $t1 = $t2\n")
     solver.unify(t1, t2)
     // note that unification cannot fail, because there is only one kind of term constructor and no constants
   }
@@ -152,8 +152,8 @@ class InterprocSteensgaardAnalysis(
   def pointsTo(): Map[RegisterWrapperEqualSets, Set[RegisterWrapperEqualSets | MemoryRegion]] = {
     val solution = solver.solution()
     val unifications = solver.unifications()
-    Logger.debug(s"Solution: \n${solution.mkString(",\n")}\n")
-    Logger.debug(s"Sets: \n${unifications.values.map { s => s"{ ${s.mkString(",")} }"}.mkString(", ")}")
+    SteensLogger.debug(s"Solution: \n${solution.mkString(",\n")}\n")
+    SteensLogger.debug(s"Sets: \n${unifications.values.map { s => s"{ ${s.mkString(",")} }"}.mkString(", ")}")
 
     val vars = solution.keys.collect { case id: IdentifierVariable => id }
     val emptyMap = Map[RegisterWrapperEqualSets, Set[RegisterWrapperEqualSets | MemoryRegion]]()
@@ -164,7 +164,7 @@ class InterprocSteensgaardAnalysis(
       }.toSet
       a + (v.id -> pt)
     }
-    Logger.debug(s"\nPoints-to:\n${pointsto.map((k, v) => s"$k -> { ${v.mkString(",")} }").mkString("\n")}\n")
+    SteensLogger.debug(s"\nPoints-to:\n${pointsto.map((k, v) => s"$k -> { ${v.mkString(",")} }").mkString("\n")}\n")
     pointsto
   }
 }
diff --git a/src/main/scala/analysis/IrreducibleLoops.scala b/src/main/scala/analysis/IrreducibleLoops.scala
index f3d3bb44e..22c6a94ed 100644
--- a/src/main/scala/analysis/IrreducibleLoops.scala
+++ b/src/main/scala/analysis/IrreducibleLoops.scala
@@ -2,7 +2,7 @@ package analysis
 
 import ir.{CFGPosition, Command, IntraProcIRCursor, Program, Procedure, Block, GoTo, IRWalk}
 import util.intrusive_list.IntrusiveList
-import util.Logger
+import util.StaticAnalysisLogger
 
 import scala.collection.mutable
 
@@ -325,8 +325,8 @@ class LoopTransform(loops: Set[Loop]) {
             case _ =>
           }
         case _ =>
-          Logger.error("Unexpected loop originating node - 1")
-          Logger.error(origNode)
+          StaticAnalysisLogger.error("Unexpected loop originating node - 1")
+          StaticAnalysisLogger.error(origNode)
       }
     }
 
@@ -353,11 +353,11 @@ class LoopTransform(loops: Set[Loop]) {
             case _ =>
           }
         case _ =>
-          Logger.error("Unexpected loop originating node - 1")
-          Logger.error(origNode)
+          StaticAnalysisLogger.error("Unexpected loop originating node - 1")
+          StaticAnalysisLogger.error(origNode)
       }
     }
 
     newLoop
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/Lattice.scala b/src/main/scala/analysis/Lattice.scala
index cb499f8c3..1f5d12b73 100644
--- a/src/main/scala/analysis/Lattice.scala
+++ b/src/main/scala/analysis/Lattice.scala
@@ -2,7 +2,7 @@ package analysis
 
 import ir._
 import ir.eval.BitVectorEval
-import util.Logger
+import util.StaticAnalysisLogger
 
 /** Basic lattice
   */
@@ -162,7 +162,7 @@ class ConstantPropagationLattice extends FlatLattice[BitVecLiteral] {
       case (Top, _) => Top
   } catch {
     case e: Exception =>
-      Logger.error(s"Failed on op $op with $a and $b")
+      StaticAnalysisLogger.error(s"Failed on op $op with $a and $b")
       throw e
   }
 
diff --git a/src/main/scala/analysis/MemoryModelMap.scala b/src/main/scala/analysis/MemoryModelMap.scala
index 0df82014c..ccd98a2d6 100644
--- a/src/main/scala/analysis/MemoryModelMap.scala
+++ b/src/main/scala/analysis/MemoryModelMap.scala
@@ -2,7 +2,7 @@ package analysis
 
 import analysis.*
 import ir.*
-import util.Logger
+import util.MRALogger
 
 import scala.collection.immutable.TreeMap
 import scala.collection.mutable
@@ -157,7 +157,7 @@ class MemoryModelMap(val globalOffsets: Map[BigInt, BigInt]) {
     for (dr <- oldRegions) {
       val obj = findDataObject(dr.start)
       if (obj.isEmpty) {
-        Logger.debug(s"Data region $dr not found in the new data map")
+        MRALogger.debug(s"Data region $dr not found in the new data map")
       } else {
         val isRelocated = relocatedDataRegion(dr.start)
         if (isRelocated.isDefined) {
@@ -284,34 +284,34 @@ class MemoryModelMap(val globalOffsets: Map[BigInt, BigInt]) {
           case _: HeapRegion => "  "
           case _: DataRegion => "  "
       }
-      Logger.debug(s"$spacing$range -> $region")
+      MRALogger.debug(s"$spacing$range -> $region")
       if content.contains(region) then
         if content.contains(region) then
           for value <- content(region) do
-            Logger.debug(s"$spacing    $value")
+            MRALogger.debug(s"$spacing    $value")
     }
-    Logger.debug("Stack:")
+    MRALogger.debug("Stack:")
     for name <- localStacks.keys do
       popContext()
       pushContext(name)
-      Logger.debug(s"  Function: $name")
-      if stackMap.nonEmpty then Logger.debug(s"    Local:")
+      MRALogger.debug(s"  Function: $name")
+      if stackMap.nonEmpty then MRALogger.debug(s"    Local:")
       // must sort by ranges
       for ((range, region) <- stackMap) {
         logRegion(range, region)
       }
-      if sharedStackMap.nonEmpty then Logger.debug(s"    Shared:")
+      if sharedStackMap.nonEmpty then MRALogger.debug(s"    Shared:")
       for ((parent, treeMap) <- sharedStackMap) {
-        Logger.debug(s"        Parent: ${parent.name}")
+        MRALogger.debug(s"        Parent: ${parent.name}")
         for ((range, region) <- treeMap) {
           logRegion(range, region, true)
         }
       }
-    Logger.debug("Stack Union-Find Roots:")
+    MRALogger.debug("Stack Union-Find Roots:")
     for name <- localStacks.keys do
       popContext()
       pushContext(name)
-      Logger.debug(s"  Function: $name")
+      MRALogger.debug(s"  Function: $name")
       var parentCount = 0
       // get root regions
       for ((range, region) <- stackMap) {
@@ -320,17 +320,17 @@ class MemoryModelMap(val globalOffsets: Map[BigInt, BigInt]) {
           logRegion(range, root)
           parentCount += 1
       }
-      if parentCount == 0 then Logger.debug("    No root regions") else Logger.debug(s"    Parents: $parentCount/${stackMap.size}")
-    Logger.debug("Shared Stacks:")
+      if parentCount == 0 then MRALogger.debug("    No root regions") else MRALogger.debug(s"    Parents: $parentCount/${stackMap.size}")
+    MRALogger.debug("Shared Stacks:")
     for (name, sharedStacks) <- sharedStacks do
-      Logger.debug(s"  Function: $name")
+      MRALogger.debug(s"  Function: $name")
       for region <- sharedStacks do
-        Logger.debug(s"    $region")
-    Logger.debug("Heap:")
+        MRALogger.debug(s"    $region")
+    MRALogger.debug("Heap:")
     for ((range, region) <- heapMap) {
       logRegion(range, region)
     }
-    Logger.debug("Data:")
+    MRALogger.debug("Data:")
     for ((range, region) <- dataMap) {
       logRegion(range, region)
     }
@@ -441,4 +441,4 @@ class UnionFind {
     }
   }
 
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/MemoryRegionAnalysis.scala b/src/main/scala/analysis/MemoryRegionAnalysis.scala
index 2cec5dbfa..e498ec3a2 100644
--- a/src/main/scala/analysis/MemoryRegionAnalysis.scala
+++ b/src/main/scala/analysis/MemoryRegionAnalysis.scala
@@ -3,7 +3,7 @@ package analysis
 import ir.eval.BitVectorEval.bv2SignedInt
 import analysis.solvers.SimpleWorklistFixpointSolver
 import ir.*
-import util.Logger
+import util.MRALogger
 
 import scala.collection.mutable
 import scala.collection.mutable.ListBuffer
@@ -59,8 +59,8 @@ trait MemoryRegionAnalysis(val program: Program,
   }
 
   private def stackDetection(stmt: Statement): Unit = {
-    Logger.debug("Stack detection")
-    Logger.debug(spList)
+    MRALogger.debug("Stack detection")
+    MRALogger.debug(spList)
     stmt match {
       case assign: LocalAssign =>
         if (spList.contains(assign.rhs)) {
@@ -174,7 +174,7 @@ trait MemoryRegionAnalysis(val program: Program,
           Set.empty
         // we cannot evaluate this to a concrete value, we need VSA for this
         case _ =>
-          Logger.debug(s"type: ${exp.getClass} $exp\n")
+          MRALogger.debug(s"type: ${exp.getClass} $exp\n")
           throw new Exception("Unknown type")
       }
     }
diff --git a/src/main/scala/analysis/RegionInjector.scala b/src/main/scala/analysis/RegionInjector.scala
index 0b178f1b2..b9f674fa0 100644
--- a/src/main/scala/analysis/RegionInjector.scala
+++ b/src/main/scala/analysis/RegionInjector.scala
@@ -2,7 +2,6 @@ package analysis
 
 import ir.eval.BitVectorEval.isNegative
 import ir.*
-import util.Logger
 
 import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
diff --git a/src/main/scala/analysis/SummaryGenerator.scala b/src/main/scala/analysis/SummaryGenerator.scala
index 5cb0b5ab3..7acec3e4c 100644
--- a/src/main/scala/analysis/SummaryGenerator.scala
+++ b/src/main/scala/analysis/SummaryGenerator.scala
@@ -3,7 +3,6 @@ package analysis
 import analysis.*
 import ir.*
 import boogie.*
-import util.Logger
 import boogie.SpecGlobal
 
 /**
@@ -180,4 +179,4 @@ class SummaryGenerator(
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/main/scala/analysis/TaintAnalysis.scala b/src/main/scala/analysis/TaintAnalysis.scala
index d18e27d48..c4872b0c0 100644
--- a/src/main/scala/analysis/TaintAnalysis.scala
+++ b/src/main/scala/analysis/TaintAnalysis.scala
@@ -3,7 +3,6 @@ package analysis
 import analysis.solvers.ForwardIDESolver
 import ir.*
 import boogie.*
-import util.Logger
 
 /**
  * A value which can propogate taint/be tainted.
diff --git a/src/main/scala/analysis/VSA.scala b/src/main/scala/analysis/VSA.scala
index 4a9f11a14..5b50b9f7a 100644
--- a/src/main/scala/analysis/VSA.scala
+++ b/src/main/scala/analysis/VSA.scala
@@ -7,7 +7,8 @@ import scala.collection.mutable.{ArrayBuffer, HashMap, ListBuffer}
 import java.io.{File, PrintWriter}
 import scala.collection.mutable
 import scala.collection.immutable
-import util.Logger
+import util.VSALogger
+
 
 /** ValueSets are PowerSet of possible values */
 trait Value
@@ -68,7 +69,7 @@ trait ValueSetAnalysis(program: Program,
                 case Some(v: Variable) =>
                   s + (localAssign.lhs -> s(v))
                 case None =>
-                  Logger.debug(s"Too Complex: ${localAssign.rhs}") // do nothing
+                  VSALogger.debug(s"Too Complex: ${localAssign.rhs}") // do nothing
                   s
               }
           }
@@ -84,7 +85,7 @@ trait ValueSetAnalysis(program: Program,
             case Some(v: Variable) =>
               s + (load.lhs -> s(v))
             case None =>
-              Logger.debug(s"Too Complex: ${load.index}") // do nothing
+              VSALogger.debug(s"Too Complex: ${load.index}") // do nothing
               s
           }
         }
@@ -105,7 +106,7 @@ trait ValueSetAnalysis(program: Program,
               case Some(v: Variable) =>
                 s ++ regions.map(r => r -> s(v))
               case None =>
-                Logger.debug(s"Too Complex: $store.value") // do nothing
+                VSALogger.debug(s"Too Complex: $store.value") // do nothing
                 s
             }
         }
diff --git a/src/main/scala/analysis/VariableDependencyAnalysis.scala b/src/main/scala/analysis/VariableDependencyAnalysis.scala
index 570d65898..9ae4fa498 100644
--- a/src/main/scala/analysis/VariableDependencyAnalysis.scala
+++ b/src/main/scala/analysis/VariableDependencyAnalysis.scala
@@ -3,7 +3,7 @@ package analysis
 import analysis.solvers.ForwardIDESolver
 import ir.*
 import boogie.*
-import util.Logger
+import util.StaticAnalysisLogger
 import boogie.SpecGlobal
 
 import scala.collection.mutable
@@ -122,7 +122,7 @@ class VariableDependencyAnalysis(
     var varDepsSummariesTransposed = Map[Procedure, Map[Taintable, Set[Taintable]]]()
     scc.flatten.filter(_.blocks.nonEmpty).foreach {
       procedure => {
-        Logger.debug("Generating variable dependencies for " + procedure)
+        StaticAnalysisLogger.debug("Generating variable dependencies for " + procedure)
         val varDepResults = ProcVariableDependencyAnalysis(program, varDepVariables, globals, constProp, varDepsSummariesTransposed, procedure).analyze()
         val varDepMap = varDepResults.getOrElse(IRWalk.lastInProc(procedure).getOrElse(procedure), Map())
         varDepsSummaries += procedure -> varDepMap
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index e221d2f8a..5b9cfb42d 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -6,6 +6,7 @@ import util.functional.*
 import util.functional.State.*
 import boogie.Scope
 import scala.collection.WithFilter
+import translating.PrettyPrinter.*
 
 import scala.annotation.tailrec
 import scala.collection.mutable
@@ -34,10 +35,7 @@ case class MemoryError(message: String = "") extends InterpreterError /* An erro
 /* Concrete value type of the interpreter. */
 sealed trait BasilValue(val irType: Option[IRType])
 case class Scalar(value: Literal) extends BasilValue(Some(value.getType)) {
-  override def toString = value match {
-    case b: BitVecLiteral => "0x%x:bv%d".format(b.value, b.size)
-    case c                => c.toString
-  }
+  override def toString = pp_expr(value)
 }
 
 /* Abstract callable function address */
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 686f66f39..4225ba8bc 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -1,7 +1,7 @@
 package ir.transforms
 import translating.serialiseIL
 
-import util.Logger
+import util.SimplifyLogger
 import ir.eval.AlgebraicSimplifications
 import ir.eval.AssumeConditionSimplifications
 import ir.eval.simplifyExprFixpoint
@@ -28,7 +28,7 @@ def difftestLiveVars(p: Procedure, compareResult: Map[CFGPosition, Set[Variable]
     val c = (compareResult(b) == s)
     passed = passed && c
     if (!c) {
-      Logger.error(
+      SimplifyLogger.error(
         s"LiveVars unequal ${b.label}: ${compareResult(b)} == $s (differing ${compareResult(b).diff(s)})"
       )
     }
@@ -365,7 +365,7 @@ def copypropTransform(p: Procedure) = {
   // val dom = ConstCopyProp()
   // val solver = worklistSolver(dom)
 
-  // Logger.info(s"${p.name} ExprComplexity ${ExprComplexity()(p)}")
+  // SimplifyLogger.info(s"${p.name} ExprComplexity ${ExprComplexity()(p)}")
   // val result = solver.solveProc(p, true).withDefaultValue(dom.bot)
   val result = CopyProp.DSACopyProp(p)
   val solve = t.checkPoint("Solve CopyProp")
@@ -381,20 +381,20 @@ def copypropTransform(p: Procedure) = {
   }
 
   val xf = t.checkPoint("transform")
-  // Logger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
+  // SimplifyLogger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
 
   visit_proc(CleanupAssignments(), p)
   t.checkPoint("redundant assignments")
-  // Logger.info(s"    ${p.name} after dead var cleanup expr complexity ${ExprComplexity()(p)}")
+  // SimplifyLogger.info(s"    ${p.name} after dead var cleanup expr complexity ${ExprComplexity()(p)}")
 
   AlgebraicSimplifications(p)
   AssumeConditionSimplifications(p)
 
   AlgebraicSimplifications(p)
-  // Logger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
+  // SimplifyLogger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
   val sipm = t.checkPoint("algebraic simp")
 
-  // Logger.info("[!] Simplify :: RemoveSlices")
+  // SimplifyLogger.info("[!] Simplify :: RemoveSlices")
   removeSlices(p)
   ir.eval.cleanupSimplify(p)
   AlgebraicSimplifications(p)
@@ -470,13 +470,13 @@ def doCopyPropTransform(p: Program) = {
 
   applyRPO(p)
 
-  Logger.info("[!] Simplify :: Expr/Copy-prop Transform")
+  SimplifyLogger.info("[!] Simplify :: Expr/Copy-prop Transform")
   val work = p.procedures
     .filter(_.blocks.size > 0)
     .map(p =>
       p -> //Future
         {
-          Logger
+          SimplifyLogger
             .debug(s"CopyProp Transform ${p.name} (${p.blocks.size} blocks, expr complexity ${ExprComplexity()(p)})")
           copypropTransform(p)
         }
@@ -488,16 +488,16 @@ def doCopyPropTransform(p: Program) = {
       job
     } catch {
       case e => {
-        Logger.error("Simplify :: CopyProp " + p.name + ": " + e.toString)
+        SimplifyLogger.error("Simplify :: CopyProp " + p.name + ": " + e.toString)
       }
     }
   })
 
-  Logger.info("[!] Simplify :: Dead variable elimination")
+  SimplifyLogger.info("[!] Simplify :: Dead variable elimination")
 
   // cleanup
   visit_prog(CleanupAssignments(), p)
-  Logger.info("[!] Simplify :: Merge empty blocks")
+  SimplifyLogger.info("[!] Simplify :: Merge empty blocks")
 
   removeEmptyBlocks(p)
   coalesceBlocks(p)
@@ -912,7 +912,7 @@ class Simplify(
       val bl = s"${block.parent.name}::${block.label}"
       if (!skipped.contains(bl)) {
         skipped = skipped + bl
-        Logger.warn(s"Some skipped substitution at $bl due to resulting expr size > ${threshold} threshold")
+        SimplifyLogger.warn(s"Some skipped substitution at $bl due to resulting expr size > ${threshold} threshold")
       }
     }
     ChangeDoChildrenPost(result, x => x)
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 107b630fe..6ceadb376 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -53,7 +53,7 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
   def vblock(b: Block): Repr[Block] = vblock(b.label, b.statements.toList.map(vstmt), vjump(b.jump))
   def vproc(p: Procedure): Repr[Procedure] = vproc(
     p.name,
-    p.formalInParam.toList.map(vrvar),
+    p.formalInParam.toList.map(vlvar),
     p.formalOutParam.toList.map(vlvar),
     p.entryBlock.map(vblock),
     (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy( x => -x.rpoOrder).map(vblock),
diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
index 033fefa68..ac2e6a83d 100644
--- a/src/main/scala/translating/PrettyPrinter.scala
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -3,6 +3,19 @@ import ir.*
 import scala.collection.mutable
 
 
+object PrettyPrinter {
+  def pp_expr(e: Expr) = BasilIRPrettyPrinter()(e)
+  def pp_stmt(s: Statement) = BasilIRPrettyPrinter()(s)
+  def pp_cmd(c: Command) = c match {
+    case j: Jump => pp_jump(j)
+    case j: Statement => pp_stmt(j)
+  }
+  def pp_block(s: Block) = BasilIRPrettyPrinter()(s)
+  def pp_jump(s: Jump) = BasilIRPrettyPrinter()(s)
+  def pp_prog(s: Program) = BasilIRPrettyPrinter()(s)
+  def pp_proc(s: Procedure) = BasilIRPrettyPrinter()(s)
+}
+
 case class BST[+T](val v: String) {
   def ++(s: String) = BST(v ++ s)
   override def toString = v
@@ -37,7 +50,7 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
   }
 
   override def vblock(label: String, statements: List[BST[Statement]], terminator: BST[Jump]): BST[Block] = {
-    BST(s"${blockIndent}block ${label} {\n"
+    BST(s"${blockIndent}block \"${label}\" {\n"
     ++ statements.map(statementIndent + _ + ";").mkString("\n") 
     ++ "\n" ++ statementIndent + terminator + ";\n"
     ++ blockIndent + "}")
@@ -86,13 +99,12 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
     BST(s"(${outParams.map((l,r) => l).mkString(", ")}) := call $procname (${inparams.map((l,r) => r).mkString(", ")});")
   }
 
-
   override def vindirect(target: BST[Variable]): BST[IndirectCall] = BST(s"indirect_call(${target})")
   override def vassert(body: BST[Expr]): BST[Assert] = BST(s"assert($body)")
   override def vassume(body: BST[Expr]): BST[Assume] = BST(s"assume($body)")
   override def vnop(): BST[NOP] = BST("nop")
 
-  override def vgoto(t: List[String]): BST[GoTo] = BST(s"goto(${t.mkString(", ")})")
+  override def vgoto(t: List[String]): BST[GoTo] = BST(s"goto(${t.map('"' + _ + '"').mkString(", ")})")
   override def vunreachable(): BST[Unreachable] = BST("unreachable")
   override def vreturn(outs: List[(BST[Variable], BST[Expr])]) = BST(s"return (${outs.map((l, r) => r).mkString(", ")})")
 
@@ -103,17 +115,15 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
     case _ => ???
   }
 
-  override def vrvar(e: Variable): BST[Variable] = vlvar(e) 
+  override def vrvar(e: Variable): BST[Variable] =  BST(e.name)
   override def vlvar(e: Variable): BST[Variable] = {
-    if (seenVars.contains(e)) {
-      BST(e.name)
-    } else {
-      seenVars.add(e)
-      BST(e.name + s": ${vtype(e.getType)}")
+    e match {
+      case l: LocalVar => BST("var " + e.name + s": ${vtype(e.getType)}")
+      case _ => BST(e.name)
     }
   }
 
-  override def vextract(ed: Int, start: Int, a: BST[Expr]): BST[Expr] = BST(s"${a}[$ed:$start]")
+  override def vextract(ed: Int, start: Int, a: BST[Expr]): BST[Expr] = BST(s"extract($ed, $start, ${a})")
   override def vzeroextend(bits: Int, b: BST[Expr]): BST[Expr]  = BST(s"zero_extend($bits, $b)")
   override def vsignextend(bits: Int, b: BST[Expr]): BST[Expr] = BST(s"sign_extend($bits, $b)")
   override def vrepeat(reps: Int, b: BST[Expr]) = BST(s"repeat($reps, $b)")
@@ -130,8 +140,6 @@ class BasilIRPrettyPrinter() extends BasilIR[BST] {
   override def vintlit(i: BigInt) = BST("0x%x".format(i))
   override def vbvlit(i: BitVecLiteral) = BST("0x%x".format(i.value) + s"bv${i.size}")
   override def vuninterp_function(name: String, args: Seq[BST[Expr]]): BST[Expr] = BST(s"$name(${args.mkString(", ")})")
-
-
 }
 
 
diff --git a/src/main/scala/util/Logging.scala b/src/main/scala/util/Logging.scala
index dcdd148bd..b9f95a4a9 100644
--- a/src/main/scala/util/Logging.scala
+++ b/src/main/scala/util/Logging.scala
@@ -1,19 +1,86 @@
 package util
 import sourcecode.Line, sourcecode.FileName
 import scala.io.AnsiColor
-import java.io.File as JFile
+import collection.mutable.HashSet
+import java.io.*
 
 enum LogLevel(val id: Int):
   case DEBUG extends LogLevel(0)
   case INFO extends LogLevel(1)
   case WARN extends LogLevel(2)
   case ERROR extends LogLevel(3)
+  case OFF extends LogLevel(4)
+
+class GenericLogger(
+    val name : String,
+    val defaultLevel: LogLevel = LogLevel.INFO,
+    var output: PrintStream = System.out,
+    var ANSIColour: Boolean = true
+) {
+
+  val children: HashSet[GenericLogger] = HashSet()
 
-object Logger:
-  private var level: LogLevel = LogLevel.INFO
   import LogLevel.*
 
-  def write(
+  private var level: LogLevel = defaultLevel
+
+  private def setColour(value: Boolean, setChildren: Boolean = false): Unit = {
+    ANSIColour = value
+    if (setChildren) {
+      for (c <- children) {
+        c.setColour(value, setChildren)
+      }
+    }
+  }
+
+  def disableColour(setChildren: Boolean = false) = setColour(false, setChildren)
+  def enableColour(setChildren: Boolean = false): Unit = setColour(true, setChildren)
+
+
+  def deriveLogger(sname: String, stream: PrintStream): GenericLogger = {
+    val l = GenericLogger(name + "." + sname, level, stream, ANSIColour)
+    children.add(l)
+    l
+  }
+
+  def deriveLogger(name: String, file: File): GenericLogger = {
+    deriveLogger(name, PrintStream(file))
+  }
+
+  def deriveLogger(name: String): GenericLogger = deriveLogger(name, output)
+
+  def setOutput(stream: PrintStream) = output = stream
+
+  def writeToFile(file: File, content: String) = {
+    if (level.id < LogLevel.OFF.id) {
+      val l = deriveLogger(file.getName(), file)
+      l.print(content)
+      close()
+      children.remove(l)
+    }
+  }
+
+  def print(s: String) = {
+    if (level.id < LogLevel.OFF.id) {
+      output.print(s)
+    }
+  }
+
+  def println(s: String) = {
+    if (level.id < LogLevel.OFF.id) {
+      output.println(s)
+    }
+  }
+
+  def close() = {
+    output.close()
+  }
+
+  def flush() = {
+    output.flush()
+  }
+
+  private def writeLog(
       logLevel: LogLevel,
       arg: Any,
       line: sourcecode.Line,
@@ -21,46 +88,83 @@ object Logger:
       name: sourcecode.Name
   ): Unit = {
 
-    val colour = logLevel match
-      case DEBUG => AnsiColor.RESET
-      case INFO  => AnsiColor.GREEN
-      case WARN  => AnsiColor.YELLOW
-      case ERROR => AnsiColor.RED
-
-    val showPosition = (logLevel, level) match
-      case (_, DEBUG) => true 
-      case (ERROR, _) => true 
-      case (WARN, _) => true 
-      case (INFO, _) => false
-      case (DEBUG, _) => false
+    if (level.id <= logLevel.id) {
+      val colour = if (!ANSIColour) then "" else logLevel match
+        case DEBUG => AnsiColor.RESET
+        case INFO  => AnsiColor.GREEN
+        case WARN  => AnsiColor.YELLOW
+        case ERROR => AnsiColor.RED
+        case OFF   => ???
 
-    val position = if showPosition then s" [${name.value}@${file.value}:${line.value}]" else ""
+      val showPosition = (logLevel, level) match
+        case (_, DEBUG) => true
+        case (ERROR, _) => true
+        case (WARN, _)  => true
+        case (INFO, _)  => false
+        case (DEBUG, _) => false
+        case (OFF, _)   => ???
 
-    val space = "  "
-    val prefix = s"[$colour$logLevel${AnsiColor.RESET}]$space"
-    val text = arg.toString().replace("\n", "\n " + (" " * (logLevel.toString).length()) + "  " + space )
+      val position = if showPosition then s" [${name.value}@${file.value}:${line.value}]" else ""
 
-    if (level.id <= logLevel.id) {
-      System.err.println(s"$prefix $text$position")
+      val resetColour = if !ANSIColour then "" else AnsiColor.RESET
+      val space = "  "
+      val prefix = s"[$colour$logLevel${resetColour}]$space"
+      val text = arg.toString().replace("\n", "\n " + (" " * (logLevel.toString).length()) + "  " + space)
+      output.println(s"$prefix $text$position")
     }
   }
 
-  def warn(arg: Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
-    write(LogLevel.WARN, arg, line, file, name)
+  def warn(arg: => Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
+    writeLog(LogLevel.WARN, arg, line, file, name)
   }
 
-  def error(arg: Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
-    write(LogLevel.ERROR, arg, line, file, name)
+  def error(arg: => Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
+    writeLog(LogLevel.ERROR, arg, line, file, name)
   }
 
-  def debug(arg: Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
-    write(LogLevel.DEBUG, arg, line, file, name)
+  def debug(arg: => Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
+    writeLog(LogLevel.DEBUG, arg, line, file, name)
   }
 
-  def info(arg: Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
-    write(LogLevel.INFO, arg, line, file, name)
+  def info(arg: => Any)(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): Unit = {
+    writeLog(LogLevel.INFO, arg, line, file, name)
   }
 
-  def setLevel(logLevel: LogLevel): Unit = {
+  def setLevel(logLevel: LogLevel, setChildren: Boolean = true): Unit = {
     level = logLevel
+    if (setChildren) {
+      for (c <- children) {
+        c.setLevel(logLevel, setChildren)
+      }
+    }
   }
+
+  def findLoggerByName(s: String) : Option[GenericLogger] = allLoggers.find(_.name == s)
+
+  def allLoggers: Iterable[GenericLogger] = {
+    (for {
+      c <- children
+      cc <- c.allLoggers
+    } yield (cc)) 
+    ++ Seq(this)
+  }
+
+}
+
+// doesn't work with `mill run`
+def isAConsole = System.console() != null
+
+val Logger  = GenericLogger("log", LogLevel.INFO, System.out, isAConsole)
+val StaticAnalysisLogger  = Logger.deriveLogger("analysis", System.out)
+val SimplifyLogger = Logger.deriveLogger("simplify", System.out)
+val DebugDumpIRLogger = {
+  val l = Logger.deriveLogger("debugdumpir")
+  l.setLevel(LogLevel.OFF)
+  l
+}
+val VSALogger = StaticAnalysisLogger.deriveLogger("vsa")
+val MRALogger = StaticAnalysisLogger.deriveLogger("mra")
+val SteensLogger = StaticAnalysisLogger.deriveLogger("steensgaard")
+
+
+
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 18b8c4648..92740803b 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -7,6 +7,7 @@ import com.grammatech.gtirb.proto.Section.Section
 import spray.json.*
 import ir.eval
 import gtirb.*
+import translating.PrettyPrinter.*
 
 import scala.collection.mutable.ListBuffer
 import scala.collection.mutable.ArrayBuffer
@@ -24,7 +25,7 @@ import org.antlr.v4.runtime.tree.ParseTreeWalker
 import org.antlr.v4.runtime.BailErrorStrategy
 import org.antlr.v4.runtime.{CharStreams, CommonTokenStream, Token}
 import translating.*
-import util.Logger
+import util.{Logger, DebugDumpIRLogger, SimplifyLogger}
 
 import java.util.Base64
 import spray.json.DefaultJsonProtocol.*
@@ -192,7 +193,7 @@ object IRTransform {
   /** Initial cleanup before analysis.
     */
   def doCleanup(ctx: IRContext): IRContext = {
-    Logger.debug("[!] Removing external function calls")
+    Logger.info("[!] Removing external function calls")
     // Remove external function references (e.g. @printf)
     val externalNames = ctx.externalFunctions.map(e => e.name)
     val externalNamesLibRemoved = mutable.Set[String]()
@@ -228,7 +229,7 @@ object IRTransform {
     Logger.info("[!] Stripping unreachable")
     val before = ctx.program.procedures.size
     transforms.stripUnreachableFunctions(ctx.program, config.loading.procedureTrimDepth)
-    Logger.debug(
+    Logger.info(
       s"[!] Removed ${before - ctx.program.procedures.size} functions (${ctx.program.procedures.size} remaining)"
     )
     val dupProcNames = ctx.program.procedures.groupBy(_.name).filter((_, p) => p.size > 1).toList.flatMap(_(1))
@@ -310,30 +311,30 @@ object StaticAnalysis {
     val globalAddresses = globals.map(s => s.address -> s.name).toMap
     val globalSizes = globals.map(s => s.name -> s.size).toMap
     val externalAddresses = externalFunctions.map(e => e.offset -> e.name).toMap
-    Logger.debug("Globals:")
-    Logger.debug(globalAddresses)
-    Logger.debug("Global Offsets: ")
-    Logger.debug(globalOffsets)
-    Logger.debug("Global Sizes: ")
-    Logger.debug(globalSizes)
-    Logger.debug("External: ")
-    Logger.debug(externalAddresses)
-    Logger.debug("Subroutine Addresses:")
-    Logger.debug(subroutines)
-
-    Logger.info("reducible loops")
+    StaticAnalysisLogger.debug("Globals:")
+    StaticAnalysisLogger.debug(globalAddresses)
+    StaticAnalysisLogger.debug("Global Offsets: ")
+    StaticAnalysisLogger.debug(globalOffsets)
+    StaticAnalysisLogger.debug("Global Sizes: ")
+    StaticAnalysisLogger.debug(globalSizes)
+    StaticAnalysisLogger.debug("External: ")
+    StaticAnalysisLogger.debug(externalAddresses)
+    StaticAnalysisLogger.debug("Subroutine Addresses:")
+    StaticAnalysisLogger.debug(subroutines)
+
+    StaticAnalysisLogger.info("reducible loops")
     // reducible loops
     val detector = LoopDetector(IRProgram)
     val foundLoops = detector.identify_loops()
-    foundLoops.foreach(l => Logger.info(s"Loop found: ${l.name}"))
+    foundLoops.foreach(l => StaticAnalysisLogger.info(s"Loop found: ${l.name}"))
 
     val transformer = LoopTransform(foundLoops)
     val newLoops = transformer.llvm_transform()
-    newLoops.foreach(l => Logger.info(s"Loop found: ${l.name}"))
+    newLoops.foreach(l => StaticAnalysisLogger.info(s"Loop found: ${l.name}"))
 
     config.analysisDotPath.foreach { s =>
-      writeToFile(dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap), s"${s}_graph-after-reduce-$iteration.dot")
-      writeToFile(dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"${s}_blockgraph-after-reduce-$iteration.dot")
+      DebugDumpIRLogger.writeToFile(File(s"${s}_graph-after-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap))
+      DebugDumpIRLogger.writeToFile(File(s"${s}_blockgraph-after-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap))
     }
 
     val mergedSubroutines = subroutines ++ externalAddresses
@@ -341,24 +342,24 @@ object StaticAnalysis {
     val domain = computeDomain(IntraProcIRCursor, IRProgram.procedures)
     val interDomain = computeDomain(InterProcIRCursor, IRProgram.procedures)
 
-    Logger.info("[!] Running ANR")
+    StaticAnalysisLogger.info("[!] Running ANR")
     val ANRSolver = ANRAnalysisSolver(IRProgram)
     val ANRResult = ANRSolver.analyze()
 
 
-    Logger.info("[!] Running RNA")
+    StaticAnalysisLogger.info("[!] Running RNA")
     val RNASolver = RNAAnalysisSolver(IRProgram)
     val RNAResult = RNASolver.analyze()
 
-    Logger.info("[!] Running Inter-procedural Constant Propagation")
+    StaticAnalysisLogger.info("[!] Running Inter-procedural Constant Propagation")
     val interProcConstProp = InterProcConstantPropagation(IRProgram)
     val interProcConstPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]] = interProcConstProp.analyze()
 
     config.analysisResultsPath.foreach { s =>
-      writeToFile(printAnalysisResults(IRProgram, interProcConstPropResult), s"${s}OGconstprop$iteration.txt")
+      DebugDumpIRLogger.writeToFile(File(s"${s}OGconstprop$iteration.txt"), printAnalysisResults(IRProgram, interProcConstPropResult))
     }
 
-    Logger.info("[!] Variable dependency summaries")
+    StaticAnalysisLogger.info("[!] Variable dependency summaries")
     val scc = stronglyConnectedComponents(CallGraph, List(IRProgram.mainProcedure))
     val specGlobalAddresses = ctx.specification.globals.map(s => s.address -> s.name).toMap
     val varDepsSummaries = VariableDependencyAnalysis(IRProgram, ctx.specification.globals, specGlobalAddresses, interProcConstPropResult, scc).analyze()
@@ -367,21 +368,21 @@ object StaticAnalysis {
     val intraProcConstPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]] = intraProcConstProp.analyze()
 
     config.analysisResultsPath.foreach { s =>
-      writeToFile(printAnalysisResults(IRProgram, intraProcConstPropResult), s"${s}_new_ir_constprop$iteration.txt")
+      DebugDumpIRLogger.writeToFile(File(s"${s}_new_ir_constprop$iteration.txt"), printAnalysisResults(IRProgram, intraProcConstPropResult))
     }
 
     config.analysisDotPath.foreach { f =>
       val dumpdomain = computeDomain[CFGPosition, CFGPosition](InterProcIRCursor, IRProgram.procedures)
-      writeToFile(toDot(dumpdomain.toSet, InterProcIRCursor, Map.empty), s"${f}_new_ir_intercfg$iteration.dot")
+       DebugDumpIRLogger.writeToFile(File(s"${f}_new_ir_intercfg$iteration.dot"), toDot(dumpdomain.toSet, InterProcIRCursor, Map.empty))
     }
 
     val reachingDefinitionsAnalysisSolver = InterprocReachingDefinitionsAnalysisSolver(IRProgram)
     val reachingDefinitionsAnalysisResults = reachingDefinitionsAnalysisSolver.analyze()
 
     config.analysisDotPath.foreach { s =>
-      writeToFile(
-        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> reachingDefinitionsAnalysisResults(b).toString).toMap, true),
-        s"${s}_reachingDefinitions$iteration.dot"
+      DebugDumpIRLogger.writeToFile(
+        File(s"${s}_reachingDefinitions$iteration.dot"),
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> reachingDefinitionsAnalysisResults(b).toString).toMap, true)
       )
     }
 
@@ -394,58 +395,58 @@ object StaticAnalysis {
       Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]]()
     }
 
-    Logger.info("[!] Running GRA")
+    StaticAnalysisLogger.info("[!] Running GRA")
     val graSolver = GlobalRegionAnalysisSolver(IRProgram, domain.toSet, interProcConstPropResult, reachingDefinitionsAnalysisResults, mmm, previousVSAResults)
     val graResult = graSolver.analyze()
 
-    Logger.info("[!] Running MRA")
+    StaticAnalysisLogger.info("[!] Running MRA")
     val mraSolver = MemoryRegionAnalysisSolver(IRProgram, domain.toSet, globalAddresses, globalOffsets, mergedSubroutines, interProcConstPropResult, ANRResult, RNAResult, reachingDefinitionsAnalysisResults, graResult, mmm)
     val mraResult = mraSolver.analyze()
 
     config.analysisDotPath.foreach { s =>
-      writeToFile(dotCallGraph(IRProgram), s"${s}_callgraph$iteration.dot")
-      writeToFile(
-        dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap),
-        s"${s}_blockgraph$iteration.dot"
+      DebugDumpIRLogger.writeToFile(File(s"${s}_callgraph$iteration.dot"), dotCallGraph(IRProgram))
+      DebugDumpIRLogger.writeToFile(
+        File(s"${s}_blockgraph$iteration.dot"),
+        dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap)
       )
 
-      writeToFile(
-        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> intraProcConstPropResult(b).toString).toMap),
-        s"${s}_new_ir_constprop$iteration.dot"
+      DebugDumpIRLogger.writeToFile(
+        File(s"${s}_new_ir_constprop$iteration.dot"),
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> intraProcConstPropResult(b).toString).toMap)
       )
 
-      writeToFile(
-        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> mraResult(b).toString).toMap),
-        s"${s}_MRA$iteration.dot"
+      DebugDumpIRLogger.writeToFile(
+        File(s"${s}_MRA$iteration.dot"),
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> mraResult(b).toString).toMap)
       )
 
-      writeToFile(
-        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> graResult(b).toString).toMap),
-        s"${s}_GRA$iteration.dot"
+      DebugDumpIRLogger.writeToFile(
+        File(s"${s}_GRA$iteration.dot"),
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> graResult(b).toString).toMap)
       )
     }
 
-    Logger.debug("[!] Running MMM")
+    StaticAnalysisLogger.info("[!] Running MMM")
     mmm.convertMemoryRegions(mraSolver.procedureToStackRegions, mraSolver.procedureToHeapRegions, mraResult, mraSolver.procedureToSharedRegions, graSolver.getDataMap, graResult)
     mmm.logRegions()
 
-    Logger.debug("[!] Running Steensgaard")
+    StaticAnalysisLogger.info("[!] Running Steensgaard")
     val steensgaardSolver = InterprocSteensgaardAnalysis(interDomain.toSet, mmm, reachingDefinitionsAnalysisResults, previousVSAResults)
     steensgaardSolver.analyze()
     val steensgaardResults = steensgaardSolver.pointsTo()
 
-    Logger.debug("[!] Running VSA")
+    StaticAnalysisLogger.info("[!] Running VSA")
     val vsaSolver = ValueSetAnalysisSolver(IRProgram, mmm, interProcConstPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
     config.analysisDotPath.foreach { s =>
-      writeToFile(
-        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> vsaResult(b).toString).toMap),
-        s"${s}_VSA$iteration.dot"
+      DebugDumpIRLogger.writeToFile(
+        File(s"${s}_VSA$iteration.dot"),
+        toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> vsaResult(b).toString).toMap)
       )
     }
 
-    Logger.debug("[!] Injecting regions")
+    StaticAnalysisLogger.info("[!] Injecting regions")
     val regionInjector = if (config.memoryRegions) {
       val injector = RegionInjector(IRProgram, mmm)
       injector.nodeVisitor()
@@ -541,7 +542,6 @@ object RunUtils {
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
-    val write = true
 
     transforms.applyRPO(ctx.program)
 
@@ -549,19 +549,20 @@ object RunUtils {
     transforms.coalesceBlocks(ctx.program)
     transforms.removeEmptyBlocks(ctx.program)
 
-    if write then writeToFile(dotBlockGraph(ctx.program.mainProcedure), s"blockgraph-before-dsa.dot")
+    DebugDumpIRLogger.writeToFile(File("blockgraph-before-dsa.dot"), dotBlockGraph(ctx.program.mainProcedure))
     
     Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
-    if write then writeToFile(serialiseIL(ctx.program), s"il-before-dsa.il")
+    DebugDumpIRLogger.writeToFile(File("il-before-dsa.il"), serialiseIL(ctx.program))
 
     // transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
     transforms.OnePassDSA().applyTransform(ctx.program)
     Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
 
-    if write then writeToFile(dotBlockGraph(ctx.program, (ctx.program.collect {
-      case b : Block => b -> translating.BasilIRPrettyPrinter()(b)
-    }).toMap), s"blockgraph-after-dsa.dot")
+    DebugDumpIRLogger.writeToFile(File(s"blockgraph-after-dsa.dot"), 
+      dotBlockGraph(ctx.program, (ctx.program.collect {
+      case b : Block => b -> pp_block(b)
+    }).toMap))
 
     if (ir.eval.SimplifyValidation.validate) {
       // Logger.info("Live vars difftest")
@@ -577,18 +578,18 @@ object RunUtils {
     assert(invariant.cfgCorrect(ctx.program))
     assert(invariant.blocksUniqueToEachProcedure(ctx.program))
 
-    if write then writeToFile(serialiseIL(ctx.program), s"il-before-copyprop.il")
+    DebugDumpIRLogger.writeToFile(File("il-before-copyprop.il"), pp_prog(ctx.program))
 
     // brute force run the analysis twice because it cleans up more stuff
     //assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
     transforms.doCopyPropTransform(ctx.program)
-    if write then writeToFile(dotBlockGraph(ctx.program.mainProcedure), s"blockgraph-after-simp.dot")
+    DebugDumpIRLogger.writeToFile(File("blockgraph-after-simp.dot"), dotBlockGraph(ctx.program.mainProcedure))
 
     // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
 
     assert(invariant.blockUniqueLabels(ctx.program))
     Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
-    if write then writeToFile(serialiseIL(ctx.program), s"il-after-copyprop.il")
+    DebugDumpIRLogger.writeToFile(File("il-after-copyprop.il"), pp_prog(ctx.program))
 
 
     // val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
@@ -602,12 +603,11 @@ object RunUtils {
 
     // run this after cond recovery because sign bit calculations often need high bits
     // which go away in high level conss
-    if write then writeToFile(serialiseIL(ctx.program), s"il-after-slices.il")
+    DebugDumpIRLogger.writeToFile(File("il-after-slices.il"), pp_prog(ctx.program))
 
     // re-apply dsa
     // transforms.OnePassDSA().applyTransform(ctx.program)
 
-    if write then writeToFile(translating.BasilIRPrettyPrinter()(ctx.program), "prettyprinted.il")
 
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("[!] Simplify :: Writing simplification validation")
@@ -620,7 +620,7 @@ object RunUtils {
   }
 
   def loadAndTranslate(conf: BASILConfig): BASILResult = {
-    Logger.debug("[!] Loading Program")
+    Logger.info("[!] Loading Program")
     var q = conf
 
     var ctx = IRLoading.load(q.loading)
@@ -657,11 +657,11 @@ object RunUtils {
     assert(invariant.blocksUniqueToEachProcedure(ctx.program))
     assert(invariant.correctCalls(ctx.program))
 
-    q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-before-analysis.il"))
+    q.loading.dumpIL.foreach(s => DebugDumpIRLogger.writeToFile(File(s"$s-before-analysis.il"), pp_prog(ctx.program)))
     val analysis = q.staticAnalysis.map {
       conf => staticAnalysis(conf, ctx)
     }
-    q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(ctx.program), s"$s-after-analysis.il"))
+    q.loading.dumpIL.foreach(s => DebugDumpIRLogger.writeToFile(File(s"$s-after-analysis.il"), pp_prog(ctx.program)))
 
     if (q.runInterpret) {
       val fs = eval.interpretTrace(ctx)
@@ -704,10 +704,10 @@ object RunUtils {
     var modified: Boolean = true
     val analysisResult = mutable.ArrayBuffer[StaticAnalysisContext]()
     while (modified || (analysisResult.size < 2 && config.memoryRegions)) {
-      Logger.debug("[!] Running Static Analysis")
+      StaticAnalysisLogger.info("[!] Running Static Analysis")
       val result = StaticAnalysis.analyse(ctx, config, iteration, analysisResult.lastOption)
       analysisResult.append(result)
-      Logger.debug("[!] Replacing Indirect Calls")
+      StaticAnalysisLogger.info("[!] Replacing Indirect Calls")
 
       /*
       modified = transforms.SteensgaardIndirectCallResolution(
@@ -723,14 +723,14 @@ object RunUtils {
         result.mmmResults
       ).resolveIndirectCalls()
 
-      Logger.debug("[!] Generating Procedure Summaries")
+      StaticAnalysisLogger.info("[!] Generating Procedure Summaries")
       if (config.summariseProcedures) {
         IRTransform.generateProcedureSummaries(ctx, ctx.program, result.intraProcConstProp, result.varDepsSummaries)
       }
 
       if (modified) {
         iteration += 1
-        Logger.debug(s"[!] Analysing again (iter $iteration)")
+        StaticAnalysisLogger.info(s"[!] Analysing again (iter $iteration)")
       }
     }
 
@@ -740,33 +740,33 @@ object RunUtils {
       transforms.splitThreads(ctx.program, analysisResult.last.steensgaardResults, analysisResult.last.reachingDefs)
     }
 
-    Logger.debug("[!] Running Writes To")
+    StaticAnalysisLogger.info("[!] Running Writes To")
     val writesTo = WriteToAnalysis(ctx.program).analyze()
     val reachingDefs = ReachingDefsAnalysis(ctx.program, writesTo).analyze()
     config.analysisDotPath.foreach { s =>
-      writeToFile(toDot(ctx.program), s"${s}_ct.dot")
+      DebugDumpIRLogger.writeToFile(File(s"${s}_ct.dot"), toDot(ctx.program))
     }
 
-    Logger.debug("[!] Running Symbolic Access Analysis")
+    StaticAnalysisLogger.info("[!] Running Symbolic Access Analysis")
     val symResults: Map[CFGPosition, Map[SymbolicAddress, TwoElement]] =
       SymbolicAddressAnalysis(ctx.program, analysisResult.last.interProcConstProp).analyze()
     config.analysisDotPath.foreach { s =>
       val labels = symResults.map { (k, v) => k -> v.toString }
-      writeToFile(toDot(ctx.program, labels), s"${s}_saa.dot")
+      DebugDumpIRLogger.writeToFile(File(s"${s}_saa.dot"), toDot(ctx.program, labels))
     }
 
-    Logger.debug("[!] Running DSA Analysis")
+    StaticAnalysisLogger.info("[!] Running DSA Analysis")
     val symbolTableEntries: Set[SymbolTableEntry] = ctx.globals ++ ctx.funcEntries
     val dsa = DataStructureAnalysis(ctx.program, symResults, analysisResult.last.interProcConstProp, symbolTableEntries, ctx.globalOffsets, ctx.externalFunctions, reachingDefs, writesTo, analysisResult.last.paramResults)
     dsa.analyze()
 
     config.analysisDotPath.foreach { s =>
       dsa.topDown(ctx.program.mainProcedure).toDot
-      writeToFile(dsa.topDown(ctx.program.mainProcedure).toDot, s"${s}_main_dsg.dot")
+      DebugDumpIRLogger.writeToFile(File(s"${s}_main_dsg.dot"), dsa.topDown(ctx.program.mainProcedure).toDot)
     }
 
     assert(invariant.singleCallBlockEnd(ctx.program))
-    Logger.debug(s"[!] Finished indirect call resolution after $iteration iterations")
+    StaticAnalysisLogger.info(s"[!] Finished indirect call resolution after $iteration iterations")
     analysisResult.last.copy(
       symbolicAddresses = symResults,
       localDSA = dsa.local.toMap,
@@ -777,7 +777,7 @@ object RunUtils {
 }
 
 def writeToFile(content: String, fileName: String): Unit = {
-  Logger.debug(s"Writing $fileName (${content.size} bytes)")
+  Logger.info(s"Writing $fileName (${content.size} bytes)")
   val outFile = File(fileName)
   val pw = PrintWriter(outFile, "UTF-8")
   pw.write(content)
diff --git a/src/test/scala/DifferentialAnalysisTest.scala b/src/test/scala/DifferentialAnalysisTest.scala
index 9ca9b382b..c9fc0ef95 100644
--- a/src/test/scala/DifferentialAnalysisTest.scala
+++ b/src/test/scala/DifferentialAnalysisTest.scala
@@ -19,7 +19,7 @@ import util.RunUtils.loadAndTranslate
 
 import scala.collection.mutable
 
-class DifferentialAnalysisTest extends AnyFunSuite {
+class DifferentialTest extends AnyFunSuite {
 
   Logger.setLevel(LogLevel.WARN)
 
@@ -92,7 +92,7 @@ class DifferentialAnalysisTest extends AnyFunSuite {
 }
 
 
-class DifferentialTestAnalysis extends DifferentialTest {
+class DifferentialAnalysisTest extends DifferentialTest {
 
   def runSystemTests(): Unit = {
 

From 8dd5f0e21ea648650ea3b466cd2e00aa0742d3b7 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 3 Dec 2024 10:00:46 +1000
Subject: [PATCH 102/127] fix externalremover

---
 src/main/scala/ir/Visitor.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index 490e0ea13..f07c3d266 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -409,7 +409,7 @@ class Renamer(reserved: Set[String]) extends Visitor {
 
 class ExternalRemover(external: Set[String]) extends Visitor {
   override def visitProcedure(node: Procedure): Procedure = {
-    if (external.contains(node.name)) {
+    if (external.contains(node.procName)) {
       // update the modifies set before removing the body
       node.modifies.addAll(node.blocks.flatMap(_.modifies))
       node.replaceBlocks(Seq())

From 21efc167918e81efd583607b71333f6174583ca9 Mon Sep 17 00:00:00 2001
From: alistair <alistair.michael@uq.edu.au>
Date: Wed, 4 Dec 2024 00:04:15 +1000
Subject: [PATCH 103/127] robustness and perf fixes (monad overflow)

---
 src/main/scala/ir/eval/ExprEval.scala         |   2 +-
 src/main/scala/ir/eval/InterpretBasilIR.scala | 173 ++++++++++++------
 src/main/scala/ir/eval/Interpreter.scala      |  33 ++++
 src/main/scala/util/Logging.scala             |   3 +-
 src/main/scala/util/RunUtils.scala            |  42 +++--
 src/main/scala/util/functional/State.scala    |  30 ++-
 src/test/make/lift-directories.mk             |   4 +-
 src/test/scala/DifferentialAnalysisTest.scala |   2 +-
 src/test/scala/util/StateMonad.scala          |   1 -
 9 files changed, 203 insertions(+), 87 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 45a90a671..7e1373996 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -151,7 +151,7 @@ trait Loader[S, E] {
 }
 
 def evaluateExpr(exp: Expr): Option[Literal] = {
-  val (e, _) = SimpExpr(fastPartialEvalExpr)(exp)
+  val (e, _) = simpFixedPoint(SimpExpr(fastPartialEvalExpr).apply)(exp)
   e match {
     case l: Literal => Some(l)
     case _          => None
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 24a274fd8..7cf8f6453 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -1,4 +1,5 @@
 package ir.eval
+import ir.transforms.Substitute
 import ir._
 import ir.eval.BitVectorEval.*
 import ir.*
@@ -63,6 +64,24 @@ case object Eval {
   /* Eval functions                                                                 */
   /*--------------------------------------------------------------------------------*/
 
+  // def evalExpr[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, Expr, InterpreterError] = {
+  //   val ldr = StVarLoader[S, T](f)
+
+  //   val varbs = e.variables.toList
+  //   val vars = varbs.map(v => ldr.getVariable(v))
+
+  //   for {
+  //     vs <- State.mapM(ldr.getVariable, varbs)
+  //     vvs = varbs.zip(vs).filter(_._2.isDefined).map(l => (l._1, l._2.get)).toMap
+  //     substed = Substitute(vvs.get)(e).flatMap(evaluateExpr)
+  //     res <- substed match {
+  //       case Some(r) => State.pure(r)
+  //       case None    => State.pure(e)
+  //     }
+  //   } yield (res)
+  // }
+  //
+
   def evalExpr[S, T <: Effects[S, InterpreterError]](f: T)(e: Expr): State[S, Expr, InterpreterError] = {
     val ldr = StVarLoader[S, T](f)
     for {
@@ -176,22 +195,28 @@ case object Eval {
       addr: BasilValue,
       values: List[BasilValue],
       endian: Endian
-  ): State[S, Unit, InterpreterError] = for {
-    mem <- f.loadVar(vname)
-    x <- mem match {
-      case m @ BasilMapValue(_, MapType(kt, vt))
-          if Some(kt) == addr.irType && values.forall(v => v.irType == Some(vt)) =>
-        State.pure((m, kt, vt))
-      case v => State.setError((TypeError(s"Invalid map store operation to $vname : $v")))
-    }
-    (mapval, keytype, valtype) = x
-    keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until values.size))
-    vals = endian match {
-      case Endian.LittleEndian => values.reverse
-      case Endian.BigEndian    => values
-    }
-    x <- f.storeMem(vname, keys.zip(vals).toMap)
-  } yield (x)
+  )(implicit
+      line: sourcecode.Line,
+      file: sourcecode.FileName,
+      name: sourcecode.Name
+  ): State[S, Unit, InterpreterError] =
+    monlog.debug(s"store ${vname} ${values.size} bytes ${file.value}:${line.value}")
+    for {
+      mem <- f.loadVar(vname)
+      x <- mem match {
+        case m @ BasilMapValue(_, MapType(kt, vt))
+            if Some(kt) == addr.irType && values.forall(v => v.irType == Some(vt)) =>
+          State.pure((m, kt, vt))
+        case v => State.setError((TypeError(s"Invalid map store operation to $vname : $v")))
+      }
+      (mapval, keytype, valtype) = x
+      keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until values.size))
+      vals = endian match {
+        case Endian.LittleEndian => values.reverse
+        case Endian.BigEndian    => values
+      }
+      x <- f.storeMem(vname, keys.zip(vals).toMap)
+    } yield (x)
 
   /** Extract bitvec to bytes and store bytes */
   def storeBV[S, T <: Effects[S, InterpreterError]](f: T)(
@@ -199,7 +224,10 @@ case object Eval {
       addr: BasilValue,
       value: BitVecLiteral,
       endian: Endian
-  ): State[S, Unit, InterpreterError] = for {
+  )(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, Unit, InterpreterError] = 
+
+    monlog.debug(s"storeBV ${vname} ${size(value).get / 8} bytes")(line, file, name)
+    for {
     mem <- f.loadVar(vname)
     mr <- mem match {
       case m @ BasilMapValue(_, MapType(kt, BitVecType(size))) if Some(kt) == addr.irType => State.pure((m, size))
@@ -395,11 +423,11 @@ class BASILInterpreter[S](f: Effects[S, InterpreterError]) extends Interpreter[S
             dc.actualParams
           )
           _ <- {
-            if (dc.target.entryBlock.isDefined) {
+            if (LibcIntrinsic.intrinsics.contains(dc.target.procName)) {
+              f.call(dc.target.name, Intrinsic(dc.target.procName), ReturnTo(dc))
+            } else if (dc.target.entryBlock.isDefined) {
               val block = dc.target.entryBlock.get
               f.call(dc.target.name, Run(block.statements.headOption.getOrElse(block.jump)), ReturnTo(dc))
-            } else if (LibcIntrinsic.intrinsics.contains(dc.target.name)) {
-              f.call(dc.target.name, Intrinsic(dc.target.name), ReturnTo(dc))
             } else {
               State.setError(EscapedControlFlow(dc))
             }
@@ -519,75 +547,100 @@ object InterpFuns {
       l <- s.storeVar("R30_in", Scope.Global, Scalar(LR))
       l <- s.storeVar("R0", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      /** callee saved **/
+      l <- s.storeVar("R19", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R20", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R21", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R22", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R23", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R24", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R25", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R26", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R27", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      l <- s.storeVar("R28", Scope.Global, Scalar(BitVecLiteral(0, 64)))
+      /** end callee saved **/
       _ <- s.storeVar("ghost-funtable", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
       _ <- IntrinsicImpl.initFileGhostRegions(s)
     } yield (l)
   }
 
-  def initialiseProgram[S, T <: Effects[S, InterpreterError]](f: T)(p: Program): State[S, Unit, InterpreterError] = {
-    def initMemory(mem: String, mems: Iterable[MemorySection]) = {
-      for {
-        m <- State.sequence(
-          State.pure(()),
-          mems
-            .filter(m => m.address != 0 && m.bytes.size != 0)
-            .map(memory =>
-              Eval.store(f)(
-                mem,
-                Scalar(BitVecLiteral(memory.address, 64)),
-                memory.bytes.toList.map(Scalar(_)),
-                Endian.BigEndian
-              )
+  def initialiseProgram[S, T <: Effects[S, InterpreterError]](
+      f: T
+  )(is: S, p: Program): S = {
+
+    def initMemory(is: S, mem: String, mems: Iterable[MemorySection]) : S = {
+      var s = is
+      for (memory <- mems.filter(m => m.address != 0 && m.bytes.size != 0)) {
+        val bytes = memory.bytes.toList.map(Scalar(_))
+        val addrs = memory.address until memory.address + bytes.size
+        for (store <- addrs.zip(bytes)) {
+          val (addr,value) = store
+          s = State.execute(
+            s,
+            Eval.store(f)(
+              mem,
+              Scalar(BitVecLiteral(addr, 64)),
+              List(value),
+              Endian.BigEndian
             )
-        )
-      } yield ()
+          )
+        }
+      }
+      s
     }
 
-    for {
-      d <- initialState(f)
-      funs <- State.sequence(
-        State.pure(Logger.debug("INITIALISE FUNCTION ADDRESSES")),
-        p.procedures
-          .filter(p => p.blocks.nonEmpty && p.address.isDefined)
-          .map((proc: Procedure) =>
-            Eval.storeSingle(f)(
+    var s = State.execute(is, initialState(f))
+
+    for (proc <- p.procedures.filter(p => p.blocks.nonEmpty && p.address.isDefined)) {
+            s = State.execute(s, Eval.storeSingle(f)(
               "ghost-funtable",
               Scalar(BitVecLiteral(proc.address.get, 64)),
               FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
             )
           )
-      )
-      _ <- State.pure(Logger.debug("INITIALISE MEMORY SECTIONS"))
-      mem <- initMemory("mem", p.initialMemory.values)
-      mem <- initMemory("stack", p.initialMemory.values)
-      mainfun = p.mainProcedure
-      r <- f.call("init_activation", Stopped(), Stopped()) // frame for main to return to
-      r <- f.call(mainfun.name, Run(IRWalk.firstInBlock(mainfun.entryBlock.get)), Stopped())
-      l <- State.sequence(State.pure(()), mainfun.formalInParam.toList.map(i => f.storeVar(i.name, i.toBoogie.scope, Scalar(BitVecLiteral(0, size(i).get)))))
-    } yield (r)
+    }
+
+    val mainfun = p.mainProcedure
+    s = State.execute(s, f.call("init_activation", Stopped(), Stopped())) 
+    s = initMemory(s, "mem", p.initialMemory.values)
+    s = initMemory(s, "stack", p.initialMemory.values)
+    s = State.execute(s, f.call(mainfun.name, Run(IRWalk.firstInBlock(mainfun.entryBlock.get)), Stopped()))
+      // l <- State.sequence(State.pure(()), mainfun.formalInParam.toList.map(i => f.storeVar(i.name, i.toBoogie.scope, Scalar(BitVecLiteral(0, size(i).get)))))
+    s
   }
 
-  def initBSS[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext): State[S, Unit, InterpreterError] = {
+  def initBSS[S, T <: Effects[S, InterpreterError]](f: T)(is: S, p: IRContext): S = {
     val bss = for {
       first <- p.symbols.find(s => s.name == "__bss_start__").map(_.value)
       last <- p.symbols.find(s => s.name == "__bss_end__").map(_.value)
       r <- (if (first == last) then None else Some((first, (last - first) * 8)))
       (addr, sz) = r
       st = {
-        (rgn => Eval.storeBV(f)(rgn, Scalar(BitVecLiteral(addr, 64)), BitVecLiteral(0, sz.toInt), Endian.LittleEndian))
+        var s = is
+        for (rgn <- Seq("mem", "stack")) {
+          for (addr <- (first until last)) {
+            s = State.execute(s, 
+              Eval.storeBV(f)(rgn, Scalar(BitVecLiteral(addr, 64)), BitVecLiteral(0, 8), Endian.LittleEndian)
+            )
+          }
+        }
+        s
       }
 
     } yield (st)
 
+
     bss match {
-      case None       => Logger.error("No BSS initialised"); State.pure(())
-      case Some(init) => init("mem") >> init("stack")
+      case None       => Logger.error("No BSS initialised"); is 
+      case Some(init) => init
     }
   }
 
   def initProgState[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
-    val st = (initialiseProgram(f)(p.program) >> initBSS(f)(p))
-      >> InterpFuns.initRelocTable(f)(p)
+    var ist = initialiseProgram(f)(is, p.program) 
+    ist = initBSS(f)(ist, p)
+    ist = State.execute(ist, InterpFuns.initRelocTable(f)(p))
+    val st = State.putS(ist)
     val (fs, v) = st.f(is)
     v match {
       case Right(r) => fs
@@ -604,7 +657,7 @@ object InterpFuns {
 
   /* Interpret IR program */
   def interpretProg[S, T <: Effects[S, InterpreterError]](f: T)(p: Program, is: S): S = {
-    val begin = State.execute(is, initialiseProgram(f)(p))
+    val begin = initialiseProgram(f)(is, p)
     val interp = BASILInterpreter(f)
     interp.run(begin)
   }
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 5b9cfb42d..0690d8a54 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -325,6 +325,14 @@ object LibcIntrinsic {
     _ <- s.doReturn()
   } yield (())
 
+  def twoArg[S, E, T <: Effects[S, E]](name: String)(s: T): State[S, Unit, E] = for {
+    c1 <- s.loadVar("R0")
+    c2 <- s.loadVar("R1")
+    res <- s.callIntrinsic(name, List(c1, c2))
+    _ <- if res.isDefined then s.storeVar("R0", Scope.Global, res.get) else State.pure(())
+    _ <- s.doReturn()
+  } yield (())
+
   def calloc[S, T <: Effects[S, InterpreterError]](s: T): State[S, Unit, InterpreterError] = for {
     size <- s.loadVar("R0")
     res <- s.callIntrinsic("malloc", List(size))
@@ -340,9 +348,12 @@ object LibcIntrinsic {
   def intrinsics[S, T <: Effects[S, InterpreterError]] =
     Map[String, T => State[S, Unit, InterpreterError]](
       "putc" -> singleArg("putc"),
+      "putchar" -> singleArg("putc"),
       "puts" -> singleArg("puts"),
       "printf" -> singleArg("print"),
+      "write" -> twoArg("write"),
       "malloc" -> singleArg("malloc"),
+      "__libc_malloc_impl" -> singleArg("malloc"),
       "free" -> singleArg("free"),
       "#free" -> singleArg("free"),
       "calloc" -> calloc
@@ -392,6 +403,27 @@ object IntrinsicImpl {
     } yield (Some(filecount.head))
   }
 
+
+  def write[S, T <: Effects[S, InterpreterError]](f: T)(fd: BasilValue, strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+    for {
+      str <- Eval.getNullTerminatedString(f)("mem", strptr)
+      // TODO: fd mapping in state
+      file = fd match {
+        case Scalar(BitVecLiteral(1, 64)) => "stdout"
+        case Scalar(BitVecLiteral(2, 64)) => "stderr"
+        case _ => "unknown"
+      }
+      baseptr: List[BasilValue] <- f.loadMem("ghost-file-bookkeeping", List(Symbol(s"${file}-ptr")))
+      offs: List[BasilValue] <- State.mapM(
+        ((i: Int) => State.pureE(BasilValue.unsafeAdd(baseptr.head, i))),
+        (0 until (str.size + 1))
+      )
+      _ <- f.storeMem(file, offs.zip(str.map(Scalar(_))).toMap)
+      naddr <- State.pureE(BasilValue.unsafeAdd(baseptr.head, str.size))
+      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol(s"${file}-ptr") -> naddr))
+    } yield (None)
+  }
+
   def print[S, T <: Effects[S, InterpreterError]](f: T)(strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       str <- Eval.getNullTerminatedString(f)("mem", strptr)
@@ -450,6 +482,7 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
         } yield (Some(r))
       case "print" => IntrinsicImpl.print(this)(args.head)
       case "puts"  => IntrinsicImpl.print(this)(args.head) >> IntrinsicImpl.putc(this)(Scalar(BitVecLiteral('\n'.toInt, 64)))
+      case "write"  => IntrinsicImpl.write(this)(args(1), args(2))
       case _       => State.setError(Errored(s"Call undefined intrinsic $name"))
     }
   }
diff --git a/src/main/scala/util/Logging.scala b/src/main/scala/util/Logging.scala
index b9f95a4a9..b3b56755f 100644
--- a/src/main/scala/util/Logging.scala
+++ b/src/main/scala/util/Logging.scala
@@ -55,7 +55,7 @@ class GenericLogger(
     if (level.id < LogLevel.OFF.id) {
       val l = deriveLogger(file.getName(), file)
       l.print(content)
-      close()
+      l.close()
       children.remove(l)
     }
   }
@@ -159,7 +159,6 @@ val StaticAnalysisLogger  = Logger.deriveLogger("analysis", System.out)
 val SimplifyLogger = Logger.deriveLogger("simplify", System.out)
 val DebugDumpIRLogger = {
   val l = Logger.deriveLogger("debugdumpir")
-  l.setLevel(LogLevel.OFF)
   l
 }
 val VSALogger = StaticAnalysisLogger.deriveLogger("vsa")
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 92740803b..3592fadb0 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -322,15 +322,15 @@ object StaticAnalysis {
     StaticAnalysisLogger.debug("Subroutine Addresses:")
     StaticAnalysisLogger.debug(subroutines)
 
-    StaticAnalysisLogger.info("reducible loops")
+    StaticAnalysisLogger.debug("reducible loops")
     // reducible loops
     val detector = LoopDetector(IRProgram)
     val foundLoops = detector.identify_loops()
-    foundLoops.foreach(l => StaticAnalysisLogger.info(s"Loop found: ${l.name}"))
+    foundLoops.foreach(l => StaticAnalysisLogger.debug(s"Loop found: ${l.name}"))
 
     val transformer = LoopTransform(foundLoops)
     val newLoops = transformer.llvm_transform()
-    newLoops.foreach(l => StaticAnalysisLogger.info(s"Loop found: ${l.name}"))
+    newLoops.foreach(l => StaticAnalysisLogger.debug(s"Loop found: ${l.name}"))
 
     config.analysisDotPath.foreach { s =>
       DebugDumpIRLogger.writeToFile(File(s"${s}_graph-after-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap))
@@ -342,16 +342,15 @@ object StaticAnalysis {
     val domain = computeDomain(IntraProcIRCursor, IRProgram.procedures)
     val interDomain = computeDomain(InterProcIRCursor, IRProgram.procedures)
 
-    StaticAnalysisLogger.info("[!] Running ANR")
+    StaticAnalysisLogger.debug("[!] Running ANR")
     val ANRSolver = ANRAnalysisSolver(IRProgram)
     val ANRResult = ANRSolver.analyze()
 
-
-    StaticAnalysisLogger.info("[!] Running RNA")
+    StaticAnalysisLogger.debug("[!] Running RNA")
     val RNASolver = RNAAnalysisSolver(IRProgram)
     val RNAResult = RNASolver.analyze()
 
-    StaticAnalysisLogger.info("[!] Running Inter-procedural Constant Propagation")
+    StaticAnalysisLogger.debug("[!] Running Inter-procedural Constant Propagation")
     val interProcConstProp = InterProcConstantPropagation(IRProgram)
     val interProcConstPropResult: Map[CFGPosition, Map[Variable, FlatElement[BitVecLiteral]]] = interProcConstProp.analyze()
 
@@ -359,7 +358,7 @@ object StaticAnalysis {
       DebugDumpIRLogger.writeToFile(File(s"${s}OGconstprop$iteration.txt"), printAnalysisResults(IRProgram, interProcConstPropResult))
     }
 
-    StaticAnalysisLogger.info("[!] Variable dependency summaries")
+    StaticAnalysisLogger.debug("[!] Variable dependency summaries")
     val scc = stronglyConnectedComponents(CallGraph, List(IRProgram.mainProcedure))
     val specGlobalAddresses = ctx.specification.globals.map(s => s.address -> s.name).toMap
     val varDepsSummaries = VariableDependencyAnalysis(IRProgram, ctx.specification.globals, specGlobalAddresses, interProcConstPropResult, scc).analyze()
@@ -395,11 +394,11 @@ object StaticAnalysis {
       Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]]()
     }
 
-    StaticAnalysisLogger.info("[!] Running GRA")
+    StaticAnalysisLogger.debug("[!] Running GRA")
     val graSolver = GlobalRegionAnalysisSolver(IRProgram, domain.toSet, interProcConstPropResult, reachingDefinitionsAnalysisResults, mmm, previousVSAResults)
     val graResult = graSolver.analyze()
 
-    StaticAnalysisLogger.info("[!] Running MRA")
+    StaticAnalysisLogger.debug("[!] Running MRA")
     val mraSolver = MemoryRegionAnalysisSolver(IRProgram, domain.toSet, globalAddresses, globalOffsets, mergedSubroutines, interProcConstPropResult, ANRResult, RNAResult, reachingDefinitionsAnalysisResults, graResult, mmm)
     val mraResult = mraSolver.analyze()
 
@@ -426,16 +425,16 @@ object StaticAnalysis {
       )
     }
 
-    StaticAnalysisLogger.info("[!] Running MMM")
+    StaticAnalysisLogger.debug("[!] Running MMM")
     mmm.convertMemoryRegions(mraSolver.procedureToStackRegions, mraSolver.procedureToHeapRegions, mraResult, mraSolver.procedureToSharedRegions, graSolver.getDataMap, graResult)
     mmm.logRegions()
 
-    StaticAnalysisLogger.info("[!] Running Steensgaard")
+    StaticAnalysisLogger.debug("[!] Running Steensgaard")
     val steensgaardSolver = InterprocSteensgaardAnalysis(interDomain.toSet, mmm, reachingDefinitionsAnalysisResults, previousVSAResults)
     steensgaardSolver.analyze()
     val steensgaardResults = steensgaardSolver.pointsTo()
 
-    StaticAnalysisLogger.info("[!] Running VSA")
+    StaticAnalysisLogger.debug("[!] Running VSA")
     val vsaSolver = ValueSetAnalysisSolver(IRProgram, mmm, interProcConstPropResult)
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
@@ -446,7 +445,7 @@ object StaticAnalysis {
       )
     }
 
-    StaticAnalysisLogger.info("[!] Injecting regions")
+    StaticAnalysisLogger.debug("[!] Injecting regions")
     val regionInjector = if (config.memoryRegions) {
       val injector = RegionInjector(IRProgram, mmm)
       injector.nodeVisitor()
@@ -664,8 +663,19 @@ object RunUtils {
     q.loading.dumpIL.foreach(s => DebugDumpIRLogger.writeToFile(File(s"$s-after-analysis.il"), pp_prog(ctx.program)))
 
     if (q.runInterpret) {
+      Logger.info("Start interpret")
       val fs = eval.interpretTrace(ctx)
-      Logger.info("Interpreter Trace:\n" + fs._2.t.mkString("\n"))
+
+      val stdout = fs._1.memoryState.getMem("stdout").toList.sortBy(_._1.value).map(_._2.value.toChar).mkString("")
+
+      Logger.info(s"Interpreter stdout:\n${stdout}")
+
+      q.loading.dumpIL.foreach(f => {
+        val tf = f"${f}-interpret-trace.txt"
+        writeToFile((fs._2.t.mkString("\n")), tf)
+        Logger.info(s"Finished interpret: trace written to $tf")
+      })
+
       val stopState = fs._1.nextCmd
       if (stopState != eval.Stopped()) {
         Logger.error(s"Interpreter exited with $stopState")
@@ -777,7 +787,7 @@ object RunUtils {
 }
 
 def writeToFile(content: String, fileName: String): Unit = {
-  Logger.info(s"Writing $fileName (${content.size} bytes)")
+  Logger.debug(s"Writing $fileName (${content.size} bytes)")
   val outFile = File(fileName)
   val pw = PrintWriter(outFile, "UTF-8")
   pw.write(content)
diff --git a/src/main/scala/util/functional/State.scala b/src/main/scala/util/functional/State.scala
index 975220686..07306a81f 100644
--- a/src/main/scala/util/functional/State.scala
+++ b/src/main/scala/util/functional/State.scala
@@ -1,4 +1,9 @@
 package util.functional
+import util.Logger
+import sourcecode.Line, sourcecode.FileName
+import java.io.*
+
+val monlog = Logger.deriveLogger("statemonad", PrintStream(File("monad")))
 
 /*
  * Flattened state monad with error. 
@@ -13,7 +18,8 @@ case class State[S, A, E](f: S => (S, Either[E, A])) {
   } yield (x)
 
 
-  def flatMap[B](f: A => State[S, B, E]): State[S, B, E] = State(s => {
+  def flatMap[B](f: A => State[S, B, E])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, B, E] = State(s => {
+    monlog.debug(s"State.flatMap ${file.value}:${line.value}")
     val (s2, a) = this.f(s)
     val r  = a match {
       case Left(l) => (s2, Left(l))
@@ -55,13 +61,28 @@ object State {
     case Right(ns) => (ns, Right(()))
     case Left(e) => (s, Left(e))
   })
-  def execute[S, A, E](s: S, c: State[S,A, E]) : S = c.f(s)._1
+  def execute[S, A, E](s: S, c: State[S,A, E])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name) : S = {
+    Logger.debug(s"state.execute")(line, file, name)
+    c.f(s) match {
+      case (s, Left(r)) => {
+        monlog.info(s"ERROR: $r")
+        s
+      }
+      case (s, _) => s
+    }
+  }
   def evaluate[S, A, E](s: S, c: State[S,A, E])  : Either[E,A] = c.f(s)._2
 
   def setError[S,A,E](e: E) : State[S,A,E] =  State(s => (s, Left(e)))
 
   def pure[S, A, E](a: A) : State[S, A, E] = State((s:S) => (s, Right(a)))
-  def pureE[S, A, E](a: Either[E, A]) : State[S, A, E] = State((s:S) => (s, a))
+  def pureE[S, A, E](a: Either[E, A])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name) : State[S, A, E] = {
+    a match {
+      case Left(l) => monlog.info(s"pureE error $l")(line, file, name)
+      case _ => ()
+    }
+    State((s:S) => (s, a))
+  }
 
   def sequence[S, V, E](ident: State[S,V, E], xs: Iterable[State[S,V, E]]) : State[S, V, E] = {
     xs.foldRight(ident)((l,r) => for {
@@ -74,7 +95,8 @@ object State {
     xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
   }
 
-  def mapM[A, B, S, E](m : (A => State[S, B, E]), xs: Iterable[A]): State[S, List[B], E] = {
+  def mapM[A, B, S, E](m : (A => State[S, B, E]), xs: Iterable[A])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, List[B], E] = {
+    monlog.debug(s"State.mapM (${xs.size} items) ${file.value}:${line.value}")
     xs.foldRight(pure(List[B]()))((b,acc) => acc.flatMap(c => m(b).map(v => v::c)))
   }
 
diff --git a/src/test/make/lift-directories.mk b/src/test/make/lift-directories.mk
index a113f2a91..cbb55a300 100644
--- a/src/test/make/lift-directories.mk
+++ b/src/test/make/lift-directories.mk
@@ -8,11 +8,11 @@
 NAME=$(notdir $(shell pwd))
 GIT_ROOT?=$(realpath ../../../../)
 
+#CFLAGS=-fno-pic -fno-plt
+TARGET=aarch64-linux-gnu
 GCC ?= aarch64-linux-gnu-gcc
 CLANG ?= clang-15 -target $(TARGET)
 CC ?= $(GCC)
-#CFLAGS=-fno-pic -fno-plt
-TARGET=aarch64-linux-gnu
 
 BAP?=bap
 READELF ?= aarch64-linux-gnu-readelf
diff --git a/src/test/scala/DifferentialAnalysisTest.scala b/src/test/scala/DifferentialAnalysisTest.scala
index c9fc0ef95..59e591a42 100644
--- a/src/test/scala/DifferentialAnalysisTest.scala
+++ b/src/test/scala/DifferentialAnalysisTest.scala
@@ -61,7 +61,7 @@ class DifferentialTest extends AnyFunSuite {
     assert(filterEvents(traceInit.t).mkString("\n") == filterEvents(traceRes.t).mkString("\n"))
   }
 
-  def testProgram(testName: String, examplePath: String, suffix: String =".adt", staticAnalysisConfig : StaticAnalysisConfig = StaticAnalysisConfig(None, None, None), simplify: Boolean = true) = {
+  def testProgram(testName: String, examplePath: String, suffix: String =".adt", staticAnalysisConfig : StaticAnalysisConfig = StaticAnalysisConfig(None, None, None), simplify: Boolean = false) = {
 
     val loading = ILLoadingConfig(inputFile = examplePath + testName + suffix,
       relfFile = examplePath + testName + ".relf",
diff --git a/src/test/scala/util/StateMonad.scala b/src/test/scala/util/StateMonad.scala
index a69f9aee4..3fb882600 100644
--- a/src/test/scala/util/StateMonad.scala
+++ b/src/test/scala/util/StateMonad.scala
@@ -11,7 +11,6 @@ import util.{LogLevel, Logger}
 import util.IRLoading.{loadBAP, loadReadELF}
 import util.ILLoadingConfig
 
-
 def add: State[Int, Unit, Unit] = State(s => (s+1, Right(())))
 
 class StateMonadTest extends AnyFunSuite {

From a824c0771ad87bc3cb623638e20f1d97438ccf6f Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 5 Dec 2024 18:29:13 +1000
Subject: [PATCH 104/127] prettyprinter

---
 build.sc                                      |   1 -
 .../ir/transforms/ProcedureParameters.scala   |   2 +-
 src/main/scala/ir/transforms/Simp.scala       |   2 +-
 src/main/scala/translating/IRExpToSMT2.scala  |  12 +-
 .../scala/translating/PrettyPrinter.scala     | 388 ++++++++++++++----
 src/main/scala/util/Logging.scala             |   5 +-
 src/main/scala/util/RunUtils.scala            |   4 +
 7 files changed, 327 insertions(+), 87 deletions(-)

diff --git a/build.sc b/build.sc
index 1bd07adc2..7086685b9 100644
--- a/build.sc
+++ b/build.sc
@@ -22,7 +22,6 @@ object basil extends RootModule with ScalaModule with antlr.AntlrModule with Sca
 
   def scalaPBVersion = "0.11.15"
 
-  def scalacOptions = Seq("-deprecation", "-unchecked", "-feature")
 
   def mainClass = Some("Main")
 
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index 9c3e9958d..f0db75e9b 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -249,7 +249,7 @@ def inOutParams(
     p: Program,
     interLiveVarsResults: Map[CFGPosition, Map[Variable, TwoElement]]
 ): Map[Procedure, (Set[Variable], Set[Variable])] = {
-  val overapprox = (0 to 31).map(i => Register(s"R${i}", 64)).toSet[Variable]
+  val overapprox = ((0 to 31).toSet -- (19 to 28).toSet).map(i => Register(s"R${i}", 64)).toSet[Variable]
   // in: live at entry & in procedure read set
 
   val readWrites = ReadWriteAnalysis.readWriteSets(p: Program).collect {
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 4225ba8bc..5b365350a 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -394,7 +394,7 @@ def copypropTransform(p: Procedure) = {
   // SimplifyLogger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
   val sipm = t.checkPoint("algebraic simp")
 
-  // SimplifyLogger.info("[!] Simplify :: RemoveSlices")
+  SimplifyLogger.info("[!] Simplify :: RemoveSlices")
   removeSlices(p)
   ir.eval.cleanupSimplify(p)
   AlgebraicSimplifications(p)
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 6ceadb376..ec5dcb8e1 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -16,9 +16,9 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
       case m: MemoryStore  => vstore(m.mem.name, vexpr(m.index), vexpr(m.value), m.endian, m.size)
       case c: DirectCall =>
         vcall(
-          c.outParams.toList.map((l, r) => (vlvar(l), vexpr(r))),
+          c.outParams.toList.map((l, r) => (l, vexpr(r))),
           c.target.name,
-          c.actualParams.toList.map((l, r) => (vlvar(l), vexpr(r)))
+          c.actualParams.toList.map((l, r) => (l, vexpr(r)))
         )
       case i: IndirectCall => vindirect(vrvar(i.target))
       case a: Assert       => vassert(vexpr(a.body))
@@ -50,7 +50,7 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
     }
   }
 
-  def vblock(b: Block): Repr[Block] = vblock(b.label, b.statements.toList.map(vstmt), vjump(b.jump))
+  def vblock(b: Block): Repr[Block] = vblock(b.label, b.address, b.statements.toList.map(vstmt), vjump(b.jump))
   def vproc(p: Procedure): Repr[Procedure] = vproc(
     p.name,
     p.formalInParam.toList.map(vlvar),
@@ -60,7 +60,7 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
     p.returnBlock.map(vblock)
   )
 
-  def vblock(label: String, statements: List[Repr[Statement]], terminator: Repr[Jump]): Repr[Block]
+  def vblock(label: String, address:Option[BigInt], statements: List[Repr[Statement]], terminator: Repr[Jump]): Repr[Block]
 
   def vprog(p: Program) : Repr[Program] = vprog(p.mainProcedure.name, p.procedures.toList.map(vproc))
   def vprog(mainProc: String, procedures: List[Repr[Procedure]]) : Repr[Program]
@@ -78,9 +78,9 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
   def vload(lhs: Repr[Variable], mem: String, index: Repr[Expr], endian: Endian, size: Int): Repr[MemoryLoad]
   def vstore(mem: String, index: Repr[Expr], value: Repr[Expr], endian: Endian, size: Int): Repr[MemoryStore]
   def vcall(
-      outParams: List[(Repr[Variable], Repr[Expr])],
+      outParams: List[(Variable, Repr[Expr])],
       procname: String,
-      inparams: List[(Repr[Variable], Repr[Expr])]
+      inparams: List[(Variable, Repr[Expr])]
   ): Repr[DirectCall]
   def vindirect(target: Repr[Variable]): Repr[IndirectCall]
   def vassert(body: Repr[Expr]): Repr[Assert]
diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
index ac2e6a83d..747459006 100644
--- a/src/main/scala/translating/PrettyPrinter.scala
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -1,13 +1,14 @@
 package translating
 import ir.*
+import ir.cilvisitor.*
+import scala.collection.immutable.ListMap
 import scala.collection.mutable
 
-
 object PrettyPrinter {
   def pp_expr(e: Expr) = BasilIRPrettyPrinter()(e)
   def pp_stmt(s: Statement) = BasilIRPrettyPrinter()(s)
   def pp_cmd(c: Command) = c match {
-    case j: Jump => pp_jump(j)
+    case j: Jump      => pp_jump(j)
     case j: Statement => pp_stmt(j)
   }
   def pp_block(s: Block) = BasilIRPrettyPrinter()(s)
@@ -16,130 +17,365 @@ object PrettyPrinter {
   def pp_proc(s: Procedure) = BasilIRPrettyPrinter()(s)
 }
 
-case class BST[+T](val v: String) {
-  def ++(s: String) = BST(v ++ s)
+
+def indent(s: String, indent: String = "  "): String = {
+  s.flatMap(c =>
+    c match {
+      case '\n' => s"\n$indent"
+      case c    => "" + c
+    }
+  )
+}
+
+trait PPProg[+T]
+
+case class BST[T <: Expr | Command](v: String) extends PPProg[T] {
   override def toString = v
 }
 
-class BasilIRPrettyPrinter() extends BasilIR[BST] {
-  val blockIndent = "  " 
-  val statementIndent = "    " 
+case class Prog(mainProc: String, globalDecls: List[String], procedures: List[Proc]) extends PPProg[Program] {
+  override def toString = globalDecls.map(_ + ";").mkString("\n") + "\n\n" + procedures.map(_.toString + ";\n").mkString("")
+}
+
+case class Proc(
+    signature: String,
+    localDecls: List[String],
+    blocks: String
+) extends PPProg[Procedure] {
+  override def toString = {
+    if (blocks.size > 0) {
+      signature + "\n{" + "\n" + blocks + "\n}"
+    } else {
+      signature + " {}"
+    }
+  }
+}
+
+case class PBlock(label: String, address: Option[String], commands: List[String]) extends PPProg[Block] {
+  override def toString = {
+    val indent = "  "
+    val addr = address.map(" " + _).getOrElse("")
+    s"block ${label}${addr} [\n"
+      ++ commands.map("  " + _).mkString(";\n")
+      ++ "\n]"
+  }
+}
+
+// case class BST[+T](val v: String) {
+//   def ++(s: String) = BST(v ++ s)
+//   override def toString = v
+// }
+
+class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
+  val blockIndent = "  "
+  val statementIndent = "    "
   val seenVars = mutable.HashSet[Variable]()
 
-  def apply(x: Block) : String = {
-    vblock(x).v
+  def apply(x: Block): String = {
+    vblock(x).toString
+  }
+  def apply(x: Procedure): String = {
+    vproc(x).toString
+  }
+  def apply(x: Statement): String = {
+    vstmt(x).toString
   }
-  def apply(x: Procedure) : String = {
-    vproc(x).v
+  def apply(x: Jump): String = {
+    vjump(x).toString
   }
-  def apply(x: Statement) : String = {
-    vstmt(x).v
+  def apply(x: Expr): String = {
+    vexpr(x).toString
   }
-  def apply(x: Jump) : String = {
-    vjump(x).v
+  def apply(x: Program): String = {
+    vprog(x).toString
   }
-  def apply(x: Expr) : String = {
-    vexpr(x).v
+
+  class Vars(val global: Boolean = true) extends CILVisitor {
+    val vars = mutable.Set[Variable]()
+
+    override def vlvar(v: Variable) = {
+      v match {
+        case v: Global if global      => vars.add(v)
+        case v: LocalVar if (!global) => vars.add(v)
+        case _                        => ()
+      }
+
+      SkipChildren()
+    }
+
+    override def vrvar(v: Variable) = {
+      v match {
+        case v: Global if global      => vars.add(v)
+        case v: LocalVar if (!global) => vars.add(v)
+        case _                        => ()
+      }
+
+      SkipChildren()
+    }
   }
-  def apply(x: Program) : String = {
-    vprog(x).v
+
+  def globals(prog: Program): Set[Variable] = {
+    val v = Vars(true)
+    visit_prog(v, prog)
+    v.vars.toSet
   }
 
-  def vprog(mainProc: String, procedures: List[BST[Procedure]]) : BST[Program] = {
-    BST(s"(main_procedure ${mainProc})\n" + procedures.mkString("\n\n"))
+  def locals(prog: Procedure): Set[Variable] = {
+    val v = Vars(false)
+    visit_proc(v, prog)
+    v.vars.toSet
   }
 
-  override def vblock(label: String, statements: List[BST[Statement]], terminator: BST[Jump]): BST[Block] = {
-    BST(s"${blockIndent}block \"${label}\" {\n"
-    ++ statements.map(statementIndent + _ + ";").mkString("\n") 
-    ++ "\n" ++ statementIndent + terminator + ";\n"
-    ++ blockIndent + "}")
+  def memoryRegions(prog: Program): Set[Memory] = {
+    prog.collect {
+      case m: MemoryLoad  => m.mem
+      case m: MemoryStore => m.mem
+    }.toSet
   }
 
-  override def vproc(p: Procedure) : BST[Procedure] = {
-    seenVars.clear()
-    super.vproc(p)
+  override def vprog(p: Program): PPProg[Program] = {
+    Prog(
+      p.mainProcedure.name,
+      memoryRegions(p).toList.sortBy(_.name).map(memdecl) ++
+        globals(p).toList.sorted.map(vardecl)
+        ++ List("\nlet entry_procedure = " + p.mainProcedure.name)
+        // ++ List(initialMemory(p.initialMemory.values))
+        ,
+      p.procedures.toList.map(vproc).collect {
+        case p: Proc => p
+        case _       => ???
+      }
+    )
   }
 
-  override def vproc(
-      name: String,
-      inParams: List[BST[Variable]],
-      outParams: List[BST[Variable]],
-      entryBlock: Option[BST[Block]],
-      middleBlocks: List[BST[Block]],
-      returnBlock: Option[BST[Block]]
-    ): BST[Procedure] = {
+  def vprog(mainProc: String, procedures: List[PPProg[Procedure]]): PPProg[Program] = {
+    // shouldn't be used
+    assert(false)
+  }
+
+  override def vblock(
+      label: String,
+      address: Option[BigInt],
+      statements: List[PPProg[Statement]],
+      terminator: PPProg[Jump]
+  ): PPProg[Block] = {
+    val addr = address.map(a => s"{address = ${vaddress(a)}}")
+    PBlock(label, addr, statements.map(_.toString) ++ Seq(terminator.toString))
+  }
+
+  def vardecl(v: Variable): String = {
+    s"var ${v.name} : ${vtype(v.getType)}"
+  }
+
+  def memdecl(m: Memory): String = {
+    s"memory ${m.name} : ${vtype(m.getType)}"
+
+  }
 
-    val entry = entryBlock.map(b => {
-      b.toString + "\n"
-    }).getOrElse("")
-    val ret = returnBlock.map(b => {
-      "\n" + b.toString
-    }).getOrElse("")
+  trait Record
+  case class Val(val v: String) extends Record {
+    override def toString = v
+  }
+  case class Lst(val v: List[Record]) extends Record {
+    override def toString = {
+      if v.size == 0 then {
+        "[]"
+      } else if v.size == 1 then {
+        s"[${v.head}]"
+      } else {
+        val x = mutable.ArrayBuffer[String]()
+        x.addAll(v.map(_.toString))
+        var res = ""
+        while (x.size > 0) {
+          var totake = 1
+          var size = x.head.size
+
+          while (size < (78 - totake) && totake < x.size) {
+            size += x(totake).size
+            totake += 1
+          }
+
+          val lot = x.take(totake)
+
+          val bsep = if (res == "") then "" else ";\n"
+          res = res + bsep + lot.mkString(";")
+          x.remove(0, totake)
+        }
+        "[\n  " + indent(res) + "\n]"
+      }
+    }
+  }
+  case class Rec(val v: ListMap[String, Record]) extends Record {
+    override def toString = {
+      if v.isEmpty then "{}"
+      else if v.size == 1 then {
+        s"{" + v.map((k, v) => k + " = " + v).mkString("\n") + "}"
+      } else {
+        s"{\n  " + indent(v.map((k, v) => k + " = " + v).mkString(";\n")) + "\n}"
+      }
+    }
+  }
+
+  def initialMemory(mems: Iterable[MemorySection]) = {
+
+    val initmem = Lst(
+      mems
+        .map(s =>
+          Rec(
+            ListMap(
+              "address" -> Val(vaddress(s.address).toString),
+              "name" -> Val(s.name),
+              "size" -> Val(vaddress(s.address).toString),
+              "readonly" -> Val(vboollit(s.readOnly).toString),
+              "bytes" -> Lst(s.bytes.map(b => Val(vintlit(b.value).toString)).toList)
+            )
+              ++ s.region.map(r => "region" -> Val(r.name))
+          )
+        )
+        .toList
+    )
+
+    s"let initial_memory = $initmem"
+
+  }
+
+  def vaddress(a: BigInt) = vintlit(a)
+
+  def vparam(l: Variable) : String = {
+    s"${l.name}:${vtype{l.getType}}"
+  }
+
+  override def vproc(p: Procedure): PPProg[Procedure] = {
+    seenVars.clear()
+    val decls = locals(p).map(vardecl)
 
-    BST(s"proc $name(${inParams.mkString(", ")}) -> (${outParams.mkString(", ")}) {\n$entry${middleBlocks.mkString("\n")}$ret\n}")
+
+    val name = p.name
+    val inParams = p.formalInParam.toList.map(vparam)
+    val outParams = p.formalOutParam.toList.map(vparam)
+    val entryBlock = p.entryBlock.map(vblock)
+    val middleBlocks =
+      (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy(x => -x.rpoOrder).map(vblock)
+    val returnBlock = p.returnBlock.map(vblock)
+
+    val localDecls = decls.toList.sorted
+
+    val iblocks = entryBlock.map(b => (s"  entry = ${indent(b.toString)}")).toList
+      ++ returnBlock.map(b => (s"  exit = ${indent(b.toString)}")).toList
+
+    val addr = p.address.map(l => vaddress(l).toString).map("  address = " + _).toList
+
+    val mblocks =
+      if (middleBlocks.size == 0) then None
+      else {
+        Some(s"  blocks = [\n    " + indent(middleBlocks.mkString(";\n"), "    ") + "\n  ]")
+      }
+
+    val pname = Seq(s"  name = \"${p.procName}\"")
+
+    val blocks = (pname ++ addr ++ iblocks ++ mblocks.toList).map(_ + ";").mkString("\n")
+
+    Proc(
+      s"proc $name(${inParams.mkString(", ")}) -> (${outParams.mkString(", ")})",
+      localDecls,
+      blocks
+    )
   }
 
-  override def vassign(lhs: BST[Variable], rhs: BST[Expr]): BST[LocalAssign] = BST(s"${lhs} := ${rhs}")
+  def vproc(
+      name: String,
+      inParams: List[PPProg[Variable]],
+      outParams: List[PPProg[Variable]],
+      entryBlock: Option[PPProg[Block]],
+      middleBlocks: List[PPProg[Block]],
+      returnBlock: Option[PPProg[Block]]
+  ): PPProg[Procedure] = ???
+
+  override def vassign(lhs: PPProg[Variable], rhs: PPProg[Expr]): PPProg[LocalAssign] = BST(s"${lhs} := ${rhs}")
 
-  override def vstore(mem: String, index: BST[Expr], value: BST[Expr], endian: Endian, size: Int): BST[MemoryStore] = {
+  override def vstore(
+      mem: String,
+      index: PPProg[Expr],
+      value: PPProg[Expr],
+      endian: Endian,
+      size: Int
+  ): BST[MemoryStore] = {
     val le = if endian == Endian.LittleEndian then "le" else "be"
-    BST(s"store_$le(${mem}, ${index}, ${value}, ${size})")
+    BST(s"store $le ${mem} ${index} ${value} ${size}")
   }
-  def vload(lhs: BST[Variable], mem: String, index: BST[Expr], endian: Endian, size: Int): BST[MemoryLoad] = {
+
+  def vload(lhs: PPProg[Variable], mem: String, index: PPProg[Expr], endian: Endian, size: Int): PPProg[MemoryLoad] = {
     val le = if endian == Endian.LittleEndian then "le" else "be"
-    BST(s"$lhs := load_$le(${mem}, ${index}, ${size})")
+    BST(s"$lhs := load $le ${mem} ${index} ${size}")
   }
 
   override def vcall(
-      outParams: List[(BST[Variable], BST[Expr])],
+      outParams: List[(Variable, PPProg[Expr])],
       procname: String,
-      inparams: List[(BST[Variable], BST[Expr])]
-  ): BST[DirectCall] = {
-    BST(s"(${outParams.map((l,r) => l).mkString(", ")}) := call $procname (${inparams.map((l,r) => r).mkString(", ")});")
+      inparams: List[(Variable, PPProg[Expr])]
+  ): PPProg[DirectCall] = {
+
+
+    val op = {
+      if (outParams.forall(_._1.isInstanceOf[LocalVar])) {
+        "var (" + outParams.map((l, r) => vparam(l)).mkString(", ") + ")"
+      } else {
+        "(" + outParams.map((l, r) => vlvar(l)).mkString(", ") + ")"
+      }
+    }
+
+    if (outParams.size > 5) {
+      BST(s"$op\n    := call $procname (${inparams.map((l, r) => r).mkString(", ")})")
+    } else if (outParams.size > 0) {
+      BST(s"$op := call $procname (${inparams.map((l, r) => r).mkString(", ")})")
+    } else {
+      BST(s"call $procname (${inparams.map((l, r) => r).mkString(", ")})")
+    }
   }
 
-  override def vindirect(target: BST[Variable]): BST[IndirectCall] = BST(s"indirect_call(${target})")
-  override def vassert(body: BST[Expr]): BST[Assert] = BST(s"assert($body)")
-  override def vassume(body: BST[Expr]): BST[Assume] = BST(s"assume($body)")
-  override def vnop(): BST[NOP] = BST("nop")
+  override def vindirect(target: PPProg[Variable]): PPProg[IndirectCall] = BST(s"indirect call ${target} ")
+  override def vassert(body: PPProg[Expr]): PPProg[Assert] = BST(s"assert $body")
+  override def vassume(body: PPProg[Expr]): PPProg[Assume] = BST(s"assume $body")
+  override def vnop(): PPProg[NOP] = BST("nop")
 
-  override def vgoto(t: List[String]): BST[GoTo] = BST(s"goto(${t.map('"' + _ + '"').mkString(", ")})")
-  override def vunreachable(): BST[Unreachable] = BST("unreachable")
-  override def vreturn(outs: List[(BST[Variable], BST[Expr])]) = BST(s"return (${outs.map((l, r) => r).mkString(", ")})")
+  override def vgoto(t: List[String]): PPProg[GoTo] = BST[GoTo](s"goto(${t.mkString(", ")})")
+  override def vunreachable(): PPProg[Unreachable] = BST[Unreachable]("unreachable")
+  override def vreturn(outs: List[(PPProg[Variable], PPProg[Expr])]) = BST(
+    s"return (${outs.map((l, r) => r).mkString(", ")})"
+  )
 
   def vtype(t: IRType): String = t match {
     case BitVecType(sz) => s"bv$sz"
-    case IntType => "nat"
-    case BoolType => "bool"
-    case _ => ???
+    case IntType        => "nat"
+    case BoolType       => "bool"
+    case m: MapType     => s"map ${vtype(m.result)}[${vtype(m.param)}]"
   }
 
-  override def vrvar(e: Variable): BST[Variable] =  BST(e.name)
-  override def vlvar(e: Variable): BST[Variable] = {
+  override def vrvar(e: Variable): PPProg[Variable] = BST(s"${e.name}:${vtype(e.getType)}")
+  override def vlvar(e: Variable): PPProg[Variable] = {
     e match {
       case l: LocalVar => BST("var " + e.name + s": ${vtype(e.getType)}")
-      case _ => BST(e.name)
+      case l           => BST(e.name + s": ${vtype(e.getType)}")
     }
   }
 
-  override def vextract(ed: Int, start: Int, a: BST[Expr]): BST[Expr] = BST(s"extract($ed, $start, ${a})")
-  override def vzeroextend(bits: Int, b: BST[Expr]): BST[Expr]  = BST(s"zero_extend($bits, $b)")
-  override def vsignextend(bits: Int, b: BST[Expr]): BST[Expr] = BST(s"sign_extend($bits, $b)")
-  override def vrepeat(reps: Int, b: BST[Expr]) = BST(s"repeat($reps, $b)")
-  override def vbinary_expr(e: BinOp, l: BST[Expr], r: BST[Expr]): BST[Expr] = {
+  override def vextract(ed: Int, start: Int, a: PPProg[Expr]): PPProg[Expr] = BST(s"extract($ed, $start, ${a})")
+  override def vzeroextend(bits: Int, b: PPProg[Expr]): PPProg[Expr] = BST(s"zero_extend($bits, $b)")
+  override def vsignextend(bits: Int, b: PPProg[Expr]): PPProg[Expr] = BST(s"sign_extend($bits, $b)")
+  override def vrepeat(reps: Int, b: PPProg[Expr]) = BST(s"repeat($reps, $b)")
+  override def vbinary_expr(e: BinOp, l: PPProg[Expr], r: PPProg[Expr]): PPProg[Expr] = {
     val opn = e.getClass.getSimpleName.toLowerCase.stripSuffix("$")
     BST(s"$opn($l, $r)")
   }
-  override def vunary_expr(e: UnOp, arg: BST[Expr]): BST[Expr] = {
+  override def vunary_expr(e: UnOp, arg: PPProg[Expr]): PPProg[Expr] = {
     val opn = e.getClass.getSimpleName.toLowerCase.stripSuffix("$")
     BST(s"$opn($arg)")
   }
 
   override def vboollit(b: Boolean) = BST(b.toString)
   override def vintlit(i: BigInt) = BST("0x%x".format(i))
-  override def vbvlit(i: BitVecLiteral) = BST("0x%x".format(i.value) + s"bv${i.size}")
-  override def vuninterp_function(name: String, args: Seq[BST[Expr]]): BST[Expr] = BST(s"$name(${args.mkString(", ")})")
+  override def vbvlit(i: BitVecLiteral) = BST("0x%x".format(i.value) + s":bv${i.size}")
+  override def vuninterp_function(name: String, args: Seq[PPProg[Expr]]): PPProg[Expr] = BST(
+    s"$name(${args.mkString(", ")})"
+  )
 }
-
-
diff --git a/src/main/scala/util/Logging.scala b/src/main/scala/util/Logging.scala
index b3b56755f..161154f79 100644
--- a/src/main/scala/util/Logging.scala
+++ b/src/main/scala/util/Logging.scala
@@ -51,7 +51,7 @@ class GenericLogger(
 
   def setOutput(stream: PrintStream) = output = stream
 
-  def writeToFile(file: File, content: String) = {
+  def writeToFile(file: File, content: => String) = {
     if (level.id < LogLevel.OFF.id) {
       val l = deriveLogger(file.getName(), file)
       l.print(content)
@@ -154,11 +154,12 @@ class GenericLogger(
 // doesn't work with `mill run`
 def isAConsole = System.console() != null
 
-val Logger  = GenericLogger("log", LogLevel.INFO, System.out, isAConsole)
+val Logger  = GenericLogger("log", LogLevel.DEBUG, System.out, isAConsole)
 val StaticAnalysisLogger  = Logger.deriveLogger("analysis", System.out)
 val SimplifyLogger = Logger.deriveLogger("simplify", System.out)
 val DebugDumpIRLogger = {
   val l = Logger.deriveLogger("debugdumpir")
+  l.setLevel(LogLevel.OFF)
   l
 }
 val VSALogger = StaticAnalysisLogger.deriveLogger("vsa")
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 3592fadb0..9d4e74b80 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -686,6 +686,9 @@ object RunUtils {
 
     IRTransform.prepareForTranslation(q, ctx)
 
+    q.loading.dumpIL.foreach(s => 
+      writeToFile(pp_prog(ctx.program), s"$s-output.il")
+    )
     Logger.info("[!] Translating to Boogie")
 
     val regionInjector = analysis.flatMap(a => a.regionInjector)
@@ -704,6 +707,7 @@ object RunUtils {
     }
     assert(invariant.singleCallBlockEnd(ctx.program))
 
+
     BASILResult(ctx, analysis, boogiePrograms)
   }
 

From 38f927b3bf6b919059f9f0328a84772070102449 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 10 Dec 2024 16:49:33 +1000
Subject: [PATCH 105/127] run simplify after analysis

---
 src/main/scala/Main.scala          |  2 +-
 src/main/scala/util/RunUtils.scala | 15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 3d6f4c96c..59df08f45 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -129,7 +129,7 @@ object Main {
     val boogieGeneratorConfig = BoogieGeneratorConfig(boogieMemoryAccessMode, true, rely, conf.threadSplit.value)
 
     val q = BASILConfig(
-      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value || conf.simplify.value, conf.trimEarly.value),
+      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value, conf.trimEarly.value),
       runInterpret = conf.interpret.value,
       simplify = conf.simplify.value,
       validateSimp = conf.validateSimplify.value,
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index c69f4add3..e17c3bb71 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -646,10 +646,6 @@ object RunUtils {
     }
     assert(invariant.correctCalls(ctx.program))
 
-    ir.eval.SimplifyValidation.validate = conf.validateSimp
-    if (conf.simplify) {
-      doSimplify(ctx, conf.staticAnalysis)
-    }
 
     assert(invariant.singleCallBlockEnd(ctx.program))
     assert(invariant.cfgCorrect(ctx.program))
@@ -662,6 +658,17 @@ object RunUtils {
     }
     q.loading.dumpIL.foreach(s => DebugDumpIRLogger.writeToFile(File(s"$s-after-analysis.il"), pp_prog(ctx.program)))
 
+    ir.eval.SimplifyValidation.validate = conf.validateSimp
+    if (conf.simplify) {
+
+      if (!q.loading.parameterForm) {
+        ir.transforms.clearParams(ctx.program)
+        ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
+      }
+
+      doSimplify(ctx, conf.staticAnalysis)
+    }
+
     if (q.runInterpret) {
       Logger.info("Start interpret")
       val fs = eval.interpretTrace(ctx)

From a082b3570127b1c1201d583bba4d0bedfa311181 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 19 Dec 2024 14:59:31 +1000
Subject: [PATCH 106/127] dont try to <8bit initial memory regions

---
 src/main/scala/boogie/BExpr.scala           |  2 ++
 src/main/scala/ir/transforms/Simp.scala     |  2 +-
 src/main/scala/translating/IRToBoogie.scala | 11 ++++++++---
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala
index 5695a55fa..fcc89a473 100644
--- a/src/main/scala/boogie/BExpr.scala
+++ b/src/main/scala/boogie/BExpr.scala
@@ -463,6 +463,7 @@ case class BVFunctionOp(name: String, bvbuiltin: String, in: List[BVar], out: BV
 
 case class MemoryLoadOp(addressSize: Int, valueSize: Int, endian: Endian, bits: Int) extends FunctionOp {
   val accesses: Int = bits / valueSize
+  assert(accesses > 0)
 
   val fnName: String = endian match {
     case Endian.LittleEndian => s"memory_load${bits}_le"
@@ -558,6 +559,7 @@ case class BoolToBV1Op(arg: BExpr) extends FunctionOp {
 
 case class BMemoryLoad(memory: BMapVar, index: BExpr, endian: Endian, bits: Int) extends BExpr {
   override def toString: String = s"$fnName($memory, $index)"
+  assert(bits >= 8)
 
   val fnName: String = endian match {
     case Endian.LittleEndian => s"memory_load${bits}_le"
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 5b365350a..4225ba8bc 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -394,7 +394,7 @@ def copypropTransform(p: Procedure) = {
   // SimplifyLogger.info(s"    ${p.name}  after simp expr complexity ${ExprComplexity()(p)}")
   val sipm = t.checkPoint("algebraic simp")
 
-  SimplifyLogger.info("[!] Simplify :: RemoveSlices")
+  // SimplifyLogger.info("[!] Simplify :: RemoveSlices")
   removeSlices(p)
   ir.eval.cleanupSimplify(p)
   AlgebraicSimplifications(p)
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 1061c84b4..feb34d6d6 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -282,8 +282,12 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
           case Endian.LittleEndian => accesses
         }
 
-        val body: BExpr = accessesEndian.tail.foldLeft(accessesEndian.head) { (concat: BExpr, next: MapAccess) =>
-          BinaryBExpr(BVCONCAT, next, concat)
+        val body: BExpr = accessesEndian.toList match {
+          case h::Nil => h
+          case h::tail =>  tail.foldLeft(h) {
+            (concat: BExpr, next: MapAccess) => BinaryBExpr(BVCONCAT, next, concat)
+          }
+          case Nil => throw Exception(s"Zero byte access: $f")
         }
 
         BFunction(m.fnName, in, out, Some(body), List(externAttr))
@@ -528,7 +532,8 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
   private def memoryToCondition(memorySections: Iterable[MemorySection]): List[BExpr] = {
 
     def coalesced: List[BExpr] = {
-      val sections = memorySections.flatMap { s =>
+      val sections = memorySections.filter(_.size >= 8)
+        .flatMap { s =>
         // Phrase the memory condition in terms of 64-bit operations, as long as the memory
         // section's size is a multiple of 64-bits and 64-bits (8 bytes) aligned
         // If the memory section is not aligned, the initial unaligned part of it will not be coalesced into a 64-bit

From 589df485c5dd4b3efcf6e0d3060f9b0ffc84327d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 11:31:50 +1000
Subject: [PATCH 107/127] fix test load/store flag

---
 src/main/scala/Main.scala                | 247 ++++++++++++++++-------
 src/main/scala/util/RunUtils.scala       |   2 +-
 src/test/scala/test_util/BASILTest.scala |   2 +-
 3 files changed, 181 insertions(+), 70 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 59df08f45..b12d65823 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -4,7 +4,9 @@ import bap.*
 import boogie.*
 import translating.*
 import util.RunUtils
+import scala.sys.process.*
 
+import java.io.File
 import scala.collection.mutable.{ArrayBuffer, Set}
 import scala.collection.{immutable, mutable}
 import scala.language.postfixOps
@@ -14,54 +16,129 @@ import mainargs.{main, arg, ParserForClass, Flag}
 
 object Main {
 
+  enum ChooseInput {
+    case Gtirb
+    case Bap
+  }
+
+  def loadDirectory(i: ChooseInput = ChooseInput.Gtirb, d: String): ILLoadingConfig = {
+    val p = d.split("/")
+    val name = p.dropRight(1).last
+
+    val trySpec = Seq((p ++ Seq(s"$name.spec")).mkString("/"), (p.dropRight(1) ++ Seq(s"$name.spec")).mkString("/"))
+    val adt = (p ++ Seq(s"$name.adt")).mkString("/")
+    val relf = (p ++ Seq(s"$name.relf")).mkString("/")
+    val gtirb = (p ++ Seq(s"$name.gts")).mkString("/")
+
+    val spec = trySpec
+      .flatMap(s => {
+        if (File(s).exists) {
+          Seq(s)
+        } else {
+          Seq()
+        }
+      })
+      .headOption
+
+    val input = i match
+      case ChooseInput.Gtirb => gtirb
+      case ChooseInput.Bap   => adt
+
+    Logger.info(s"Loading $input $relf ${spec.getOrElse("")}")
+    val x = ILLoadingConfig(
+      input,
+      relf,
+      spec
+    )
+    x
+  }
+
   @main(name = "BASIL")
   case class Config(
-    @arg(name = "input", short = 'i', doc = "BAP .adt file or GTIRB/ASLi .gts file")
-    inputFileName: String,
-    @arg(name = "relf", short = 'r', doc = "Name of the file containing the output of 'readelf -s -r -W'.")
-    relfFileName: String,
-    @arg(name = "spec", short = 's', doc = "BASIL specification file.")
-    specFileName: Option[String],
-    @arg(name = "output", short = 'o', doc = "Boogie output destination file.")
-    outFileName: String = "basil-out",
-    @arg(name = "boogie-use-lambda-stores", doc = "Use lambda representation of store operations.")
-    lambdaStores: Flag,
-    @arg(name = "boogie-procedure-rg", doc = "Switch version of procedure rely/guarantee checks to emit. (function|ifblock)")
-    procedureRG: Option[String],
-    @arg(name = "verbose", short = 'v', doc = "Show extra debugging logs (the same as -vl log)")
-    verbose: Flag,
-    @arg(name = "vl", doc = s"Show extra debugging logs for a specific logger (${Logger.allLoggers.map(_.name).mkString(", ")}).")
-    verboseLog: Seq[String] = Seq(),
-    @arg(name = "analyse", doc = "Run static analysis pass.")
-    analyse: Flag,
-    @arg(name = "interpret", doc = "Run BASIL IL interpreter.")
-    interpret: Flag,
-    @arg(name = "dump-il", doc = "Dump the Intermediate Language to text.")
-    dumpIL: Option[String],
-    @arg(name = "main-procedure-name", short = 'm', doc = "Name of the main procedure to begin analysis at.")
-    mainProcedureName: String = "main",
-    @arg(name = "procedure-call-depth", doc = "Cull procedures beyond this call depth from the main function (defaults to Int.MaxValue)")
-    procedureDepth: Int = Int.MaxValue,
-    @arg(name = "trim-early", doc = "Cull procedures BEFORE running analysis")
-    trimEarly: Flag,
-    @arg(name = "help", short = 'h', doc = "Show this help message.")
-    help: Flag,
-    @arg(name = "analysis-results", doc = "Log analysis results in files at specified path.")
-    analysisResults: Option[String],
-    @arg(name = "analysis-results-dot", doc = "Log analysis results in .dot form at specified path.")
-    analysisResultsDot: Option[String],
-    @arg(name = "threads", short = 't', doc = "Separates threads into multiple .bpl files with given output filename as prefix (requires --analyse flag)")
-    threadSplit: Flag,
-    @arg(name = "parameter-form", doc = "Lift registers to local variables passed by parameter")
-    parameterForm: Flag,
-    @arg(name = "summarise-procedures", doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)")
-    summariseProcedures: Flag,
-    @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
-    simplify: Flag,
-    @arg(name = "validate-simplify", doc = "Emit SMT2 check for algebraic simplification translation validation to 'rewrites.smt2'")
-    validateSimplify: Flag,
-    @arg(name = "memory-regions", doc = "Performs static analysis to separate memory into discrete regions in Boogie output (requires --analyse flag) (mra|dsa)")
-    memoryRegions: Option[String]
+      @arg(
+        name = "load-directory-bap",
+        short = 'd',
+        doc = "Load relf, adt, and bir from directory (and spec from parent directory)"
+      )
+      bapInputDirName: Option[String],
+      @arg(
+        name = "load-directory-gtirb",
+        short = 'd',
+        doc = "Load relf, gts, and bir from directory (and spec from parent directory)"
+      )
+      gtirbInputDirName: Option[String],
+      @arg(name = "input", short = 'i', doc = "BAP .adt file or GTIRB/ASLi .gts file")
+      inputFileName: Option[String],
+      @arg(name = "relf", short = 'r', doc = "Name of the file containing the output of 'readelf -s -r -W'.")
+      relfFileName: Option[String],
+      @arg(name = "spec", short = 's', doc = "BASIL specification file.")
+      specFileName: Option[String],
+      @arg(name = "output", short = 'o', doc = "Boogie output destination file.")
+      outFileName: String = "basil-out.bpl",
+      @arg(name = "boogie-use-lambda-stores", doc = "Use lambda representation of store operations.")
+      lambdaStores: Flag,
+      @arg(
+        name = "boogie-procedure-rg",
+        doc = "Switch version of procedure rely/guarantee checks to emit. (function|ifblock)"
+      )
+      procedureRG: Option[String],
+      @arg(name = "verbose", short = 'v', doc = "Show extra debugging logs (the same as -vl log)")
+      verbose: Flag,
+      @arg(
+        name = "vl",
+        doc = s"Show extra debugging logs for a specific logger (${Logger.allLoggers.map(_.name).mkString(", ")})."
+      )
+      verboseLog: Seq[String] = Seq(),
+      @arg(name = "analyse", doc = "Run static analysis pass.")
+      analyse: Flag,
+      @arg(name = "interpret", doc = "Run BASIL IL interpreter.")
+      interpret: Flag,
+      @arg(name = "dump-il", doc = "Dump the Intermediate Language to text.")
+      dumpIL: Option[String],
+      @arg(name = "main-procedure-name", short = 'm', doc = "Name of the main procedure to begin analysis at.")
+      mainProcedureName: String = "main",
+      @arg(
+        name = "procedure-call-depth",
+        doc = "Cull procedures beyond this call depth from the main function (defaults to Int.MaxValue)"
+      )
+      procedureDepth: Int = Int.MaxValue,
+      @arg(name = "trim-early", doc = "Cull procedures BEFORE running analysis")
+      trimEarly: Flag,
+      @arg(name = "help", short = 'h', doc = "Show this help message.")
+      help: Flag,
+      @arg(name = "analysis-results", doc = "Log analysis results in files at specified path.")
+      analysisResults: Option[String],
+      @arg(name = "analysis-results-dot", doc = "Log analysis results in .dot form at specified path.")
+      analysisResultsDot: Option[String],
+      @arg(
+        name = "threads",
+        short = 't',
+        doc =
+          "Separates threads into multiple .bpl files with given output filename as prefix (requires --analyse flag)"
+      )
+      threadSplit: Flag,
+      @arg(name = "parameter-form", doc = "Lift registers to local variables passed by parameter")
+      parameterForm: Flag,
+      @arg(
+        name = "summarise-procedures",
+        doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)"
+      )
+      summariseProcedures: Flag,
+      @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
+      simplify: Flag,
+      @arg(
+        name = "validate-simplify",
+        doc = "Emit SMT2 check for algebraic simplification translation validation to 'rewrites.smt2'"
+      )
+      validateSimplify: Flag,
+      @arg(
+        name = "memory-regions",
+        doc =
+          "Performs static analysis to separate memory into discrete regions in Boogie output (requires --analyse flag) (mra|dsa)"
+      )
+      memoryRegions: Option[String],
+      @arg(name = "verify", doc = "Run boogie on the resulting file")
+      verify: Flag
   )
 
   def main(args: Array[String]): Unit = {
@@ -70,7 +147,7 @@ object Main {
 
     val conf = parsed match {
       case Right(r) => r
-      case Left(l) => 
+      case Left(l) =>
         println(l)
         return
     }
@@ -81,42 +158,46 @@ object Main {
 
     Logger.setLevel(LogLevel.INFO)
     if (conf.verbose.value) {
-        Logger.setLevel(LogLevel.DEBUG, true)
+      Logger.setLevel(LogLevel.DEBUG, true)
     }
     for (v <- conf.verboseLog) {
-        Logger.findLoggerByName(v) match {
-            case None => throw Exception(s"Unknown logger: '${v}': allowed are ${Logger.allLoggers.map(_.name).mkString(", ")}")
-            case Some(v) => v.setLevel(LogLevel.DEBUG, true)
-        }
+      Logger.findLoggerByName(v) match {
+        case None =>
+          throw Exception(s"Unknown logger: '${v}': allowed are ${Logger.allLoggers.map(_.name).mkString(", ")}")
+        case Some(v) => v.setLevel(LogLevel.DEBUG, true)
+      }
     }
 
     if (conf.analysisResults.isDefined || conf.analysisResultsDot.isDefined) {
-        DebugDumpIRLogger.setLevel(LogLevel.INFO)
+      DebugDumpIRLogger.setLevel(LogLevel.INFO)
     } else {
-        DebugDumpIRLogger.setLevel(LogLevel.OFF)
+      DebugDumpIRLogger.setLevel(LogLevel.OFF)
     }
 
     val rely = conf.procedureRG match {
       case Some("function") => Some(ProcRelyVersion.Function)
-      case Some("ifblock") => Some(ProcRelyVersion.IfCommandContradiction)
-      case None => None
-      case Some(_) => throw new IllegalArgumentException("Illegal option to boogie-procedure-rg, allowed are: ifblock, function")
+      case Some("ifblock")  => Some(ProcRelyVersion.IfCommandContradiction)
+      case None             => None
+      case Some(_) =>
+        throw new IllegalArgumentException("Illegal option to boogie-procedure-rg, allowed are: ifblock, function")
     }
     val staticAnalysis = if (conf.analyse.value) {
       val memoryRegionsMode = conf.memoryRegions match {
         case Some("dsa") => MemoryRegionsMode.DSA
         case Some("mra") => MemoryRegionsMode.MRA
-        case None => MemoryRegionsMode.Disabled
+        case None        => MemoryRegionsMode.Disabled
         case Some(_) => throw new IllegalArgumentException("Illegal option to memory-regions, allowed are: dsa, mra")
       }
-      Some(StaticAnalysisConfig(
-        conf.dumpIL,
-        conf.analysisResults,
-        conf.analysisResultsDot,
-        conf.threadSplit.value,
-        conf.summariseProcedures.value,
-        memoryRegionsMode
-      ))
+      Some(
+        StaticAnalysisConfig(
+          conf.dumpIL,
+          conf.analysisResults,
+          conf.analysisResultsDot,
+          conf.threadSplit.value,
+          conf.summariseProcedures.value,
+          memoryRegionsMode
+        )
+      )
     } else {
       None
     }
@@ -128,17 +209,47 @@ object Main {
     }
     val boogieGeneratorConfig = BoogieGeneratorConfig(boogieMemoryAccessMode, true, rely, conf.threadSplit.value)
 
+    val loadingInputs = if (conf.bapInputDirName.isDefined) then {
+      loadDirectory(ChooseInput.Bap, conf.bapInputDirName.get)
+
+    } else if (conf.gtirbInputDirName.isDefined) then {
+      loadDirectory(ChooseInput.Gtirb, conf.gtirbInputDirName.get)
+    } else if (conf.inputFileName.isDefined && conf.relfFileName.isDefined) then {
+      ILLoadingConfig(
+        conf.inputFileName.get,
+        conf.relfFileName.get,
+        conf.specFileName
+      )
+
+    } else {
+      throw IllegalArgumentException(
+        "\nRequires --load-directory-bap OR --load-directory-gtirb OR --input and--relf\n\n" + parser.helpText(sorted =
+          false
+        )
+      )
+    }
+
     val q = BASILConfig(
-      loading = ILLoadingConfig(conf.inputFileName, conf.relfFileName, conf.specFileName, conf.dumpIL, conf.mainProcedureName, conf.procedureDepth, conf.parameterForm.value, conf.trimEarly.value),
+      loading = loadingInputs.copy(
+        dumpIL = conf.dumpIL,
+        mainProcedureName = conf.mainProcedureName,
+        procedureTrimDepth = conf.procedureDepth,
+        parameterForm = conf.parameterForm.value,
+        trimEarly = conf.trimEarly.value
+      ),
       runInterpret = conf.interpret.value,
       simplify = conf.simplify.value,
       validateSimp = conf.validateSimplify.value,
       staticAnalysis = staticAnalysis,
       boogieTranslation = boogieGeneratorConfig,
-      outputPrefix = conf.outFileName,
+      outputPrefix = conf.outFileName
     )
 
     RunUtils.run(q)
+    if (conf.verify.value) {
+      Logger.info("Running boogie")
+      Seq("boogie", "/useArrayAxioms", q.outputPrefix).!
+    }
   }
 
 }
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index e17c3bb71..a2f18f5a3 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -98,7 +98,7 @@ object IRLoading {
     } else if (q.inputFile.endsWith(".gts")) {
       loadGTIRB(q.inputFile, mainAddress)
     } else {
-      throw Exception(s"input file name ${q.inputFile} must be an .adt or .gst file")
+      throw Exception(s"input file name ${q.inputFile} must be an .adt or .gts file")
     }
 
     val specification = IRLoading.loadSpecification(q.specFile, program, globals)
diff --git a/src/test/scala/test_util/BASILTest.scala b/src/test/scala/test_util/BASILTest.scala
index 2885399fb..a6914154a 100644
--- a/src/test/scala/test_util/BASILTest.scala
+++ b/src/test/scala/test_util/BASILTest.scala
@@ -33,7 +33,7 @@ trait BASILTest {
       ),
       simplify = simplify,
       staticAnalysis = staticAnalysisConf,
-      boogieTranslation = util.BoogieGeneratorConfig().copy(memoryFunctionType=util.BoogieMemoryAccessMode.LambdaStoreSelect),
+      boogieTranslation = util.BoogieGeneratorConfig().copy(memoryFunctionType=util.BoogieMemoryAccessMode.SuccessiveStoreSelect),
       outputPrefix = BPLPath,
     )
     val result = RunUtils.loadAndTranslate(config)

From cbc3cac86599b334b657fbbf8b7fddd42dd93f14 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 11:39:29 +1000
Subject: [PATCH 108/127] fix fmt

---
 .scalafmt.conf            |   5 +-
 src/main/scala/Main.scala | 184 ++++++++++++++++++--------------------
 2 files changed, 91 insertions(+), 98 deletions(-)

diff --git a/.scalafmt.conf b/.scalafmt.conf
index c6c45fafe..6c0828be1 100644
--- a/.scalafmt.conf
+++ b/.scalafmt.conf
@@ -1,3 +1,6 @@
 version = "3.0.5"
 runner.dialect = scala3
-maxColumn = 120
\ No newline at end of file
+preset = default
+maxColumn = 120
+indent.defnSite = 2
+optIn.configStyleArguments = false
diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index b12d65823..0d1994261 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -45,100 +45,95 @@ object Main {
       case ChooseInput.Bap   => adt
 
     Logger.info(s"Loading $input $relf ${spec.getOrElse("")}")
-    val x = ILLoadingConfig(
-      input,
-      relf,
-      spec
-    )
+    val x = ILLoadingConfig(input, relf, spec)
     x
   }
 
   @main(name = "BASIL")
   case class Config(
-      @arg(
-        name = "load-directory-bap",
-        short = 'd',
-        doc = "Load relf, adt, and bir from directory (and spec from parent directory)"
-      )
-      bapInputDirName: Option[String],
-      @arg(
-        name = "load-directory-gtirb",
-        short = 'd',
-        doc = "Load relf, gts, and bir from directory (and spec from parent directory)"
-      )
-      gtirbInputDirName: Option[String],
-      @arg(name = "input", short = 'i', doc = "BAP .adt file or GTIRB/ASLi .gts file")
-      inputFileName: Option[String],
-      @arg(name = "relf", short = 'r', doc = "Name of the file containing the output of 'readelf -s -r -W'.")
-      relfFileName: Option[String],
-      @arg(name = "spec", short = 's', doc = "BASIL specification file.")
-      specFileName: Option[String],
-      @arg(name = "output", short = 'o', doc = "Boogie output destination file.")
-      outFileName: String = "basil-out.bpl",
-      @arg(name = "boogie-use-lambda-stores", doc = "Use lambda representation of store operations.")
-      lambdaStores: Flag,
-      @arg(
-        name = "boogie-procedure-rg",
-        doc = "Switch version of procedure rely/guarantee checks to emit. (function|ifblock)"
-      )
-      procedureRG: Option[String],
-      @arg(name = "verbose", short = 'v', doc = "Show extra debugging logs (the same as -vl log)")
-      verbose: Flag,
-      @arg(
-        name = "vl",
-        doc = s"Show extra debugging logs for a specific logger (${Logger.allLoggers.map(_.name).mkString(", ")})."
-      )
-      verboseLog: Seq[String] = Seq(),
-      @arg(name = "analyse", doc = "Run static analysis pass.")
-      analyse: Flag,
-      @arg(name = "interpret", doc = "Run BASIL IL interpreter.")
-      interpret: Flag,
-      @arg(name = "dump-il", doc = "Dump the Intermediate Language to text.")
-      dumpIL: Option[String],
-      @arg(name = "main-procedure-name", short = 'm', doc = "Name of the main procedure to begin analysis at.")
-      mainProcedureName: String = "main",
-      @arg(
-        name = "procedure-call-depth",
-        doc = "Cull procedures beyond this call depth from the main function (defaults to Int.MaxValue)"
-      )
-      procedureDepth: Int = Int.MaxValue,
-      @arg(name = "trim-early", doc = "Cull procedures BEFORE running analysis")
-      trimEarly: Flag,
-      @arg(name = "help", short = 'h', doc = "Show this help message.")
-      help: Flag,
-      @arg(name = "analysis-results", doc = "Log analysis results in files at specified path.")
-      analysisResults: Option[String],
-      @arg(name = "analysis-results-dot", doc = "Log analysis results in .dot form at specified path.")
-      analysisResultsDot: Option[String],
-      @arg(
-        name = "threads",
-        short = 't',
-        doc =
-          "Separates threads into multiple .bpl files with given output filename as prefix (requires --analyse flag)"
-      )
-      threadSplit: Flag,
-      @arg(name = "parameter-form", doc = "Lift registers to local variables passed by parameter")
-      parameterForm: Flag,
-      @arg(
-        name = "summarise-procedures",
-        doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)"
-      )
-      summariseProcedures: Flag,
-      @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
-      simplify: Flag,
-      @arg(
-        name = "validate-simplify",
-        doc = "Emit SMT2 check for algebraic simplification translation validation to 'rewrites.smt2'"
-      )
-      validateSimplify: Flag,
-      @arg(
-        name = "memory-regions",
-        doc =
-          "Performs static analysis to separate memory into discrete regions in Boogie output (requires --analyse flag) (mra|dsa)"
-      )
-      memoryRegions: Option[String],
-      @arg(name = "verify", doc = "Run boogie on the resulting file")
-      verify: Flag
+    @arg(
+      name = "load-directory-bap",
+      short = 'd',
+      doc = "Load relf, adt, and bir from directory (and spec from parent directory)"
+    )
+    bapInputDirName: Option[String],
+    @arg(
+      name = "load-directory-gtirb",
+      short = 'd',
+      doc = "Load relf, gts, and bir from directory (and spec from parent directory)"
+    )
+    gtirbInputDirName: Option[String],
+    @arg(name = "input", short = 'i', doc = "BAP .adt file or GTIRB/ASLi .gts file")
+    inputFileName: Option[String],
+    @arg(name = "relf", short = 'r', doc = "Name of the file containing the output of 'readelf -s -r -W'.")
+    relfFileName: Option[String],
+    @arg(name = "spec", short = 's', doc = "BASIL specification file.")
+    specFileName: Option[String],
+    @arg(name = "output", short = 'o', doc = "Boogie output destination file.")
+    outFileName: String = "basil-out.bpl",
+    @arg(name = "boogie-use-lambda-stores", doc = "Use lambda representation of store operations.")
+    lambdaStores: Flag,
+    @arg(
+      name = "boogie-procedure-rg",
+      doc = "Switch version of procedure rely/guarantee checks to emit. (function|ifblock)"
+    )
+    procedureRG: Option[String],
+    @arg(name = "verbose", short = 'v', doc = "Show extra debugging logs (the same as -vl log)")
+    verbose: Flag,
+    @arg(
+      name = "vl",
+      doc = s"Show extra debugging logs for a specific logger (${Logger.allLoggers.map(_.name).mkString(", ")})."
+    )
+    verboseLog: Seq[String] = Seq(),
+    @arg(name = "analyse", doc = "Run static analysis pass.")
+    analyse: Flag,
+    @arg(name = "interpret", doc = "Run BASIL IL interpreter.")
+    interpret: Flag,
+    @arg(name = "dump-il", doc = "Dump the Intermediate Language to text.")
+    dumpIL: Option[String],
+    @arg(name = "main-procedure-name", short = 'm', doc = "Name of the main procedure to begin analysis at.")
+    mainProcedureName: String = "main",
+    @arg(
+      name = "procedure-call-depth",
+      doc = "Cull procedures beyond this call depth from the main function (defaults to Int.MaxValue)"
+    )
+    procedureDepth: Int = Int.MaxValue,
+    @arg(name = "trim-early", doc = "Cull procedures BEFORE running analysis")
+    trimEarly: Flag,
+    @arg(name = "help", short = 'h', doc = "Show this help message.")
+    help: Flag,
+    @arg(name = "analysis-results", doc = "Log analysis results in files at specified path.")
+    analysisResults: Option[String],
+    @arg(name = "analysis-results-dot", doc = "Log analysis results in .dot form at specified path.")
+    analysisResultsDot: Option[String],
+    @arg(
+      name = "threads",
+      short = 't',
+      doc = "Separates threads into multiple .bpl files with given output filename as prefix (requires --analyse flag)"
+    )
+    threadSplit: Flag,
+    @arg(name = "parameter-form", doc = "Lift registers to local variables passed by parameter")
+    parameterForm: Flag,
+    @arg(
+      name = "summarise-procedures",
+      doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)"
+    )
+    summariseProcedures: Flag,
+    @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
+    simplify: Flag,
+    @arg(
+      name = "validate-simplify",
+      doc = "Emit SMT2 check for algebraic simplification translation validation to 'rewrites.smt2'"
+    )
+    validateSimplify: Flag,
+    @arg(
+      name = "memory-regions",
+      doc =
+        "Performs static analysis to separate memory into discrete regions in Boogie output (requires --analyse flag) (mra|dsa)"
+    )
+    memoryRegions: Option[String],
+    @arg(name = "verify", doc = "Run boogie on the resulting file")
+    verify: Flag
   )
 
   def main(args: Array[String]): Unit = {
@@ -215,17 +210,12 @@ object Main {
     } else if (conf.gtirbInputDirName.isDefined) then {
       loadDirectory(ChooseInput.Gtirb, conf.gtirbInputDirName.get)
     } else if (conf.inputFileName.isDefined && conf.relfFileName.isDefined) then {
-      ILLoadingConfig(
-        conf.inputFileName.get,
-        conf.relfFileName.get,
-        conf.specFileName
-      )
+      ILLoadingConfig(conf.inputFileName.get, conf.relfFileName.get, conf.specFileName)
 
     } else {
       throw IllegalArgumentException(
-        "\nRequires --load-directory-bap OR --load-directory-gtirb OR --input and--relf\n\n" + parser.helpText(sorted =
-          false
-        )
+        "\nRequires --load-directory-bap OR --load-directory-gtirb OR --input and--relf\n\n" + parser
+          .helpText(sorted = false)
       )
     }
 

From 3a441cc71e4965eacac3ff97a61a643052a68ba2 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 12:11:45 +1000
Subject: [PATCH 109/127] remove bvsaddo as not supported by z3 smtlib

---
 src/main/scala/analysis/Lattice.scala | 1 -
 src/main/scala/boogie/BExpr.scala     | 2 +-
 src/main/scala/ir/Expr.scala          | 3 +--
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/scala/analysis/Lattice.scala b/src/main/scala/analysis/Lattice.scala
index 8d57c85a7..db336c9bf 100644
--- a/src/main/scala/analysis/Lattice.scala
+++ b/src/main/scala/analysis/Lattice.scala
@@ -294,7 +294,6 @@ class ValueSetLattice[T] extends Lattice[ValueSet[T]] {
     op match
       case bvOp: BVBinOp =>
         bvOp match
-          case BVSADDO => ???
           case BVAND => ???
           case BVOR => ???
           case BVADD => rhs match
diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala
index fcc89a473..edf022e9c 100644
--- a/src/main/scala/boogie/BExpr.scala
+++ b/src/main/scala/boogie/BExpr.scala
@@ -288,7 +288,7 @@ case class BinaryBExpr(op: BinOp, arg1: BExpr, arg2: BExpr) extends BExpr {
           } else {
             throw new Exception(s"bitvector size mismatch: $arg1, $arg2")
           }
-        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE | BVSADDO =>
+        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE =>
           if (bv1.size == bv2.size) {
             BoolBType
           } else {
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 4a437e77c..225663e5a 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -190,7 +190,7 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
           } else {
             throw new Exception("bitvector size mismatch")
           }
-        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE | BVSADDO =>
+        case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE =>
           if (bv1.size == bv2.size) {
             BoolType
           } else {
@@ -252,7 +252,6 @@ sealed trait BVBinOp(op: String) extends BinOp {
   def opName = op
 }
 
-case object BVSADDO extends BVBinOp("saddo")
 case object BVAND extends BVBinOp("and")
 case object BVOR extends BVBinOp("or")
 case object BVADD extends BVBinOp("add")

From 92a10df9cf0c9c31224ee7845722a87d51390b79 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 12:20:01 +1000
Subject: [PATCH 110/127] cleanup and autoformat new files

---
 src/main/scala/ir/eval/ExprEval.scala         |  34 +--
 src/main/scala/ir/eval/InterpretBasilIR.scala | 155 +++++------
 .../scala/ir/eval/InterpretBreakpoints.scala  |  32 +--
 src/main/scala/ir/eval/InterpretRLimit.scala  |  38 ++-
 src/main/scala/ir/eval/InterpretTrace.scala   |  12 +-
 src/main/scala/ir/eval/Interpreter.scala      |  80 +++---
 .../scala/ir/eval/InterpreterProduct.scala    |   3 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     | 146 +++-------
 .../invariant/BlocksUniqueToProcedure.scala   |  10 +-
 src/main/scala/ir/invariant/CFGCorrect.scala  |  27 +-
 .../ir/invariant/CorrectCallParams.scala      |  39 +--
 .../ir/invariant/SingleCallBlockEnd.scala     |   7 +-
 .../transforms/DynamicSingleAssignment.scala  |  62 +++--
 .../transforms/IndirectCallResolution.scala   |  63 +++--
 .../ir/transforms/ProcedureParameters.scala   |  72 ++---
 .../scala/ir/transforms/ReplaceReturn.scala   |  25 +-
 src/main/scala/ir/transforms/Simp.scala       |  60 ++---
 .../scala/ir/transforms/SplitThreads.scala    |  12 +-
 .../StripUnreachableFunctions.scala           |   2 +-
 src/main/scala/translating/IRExpToSMT2.scala  |  76 +++---
 src/main/scala/util/Logging.scala             |  47 ++--
 src/main/scala/util/functional/State.scala    | 111 ++++----
 .../util/intrusive_list/IntrusiveList.scala   | 252 +++++++++---------
 src/main/scala/util/z3/z3process.scala        |   8 +-
 24 files changed, 669 insertions(+), 704 deletions(-)

diff --git a/src/main/scala/ir/eval/ExprEval.scala b/src/main/scala/ir/eval/ExprEval.scala
index 7e1373996..ede30cdba 100644
--- a/src/main/scala/ir/eval/ExprEval.scala
+++ b/src/main/scala/ir/eval/ExprEval.scala
@@ -97,9 +97,9 @@ def evalUnOp(op: UnOp, body: Literal): Expr = {
 }
 
 def evalIntExpr(
-    exp: Expr,
-    variableAssignment: Variable => Option[Literal],
-    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+  exp: Expr,
+  variableAssignment: Variable => Option[Literal],
+  memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
 ): Either[Expr, BigInt] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case i: IntLiteral => Right(i.value)
@@ -108,9 +108,9 @@ def evalIntExpr(
 }
 
 def evalBVExpr(
-    exp: Expr,
-    variableAssignment: Variable => Option[Literal],
-    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+  exp: Expr,
+  variableAssignment: Variable => Option[Literal],
+  memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
 ): Either[Expr, BitVecLiteral] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case b: BitVecLiteral => Right(b)
@@ -119,9 +119,9 @@ def evalBVExpr(
 }
 
 def evalLogExpr(
-    exp: Expr,
-    variableAssignment: Variable => Option[Literal],
-    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+  exp: Expr,
+  variableAssignment: Variable => Option[Literal],
+  memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
 ): Either[Expr, Boolean] = {
   partialEvalExpr(exp, variableAssignment, memory) match {
     case TrueLiteral  => Right(true)
@@ -131,9 +131,9 @@ def evalLogExpr(
 }
 
 def evalExpr(
-    exp: Expr,
-    variableAssignment: Variable => Option[Literal],
-    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a, b, c) => None)
+  exp: Expr,
+  variableAssignment: Variable => Option[Literal],
+  memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((d, a, b, c) => None)
 ): Option[Literal] = {
   partialEvalExpr match {
     case l: Literal => Some(l)
@@ -285,8 +285,8 @@ def statePartialEvalExpr[S](l: Loader[S, InterpreterError])(exp: Expr): State[S,
 }
 
 class StatelessLoader[E](
-    getVar: Variable => Option[Literal],
-    loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+  getVar: Variable => Option[Literal],
+  loadMem: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
 ) extends Loader[Unit, E] {
   def getVariable(v: Variable): State[Unit, Option[Literal], E] = State.pure(getVar(v))
   override def loadMemory(m: Memory, addr: Expr, endian: Endian, size: Int): State[Unit, Option[Literal], E] =
@@ -294,9 +294,9 @@ class StatelessLoader[E](
 }
 
 def partialEvalExpr(
-    exp: Expr,
-    variableAssignment: Variable => Option[Literal],
-    memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
+  exp: Expr,
+  variableAssignment: Variable => Option[Literal],
+  memory: (Memory, Expr, Endian, Int) => Option[Literal] = ((a, b, c, d) => None)
 ): Expr = {
   val l = StatelessLoader[InterpreterError](variableAssignment, memory)
   State.evaluate((), statePartialEvalExpr(l)(exp)) match {
diff --git a/src/main/scala/ir/eval/InterpretBasilIR.scala b/src/main/scala/ir/eval/InterpretBasilIR.scala
index 7cf8f6453..9e5826b28 100644
--- a/src/main/scala/ir/eval/InterpretBasilIR.scala
+++ b/src/main/scala/ir/eval/InterpretBasilIR.scala
@@ -30,10 +30,10 @@ case class StVarLoader[S, F <: Effects[S, InterpreterError]](f: F) extends Loade
   }
 
   override def loadMemory(
-      m: Memory,
-      addr: Expr,
-      endian: Endian,
-      size: Int
+    m: Memory,
+    addr: Expr,
+    endian: Endian,
+    size: Int
   ): State[S, Option[Literal], InterpreterError] = {
     for {
       r <- addr match {
@@ -134,7 +134,7 @@ case object Eval {
   /*--------------------------------------------------------------------------------*/
 
   def load[S, T <: Effects[S, InterpreterError]](
-      f: T
+    f: T
   )(vname: String, addr: Scalar, endian: Endian, count: Int): State[S, List[BasilValue], InterpreterError] = {
     for {
       _ <-
@@ -150,7 +150,7 @@ case object Eval {
 
   /** Load and concat bitvectors */
   def loadBV[S, T <: Effects[S, InterpreterError]](
-      f: T
+    f: T
   )(vname: String, addr: Scalar, endian: Endian, size: Int): State[S, BitVecLiteral, InterpreterError] = for {
     mem <- f.loadVar(vname)
     x <- mem match {
@@ -168,9 +168,7 @@ case object Eval {
           c match {
             case Scalar(bv @ BitVecLiteral(v, sz)) if sz == valsize => State.pure(bv)
             case c =>
-              State.setError(
-                TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize")
-              )
+              State.setError(TypeError(s"Loaded value of type ${c.irType} did not match expected type bv$valsize"))
           },
         res
       )
@@ -178,7 +176,7 @@ case object Eval {
   } yield (bvs.foldLeft(BitVecLiteral(0, 0))((acc, r) => eval.evalBVBinExpr(BVCONCAT, acc, r)))
 
   def loadSingle[S, T <: Effects[S, InterpreterError]](
-      f: T
+    f: T
   )(vname: String, addr: Scalar): State[S, BasilValue, InterpreterError] = {
     for {
       m <- load(f)(vname, addr, Endian.LittleEndian, 1)
@@ -190,15 +188,12 @@ case object Eval {
   /*--------------------------------------------------------------------------------*/
 
   /* Expand addr for number of values to store */
-  def store[S, T <: Effects[S, InterpreterError]](f: T)(
-      vname: String,
-      addr: BasilValue,
-      values: List[BasilValue],
-      endian: Endian
-  )(implicit
-      line: sourcecode.Line,
-      file: sourcecode.FileName,
-      name: sourcecode.Name
+  def store[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(vname: String, addr: BasilValue, values: List[BasilValue], endian: Endian)(implicit
+    line: sourcecode.Line,
+    file: sourcecode.FileName,
+    name: sourcecode.Name
   ): State[S, Unit, InterpreterError] =
     monlog.debug(s"store ${vname} ${values.size} bytes ${file.value}:${line.value}")
     for {
@@ -219,47 +214,48 @@ case object Eval {
     } yield (x)
 
   /** Extract bitvec to bytes and store bytes */
-  def storeBV[S, T <: Effects[S, InterpreterError]](f: T)(
-      vname: String,
-      addr: BasilValue,
-      value: BitVecLiteral,
-      endian: Endian
-  )(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, Unit, InterpreterError] = 
+  def storeBV[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(vname: String, addr: BasilValue, value: BitVecLiteral, endian: Endian)(implicit
+    line: sourcecode.Line,
+    file: sourcecode.FileName,
+    name: sourcecode.Name
+  ): State[S, Unit, InterpreterError] =
 
     monlog.debug(s"storeBV ${vname} ${size(value).get / 8} bytes")(line, file, name)
     for {
-    mem <- f.loadVar(vname)
-    mr <- mem match {
-      case m @ BasilMapValue(_, MapType(kt, BitVecType(size))) if Some(kt) == addr.irType => State.pure((m, size))
-      case v =>
-        State.setError(
-          TypeError(
-            s"Invalid map store operation to $vname : ${v.irType} (expect [${addr.irType}] <- ${value.getType})"
+      mem <- f.loadVar(vname)
+      mr <- mem match {
+        case m @ BasilMapValue(_, MapType(kt, BitVecType(size))) if Some(kt) == addr.irType => State.pure((m, size))
+        case v =>
+          State.setError(
+            TypeError(
+              s"Invalid map store operation to $vname : ${v.irType} (expect [${addr.irType}] <- ${value.getType})"
+            )
           )
-        )
-    }
-    (mapval, vsize) = mr
-    cells = value.size / vsize
-    _ = {
-      if (cells < 1) {
-        State.setError((MemoryError("Tried to execute fractional store")))
-      } else {
-        State.pure(())
       }
-    }
+      (mapval, vsize) = mr
+      cells = value.size / vsize
+      _ = {
+        if (cells < 1) {
+          State.setError((MemoryError("Tried to execute fractional store")))
+        } else {
+          State.pure(())
+        }
+      }
 
-    extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
-    vs = endian match {
-      case Endian.LittleEndian => extractVals.map(Scalar(_))
-      case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
-    }
+      extractVals = (0 until cells).map(i => BitVectorEval.boogie_extract((i + 1) * vsize, i * vsize, value)).toList
+      vs = endian match {
+        case Endian.LittleEndian => extractVals.map(Scalar(_))
+        case Endian.BigEndian    => extractVals.reverse.map(Scalar(_))
+      }
 
-    keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until cells))
-    s <- f.storeMem(vname, keys.zip(vs).toMap)
-  } yield (s)
+      keys <- State.mapM((i: Int) => State.pureE(BasilValue.unsafeAdd(addr, i)), (0 until cells))
+      s <- f.storeMem(vname, keys.zip(vs).toMap)
+    } yield (s)
 
   def storeSingle[S, E, T <: Effects[S, E]](
-      f: T
+    f: T
   )(vname: String, addr: BasilValue, value: BasilValue): State[S, Unit, E] = {
     f.storeMem(vname, Map((addr -> value)))
   }
@@ -269,7 +265,7 @@ case object Eval {
   /** Load all memory cells from pointer until reaching cell containing 0. Ptr -> List[Bitvector]
     */
   def getNullTerminatedString[S, T <: Effects[S, InterpreterError]](
-      f: T
+    f: T
   )(rgn: String, src: BasilValue, acc: List[BitVecLiteral] = List()): State[S, List[BitVecLiteral], InterpreterError] =
     for {
       srv: BitVecLiteral <- src match {
@@ -510,12 +506,7 @@ object InterpFuns {
       .map((p) => {
         val (offset, fptr) = p
         Eval.storeSingle(s)("ghost-funtable", Scalar(fptr.addr), fptr)
-          >> (Eval.storeBV(s)(
-            "mem",
-            Scalar(BitVecLiteral(offset, 64)),
-            fptr.addr,
-            Endian.LittleEndian
-          ))
+          >> (Eval.storeBV(s)("mem", Scalar(BitVecLiteral(offset, 64)), fptr.addr, Endian.LittleEndian))
       })
 
     for {
@@ -547,7 +538,7 @@ object InterpFuns {
       l <- s.storeVar("R30_in", Scope.Global, Scalar(LR))
       l <- s.storeVar("R0", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R1", Scope.Global, Scalar(BitVecLiteral(0, 64)))
-      /** callee saved **/
+      /** callee saved * */
       l <- s.storeVar("R19", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R20", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R21", Scope.Global, Scalar(BitVecLiteral(0, 64)))
@@ -558,32 +549,22 @@ object InterpFuns {
       l <- s.storeVar("R26", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R27", Scope.Global, Scalar(BitVecLiteral(0, 64)))
       l <- s.storeVar("R28", Scope.Global, Scalar(BitVecLiteral(0, 64)))
-      /** end callee saved **/
+      /** end callee saved * */
       _ <- s.storeVar("ghost-funtable", Scope.Global, BasilMapValue(Map.empty, MapType(BitVecType(64), BitVecType(64))))
       _ <- IntrinsicImpl.initFileGhostRegions(s)
     } yield (l)
   }
 
-  def initialiseProgram[S, T <: Effects[S, InterpreterError]](
-      f: T
-  )(is: S, p: Program): S = {
+  def initialiseProgram[S, T <: Effects[S, InterpreterError]](f: T)(is: S, p: Program): S = {
 
-    def initMemory(is: S, mem: String, mems: Iterable[MemorySection]) : S = {
+    def initMemory(is: S, mem: String, mems: Iterable[MemorySection]): S = {
       var s = is
       for (memory <- mems.filter(m => m.address != 0 && m.bytes.size != 0)) {
         val bytes = memory.bytes.toList.map(Scalar(_))
         val addrs = memory.address until memory.address + bytes.size
         for (store <- addrs.zip(bytes)) {
-          val (addr,value) = store
-          s = State.execute(
-            s,
-            Eval.store(f)(
-              mem,
-              Scalar(BitVecLiteral(addr, 64)),
-              List(value),
-              Endian.BigEndian
-            )
-          )
+          val (addr, value) = store
+          s = State.execute(s, Eval.store(f)(mem, Scalar(BitVecLiteral(addr, 64)), List(value), Endian.BigEndian))
         }
       }
       s
@@ -592,20 +573,22 @@ object InterpFuns {
     var s = State.execute(is, initialState(f))
 
     for (proc <- p.procedures.filter(p => p.blocks.nonEmpty && p.address.isDefined)) {
-            s = State.execute(s, Eval.storeSingle(f)(
-              "ghost-funtable",
-              Scalar(BitVecLiteral(proc.address.get, 64)),
-              FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
-            )
-          )
+      s = State.execute(
+        s,
+        Eval.storeSingle(f)(
+          "ghost-funtable",
+          Scalar(BitVecLiteral(proc.address.get, 64)),
+          FunPointer(BitVecLiteral(proc.address.get, 64), proc.name, Run(IRWalk.firstInBlock(proc.entryBlock.get)))
+        )
+      )
     }
 
     val mainfun = p.mainProcedure
-    s = State.execute(s, f.call("init_activation", Stopped(), Stopped())) 
+    s = State.execute(s, f.call("init_activation", Stopped(), Stopped()))
     s = initMemory(s, "mem", p.initialMemory.values)
     s = initMemory(s, "stack", p.initialMemory.values)
     s = State.execute(s, f.call(mainfun.name, Run(IRWalk.firstInBlock(mainfun.entryBlock.get)), Stopped()))
-      // l <- State.sequence(State.pure(()), mainfun.formalInParam.toList.map(i => f.storeVar(i.name, i.toBoogie.scope, Scalar(BitVecLiteral(0, size(i).get)))))
+    // l <- State.sequence(State.pure(()), mainfun.formalInParam.toList.map(i => f.storeVar(i.name, i.toBoogie.scope, Scalar(BitVecLiteral(0, size(i).get)))))
     s
   }
 
@@ -619,7 +602,8 @@ object InterpFuns {
         var s = is
         for (rgn <- Seq("mem", "stack")) {
           for (addr <- (first until last)) {
-            s = State.execute(s, 
+            s = State.execute(
+              s,
               Eval.storeBV(f)(rgn, Scalar(BitVecLiteral(addr, 64)), BitVecLiteral(0, 8), Endian.LittleEndian)
             )
           }
@@ -629,15 +613,14 @@ object InterpFuns {
 
     } yield (st)
 
-
     bss match {
-      case None       => Logger.error("No BSS initialised"); is 
+      case None       => Logger.error("No BSS initialised"); is
       case Some(init) => init
     }
   }
 
   def initProgState[S, T <: Effects[S, InterpreterError]](f: T)(p: IRContext, is: S): S = {
-    var ist = initialiseProgram(f)(is, p.program) 
+    var ist = initialiseProgram(f)(is, p.program)
     ist = initBSS(f)(ist, p)
     ist = State.execute(ist, InterpFuns.initRelocTable(f)(p))
     val st = State.putS(ist)
diff --git a/src/main/scala/ir/eval/InterpretBreakpoints.scala b/src/main/scala/ir/eval/InterpretBreakpoints.scala
index ced1eecb8..77493c1dd 100644
--- a/src/main/scala/ir/eval/InterpretBreakpoints.scala
+++ b/src/main/scala/ir/eval/InterpretBreakpoints.scala
@@ -19,10 +19,10 @@ enum BreakPointLoc:
   case CMDCond(c: Command, condition: Expr)
 
 case class BreakPointAction(
-    saveState: Boolean = true,
-    stop: Boolean = false,
-    evalExprs: List[(String, Expr)] = List(),
-    log: Boolean = false
+  saveState: Boolean = true,
+  stop: Boolean = false,
+  evalExprs: List[(String, Expr)] = List(),
+  log: Boolean = false
 )
 
 case class BreakPoint(name: String = "", location: BreakPointLoc, action: BreakPointAction)
@@ -42,11 +42,8 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](f: I, break
     )
   }
 
-  override def getNext: State[
-    (T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]),
-    ExecutionContinuation,
-    InterpreterError
-  ] = {
+  override def getNext
+    : State[(T, List[(BreakPoint, Option[T], List[(String, Expr, Expr)])]), ExecutionContinuation, InterpreterError] = {
     for {
       v: ExecutionContinuation <- doLeft(f.getNext)
       n <- v match {
@@ -103,10 +100,10 @@ case class RememberBreakpoints[T, I <: Effects[T, InterpreterError]](f: I, break
 }
 
 def interpretWithBreakPoints[I](
-    p: IRContext,
-    breakpoints: List[BreakPoint],
-    innerInterpreter: Effects[I, InterpreterError],
-    innerInitialState: I
+  p: IRContext,
+  breakpoints: List[BreakPoint],
+  innerInterpreter: Effects[I, InterpreterError],
+  innerInitialState: I
 ): (I, List[(BreakPoint, Option[I], List[(String, Expr, Expr)])]) = {
   val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
   val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
@@ -114,10 +111,10 @@ def interpretWithBreakPoints[I](
 }
 
 def interpretWithBreakPoints[I](
-    p: Program,
-    breakpoints: List[BreakPoint],
-    innerInterpreter: Effects[I, InterpreterError],
-    innerInitialState: I
+  p: Program,
+  breakpoints: List[BreakPoint],
+  innerInterpreter: Effects[I, InterpreterError],
+  innerInitialState: I
 ): (I, List[(BreakPoint, Option[I], List[(String, Expr, Expr)])]) = {
   val interp = LayerInterpreter(innerInterpreter, RememberBreakpoints(innerInterpreter, breakpoints))
   val res = InterpFuns.interpretProg(interp)(p, (innerInitialState, List()))
@@ -128,7 +125,6 @@ def interpretBreakPoints(p: IRContext, breakpoints: List[BreakPoint]) = {
   interpretWithBreakPoints(p, breakpoints, NormalInterpreter, InterpreterState())
 }
 
-
 def interpretBreakPoints(p: Program, breakpoints: List[BreakPoint]) = {
   interpretWithBreakPoints(p, breakpoints, NormalInterpreter, InterpreterState())
 }
diff --git a/src/main/scala/ir/eval/InterpretRLimit.scala b/src/main/scala/ir/eval/InterpretRLimit.scala
index a381e5d8f..cc26793e2 100644
--- a/src/main/scala/ir/eval/InterpretRLimit.scala
+++ b/src/main/scala/ir/eval/InterpretRLimit.scala
@@ -1,4 +1,3 @@
-
 package ir.eval
 import ir._
 import ir.eval.BitVectorEval.*
@@ -15,38 +14,49 @@ import scala.collection.mutable
 import scala.collection.immutable
 import scala.util.control.Breaks.{break, breakable}
 
+case class EffectsRLimit[T, E, I <: Effects[T, InterpreterError]](val limit: Int)
+    extends NopEffects[(T, Int), InterpreterError] {
 
-case class EffectsRLimit[T, E, I <: Effects[T, InterpreterError]](val limit: Int) extends NopEffects[(T, Int), InterpreterError] {
-
-  override def getNext :State[(T, Int), ExecutionContinuation, InterpreterError] = {
+  override def getNext: State[(T, Int), ExecutionContinuation, InterpreterError] = {
     for {
-      c : (T, Int) <- State.getS
+      c: (T, Int) <- State.getS
       (is, resources) = c
-      _ <- if (resources >= limit && limit >= 0) {
-        State.setError(Errored(s"Resource limit $limit reached"))
-      } else { 
-        State.modify ((s : (T, Int)) => (s._1, s._2 + 1))
-      }
+      _ <-
+        if (resources >= limit && limit >= 0) {
+          State.setError(Errored(s"Resource limit $limit reached"))
+        } else {
+          State.modify((s: (T, Int)) => (s._1, s._2 + 1))
+        }
     } yield (Stopped()) // thrown away by LayerInterpreter
   }
 }
 
-def interpretWithRLimit[I](p: Program, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Int) = {
+def interpretWithRLimit[I](
+  p: Program,
+  instructionLimit: Int,
+  innerInterpreter: Effects[I, InterpreterError],
+  innerInitialState: I
+): (I, Int) = {
   val rlimitInterpreter = LayerInterpreter(innerInterpreter, EffectsRLimit(instructionLimit))
   InterpFuns.interpretProg(rlimitInterpreter)(p, (innerInitialState, 0))
 }
 
-def interpretWithRLimit[I](p: IRContext, instructionLimit: Int, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Int) = {
+def interpretWithRLimit[I](
+  p: IRContext,
+  instructionLimit: Int,
+  innerInterpreter: Effects[I, InterpreterError],
+  innerInitialState: I
+): (I, Int) = {
   val rlimitInterpreter = LayerInterpreter(innerInterpreter, EffectsRLimit(instructionLimit))
   val begin = InterpFuns.initProgState(rlimitInterpreter)(p, (innerInitialState, 0))
   // throw away initialisation trace
   BASILInterpreter(rlimitInterpreter).run((begin._1, 0))
 }
 
-def interpretRLimit(p: Program, instructionLimit: Int) : (InterpreterState, Int) = {
+def interpretRLimit(p: Program, instructionLimit: Int): (InterpreterState, Int) = {
   interpretWithRLimit(p, instructionLimit, NormalInterpreter, InterpreterState())
 }
 
-def interpretRLimit(p: IRContext, instructionLimit: Int) : (InterpreterState, Int) = {
+def interpretRLimit(p: IRContext, instructionLimit: Int): (InterpreterState, Int) = {
   interpretWithRLimit(p, instructionLimit, NormalInterpreter, InterpreterState())
 }
diff --git a/src/main/scala/ir/eval/InterpretTrace.scala b/src/main/scala/ir/eval/InterpretTrace.scala
index 89b0fc976..f32dc5e79 100644
--- a/src/main/scala/ir/eval/InterpretTrace.scala
+++ b/src/main/scala/ir/eval/InterpretTrace.scala
@@ -58,11 +58,19 @@ case class TraceGen[E]() extends NopEffects[Trace, E] {
 
 def tracingInterpreter[I, E](innerInterpreter: Effects[I, E]) = ProductInterpreter(innerInterpreter, TraceGen())
 
-def interpretWithTrace[I](p: Program, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Trace) = {
+def interpretWithTrace[I](
+  p: Program,
+  innerInterpreter: Effects[I, InterpreterError],
+  innerInitialState: I
+): (I, Trace) = {
   InterpFuns.interpretProg(tracingInterpreter(innerInterpreter))(p, (innerInitialState, Trace(List())))
 }
 
-def interpretWithTrace[I](p: IRContext, innerInterpreter: Effects[I, InterpreterError], innerInitialState: I): (I, Trace) = {
+def interpretWithTrace[I](
+  p: IRContext,
+  innerInterpreter: Effects[I, InterpreterError],
+  innerInitialState: I
+): (I, Trace) = {
   val tracingInterpreter = ProductInterpreter(innerInterpreter, TraceGen())
   val begin = InterpFuns.initProgState(tracingInterpreter)(p, (innerInitialState, Trace(List())))
   // throw away initialisation trace
diff --git a/src/main/scala/ir/eval/Interpreter.scala b/src/main/scala/ir/eval/Interpreter.scala
index 0690d8a54..bd913de92 100644
--- a/src/main/scala/ir/eval/Interpreter.scala
+++ b/src/main/scala/ir/eval/Interpreter.scala
@@ -154,13 +154,13 @@ type StackFrameID = String
 val globalFrame: StackFrameID = "GLOBAL"
 
 case class MemoryState(
-    /* We have a very permissive value reprsentation and store all dynamic state in `stackFrames`.
-     * - activations is the call stack, the top of which indicates the current stackFrame.
-     * - activationCount: (procedurename -> int) is used to create uniquely-named stackframes.
-     */
-    val stackFrames: Map[StackFrameID, Map[String, BasilValue]] = Map((globalFrame -> Map.empty)),
-    val activations: List[StackFrameID] = List.empty,
-    val activationCount: Map[String, Int] = Map.empty.withDefault(_ => 0)
+  /* We have a very permissive value reprsentation and store all dynamic state in `stackFrames`.
+   * - activations is the call stack, the top of which indicates the current stackFrame.
+   * - activationCount: (procedurename -> int) is used to create uniquely-named stackframes.
+   */
+  val stackFrames: Map[StackFrameID, Map[String, BasilValue]] = Map((globalFrame -> Map.empty)),
+  val activations: List[StackFrameID] = List.empty,
+  val activationCount: Map[String, Int] = Map.empty.withDefault(_ => 0)
 ) {
 
   /** Debug return useful values * */
@@ -313,10 +313,9 @@ case class MemoryState(
 object LibcIntrinsic {
   // TODO: make parameter passing work
 
-  /**
-   * Part of the intrinsics implementation that lives above the Effects interface 
-   * (i.e. we are defining the observable part of the intrinsics behaviour)
-   */
+  /** Part of the intrinsics implementation that lives above the Effects interface (i.e. we are defining the observable
+    * part of the intrinsics behaviour)
+    */
 
   def singleArg[S, E, T <: Effects[S, E]](name: String)(s: T): State[S, Unit, E] = for {
     c <- s.loadVar("R0")
@@ -364,19 +363,21 @@ object LibcIntrinsic {
 object IntrinsicImpl {
 
   /** state initialisation for file modelling */
-  def initFileGhostRegions[S, E, T <: Effects[S, E]](f: T): State[S, Unit, E]  = for {
-      _ <- f.storeVar("ghost-file-bookkeeping", Scope.Global, GenMapValue(Map.empty))
-      _ <- f.storeVar("ghost-fd-mapping", Scope.Global, GenMapValue(Map.empty))
-      _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> Scalar(BitVecLiteral(0, 64))))
-      _ <- f.callIntrinsic("fopen", List(Symbol("stderr")))
-      _ <- f.callIntrinsic("fopen", List(Symbol("stdout")))
+  def initFileGhostRegions[S, E, T <: Effects[S, E]](f: T): State[S, Unit, E] = for {
+    _ <- f.storeVar("ghost-file-bookkeeping", Scope.Global, GenMapValue(Map.empty))
+    _ <- f.storeVar("ghost-fd-mapping", Scope.Global, GenMapValue(Map.empty))
+    _ <- f.storeMem("ghost-file-bookkeeping", Map(Symbol("$$filecount") -> Scalar(BitVecLiteral(0, 64))))
+    _ <- f.callIntrinsic("fopen", List(Symbol("stderr")))
+    _ <- f.callIntrinsic("fopen", List(Symbol("stdout")))
   } yield (())
 
-  /** Intrinsics defined over arbitrary effects 
-   *
-   * We call these from Effects[T, E] rather than the Interpreter so their implementation does not appear in the trace.
-   */
-  def putc[S, T <: Effects[S, InterpreterError]](f: T)(arg: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+  /** Intrinsics defined over arbitrary effects
+    *
+    * We call these from Effects[T, E] rather than the Interpreter so their implementation does not appear in the trace.
+    */
+  def putc[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(arg: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       addr <- f.loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
       byte <- State.pureE(BasilValue.toBV(arg))
@@ -387,7 +388,9 @@ object IntrinsicImpl {
     } yield (None)
   }
 
-  def fopen[S, T <: Effects[S, InterpreterError]](f: T)(file: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+  def fopen[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(file: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       fname <- file match {
         case Symbol(name) => State.pure(name)
@@ -403,15 +406,16 @@ object IntrinsicImpl {
     } yield (Some(filecount.head))
   }
 
-
-  def write[S, T <: Effects[S, InterpreterError]](f: T)(fd: BasilValue, strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+  def write[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(fd: BasilValue, strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       str <- Eval.getNullTerminatedString(f)("mem", strptr)
       // TODO: fd mapping in state
       file = fd match {
         case Scalar(BitVecLiteral(1, 64)) => "stdout"
         case Scalar(BitVecLiteral(2, 64)) => "stderr"
-        case _ => "unknown"
+        case _                            => "unknown"
       }
       baseptr: List[BasilValue] <- f.loadMem("ghost-file-bookkeeping", List(Symbol(s"${file}-ptr")))
       offs: List[BasilValue] <- State.mapM(
@@ -424,7 +428,9 @@ object IntrinsicImpl {
     } yield (None)
   }
 
-  def print[S, T <: Effects[S, InterpreterError]](f: T)(strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+  def print[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(strptr: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       str <- Eval.getNullTerminatedString(f)("mem", strptr)
       baseptr: List[BasilValue] <- f.loadMem("ghost-file-bookkeeping", List(Symbol("stdout-ptr")))
@@ -438,7 +444,9 @@ object IntrinsicImpl {
     } yield (None)
   }
 
-  def malloc[S, T <: Effects[S, InterpreterError]](f: T)(size: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
+  def malloc[S, T <: Effects[S, InterpreterError]](
+    f: T
+  )(size: BasilValue): State[S, Option[BasilValue], InterpreterError] = {
     for {
       size <- (size match {
         case (x @ Scalar(_: BitVecLiteral)) => State.pure(x)
@@ -455,19 +463,18 @@ object IntrinsicImpl {
 }
 
 case class InterpreterState(
-    val nextCmd: ExecutionContinuation = Stopped(),
-    val callStack: List[ExecutionContinuation] = List.empty,
-    val memoryState: MemoryState = MemoryState()
+  val nextCmd: ExecutionContinuation = Stopped(),
+  val callStack: List[ExecutionContinuation] = List.empty,
+  val memoryState: MemoryState = MemoryState()
 )
 
 /** Implementation of Effects for InterpreterState concrete state representation.
   */
 object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
 
-
   def callIntrinsic(
-      name: String,
-      args: List[BasilValue]
+    name: String,
+    args: List[BasilValue]
   ): State[InterpreterState, Option[BasilValue], InterpreterError] = {
     name match {
       case "free"   => State.pure(None)
@@ -481,8 +488,9 @@ object NormalInterpreter extends Effects[InterpreterState, InterpreterError] {
           _ <- storeVar("R0", Scope.Global, r)
         } yield (Some(r))
       case "print" => IntrinsicImpl.print(this)(args.head)
-      case "puts"  => IntrinsicImpl.print(this)(args.head) >> IntrinsicImpl.putc(this)(Scalar(BitVecLiteral('\n'.toInt, 64)))
-      case "write"  => IntrinsicImpl.write(this)(args(1), args(2))
+      case "puts" =>
+        IntrinsicImpl.print(this)(args.head) >> IntrinsicImpl.putc(this)(Scalar(BitVecLiteral('\n'.toInt, 64)))
+      case "write" => IntrinsicImpl.write(this)(args(1), args(2))
       case _       => State.setError(Errored(s"Call undefined intrinsic $name"))
     }
   }
diff --git a/src/main/scala/ir/eval/InterpreterProduct.scala b/src/main/scala/ir/eval/InterpreterProduct.scala
index ccf4fb682..23139ea04 100644
--- a/src/main/scala/ir/eval/InterpreterProduct.scala
+++ b/src/main/scala/ir/eval/InterpreterProduct.scala
@@ -83,8 +83,7 @@ case class ProductInterpreter[L, T, E](inner: Effects[L, E], before: Effects[T,
   } yield (f)
 }
 
-case class LayerInterpreter[L, T, E](inner: Effects[L, E], before: Effects[(L, T), E])
-    extends Effects[(L, T), E] {
+case class LayerInterpreter[L, T, E](inner: Effects[L, E], before: Effects[(L, T), E]) extends Effects[(L, T), E] {
 
   def loadVar(v: String) = for {
     n <- (before.loadVar(v))
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 22156ccc6..08d297301 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -79,10 +79,7 @@ def simpFixedPoint(s: Expr => (Expr, Boolean))(e: Expr): (Expr, Boolean) = {
 def simplifyExprVis = SimpExpr(simpFixedPoint(sequenceSimp(simplifyExpr, SimpExpr(fastPartialEvalExpr).apply)))
 def simplifyCondVis = SimpExpr(
   simpFixedPoint(
-    sequenceSimp(
-      simpFixedPoint(SimpExpr(simpFixedPoint(simplifyCmpInequalities)).apply),
-      simplifyExprVis.apply,
-    )
+    sequenceSimp(simpFixedPoint(SimpExpr(simpFixedPoint(simplifyCmpInequalities)).apply), simplifyExprVis.apply)
   )
 )
 def simplifyExprFixpoint = simplifyExprVis.apply
@@ -153,9 +150,9 @@ object SimplifyValidation {
 }
 
 def logSimp(e: Expr, ne: Expr, actual: Boolean = true)(implicit
-    line: sourcecode.Line,
-    file: sourcecode.FileName,
-    name: sourcecode.Name
+  line: sourcecode.Line,
+  file: sourcecode.FileName,
+  name: sourcecode.Name
 ): Expr = {
   if (!actual) {
     return ne
@@ -180,7 +177,6 @@ def logSimp(e: Expr, ne: Expr, actual: Boolean = true)(implicit
   ne
 }
 
-
 class VarNameNormalise() extends CILVisitor {
   var count = 1
   val assigned = mutable.Map[Variable, Variable]()
@@ -232,10 +228,13 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, body), BitVecLiteral(1, 1))  => logSimp(e, body)
     case BinaryExpr(BVEQ, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) => logSimp(e, BinaryExpr(BoolEQ, (l), (r)))
 
-    case BinaryExpr(BVADD, l @ UnaryExpr(BVNEG, x), r) if !r.isInstanceOf[Literal] && !{r match {
-      case UnaryExpr(BVNEG, _) => true
-      case _ => false
-    }} => BinaryExpr(BVADD, r, l)
+    case BinaryExpr(BVADD, l @ UnaryExpr(BVNEG, x), r) if !r.isInstanceOf[Literal] && ! {
+          r match {
+            case UnaryExpr(BVNEG, _) => true
+            case _                   => false
+          }
+        } =>
+      BinaryExpr(BVADD, r, l)
 
     case BinaryExpr(BoolAND, l @ BinaryExpr(BVEQ, _, _), r @ BinaryExpr(relop, _, _))
         if ineqToStrict.contains(relop) || strictIneq.contains(relop) => {
@@ -246,44 +245,23 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       BinaryExpr(BoolAND, r, l)
     }
 
-    /* intro bool2bv */
-    case BinaryExpr(
-          BVCOMP,
-          l,
-          r
-        ) => {
+    case BinaryExpr(BVCOMP, l, r) => {
       logSimp(e, bool2bv1(BinaryExpr(BVEQ, l, r)))
     }
     /* push bool2bv upwards */
-    case BinaryExpr(
-          bop,
-          BitVecLiteral(x, 1),
-          UnaryExpr(BoolToBV1, r)
-        ) if bvLogOpToBoolOp.contains(bop) => {
+    case BinaryExpr(bop, BitVecLiteral(x, 1), UnaryExpr(BoolToBV1, r)) if bvLogOpToBoolOp.contains(bop) => {
       val l = if x == 1 then TrueLiteral else FalseLiteral
       logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
     }
 
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          BitVecLiteral(x, 1)
-        ) if bvLogOpToBoolOp.contains(bop) => {
+    case BinaryExpr(bop, UnaryExpr(BoolToBV1, l), BitVecLiteral(x, 1)) if bvLogOpToBoolOp.contains(bop) => {
       val r = if x == 1 then TrueLiteral else FalseLiteral
       logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
     }
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          UnaryExpr(BoolToBV1, r)
-        ) if bvLogOpToBoolOp.contains(bop) => {
+    case BinaryExpr(bop, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) if bvLogOpToBoolOp.contains(bop) => {
       logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
     }
-    case BinaryExpr(
-          bop,
-          UnaryExpr(BoolToBV1, l),
-          UnaryExpr(BoolToBV1, r)
-        ) if bvLogOpToBoolOp.contains(bop) => {
+    case BinaryExpr(bop, UnaryExpr(BoolToBV1, l), UnaryExpr(BoolToBV1, r)) if bvLogOpToBoolOp.contains(bop) => {
       logSimp(e, bool2bv1(BinaryExpr(bvLogOpToBoolOp(bop), (l), (r))))
     }
 
@@ -553,11 +531,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
       logSimp(e, BinaryExpr(BVSGE, x1, UnaryExpr(BVNEG, BinaryExpr(BVADD, y1, z1))))
     }
 
-    case BinaryExpr(
-          BVEQ,
-          ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)),
-          compar @ BinaryExpr(o2, x2, y2)
-        )
+    case BinaryExpr(BVEQ, ZeroExtend(exts, orig @ BinaryExpr(o1, x1, y1)), compar @ BinaryExpr(o2, x2, y2))
         if size(x1).get > 1 && (o1 == o2) && o1 == BVADD
           && simplifyCond(x2) == simplifyCond(ZeroExtend(exts, x1))
           && simplifyCond(y2) == simplifyCond(ZeroExtend(exts, y1)) => {
@@ -607,9 +581,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
         )
         if exts == ext2 && size(x1).get >= 8 && (o1 == o2) && o2 == o4 && o1 == BVADD
           && simplifyCond(BinaryExpr(o1, ZeroExtend(exts, x1), ZeroExtend(exts, z1)))
-          == simplifyCond(
-            BinaryExpr(BVADD, ZeroExtend(exts, x2), (BinaryExpr(BVADD, ZeroExtend(exts, y2), z2)))
-          ) => {
+          == simplifyCond(BinaryExpr(BVADD, ZeroExtend(exts, x2), (BinaryExpr(BVADD, ZeroExtend(exts, y2), z2)))) => {
       // C not Set
       logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVUGT, x1, UnaryExpr(BVNOT, z1))))
     }
@@ -663,9 +635,8 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
           l @ BinaryExpr(BoolAND, _, BinaryExpr(op, lhs, rhs: BitVecLiteral)),
           UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2: BitVecLiteral))
         )
-        if (ineqToStrict.contains(op) || strictIneq.contains(op)) && simplifyCond(
-          BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)
-        ) == TrueLiteral
+        if (ineqToStrict.contains(op) || strictIneq
+          .contains(op)) && simplifyCond(BinaryExpr(ineqToStrict.get(op).getOrElse(op), rhs, rhs2)) == TrueLiteral
           && lhs == lhs2 => {
       logSimp(e, l)
     }
@@ -696,9 +667,7 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     // x >= 0 && x != 0 ===> x > 0
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, BitVecLiteral(0, sz)), UnaryExpr(BoolNOT, rhs))
         if ineqToStrict.contains(op) &&
-          size(lhs).isDefined && (simplifyCond(
-            BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))
-          ) == rhs) => {
+          size(lhs).isDefined && (simplifyCond(BinaryExpr(BVEQ, lhs, BitVecLiteral(0, size(lhs).get))) == rhs) => {
       logSimp(e, BinaryExpr(ineqToStrict(op), lhs, BitVecLiteral(0, size(lhs).get)))
     }
     case BinaryExpr(BoolAND, BinaryExpr(op, lhs, rhs), UnaryExpr(BoolNOT, BinaryExpr(BVEQ, lhs2, rhs2)))
@@ -748,25 +717,25 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
     case BinaryExpr(BoolOR, BinaryExpr(BVULT, x, y), BinaryExpr(BVUGE, x1, y1)) if x1 == x && y1 == y => TrueLiteral
     case BinaryExpr(BoolOR, BinaryExpr(BVULE, x, y), BinaryExpr(BVUGT, x1, y1)) if x1 == x && y1 == y => TrueLiteral
 
-   // case orig @ BinaryExpr(
-   //       BoolAND,
-   //       BinaryExpr(BoolAND, a, b),
-   //       BinaryExpr(BoolOR, c, d)
-   //     )  if {
-   //       //val simpeda = BinaryExpr(BoolAND, BinaryExpr(BoolOR, a, c), BinaryExpr(BoolOR, a, d))
-   //       //val simpedb = BinaryExpr(BoolAND, BinaryExpr(BoolOR, b, c), BinaryExpr(BoolOR, b, d))
-   //       //val s = BinaryExpr(BoolAND, simpeda, simpedb)
-   //       //val r = simplifyCond(s)
-   //       true
-   //     } => {
-   //       trace = true
-   //       val simpeda = (BinaryExpr(BoolAND, (BinaryExpr(BoolAND, c, a)), (BinaryExpr(BoolAND, c, b))))
-   //       val simpedb = (BinaryExpr(BoolAND, (BinaryExpr(BoolAND, d, a)), (BinaryExpr(BoolAND, d, b))))
-   //       val s = simplifyCond(BinaryExpr(BoolOR, simpeda, simpedb))
-   //       val nr =  logSimp(e, s)
-   //       trace = false
-   //       nr
-   //     }
+    // case orig @ BinaryExpr(
+    //       BoolAND,
+    //       BinaryExpr(BoolAND, a, b),
+    //       BinaryExpr(BoolOR, c, d)
+    //     )  if {
+    //       //val simpeda = BinaryExpr(BoolAND, BinaryExpr(BoolOR, a, c), BinaryExpr(BoolOR, a, d))
+    //       //val simpedb = BinaryExpr(BoolAND, BinaryExpr(BoolOR, b, c), BinaryExpr(BoolOR, b, d))
+    //       //val s = BinaryExpr(BoolAND, simpeda, simpedb)
+    //       //val r = simplifyCond(s)
+    //       true
+    //     } => {
+    //       trace = true
+    //       val simpeda = (BinaryExpr(BoolAND, (BinaryExpr(BoolAND, c, a)), (BinaryExpr(BoolAND, c, b))))
+    //       val simpedb = (BinaryExpr(BoolAND, (BinaryExpr(BoolAND, d, a)), (BinaryExpr(BoolAND, d, b))))
+    //       val s = simplifyCond(BinaryExpr(BoolOR, simpeda, simpedb))
+    //       val nr =  logSimp(e, s)
+    //       trace = false
+    //       nr
+    //     }
 
     case BinaryExpr(
           BoolOR,
@@ -782,17 +751,9 @@ def simplifyCmpInequalities(e: Expr): (Expr, Boolean) = {
               case _                                                              => false
             }
           } => {
-      logSimp(
-        e,
-        BinaryExpr(
-          BoolAND,
-          simplifyCond(BinaryExpr(BoolOR, l, d)),
-          simplifyCond(BinaryExpr(BoolOR, r, d))
-        )
-      )
+      logSimp(e, BinaryExpr(BoolAND, simplifyCond(BinaryExpr(BoolOR, l, d)), simplifyCond(BinaryExpr(BoolOR, r, d))))
     }
 
-
     case BinaryExpr(
           BoolAND,
           BinaryExpr(op, lhs, rhs),
@@ -874,26 +835,11 @@ def isIneq(b: BinOp) = {
   ineqToStrict.contains(b) || strictIneq.contains(b)
 }
 
-val ineqToStrict = Map[BinOp, BinOp](
-  BVSGE -> BVSGT,
-  BVUGE -> BVUGT,
-  BVSLE -> BVSLT,
-  BVULE -> BVULT
-)
+val ineqToStrict = Map[BinOp, BinOp](BVSGE -> BVSGT, BVUGE -> BVUGT, BVSLE -> BVSLT, BVULE -> BVULT)
 
-val strictToNonStrict = Map[BinOp, BinOp](
-  BVSGT -> BVSGE,
-  BVUGT -> BVUGE,
-  BVSLT -> BVSLE,
-  BVULT -> BVULE
-)
+val strictToNonStrict = Map[BinOp, BinOp](BVSGT -> BVSGE, BVUGT -> BVUGE, BVSLT -> BVSLE, BVULT -> BVULE)
 
-val strictIneq = Set[BinOp](
-  BVSGT,
-  BVUGT,
-  BVSLT,
-  BVULT
-)
+val strictIneq = Set[BinOp](BVSGT, BVUGT, BVSLT, BVULT)
 
 def cleanupExtends(e: Expr): (Expr, Boolean) = {
   // this 'de-canonicalises' to some extent, but makes the resulting program simpler, so we perform as a post pass
@@ -1132,9 +1078,6 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case UnaryExpr(BoolNOT, BinaryExpr(BoolOR, a, b)) =>
       logSimp(e, BinaryExpr(BoolAND, UnaryExpr(BoolNOT, a), UnaryExpr(BoolNOT, b)))
 
-    // inequality negation
-    case BinaryExpr(BVCOMP, body @ BinaryExpr(BVCOMP, _, _), BitVecLiteral(0, 1)) =>
-      logSimp(e, UnaryExpr(BVNOT, (body)))
     case UnaryExpr(BoolNOT, BinaryExpr(BVSLT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSGE, lhs, rhs))
     case UnaryExpr(BoolNOT, BinaryExpr(BVSGT, lhs, rhs)) => logSimp(e, BinaryExpr(BVSLE, lhs, rhs))
     case UnaryExpr(BoolNOT, BinaryExpr(BVULT, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGE, lhs, rhs))
@@ -1144,7 +1087,6 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
     case UnaryExpr(BoolNOT, BinaryExpr(BVULE, lhs, rhs)) => logSimp(e, BinaryExpr(BVUGT, lhs, rhs))
     case UnaryExpr(BoolNOT, BinaryExpr(BVUGE, lhs, rhs)) => logSimp(e, BinaryExpr(BVULT, lhs, rhs))
 
-
     case r => {
       didAnything = false
       r
diff --git a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
index 6250327dc..405d2f6b0 100644
--- a/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
+++ b/src/main/scala/ir/invariant/BlocksUniqueToProcedure.scala
@@ -30,19 +30,18 @@ private class BVis extends CILVisitor {
   override def vjump(j: Jump) = {
     j match {
       case g @ GoTo(targets, _) if !(targets.forall(t => t.parent == proc)) => gotoViolations.add(g)
-      case _ => ()
+      case _                                                                => ()
     }
 
     SkipChildren()
   }
 }
 
-
-def blockUniqueLabels(p: Program) : Boolean = {
+def blockUniqueLabels(p: Program): Boolean = {
   p.procedures.forall(blockUniqueLabels)
 }
 
-def blockUniqueLabels(p: Procedure) : Boolean = {
+def blockUniqueLabels(p: Procedure): Boolean = {
   val blockNames = mutable.Set[String]()
   var passed = true
 
@@ -56,8 +55,7 @@ def blockUniqueLabels(p: Procedure) : Boolean = {
   passed
 }
 
-
-def blocksUniqueToEachProcedure(p: Program) : Boolean = {
+def blocksUniqueToEachProcedure(p: Program): Boolean = {
   val v = BVis()
   visit_prog(v, p)
   for (g <- v.gotoViolations) {
diff --git a/src/main/scala/ir/invariant/CFGCorrect.scala b/src/main/scala/ir/invariant/CFGCorrect.scala
index caf61a677..0e0028fea 100644
--- a/src/main/scala/ir/invariant/CFGCorrect.scala
+++ b/src/main/scala/ir/invariant/CFGCorrect.scala
@@ -4,17 +4,16 @@ import ir.cilvisitor.*
 import util.Logger
 import scala.collection.mutable
 
-
 def cfgCorrect(p: Program | Procedure) = {
 
-  val forwardsInter = p.collect {
-    case d @ DirectCall(tgt, _ , _, _) => (d.parent.parent, tgt)
+  val forwardsInter = p.collect { case d @ DirectCall(tgt, _, _, _) =>
+    (d.parent.parent, tgt)
   }
   val revForwardsInter = forwardsInter.groupBy(_._2).map((dest, origs) => (dest, origs.map(_._1).toSet)).toMap
   val forwardsInterMap = forwardsInter.groupBy(_._1).map((orig, dests) => (orig, dests.map(_._2).toSet)).toMap
 
-  val forwardsIntra = p.collect {
-    case g @ GoTo(targets, _) => targets.map((t: Block) => (g.parent, t))
+  val forwardsIntra = p.collect { case g @ GoTo(targets, _) =>
+    targets.map((t: Block) => (g.parent, t))
   }.flatten
 
   val revForwardsIntra = forwardsIntra.groupBy(_._2).map((dest, origs) => (dest, origs.map(_._1).toSet)).toMap
@@ -23,13 +22,15 @@ def cfgCorrect(p: Program | Procedure) = {
   p.forall {
     case b: Block => {
       val backwards = (b.prevBlocks.toSet == revForwardsIntra.get(b).getOrElse(Set()))
-      val forwards = b.nextBlocks.toSet == forwardsIntraMap.get(b).getOrElse(Set()) 
+      val forwards = b.nextBlocks.toSet == forwardsIntraMap.get(b).getOrElse(Set())
       val c = forwards && backwards
       if (!forwards) {
-        Logger.error(s"Forwards block cfg does not match : ${b.nextBlocks.toSet.map(_.label)} == ${forwardsIntraMap.get(b).getOrElse(Set()).map(_.label)}")
+        Logger.error(s"Forwards block cfg does not match : ${b.nextBlocks.toSet
+          .map(_.label)} == ${forwardsIntraMap.get(b).getOrElse(Set()).map(_.label)}")
       }
       if (!backwards) {
-        Logger.error(s"Backward block cfg does not match : ${b.prevBlocks.toSet.map(_.label)} == ${revForwardsIntra.get(b).getOrElse(Set()).map(_.label)}")
+        Logger.error(s"Backward block cfg does not match : ${b.prevBlocks.toSet
+          .map(_.label)} == ${revForwardsIntra.get(b).getOrElse(Set()).map(_.label)}")
       }
       c
     }
@@ -39,12 +40,16 @@ def cfgCorrect(p: Program | Procedure) = {
       val bactual = p.callers().toSet
       val bexpected = revForwardsInter.get(p).getOrElse(Set()).toSet
       if (factual != fexpected) {
-        Logger.error(s"${p.name} forwards proc cfg does not match : ${factual.map(_.name)} == ${fexpected.map(_.name)} ")
+        Logger.error(
+          s"${p.name} forwards proc cfg does not match : ${factual.map(_.name)} == ${fexpected.map(_.name)} "
+        )
       }
       if (bactual != bexpected) {
         Logger.error(p.incomingCalls().map(_.parent).toList.toString)
         Logger.error(p.incomingCalls().map(_.parent.parent).toList.toString)
-        Logger.error(s"${p.name} backward proc cfg does not match : ${bactual.map(_.name)} == ${bexpected.map(_.name)} ")
+        Logger.error(
+          s"${p.name} backward proc cfg does not match : ${bactual.map(_.name)} == ${bexpected.map(_.name)} "
+        )
       }
 
       factual == fexpected && bactual == bexpected
@@ -52,6 +57,4 @@ def cfgCorrect(p: Program | Procedure) = {
     case _ => true
   }
 
-
-
 }
diff --git a/src/main/scala/ir/invariant/CorrectCallParams.scala b/src/main/scala/ir/invariant/CorrectCallParams.scala
index d5a934340..1bfee84f1 100644
--- a/src/main/scala/ir/invariant/CorrectCallParams.scala
+++ b/src/main/scala/ir/invariant/CorrectCallParams.scala
@@ -2,48 +2,55 @@ package ir.invariant
 import ir.*
 import util.Logger
 
-
 /*
  * DirectCalls are provided actual and return parameters matchign their target's parameters
  */
 
-
-def correctCalls(p: Program) : Boolean = {
+def correctCalls(p: Program): Boolean = {
   p.forall {
     case c: DirectCall => {
       val t = c.target
-      val inparams = (c.actualParams.keySet == t.formalInParam) 
-      val outparams = (c.outParams.keySet == t.formalOutParam) 
-      val typecheck = c.actualParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k,v) => k.getType == v.getType)
+      val inparams = (c.actualParams.keySet == t.formalInParam)
+      val outparams = (c.outParams.keySet == t.formalOutParam)
+      val typecheck =
+        c.actualParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k, v) => k.getType == v.getType)
       val r = inparams && outparams && typecheck
       if (!inparams) {
-        Logger.error(s"call in arguments don't match formal params: ${c.target.name}(${c.actualParams}) != ${c.target.formalInParam}")
+        Logger.error(
+          s"call in arguments don't match formal params: ${c.target.name}(${c.actualParams}) != ${c.target.formalInParam}"
+        )
       }
       if (!outparams) {
-        Logger.error(s"call return lvalue doesnt match out params: ${c.outParams} := ${c.target.name}() = ${c.target.formalOutParam}")
+        Logger.error(
+          s"call return lvalue doesnt match out params: ${c.outParams} := ${c.target.name}() = ${c.target.formalOutParam}"
+        )
       }
       if (!typecheck) {
         val inp = c.actualParams.collect {
-          case (k,v) if k.getType != v.getType => s"$k := $v"
+          case (k, v) if k.getType != v.getType => s"$k := $v"
         }
         val out = c.outParams.collect {
-          case (k,v) if k.getType != v.getType => s"$v := $k"
+          case (k, v) if k.getType != v.getType => s"$v := $k"
         }
-        Logger.error(s"Call $c doesn't typecheck${if inp.nonEmpty then " in : " else ""}${inp.mkString(" ")}${if out.nonEmpty then " out : " else ""}${out.mkString(" ")}")
+        Logger.error(s"Call $c doesn't typecheck${if inp.nonEmpty then " in : " else ""}${inp
+          .mkString(" ")}${if out.nonEmpty then " out : " else ""}${out.mkString(" ")}")
       }
 
       r
     }
     case c: Return => {
       val t = c.parent.parent
-      val outparams = (c.outParams.keySet == t.formalOutParam) 
-      val typecheck = c.outParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k,v) => k.getType == v.getType)
+      val outparams = (c.outParams.keySet == t.formalOutParam)
+      val typecheck =
+        c.outParams.forall((k, v) => k.getType == v.getType) && c.outParams.forall((k, v) => k.getType == v.getType)
       if (!outparams) {
-        Logger.error(s"Return formal out params do  do not match procedure formal out params: ${c.outParams} != ${t.formalOutParam}")
+        Logger.error(
+          s"Return formal out params do  do not match procedure formal out params: ${c.outParams} != ${t.formalOutParam}"
+        )
       }
       if (!typecheck) {
         val out = c.outParams.collect {
-          case (k,v) if k.getType != v.getType => s"$k := $v"
+          case (k, v) if k.getType != v.getType => s"$k := $v"
         }
         Logger.error(s"doesn't typecheck:$c  \n${if out.nonEmpty then " out : " else ""}${out.mkString(" ")}")
       }
@@ -52,5 +59,3 @@ def correctCalls(p: Program) : Boolean = {
     case _ => true
   }
 }
-
-
diff --git a/src/main/scala/ir/invariant/SingleCallBlockEnd.scala b/src/main/scala/ir/invariant/SingleCallBlockEnd.scala
index 52e6e6ac9..1215fde19 100644
--- a/src/main/scala/ir/invariant/SingleCallBlockEnd.scala
+++ b/src/main/scala/ir/invariant/SingleCallBlockEnd.scala
@@ -1,12 +1,11 @@
 package ir.invariant
 import ir.*
 
-
-def singleCallBlockEnd(p: Program) : Boolean = {
+def singleCallBlockEnd(p: Program): Boolean = {
   p.forall {
     case b: Block => {
-      val calls = (b.statements.collect {
-        case c: Call => b.statements.lastOption.contains(c)
+      val calls = (b.statements.collect { case c: Call =>
+        b.statements.lastOption.contains(c)
       })
       (calls.size <= 1) && calls.headOption.getOrElse(true)
     }
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index 9f33ac2d9..05678feaa 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -16,19 +16,19 @@ val phiAssignLabel = Some("phi")
   */
 
 class OnePassDSA(
-    /** Check our (faster) live var result against the TIP sovler solution
-      */
+  /** Check our (faster) live var result against the TIP sovler solution
+    */
 ) {
 
   val liveVarsDom = transforms.IntraLiveVarsDomain()
   val liveVarsSolver = transforms.worklistSolver(liveVarsDom)
 
   case class BlockState(
-      renamesBefore: mutable.Map[Variable, Int] = mutable.Map[Variable, Int](),
-      renamesAfter: mutable.Map[Variable, Int] = mutable.Map[Variable, Int](),
-      var filled: Boolean = false, /* have given local value numbering */
-      var completed: Boolean = false, /* have filled and processed all incoming */
-      var isPhi: Boolean = false /* begins filled */
+    renamesBefore: mutable.Map[Variable, Int] = mutable.Map[Variable, Int](),
+    renamesAfter: mutable.Map[Variable, Int] = mutable.Map[Variable, Int](),
+    var filled: Boolean = false, /* have given local value numbering */
+    var completed: Boolean = false, /* have filled and processed all incoming */
+    var isPhi: Boolean = false /* begins filled */
   )
 
   def renameLHS(c: Command, variable: Variable, index: Int) = {
@@ -63,9 +63,9 @@ class OnePassDSA(
   }
 
   def localProcessBlock(
-      state: mutable.Map[Block, BlockState],
-      count: mutable.Map[Variable, Int],
-      block: Block
+    state: mutable.Map[Block, BlockState],
+    count: mutable.Map[Variable, Int],
+    block: Block
   ): Unit = {
     def st(b: Block) = withDefault(state)(b)
 
@@ -114,10 +114,10 @@ class OnePassDSA(
   }
 
   def fixPredecessors(
-      _st: mutable.Map[Block, BlockState],
-      count: mutable.Map[Variable, Int],
-      liveBefore: mutable.Map[Block, Set[Variable]],
-      block: Block
+    _st: mutable.Map[Block, BlockState],
+    count: mutable.Map[Variable, Int],
+    liveBefore: mutable.Map[Block, Set[Variable]],
+    block: Block
   ) = {
     def state(b: Block) = withDefault(_st)(b)
 
@@ -182,11 +182,11 @@ class OnePassDSA(
   }
 
   def fixSuccessors(
-      _st: mutable.Map[Block, BlockState],
-      count: mutable.Map[Variable, Int],
-      liveBefore: mutable.Map[Block, Set[Variable]],
-      liveAfter: mutable.Map[Block, Set[Variable]],
-      block: Block
+    _st: mutable.Map[Block, BlockState],
+    count: mutable.Map[Variable, Int],
+    liveBefore: mutable.Map[Block, Set[Variable]],
+    liveAfter: mutable.Map[Block, Set[Variable]],
+    block: Block
   ) = {
     def state(b: Block) = withDefault(_st)(b)
 
@@ -226,11 +226,11 @@ class OnePassDSA(
   }
 
   def visitBlock(
-      _st: mutable.Map[Block, BlockState],
-      count: mutable.Map[Variable, Int],
-      liveBefore: mutable.Map[Block, Set[Variable]],
-      liveAfter: mutable.Map[Block, Set[Variable]],
-      block: Block
+    _st: mutable.Map[Block, BlockState],
+    count: mutable.Map[Variable, Int],
+    liveBefore: mutable.Map[Block, Set[Variable]],
+    liveAfter: mutable.Map[Block, Set[Variable]],
+    block: Block
   ) = {
 
     /** VisitBlock:
@@ -342,8 +342,8 @@ def rdDSAProperty(p: Procedure): Boolean = {
   val defs: Map[Variable, Set[Assign]] = p
     .flatMap {
       case a: SingleAssign => Seq((a.lhs, (a: Assign)))
-      case a: DirectCall => a.outParams.map(_._2).map((l: Variable) => (l, (a: Assign))).toSeq
-      case _             => Seq()
+      case a: DirectCall   => a.outParams.map(_._2).map((l: Variable) => (l, (a: Assign))).toSeq
+      case _               => Seq()
     }
     .groupBy(_._1)
     .map((v, vs) => (v, vs.map(_._2).toSet))
@@ -352,10 +352,8 @@ def rdDSAProperty(p: Procedure): Boolean = {
   val reachingDefs = basicReachingDefs(p)
   Logger.debug(s"Reaching defs ${p.name} DONE")
 
-  class CheckDSAProperty(
-      defs: Map[Variable, Set[Assign]],
-      reaching: Map[Command, Map[Variable, Set[Assign]]]
-  ) extends CILVisitor {
+  class CheckDSAProperty(defs: Map[Variable, Set[Assign]], reaching: Map[Command, Map[Variable, Set[Assign]]])
+      extends CILVisitor {
     var passed = true
     var stmt: Command = null
     val violations = mutable.HashSet[(Command, Variable)]()
@@ -420,8 +418,8 @@ object DSAPropCheck {
 
   def getDefinitions(s: CFGPosition): Set[Variable] = {
     s match {
-      case a: Assign      => a.assignees
-      case _              => Set()
+      case a: Assign => a.assignees
+      case _         => Set()
     }
   }
 
diff --git a/src/main/scala/ir/transforms/IndirectCallResolution.scala b/src/main/scala/ir/transforms/IndirectCallResolution.scala
index cbd3a4c57..7060120b8 100644
--- a/src/main/scala/ir/transforms/IndirectCallResolution.scala
+++ b/src/main/scala/ir/transforms/IndirectCallResolution.scala
@@ -3,12 +3,23 @@ package ir.transforms
 import scala.collection.mutable
 import scala.collection.mutable.{ArrayBuffer, ListBuffer}
 
-import analysis.{AddressValue, DataRegion, Lift, LiftedElement, LiteralValue, MemoryModelMap, MemoryRegion, RegisterWrapperEqualSets, StackRegion, Value, getUse}
+import analysis.{
+  AddressValue,
+  DataRegion,
+  Lift,
+  LiftedElement,
+  LiteralValue,
+  MemoryModelMap,
+  MemoryRegion,
+  RegisterWrapperEqualSets,
+  StackRegion,
+  Value,
+  getUse
+}
 import ir.*
 import util.Logger
 import cilvisitor.*
 
-
 class SteensgaardIndirectCallResolution(
   override val program: Program,
   val pointsTos: Map[RegisterWrapperEqualSets | MemoryRegion, Set[RegisterWrapperEqualSets | MemoryRegion]],
@@ -25,7 +36,9 @@ class SteensgaardIndirectCallResolution(
                 case memoryRegion: MemoryRegion =>
                   searchRegion(memoryRegion)
                 case registerWrapperEqualSets: RegisterWrapperEqualSets =>
-                  throw Exception(s"possibly recursive points-to relation? should I handle this? $registerWrapperEqualSets")
+                  throw Exception(
+                    s"possibly recursive points-to relation? should I handle this? $registerWrapperEqualSets"
+                  )
               }
             case memoryRegion: MemoryRegion =>
               //searchRegion(memoryRegion)
@@ -44,7 +57,9 @@ class SteensgaardIndirectCallResolution(
                 case memoryRegion: MemoryRegion =>
                   searchRegion(memoryRegion)
                 case registerWrapperEqualSets: RegisterWrapperEqualSets =>
-                  throw Exception(s"possibly recursive points-to relation? should I handle this? $registerWrapperEqualSets")
+                  throw Exception(
+                    s"possibly recursive points-to relation? should I handle this? $registerWrapperEqualSets"
+                  )
               }
             case memoryRegion: MemoryRegion =>
               //searchRegion(memoryRegion))
@@ -61,7 +76,7 @@ class SteensgaardIndirectCallResolution(
       case Some(values) =>
         values.flatMap {
           case v: RegisterWrapperEqualSets => resolveAddresses(v.variable, i)
-          case m: MemoryRegion            => searchRegion(m)
+          case m: MemoryRegion             => searchRegion(m)
         }
       case None => Set()
     }
@@ -77,14 +92,15 @@ class VSAIndirectCallResolution(
 
   private def searchRegion(memoryRegion: MemoryRegion, n: CFGPosition): Set[String] = {
     val names = vsaResult.get(n) match {
-      case Some(Lift(el)) => el.get(memoryRegion) match {
-        case Some(values) =>
-          values.flatMap {
-            case addressValue: AddressValue => searchRegion(addressValue.region, n)
-            case _ => Set()
-          }
-        case _ => Set()
-      }
+      case Some(Lift(el)) =>
+        el.get(memoryRegion) match {
+          case Some(values) =>
+            values.flatMap {
+              case addressValue: AddressValue => searchRegion(addressValue.region, n)
+              case _                          => Set()
+            }
+          case _ => Set()
+        }
       case _ => Set()
     }
     memoryRegion match {
@@ -99,14 +115,15 @@ class VSAIndirectCallResolution(
 
   override def resolveAddresses(variable: Variable, i: IndirectCall): Set[String] = {
     vsaResult.get(i) match {
-      case Some(Lift(el)) => el.get(variable) match {
-        case Some(values) =>
-          values.flatMap {
-            case addressValue: AddressValue => searchRegion(addressValue.region, i)
-            case _: LiteralValue => Set()
-          }
-        case _ => Set()
-      }
+      case Some(Lift(el)) =>
+        el.get(variable) match {
+          case Some(values) =>
+            values.flatMap {
+              case addressValue: AddressValue => searchRegion(addressValue.region, i)
+              case _: LiteralValue            => Set()
+            }
+          case _ => Set()
+        }
       case _ => Set()
     }
   }
@@ -173,9 +190,9 @@ trait IndirectCallResolution {
 
           /* copy the goto node resulting */
           val fallthrough = oft match {
-            case g: GoTo => GoTo(g.targets, g.label)
+            case g: GoTo        => GoTo(g.targets, g.label)
             case _: Unreachable => Unreachable()
-            case _: Return => Return()
+            case _: Return      => Return()
           }
           newBlocks.append(Block(newLabel, None, ArrayBuffer(assume, directCall), fallthrough))
         }
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index f0db75e9b..bb76765ed 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -8,32 +8,36 @@ import specification.Specification
 import analysis.{TwoElement, TwoElementTop, TwoElementBottom}
 import ir.CallGraph
 
-case class FunSig(inArgs: List[Register], outArgs: List[Register]) 
+case class FunSig(inArgs: List[Register], outArgs: List[Register])
 
 def R(n: Int) = {
   Register(s"R$n", 64)
 }
 
-val builtinSigs : Map[String, FunSig] = Map(
+val builtinSigs: Map[String, FunSig] = Map(
   "#free" -> FunSig(List(R(0)), List(R(0))),
   "malloc" -> FunSig(List(R(0)), List(R(0))),
   "strlen" -> FunSig(List(R(0)), List(R(0))),
   "strchr" -> FunSig(List(R(0), R(1)), List(R(0))),
   "strlcpy" -> FunSig(List(R(0), R(1), R(2)), List(R(0))),
   "strlcat" -> FunSig(List(R(0), R(1), R(2)), List(R(0)))
-  )
+)
 
-def fnsigToBinding(f: FunSig) = (f.inArgs.map(a => LocalVar(a.name + "_in", a.getType) -> LocalVar(a.name, a.getType)), 
-  f.outArgs.map(a => LocalVar(a.name + "_out", a.getType) -> LocalVar(a.name, a.getType)))
+def fnsigToBinding(f: FunSig) = (
+  f.inArgs.map(a => LocalVar(a.name + "_in", a.getType) -> LocalVar(a.name, a.getType)),
+  f.outArgs.map(a => LocalVar(a.name + "_out", a.getType) -> LocalVar(a.name, a.getType))
+)
 
 def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
 
-  val liveVars  =
-  if (ctx.program.mainProcedure.blocks.nonEmpty && ctx.program.mainProcedure.returnBlock.isDefined && ctx.program.mainProcedure.entryBlock.isDefined) {
-    analysis.InterLiveVarsAnalysis(ctx.program).analyze()
-  } else {
-    Map.empty
-  }
+  val liveVars =
+    if (
+      ctx.program.mainProcedure.blocks.nonEmpty && ctx.program.mainProcedure.returnBlock.isDefined && ctx.program.mainProcedure.entryBlock.isDefined
+    ) {
+      analysis.InterLiveVarsAnalysis(ctx.program).analyze()
+    } else {
+      Map.empty
+    }
 
   val params = inOutParams(ctx.program, liveVars)
 
@@ -78,7 +82,7 @@ def clearParams(p: Program) = {
 def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
   val lvars = p.blocks.toSet.flatMap(_.statements.flatMap(s => {
     s match {
-      case LocalAssign(l, _, _)        => Set(l)
+      case LocalAssign(l, _, _)   => Set(l)
       case DirectCall(t, o, _, _) => o.toSet.map(_._2)
       case _                      => Set()
     }
@@ -90,14 +94,14 @@ def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
     .flatten
   val rvars = p.blocks.toSet.flatMap(_.statements.flatMap(s => {
     s match {
-      case LocalAssign(l, r, _)                => r.variables
-      case Assume(l, _, _, _)             => l.variables
-      case Assert(l, _, _)                => l.variables
-      case MemoryStore(m, i, v, _, _, _) => i.variables ++ v.variables
+      case LocalAssign(l, r, _)                           => r.variables
+      case Assume(l, _, _, _)                             => l.variables
+      case Assert(l, _, _)                                => l.variables
+      case MemoryStore(m, i, v, _, _, _)                  => i.variables ++ v.variables
       case MemoryLoad(lhs, m, index, endian, size, label) => index.variables ++ Seq(lhs)
-      case IndirectCall(l, _)             => Set(l)
-      case DirectCall(t, o, l, _)         => l.toSet.flatMap(_._2.variables)
-      case _                              => Set()
+      case IndirectCall(l, _)                             => Set(l)
+      case DirectCall(t, o, l, _)                         => l.toSet.flatMap(_._2.variables)
+      case _                                              => Set()
     }
   }))
 
@@ -105,8 +109,8 @@ def collectVariables(p: Procedure): (Set[Variable], Set[Variable]) = {
 }
 
 class SetFormalParams(
-    val inoutparams: Map[Procedure, (Set[Variable], Set[Variable])],
-    val externalFunctions: Set[String]
+  val inoutparams: Map[Procedure, (Set[Variable], Set[Variable])],
+  val externalFunctions: Set[String]
 ) extends CILVisitor {
   // expects programs to be in single return form
 
@@ -123,8 +127,6 @@ class SetFormalParams(
   override def vproc(p: Procedure) = {
     if (externalFunctions.contains(p.name)) {
 
-
-
       p.formalInParam = mutable.SortedSet.from(externalIn.map(_._1))
       p.formalOutParam = mutable.SortedSet.from(externalOut.map(_._1))
       p.inParamDefaultBinding = immutable.SortedMap.from(externalIn)
@@ -246,8 +248,8 @@ object ReadWriteAnalysis {
 }
 
 def inOutParams(
-    p: Program,
-    interLiveVarsResults: Map[CFGPosition, Map[Variable, TwoElement]]
+  p: Program,
+  interLiveVarsResults: Map[CFGPosition, Map[Variable, TwoElement]]
 ): Map[Procedure, (Set[Variable], Set[Variable])] = {
   val overapprox = ((0 to 31).toSet -- (19 to 28).toSet).map(i => Register(s"R${i}", 64)).toSet[Variable]
   // in: live at entry & in procedure read set
@@ -261,7 +263,7 @@ def inOutParams(
     p -> p.returnBlock.getOrElse(p)
   }.toMap
 
-  val lives : Map[Procedure, (Set[Variable], Set[Variable])] = p.procedures
+  val lives: Map[Procedure, (Set[Variable], Set[Variable])] = p.procedures
     .map(p => {
       val in = (interLiveVarsResults.get(p))
       val out = (interLiveVarsResults.get(procEnd(p)))
@@ -295,9 +297,9 @@ def inOutParams(
 }
 
 class SetActualParams(
-    val inBinding: Map[Procedure, Map[LocalVar, Variable]],
-    val outBinding: Map[Procedure, Map[LocalVar, Variable]],
-    val externalFunctions: Set[String]
+  val inBinding: Map[Procedure, Map[LocalVar, Variable]],
+  val outBinding: Map[Procedure, Map[LocalVar, Variable]],
+  val externalFunctions: Set[String]
 ) extends CILVisitor {
   // expects programs to be in single return form
   var currStmt: Option[Statement] = None
@@ -311,7 +313,9 @@ class SetActualParams(
 
   override def vproc(p: Procedure) = {
     val incoming =
-      p.formalInParam.toList.flatMap(param => inBinding.get(p).flatMap(_.get(param)).map(p => LocalAssign(p, param)).toList)
+      p.formalInParam.toList.flatMap(param =>
+        inBinding.get(p).flatMap(_.get(param)).map(p => LocalAssign(p, param)).toList
+      )
     p.entryBlock.foreach(b => b.statements.prependAll(incoming))
     DoChildren()
   }
@@ -361,9 +365,9 @@ class SetActualParams(
 }
 
 def specToProcForm(
-    spec: Specification,
-    mappingInparam: Map[Procedure, Map[LocalVar, Variable]],
-    mappingOutparam: Map[Procedure, Map[LocalVar, Variable]]
+  spec: Specification,
+  mappingInparam: Map[Procedure, Map[LocalVar, Variable]],
+  mappingOutparam: Map[Procedure, Map[LocalVar, Variable]]
 ): Specification = {
   import boogie.*
 
@@ -374,7 +378,7 @@ def specToProcForm(
   val varToOutVar: Map[String, Map[String, String]] = mappingOutparam.map(p => (p._1.procName -> toNameMapping(p._2)))
 
   def convVarToOld(varInPre: Map[String, String], varInPost: Map[String, String], isPost: Boolean = false)(
-      b: BExpr
+    b: BExpr
   ): BExpr = {
     val varToOld = convVarToOld(varInPre, varInPost, isPost)
     b match {
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index 392b8c27e..79aafc9ff 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -4,11 +4,10 @@ import util.Logger
 import ir.cilvisitor.*
 import ir.*
 
-
 class ReplaceReturns extends CILVisitor {
-  /**
-   * Assumes IR with 1 call per block which appears as the last statement.
-   */
+
+  /** Assumes IR with 1 call per block which appears as the last statement.
+    */
   override def vstmt(j: Statement): VisitAction[List[Statement]] = {
     j match {
       case IndirectCall(Register("R30", _), _) => {
@@ -27,29 +26,27 @@ class ReplaceReturns extends CILVisitor {
   override def vjump(j: Jump) = SkipChildren()
 }
 
-
 def addReturnBlocks(p: Program, toAll: Boolean = false) = {
   p.procedures.foreach(p => {
     val containsReturn = p.blocks.map(_.jump).find(_.isInstanceOf[Return]).isDefined
     if (toAll && p.blocks.isEmpty && p.entryBlock.isEmpty && p.returnBlock.isEmpty) {
-      p.returnBlock = (Block(label=p.name + "_basil_return",jump=Return()))
-      p.entryBlock = (Block(label=p.name + "_basil_entry",jump=GoTo(p.returnBlock.get)))
+      p.returnBlock = (Block(label = p.name + "_basil_return", jump = Return()))
+      p.entryBlock = (Block(label = p.name + "_basil_entry", jump = GoTo(p.returnBlock.get)))
     } else if (p.returnBlock.isEmpty && (toAll || containsReturn)) {
-      p.returnBlock = p.addBlocks(Block(label=p.name + "_basil_return",jump=Return()))
+      p.returnBlock = p.addBlocks(Block(label = p.name + "_basil_return", jump = Return()))
     }
   })
 }
 
-
 class ConvertSingleReturn extends CILVisitor {
-  /**
-   * Assumes procedures have defined return blocks if they contain a return statement.
-   */
+
+  /** Assumes procedures have defined return blocks if they contain a return statement.
+    */
   override def vjump(j: Jump) = j match {
-    case r: Return if !(j.parent.parent.returnBlock.contains(j.parent)) => ChangeTo(GoTo(Seq(j.parent.parent.returnBlock.get)))
+    case r: Return if !(j.parent.parent.returnBlock.contains(j.parent)) =>
+      ChangeTo(GoTo(Seq(j.parent.parent.returnBlock.get)))
     case _ => SkipChildren()
   }
 
   override def vstmt(s: Statement) = SkipChildren()
 }
-
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 4225ba8bc..62deadab7 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -68,8 +68,7 @@ def basicReachingDefs(p: Procedure): Map[Command, Map[Variable, Set[Assign | Dir
 case class DefUse(defined: Map[Variable, Assign])
 
 // map v -> definitions reached here
-class DefUseDomain(liveBefore: Map[Block, Set[Variable]])
-    extends AbstractDomain[Map[Variable, Set[Assign]]] {
+class DefUseDomain(liveBefore: Map[Block, Set[Variable]]) extends AbstractDomain[Map[Variable, Set[Assign]]] {
 
   override def transfer(s: Map[Variable, Set[Assign]], b: Command) = {
     b match {
@@ -117,6 +116,8 @@ def removeSlices(p: Program): Unit = {
   p.procedures.foreach(removeSlices)
 }
 
+case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
+
 def removeSlices(p: Procedure): Unit = {
 
   /** if for each variable v there is some i:int such that (i) all its assignments have a ZeroExtend(i, x) and (ii) all
@@ -125,13 +126,13 @@ def removeSlices(p: Procedure): Unit = {
     * We check this flow-insensitively and recover precision using DSA form.
     */
   val assignments: Map[LocalVar, Iterable[Assign]] = p
-    .collect { 
+    .collect {
       case a: SingleAssign => Seq(a.lhs -> a)
-      case a: DirectCall => a.assignees.map(e => e -> a)
+      case a: DirectCall   => a.assignees.map(e => e -> a)
     }
     .flatten
     .groupBy(_._1)
-    .map((k,v) => (k, v.map(_._2).toSet))
+    .map((k, v) => (k, v.map(_._2).toSet))
     .collect { case (k: LocalVar, v) =>
       (k, v)
     }
@@ -145,7 +146,6 @@ def removeSlices(p: Procedure): Unit = {
       case _             => None
     }
   }
-  case class LVTerm(v: LocalVar) extends analysis.solvers.Var[LVTerm]
   // unify variable uses across direct assignments
   val ufsolver = analysis.solvers.UnionFindSolver[LVTerm]()
   val unioned = assignments.foreach {
@@ -154,11 +154,11 @@ def removeSlices(p: Procedure): Unit = {
   }
   val unifiedAssignments = ufsolver
     .unifications()
-    .map { 
+    .map {
       case (v @ LVTerm(_), rvs) =>
-        v.v -> (rvs.map { 
+        v.v -> (rvs.map {
           case LVTerm(rv) =>
-          rv
+            rv
           case _ => ??? /* unreachable */
         }).toSet
       case _ => ??? /* unreachable */
@@ -167,7 +167,7 @@ def removeSlices(p: Procedure): Unit = {
       repr -> elems.flatMap(assignments(_).filter(_ match {
         // filter out the direct assignments we used to build the unif class
         case LocalAssign(lhs: LocalVar, rhs: LocalVar, _) if elems.contains(lhs) && elems.contains(rhs) => false
-        case _                                                                                     => true
+        case _                                                                                          => true
       }))
     )
   // try and find a single extension size for all rhs of assignments to all variables in the assigned equality class
@@ -178,10 +178,10 @@ def removeSlices(p: Procedure): Unit = {
         case (HighZeroBits.Bot, LocalAssign(_, ZeroExtend(i, lhs), _))                   => HighZeroBits.Bits(i)
         case (b @ HighZeroBits.Bits(ei), LocalAssign(_, ZeroExtend(i, _), _)) if i == ei => b
         case (b @ HighZeroBits.Bits(ei), LocalAssign(_, ZeroExtend(i, _), _)) if i != ei => HighZeroBits.False
-        case (b @ HighZeroBits.Bits(ei), m: MemoryLoad)               => HighZeroBits.False
-        case (b @ HighZeroBits.Bits(ei), m: DirectCall)               => HighZeroBits.False
-        case (HighZeroBits.False, _)                                  => HighZeroBits.False
-        case (_, other)                                               => HighZeroBits.False
+        case (b @ HighZeroBits.Bits(ei), m: MemoryLoad)                                  => HighZeroBits.False
+        case (b @ HighZeroBits.Bits(ei), m: DirectCall)                                  => HighZeroBits.False
+        case (HighZeroBits.False, _)                                                     => HighZeroBits.False
+        case (_, other)                                                                  => HighZeroBits.False
       }
     )
     (v, allRHSExtended)
@@ -191,7 +191,7 @@ def removeSlices(p: Procedure): Unit = {
       // map all lhs to the result for their representative
       val rep = ufsolver.find(LVTerm(lhs)) match {
         case LVTerm(r) => r
-        case _ => ??? /* unreachable */
+        case _         => ??? /* unreachable */
       }
       lhs -> varHighZeroBits.get(rep)
     })
@@ -355,7 +355,7 @@ class CleanupAssignments() extends CILVisitor {
 
   override def vstmt(s: Statement) = s match {
     case a: LocalAssign if isRedundant(a) => ChangeTo(List())
-    case _                           => SkipChildren()
+    case _                                => SkipChildren()
   }
 
 }
@@ -558,9 +558,7 @@ enum CopyProp {
   case Clobbered
 }
 
-case class CCP(
-    val state: Map[Variable, CopyProp] = Map()
-)
+case class CCP(val state: Map[Variable, CopyProp] = Map())
 
 object CCP {
 
@@ -608,11 +606,11 @@ object CopyProp {
   }
 
   case class PropState(
-      var e: Expr,
-      val deps: mutable.Set[Variable],
-      var clobbered: Boolean,
-      var useCount: Int,
-      var isFlagDep: Boolean
+    var e: Expr,
+    val deps: mutable.Set[Variable],
+    var clobbered: Boolean,
+    var useCount: Int,
+    var isFlagDep: Boolean
   )
 
   def PropFlagCalculations(p: Procedure, initialState: Map[Variable, PropState]) = {
@@ -677,7 +675,6 @@ object CopyProp {
     }
   }
 
-
   def isTrivial(e: Expr): Boolean = e match {
     case l: Literal                              => true
     case l: Variable                             => true
@@ -814,7 +811,6 @@ object CopyProp {
 
 }
 
-
 class ExprComplexity extends CILVisitor {
   // count the nodes in the expression AST
   var count = 0
@@ -845,11 +841,8 @@ class ExprComplexity extends CILVisitor {
   * @complexityThreshold:
   *   Stop substituting after the AST node count has increased by this much
   */
-class Substitute(
-    val res: Variable => Option[Expr],
-    val recurse: Boolean = true,
-    val complexityThreshold: Int = 0
-) extends CILVisitor {
+class Substitute(val res: Variable => Option[Expr], val recurse: Boolean = true, val complexityThreshold: Int = 0)
+    extends CILVisitor {
   var madeAnyChange = false
   var complexity = 0
 
@@ -888,10 +881,7 @@ class Substitute(
 
 }
 
-class Simplify(
-    val res: Variable => Option[Expr],
-    val initialBlock: Block = null,
-) extends CILVisitor {
+class Simplify(val res: Variable => Option[Expr], val initialBlock: Block = null) extends CILVisitor {
 
   var madeAnyChange = false
   var block: Block = initialBlock
diff --git a/src/main/scala/ir/transforms/SplitThreads.scala b/src/main/scala/ir/transforms/SplitThreads.scala
index 8123c0ae1..f2595d863 100644
--- a/src/main/scala/ir/transforms/SplitThreads.scala
+++ b/src/main/scala/ir/transforms/SplitThreads.scala
@@ -5,12 +5,12 @@ import ir.*
 
 import scala.collection.mutable
 
+def splitThreads(
+  program: Program,
+  pointsTo: Map[RegisterWrapperEqualSets, Set[RegisterWrapperEqualSets | MemoryRegion]],
+  reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
+): Unit = {
 
-def splitThreads(program: Program,
-                 pointsTo: Map[RegisterWrapperEqualSets, Set[RegisterWrapperEqualSets | MemoryRegion]],
-                 reachingDefs: Map[CFGPosition, (Map[Variable, Set[Assign]], Map[Variable, Set[Assign]])]
-                ): Unit = {
-  
   // iterate over all commands - if call is to pthread_create, look up
   program.foreach {
     case d: DirectCall if d.target.name == "pthread_create" =>
@@ -31,7 +31,7 @@ def splitThreads(program: Program,
           case data: DataRegion =>
             val threadEntrance = program.procedures.find(_.name == data.regionIdentifier) match {
               case Some(proc) => proc
-              case None => throw Exception("could not find procedure with name " + data.regionIdentifier)
+              case None       => throw Exception("could not find procedure with name " + data.regionIdentifier)
             }
             val thread = ProgramThread(threadEntrance, mutable.LinkedHashSet(threadEntrance), Some(d))
             program.threads.addOne(thread)
diff --git a/src/main/scala/ir/transforms/StripUnreachableFunctions.scala b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
index ab6279406..f4a984c19 100644
--- a/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
+++ b/src/main/scala/ir/transforms/StripUnreachableFunctions.scala
@@ -30,7 +30,7 @@ def stripUnreachableFunctions(p: Program, depth: Int = Int.MaxValue): Unit = {
     }
   }
   assert(invariant.cfgCorrect(p))
-  val removed  = p.procedures.filterNot(f => reachableNames.keySet.contains(f)).toSet
+  val removed = p.procedures.filterNot(f => reachableNames.keySet.contains(f)).toSet
   // p.procedures = p.procedures.filter(f => reachableNames.keySet.contains(f.name))
   for (proc <- removed) {
     p.removeProcedure(proc)
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index ec5dcb8e1..45a8628c0 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -11,9 +11,9 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
 
   def vstmt(s: Statement): Repr[Statement] = {
     s match {
-      case a: LocalAssign       => vassign(vlvar(a.lhs), vexpr(a.rhs))
-      case m @ MemoryLoad(lhs, mem, index, endian, size, _) => vload(vlvar(lhs), mem.name, vexpr(index), endian, size)
-      case m: MemoryStore  => vstore(m.mem.name, vexpr(m.index), vexpr(m.value), m.endian, m.size)
+      case a: LocalAssign => vassign(vlvar(a.lhs), vexpr(a.rhs))
+      case m: MemoryLoad  => vload(vlvar(m.lhs), m.mem.name, vexpr(m.index), m.endian, m.size)
+      case m: MemoryStore => vstore(m.mem.name, vexpr(m.index), vexpr(m.value), m.endian, m.size)
       case c: DirectCall =>
         vcall(
           c.outParams.toList.map((l, r) => (l, vexpr(r))),
@@ -35,7 +35,6 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
     }
   }
 
-
   def vexpr(e: Expr): Repr[Expr] = {
     e match {
       case n: Literal                               => vliteral(n)
@@ -56,31 +55,36 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
     p.formalInParam.toList.map(vlvar),
     p.formalOutParam.toList.map(vlvar),
     p.entryBlock.map(vblock),
-    (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy( x => -x.rpoOrder).map(vblock),
+    (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy(x => -x.rpoOrder).map(vblock),
     p.returnBlock.map(vblock)
   )
 
-  def vblock(label: String, address:Option[BigInt], statements: List[Repr[Statement]], terminator: Repr[Jump]): Repr[Block]
+  def vblock(
+    label: String,
+    address: Option[BigInt],
+    statements: List[Repr[Statement]],
+    terminator: Repr[Jump]
+  ): Repr[Block]
 
-  def vprog(p: Program) : Repr[Program] = vprog(p.mainProcedure.name, p.procedures.toList.map(vproc))
-  def vprog(mainProc: String, procedures: List[Repr[Procedure]]) : Repr[Program]
+  def vprog(p: Program): Repr[Program] = vprog(p.mainProcedure.name, p.procedures.toList.map(vproc))
+  def vprog(mainProc: String, procedures: List[Repr[Procedure]]): Repr[Program]
 
   def vproc(
-      name: String,
-      inParams: List[Repr[Variable]],
-      outParams: List[Repr[Variable]],
-      entryBlock: Option[Repr[Block]],
-      middleBlocks: List[Repr[Block]],
-      returnBlock: Option[Repr[Block]]
+    name: String,
+    inParams: List[Repr[Variable]],
+    outParams: List[Repr[Variable]],
+    entryBlock: Option[Repr[Block]],
+    middleBlocks: List[Repr[Block]],
+    returnBlock: Option[Repr[Block]]
   ): Repr[Procedure]
 
   def vassign(lhs: Repr[Variable], rhs: Repr[Expr]): Repr[LocalAssign]
   def vload(lhs: Repr[Variable], mem: String, index: Repr[Expr], endian: Endian, size: Int): Repr[MemoryLoad]
   def vstore(mem: String, index: Repr[Expr], value: Repr[Expr], endian: Endian, size: Int): Repr[MemoryStore]
   def vcall(
-      outParams: List[(Variable, Repr[Expr])],
-      procname: String,
-      inparams: List[(Variable, Repr[Expr])]
+    outParams: List[(Variable, Repr[Expr])],
+    procname: String,
+    inparams: List[(Variable, Repr[Expr])]
   ): Repr[DirectCall]
   def vindirect(target: Repr[Variable]): Repr[IndirectCall]
   def vassert(body: Repr[Expr]): Repr[Assert]
@@ -102,7 +106,7 @@ trait BasilIRExp[Repr[+_]] {
   def vsignextend(bits: Int, b: Repr[Expr]): Repr[Expr]
   def vbinary_expr(e: BinOp, l: Repr[Expr], r: Repr[Expr]): Repr[Expr]
   def vunary_expr(e: UnOp, arg: Repr[Expr]): Repr[Expr]
-  def vliteral(l: Literal) : Repr[Literal] = {
+  def vliteral(l: Literal): Repr[Literal] = {
     l match {
       case TrueLiteral      => vboollit(true)
       case FalseLiteral     => vboollit(false)
@@ -126,11 +130,10 @@ trait BasilIRExpWithVis[Repr[+_]] extends BasilIRExp[Repr] {
   /** Performs some simple reductions to fit basil IR into SMT2.
     */
 
-
   def vexpr(e: Expr): Repr[Expr] = {
     e match {
-      case n: Literal => vliteral(n)
-      case Extract(ed, start, arg)                  => vextract(ed, start, vexpr(arg))
+      case n: Literal              => vliteral(n)
+      case Extract(ed, start, arg) => vextract(ed, start, vexpr(arg))
       case Repeat(repeats, arg) => {
         vexpr((0 until (repeats - 1)).foldLeft(arg)((acc, n) => BinaryExpr(BVCONCAT, acc, arg)))
       }
@@ -169,10 +172,10 @@ def sym[T](l: String): Sexp[T] = Sexp.Symb[T](l)
 def list[T](l: Sexp[T]*): Sexp[T] = Sexp.Slist(l.toList)
 
 object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
-  def vload(lhs: Sexp[Variable], mem: String, index: Sexp[Expr], endian: Endian, size: Int): Sexp[MemoryLoad] = ??? 
+  def vload(lhs: Sexp[Variable], mem: String, index: Sexp[Expr], endian: Endian, size: Int): Sexp[MemoryLoad] = ???
   def vstore(mem: String, index: Sexp[Expr], value: Sexp[Expr], endian: Endian, size: Int): Sexp[MemoryStore] = ???
 
-  def vprog(mainProc: String, procedures: List[Sexp[Procedure]]) : Sexp[Program] = ???
+  def vprog(mainProc: String, procedures: List[Sexp[Procedure]]): Sexp[Program] = ???
   def vrepeat(reps: Int, value: Sexp[Expr]): Sexp[Expr] = ???
   def vzeroextend(bits: Int, b: Sexp[Expr]): Sexp[Expr] = ???
   def vsignextend(bits: Int, b: Sexp[Expr]): Sexp[Expr] = ???
@@ -180,22 +183,21 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
   def vbvlit(b: BitVecLiteral): Sexp[BitVecLiteral] = ???
   def vintlit(b: BigInt): Sexp[IntLiteral] = ???
 
-  /**
-   * Immediately invoke z3 and block until it returns a result.
-   *
-   * Return Some(true) when proven, Some(false) when counterexample found, and None when unknown.
-   */
-  def proveExpr(e: Expr, softTimeoutMillis: Option[Int] = None) : Option[Boolean] = {
+  /** Immediately invoke z3 and block until it returns a result.
+    *
+    * Return Some(true) when proven, Some(false) when counterexample found, and None when unknown.
+    */
+  def proveExpr(e: Expr, softTimeoutMillis: Option[Int] = None): Option[Boolean] = {
     val query = exprUnsat(e, None, false)
     val res = util.z3.checkSATSMT2(query, softTimeoutMillis)
     res match {
-      case util.z3.SatResult.UNSAT => Some(true)
-      case util.z3.SatResult.SAT => Some(false)
+      case util.z3.SatResult.UNSAT      => Some(true)
+      case util.z3.SatResult.SAT        => Some(false)
       case util.z3.SatResult.Unknown(_) => None
     }
   }
 
-  def exprUnsat(e: Expr, name: Option[String] = None, getModel : Boolean = true): String = {
+  def exprUnsat(e: Expr, name: Option[String] = None, getModel: Boolean = true): String = {
     val assert = if (name.isDefined) {
       list(sym("assert"), list(sym("!"), BasilIRToSMT2.vexpr(e), sym(":named"), sym(name.get)))
     } else {
@@ -203,12 +205,10 @@ object BasilIRToSMT2 extends BasilIRExpWithVis[Sexp] {
     }
 
     val terms = list(sym("push")) :: BasilIRToSMT2.extractDecls(e)
-      ++ List(
-        assert,
-        list(sym("set-option"), sym(":smt.timeout"), sym("1")),
-        list(sym("check-sat"))
-      ) 
-      ++ (if (getModel) then List(list(sym("echo"), sym("\"" + name.getOrElse("") + "  ::  " + e + "\"")), list(sym("get-model"))) else List())
+      ++ List(assert, list(sym("set-option"), sym(":smt.timeout"), sym("1")), list(sym("check-sat")))
+      ++ (if (getModel) then
+            List(list(sym("echo"), sym("\"" + name.getOrElse("") + "  ::  " + e + "\"")), list(sym("get-model")))
+          else List())
       ++ List(list(sym("pop")))
 
     (terms.map(Sexp.print)).mkString("\n")
diff --git a/src/main/scala/util/Logging.scala b/src/main/scala/util/Logging.scala
index 161154f79..3333d28af 100644
--- a/src/main/scala/util/Logging.scala
+++ b/src/main/scala/util/Logging.scala
@@ -12,10 +12,10 @@ enum LogLevel(val id: Int):
   case OFF extends LogLevel(4)
 
 class GenericLogger(
-    val name : String,
-    val defaultLevel: LogLevel = LogLevel.INFO,
-    var output: PrintStream = System.out,
-    var ANSIColour: Boolean = true
+  val name: String,
+  val defaultLevel: LogLevel = LogLevel.INFO,
+  var output: PrintStream = System.out,
+  var ANSIColour: Boolean = true
 ) {
 
   val children: HashSet[GenericLogger] = HashSet()
@@ -36,7 +36,6 @@ class GenericLogger(
   def disableColour(setChildren: Boolean = false) = setColour(false, setChildren)
   def enableColour(setChildren: Boolean = false): Unit = setColour(true, setChildren)
 
-
   def deriveLogger(sname: String, stream: PrintStream): GenericLogger = {
     val l = GenericLogger(name + "." + sname, level, stream, ANSIColour)
     children.add(l)
@@ -81,20 +80,23 @@ class GenericLogger(
   }
 
   private def writeLog(
-      logLevel: LogLevel,
-      arg: Any,
-      line: sourcecode.Line,
-      file: sourcecode.FileName,
-      name: sourcecode.Name
+    logLevel: LogLevel,
+    arg: Any,
+    line: sourcecode.Line,
+    file: sourcecode.FileName,
+    name: sourcecode.Name
   ): Unit = {
 
     if (level.id <= logLevel.id) {
-      val colour = if (!ANSIColour) then "" else logLevel match
-        case DEBUG => AnsiColor.RESET
-        case INFO  => AnsiColor.GREEN
-        case WARN  => AnsiColor.YELLOW
-        case ERROR => AnsiColor.RED
-        case OFF   => ???
+      val colour =
+        if (!ANSIColour) then ""
+        else
+          logLevel match
+            case DEBUG => AnsiColor.RESET
+            case INFO  => AnsiColor.GREEN
+            case WARN  => AnsiColor.YELLOW
+            case ERROR => AnsiColor.RED
+            case OFF   => ???
 
       val showPosition = (logLevel, level) match
         case (_, DEBUG) => true
@@ -139,14 +141,14 @@ class GenericLogger(
     }
   }
 
-  def findLoggerByName(s: String) : Option[GenericLogger] = allLoggers.find(_.name == s)
+  def findLoggerByName(s: String): Option[GenericLogger] = allLoggers.find(_.name == s)
 
   def allLoggers: Iterable[GenericLogger] = {
     (for {
       c <- children
       cc <- c.allLoggers
-    } yield (cc)) 
-    ++ Seq(this)
+    } yield (cc))
+      ++ Seq(this)
   }
 
 }
@@ -154,8 +156,8 @@ class GenericLogger(
 // doesn't work with `mill run`
 def isAConsole = System.console() != null
 
-val Logger  = GenericLogger("log", LogLevel.DEBUG, System.out, isAConsole)
-val StaticAnalysisLogger  = Logger.deriveLogger("analysis", System.out)
+val Logger = GenericLogger("log", LogLevel.DEBUG, System.out, isAConsole)
+val StaticAnalysisLogger = Logger.deriveLogger("analysis", System.out)
 val SimplifyLogger = Logger.deriveLogger("simplify", System.out)
 val DebugDumpIRLogger = {
   val l = Logger.deriveLogger("debugdumpir")
@@ -165,6 +167,3 @@ val DebugDumpIRLogger = {
 val VSALogger = StaticAnalysisLogger.deriveLogger("vsa")
 val MRALogger = StaticAnalysisLogger.deriveLogger("mra")
 val SteensLogger = StaticAnalysisLogger.deriveLogger("steensgaard")
-
-
-
diff --git a/src/main/scala/util/functional/State.scala b/src/main/scala/util/functional/State.scala
index 07306a81f..90a77f97e 100644
--- a/src/main/scala/util/functional/State.scala
+++ b/src/main/scala/util/functional/State.scala
@@ -6,34 +6,34 @@ import java.io.*
 val monlog = Logger.deriveLogger("statemonad", PrintStream(File("monad")))
 
 /*
- * Flattened state monad with error. 
+ * Flattened state monad with error.
  */
 case class State[S, A, E](f: S => (S, Either[E, A])) {
 
   def unit[A](a: A): State[S, A, E] = State(s => (s, Right(a)))
 
-  def >>(o: State[S,A,E]) = for {
+  def >>(o: State[S, A, E]) = for {
     _ <- this
     x <- o
   } yield (x)
 
-
-  def flatMap[B](f: A => State[S, B, E])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, B, E] = State(s => {
+  def flatMap[B](
+    f: A => State[S, B, E]
+  )(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, B, E] = State(s => {
     monlog.debug(s"State.flatMap ${file.value}:${line.value}")
     val (s2, a) = this.f(s)
-    val r  = a match {
-      case Left(l) => (s2, Left(l))
+    val r = a match {
+      case Left(l)  => (s2, Left(l))
       case Right(a) => f(a).f(s2)
     }
     r
   })
 
-
   def map[B](f: A => B): State[S, B, E] = {
     State(s => {
       val (s2, a) = this.f(s)
       a match {
-        case Left(l) => (s2, Left(l))
+        case Left(l)  => (s2, Left(l))
         case Right(a) => (s2, Right(f(a)))
       }
     })
@@ -43,25 +43,30 @@ case class State[S, A, E](f: S => (S, Either[E, A])) {
     State(s => {
       val (s2, a) = this.f(s)
       a match {
-        case Left(l) => f(l).f(s2)
+        case Left(l)  => f(l).f(s2)
         case Right(_) => (s2, a)
       }
     })
   }
 }
 
-
 object State {
-  def get[S, A, E](f: S => A) : State[S, A, E] = State(s => (s, Right(f(s))))
-  def getE[S, A, E](f: S => Either[E,A]) : State[S, A, E] = State(s => (s, f(s)))
-  def getS[S,E] : State[S,S,E] = State((s:S) => (s,Right(s)))
-  def putS[S,E](s: S) : State[S,Unit,E] = State((_) => (s,Right(())))
-  def modify[S, E](f: S => S) : State[S, Unit, E] = State(s => (f(s), Right(())))
-  def modifyE[S, E](f: S => Either[E, S]) : State[S, Unit, E] = State(s => f(s) match {
-    case Right(ns) => (ns, Right(()))
-    case Left(e) => (s, Left(e))
-  })
-  def execute[S, A, E](s: S, c: State[S,A, E])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name) : S = {
+  def get[S, A, E](f: S => A): State[S, A, E] = State(s => (s, Right(f(s))))
+  def getE[S, A, E](f: S => Either[E, A]): State[S, A, E] = State(s => (s, f(s)))
+  def getS[S, E]: State[S, S, E] = State((s: S) => (s, Right(s)))
+  def putS[S, E](s: S): State[S, Unit, E] = State((_) => (s, Right(())))
+  def modify[S, E](f: S => S): State[S, Unit, E] = State(s => (f(s), Right(())))
+  def modifyE[S, E](f: S => Either[E, S]): State[S, Unit, E] = State(s =>
+    f(s) match {
+      case Right(ns) => (ns, Right(()))
+      case Left(e)   => (s, Left(e))
+    }
+  )
+  def execute[S, A, E](s: S, c: State[S, A, E])(implicit
+    line: sourcecode.Line,
+    file: sourcecode.FileName,
+    name: sourcecode.Name
+  ): S = {
     Logger.debug(s"state.execute")(line, file, name)
     c.f(s) match {
       case (s, Left(r)) => {
@@ -71,49 +76,61 @@ object State {
       case (s, _) => s
     }
   }
-  def evaluate[S, A, E](s: S, c: State[S,A, E])  : Either[E,A] = c.f(s)._2
+  def evaluate[S, A, E](s: S, c: State[S, A, E]): Either[E, A] = c.f(s)._2
 
-  def setError[S,A,E](e: E) : State[S,A,E] =  State(s => (s, Left(e)))
+  def setError[S, A, E](e: E): State[S, A, E] = State(s => (s, Left(e)))
 
-  def pure[S, A, E](a: A) : State[S, A, E] = State((s:S) => (s, Right(a)))
-  def pureE[S, A, E](a: Either[E, A])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name) : State[S, A, E] = {
+  def pure[S, A, E](a: A): State[S, A, E] = State((s: S) => (s, Right(a)))
+  def pureE[S, A, E](
+    a: Either[E, A]
+  )(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, A, E] = {
     a match {
       case Left(l) => monlog.info(s"pureE error $l")(line, file, name)
-      case _ => ()
+      case _       => ()
     }
-    State((s:S) => (s, a))
+    State((s: S) => (s, a))
   }
 
-  def sequence[S, V, E](ident: State[S,V, E], xs: Iterable[State[S,V, E]]) : State[S, V, E] = {
-    xs.foldRight(ident)((l,r) => for {
-      x <- l
-      y <- r
-    } yield(y)) 
+  def sequence[S, V, E](ident: State[S, V, E], xs: Iterable[State[S, V, E]]): State[S, V, E] = {
+    xs.foldRight(ident)((l, r) =>
+      for {
+        x <- l
+        y <- r
+      } yield (y)
+    )
   }
 
-  def filterM[A, S, E](m : (A => State[S, Boolean, E]), xs: Iterable[A]): State[S, List[A], E] = {
-    xs.foldRight(pure(List[A]()))((b,acc) => acc.flatMap(c => m(b).map(v => if v then b::c else c)))
+  def filterM[A, S, E](m: (A => State[S, Boolean, E]), xs: Iterable[A]): State[S, List[A], E] = {
+    xs.foldRight(pure(List[A]()))((b, acc) => acc.flatMap(c => m(b).map(v => if v then b :: c else c)))
   }
 
-  def mapM[A, B, S, E](m : (A => State[S, B, E]), xs: Iterable[A])(implicit line: sourcecode.Line, file: sourcecode.FileName, name: sourcecode.Name): State[S, List[B], E] = {
+  def mapM[A, B, S, E](m: (A => State[S, B, E]), xs: Iterable[A])(implicit
+    line: sourcecode.Line,
+    file: sourcecode.FileName,
+    name: sourcecode.Name
+  ): State[S, List[B], E] = {
     monlog.debug(s"State.mapM (${xs.size} items) ${file.value}:${line.value}")
-    xs.foldRight(pure(List[B]()))((b,acc) => acc.flatMap(c => m(b).map(v => v::c)))
+    xs.foldRight(pure(List[B]()))((b, acc) => acc.flatMap(c => m(b).map(v => v :: c)))
   }
 
-  def protect[S, V, E](f : () => State[S, V, E], fnly: PartialFunction[Exception, E]) : State[S, V, E] = {
-    State((s: S) => try {
-      f().f(s)
-    } catch {
-      case e: Exception if fnly.isDefinedAt(e) => (s, Left(fnly(e)))
-    })
+  def protect[S, V, E](f: () => State[S, V, E], fnly: PartialFunction[Exception, E]): State[S, V, E] = {
+    State((s: S) =>
+      try {
+        f().f(s)
+      } catch {
+        case e: Exception if fnly.isDefinedAt(e) => (s, Left(fnly(e)))
+      }
+    )
   }
 
-  def protectPure[S,V,E](f : () => V, fnly : PartialFunction[Exception, E]) : State[S, V, E] = {
-    State((s: S) => try {
-      (s, Right(f()))
-    } catch {
-      case e: Exception if fnly.isDefinedAt(e) => (s, Left(fnly(e)))
-    })
+  def protectPure[S, V, E](f: () => V, fnly: PartialFunction[Exception, E]): State[S, V, E] = {
+    State((s: S) =>
+      try {
+        (s, Right(f()))
+      } catch {
+        case e: Exception if fnly.isDefinedAt(e) => (s, Left(fnly(e)))
+      }
+    )
   }
 
 }
diff --git a/src/main/scala/util/intrusive_list/IntrusiveList.scala b/src/main/scala/util/intrusive_list/IntrusiveList.scala
index 3a79be03e..8bb39b206 100644
--- a/src/main/scala/util/intrusive_list/IntrusiveList.scala
+++ b/src/main/scala/util/intrusive_list/IntrusiveList.scala
@@ -28,9 +28,9 @@ import scala.collection.mutable.ArrayBuffer
   * @tparam T
   */
 final class IntrusiveList[T <: IntrusiveListElement[T]] private (
-    var numElems: Int,
-    var firstElem: Option[T],
-    var lastElem: Option[T]
+  var numElems: Int,
+  var firstElem: Option[T],
+  var lastElem: Option[T]
 ) extends mutable.Iterable[T],
       mutable.Growable[T]:
   /* Method called on the element whenever it is inserted to this list. */
@@ -53,21 +53,19 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     this
   }
 
-  /**
-   * Remove all elements, O(n).
-   */
+  /** Remove all elements, O(n).
+    */
   override def clear(): Unit = {
     while (size > 0) {
       this.remove(lastElem.get)
     }
   }
 
-  /**
-   * Add all elements from the iterator.
-   * The elements must already be in any other IntrusiveList.
-   * @param xs Elements to add from.
-   * @return
-   */
+  /** Add all elements from the iterator. The elements must already be in any other IntrusiveList.
+    * @param xs
+    *   Elements to add from.
+    * @return
+    */
   override def addAll(xs: IterableOnce[T]): IntrusiveList.this.type = {
     xs.iterator.foreach(append)
     this
@@ -114,15 +112,16 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
    */
   def reverseIterator: Iterator[T] = IntrusiveListIterator(lastElem, false)
 
-
-  /**
-   * Return an iterator beginning at a specific element in the list. O(1)
-   * It is safe to modify or remove elements returned by the iterator.
-   * @param elem The elemenet to begin at
-   * @param forward Iterate forwards (defualt) or backwards.
-   * @return The iterator
-   */
-  def iteratorFrom(elem: T, forward : Boolean = true): Iterator[T] = {
+  /** Return an iterator beginning at a specific element in the list. O(1) It is safe to modify or remove elements
+    * returned by the iterator.
+    * @param elem
+    *   The elemenet to begin at
+    * @param forward
+    *   Iterate forwards (defualt) or backwards.
+    * @return
+    *   The iterator
+    */
+  def iteratorFrom(elem: T, forward: Boolean = true): Iterator[T] = {
     assert(elem.first() == firstElem.get)
     IntrusiveListIterator(Some(elem), forward)
   }
@@ -131,22 +130,18 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
 
   override def size: Int = numElems
 
-  /**
-   * Unsafely return the first element of the list.
-   */
+  /** Unsafely return the first element of the list.
+    */
   override def head: T = firstElem.get
 
   override def headOption: Option[T] = firstElem
 
-  /**
-   * Unsafely return the first element of the list.
-   */
+  /** Unsafely return the first element of the list.
+    */
   def begin: T = firstElem.get
 
-  /**
-   * Check whether the list contains the given element (by reference) by linear scan.
-   * O(n)
-   */
+  /** Check whether the list contains the given element (by reference) by linear scan. O(n)
+    */
   private def containsRef(elem: T): Boolean = {
     if (size == 0) {
       false
@@ -155,10 +150,8 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     }
   }
 
-  /**
-   * Check whether the list contains the given element (by value) by linear scan.
-   * O(n)
-   */
+  /** Check whether the list contains the given element (by value) by linear scan. O(n)
+    */
   def contains(elem: T): Boolean = {
     if (size == 0) {
       false
@@ -167,17 +160,16 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     }
   }
 
-  /**
-   * Unsafely return the last element of the list.
-   */
+  /** Unsafely return the last element of the list.
+    */
   def back: T = lastElem.get
 
-  /**
-   * Add an element to the beginning of the list.
-   * The element must not be a member of any other IntrusiveList.
-   * @param newElem The element to add
-   * @return The element
-   */
+  /** Add an element to the beginning of the list. The element must not be a member of any other IntrusiveList.
+    * @param newElem
+    *   The element to add
+    * @return
+    *   The element
+    */
   def prepend(newElem: T): T = {
     assert(newElem.unitary)
     assert(!containsRef(newElem))
@@ -202,13 +194,13 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     insertAllAfter(lastElem, elems)
   }
 
-  /**
-   * Add an element to the end of the list.
-   * The element must not be a member of any other IntrusiveList.
-   *
-   * @param newElem The element to add
-   * @return The element
-   */
+  /** Add an element to the end of the list. The element must not be a member of any other IntrusiveList.
+    *
+    * @param newElem
+    *   The element to add
+    * @return
+    *   The element
+    */
   def append(newElem: T): T = {
     assert(newElem.unitary)
     assert(!containsRef(newElem))
@@ -223,12 +215,14 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     newElem
   }
 
-  /**
-   * Replace an element with another, at the same position in the list.
-   * @param elem The element to remove.
-   * @param withElem The element to add, must not be a member of any other IntrusiveList.
-   * @return The added element
-   */
+  /** Replace an element with another, at the same position in the list.
+    * @param elem
+    *   The element to remove.
+    * @param withElem
+    *   The element to add, must not be a member of any other IntrusiveList.
+    * @return
+    *   The added element
+    */
   def replace(elem: T, withElem: T): T = {
     assert(containsRef(elem))
     if (elem ne withElem) {
@@ -242,13 +236,14 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     }
   }
 
-  /**
-   * Removes all elements after the provided element n and returns an ArrayBuffer containing the removed elements,
-   * maintaining the ordering.
-   *
-   * @param n The element to split on, remains in the first list.
-   * @return An ArrayBuffer containing all elements after n.
-   */
+  /** Removes all elements after the provided element n and returns an ArrayBuffer containing the removed elements,
+    * maintaining the ordering.
+    *
+    * @param n
+    *   The element to split on, remains in the first list.
+    * @return
+    *   An ArrayBuffer containing all elements after n.
+    */
   def splitOn(n: T): ArrayBuffer[T] = {
     require(!lastElem.contains(n))
     require(containsRef(n))
@@ -267,13 +262,13 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     newlist
   }
 
-
-  /**
-   * Remove an element from the list.
-   *
-   * @param intrusiveListElement the element to remove
-   * @return The removed element
-   */
+  /** Remove an element from the list.
+    *
+    * @param intrusiveListElement
+    *   the element to remove
+    * @return
+    *   The removed element
+    */
   def remove(intrusiveListElement: T): T = {
     assert(size >= 0)
     assert(containsRef(intrusiveListElement))
@@ -288,12 +283,14 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     intrusiveListElement.remove()
   }
 
-  /**
-   * Insert an element after another element in the list.
-   * @param intrusiveListElement The element in the list to insert after.
-   * @param newElem The element to insert. Must not be a member of any other intrusive list.
-   * @return the inserted element
-   */
+  /** Insert an element after another element in the list.
+    * @param intrusiveListElement
+    *   The element in the list to insert after.
+    * @param newElem
+    *   The element to insert. Must not be a member of any other intrusive list.
+    * @return
+    *   the inserted element
+    */
   def insertAfter(intrusiveListElement: T, newElem: T): T = {
     assert(size >= 1)
     assert(containsRef(intrusiveListElement))
@@ -308,18 +305,19 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     intrusiveListElement.insertAfter(newElem)
   }
 
-
-  /**
-   * Insert an element after another element in the list.
-   * @param intrusiveListElement The element in the list to insert after, or None to indicate the beginning.
-   * @param newElems The elements to insert. Must not be members of any other intrusive list(s).
-   * @return the last inserted element, or the reference element
-   */
+  /** Insert an element after another element in the list.
+    * @param intrusiveListElement
+    *   The element in the list to insert after, or None to indicate the beginning.
+    * @param newElems
+    *   The elements to insert. Must not be members of any other intrusive list(s).
+    * @return
+    *   the last inserted element, or the reference element
+    */
   def insertAllAfter(intrusiveListElement: Option[T], newElems: Iterable[T]): Option[T] = {
     intrusiveListElement match {
-      case None => 
+      case None =>
         newElems.toList.reverse.map(prepend).headOption.orElse(intrusiveListElement)
-      case Some(n) => 
+      case Some(n) =>
         var p = n
         for (i <- newElems) {
           p = insertAfter(p, i)
@@ -328,18 +326,19 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     }
   }
 
-
-  /**
-   * Insert an element before another element in the list.
-   * @param intrusiveListElement The element in the list to insert before, or None to indicate the end of the list.
-   * @param newElems The elements to insert. Must not be members of any other intrusive list(s).
-   * @return the last inserted element, or the reference element
-   */
+  /** Insert an element before another element in the list.
+    * @param intrusiveListElement
+    *   The element in the list to insert before, or None to indicate the end of the list.
+    * @param newElems
+    *   The elements to insert. Must not be members of any other intrusive list(s).
+    * @return
+    *   the last inserted element, or the reference element
+    */
   def insertAllBefore(intrusiveListElement: Option[T], newElems: Iterable[T]): Option[T] = {
     intrusiveListElement match {
-      case None => 
+      case None =>
         newElems.map(append).lastOption.orElse(intrusiveListElement)
-      case Some(n) => 
+      case Some(n) =>
         var p = n
         for (i <- newElems.toList.reverse) {
           p = insertBefore(p, i)
@@ -348,14 +347,15 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     }
   }
 
-
-  /**
-   * Insert an element before another element in the list.
-   *
-   * @param intrusiveListElement The element in the list to insert before.
-   * @param newElem              The element to insert. Must not be a member of any other intrusive list.
-   * @return the inserted element
-   */
+  /** Insert an element before another element in the list.
+    *
+    * @param intrusiveListElement
+    *   The element in the list to insert before.
+    * @param newElem
+    *   The element to insert. Must not be a member of any other intrusive list.
+    * @return
+    *   the inserted element
+    */
   def insertBefore(intrusiveListElement: T, newElem: T): T = {
     assert(size >= 1)
     assert(containsRef(intrusiveListElement))
@@ -369,31 +369,26 @@ final class IntrusiveList[T <: IntrusiveListElement[T]] private (
     intrusiveListElement.insertBefore(newElem)
   }
 
-
-  /**
-   * Unsafely return the element after a given element.
-   */
+  /** Unsafely return the element after a given element.
+    */
   def getNext(elem: T): T = {
     elem.getNext
   }
 
-  /**
-   * Return whether \elem has a successor.
-   */
+  /** Return whether \elem has a successor.
+    */
   def hasNext(elem: T): Boolean = {
     elem.hasNext
   }
 
-  /**
-   * Return whether \elem has a predecessor.
-   */
+  /** Return whether \elem has a predecessor.
+    */
   def hasPrev(elem: T): Boolean = {
     elem.hasPrev
   }
 
-  /**
-   * Unsafely return the element after the provided element.
-   */
+  /** Unsafely return the element after the provided element.
+    */
   def getPrev(elem: T): T = {
     elem.getPrev
   }
@@ -410,12 +405,11 @@ object IntrusiveList {
   def empty[T <: IntrusiveListElement[T]]: IntrusiveList[T] = IntrusiveList[T]()
 }
 
-/**
- * Internal implementation of the intrusive list.
- * This stores the inter-element links, but is only accessed by the containing IntrusiveList implementation, so that
- * the size, beginning and end are cached.
- * @tparam T The elements own type.
- */
+/** Internal implementation of the intrusive list. This stores the inter-element links, but is only accessed by the
+  * containing IntrusiveList implementation, so that the size, beginning and end are cached.
+  * @tparam T
+  *   The elements own type.
+  */
 trait IntrusiveListElement[T <: IntrusiveListElement[T]]:
   private[intrusive_list] var next: Option[T] = None
   private[intrusive_list] var prev: Option[T] = None
@@ -459,18 +453,16 @@ trait IntrusiveListElement[T <: IntrusiveListElement[T]]:
     this.asInstanceOf[T]
   }
 
-  /**
-   * @return Some(next) where next is the next element in the list this belongs to.
-   *         None when this is the last element.
-   */
+  /** @return
+    *   Some(next) where next is the next element in the list this belongs to. None when this is the last element.
+    */
   def succ(): Option[this.type] = {
     next.map(_.asInstanceOf[this.type])
   }
 
-  /**
-   * @return Some(prev) where prev is the previous element in the list this belongs to.
-   *         None when this is the first element.
-   */
+  /** @return
+    *   Some(prev) where prev is the previous element in the list this belongs to. None when this is the first element.
+    */
   def pred(): Option[this.type] = {
     prev.map(_.asInstanceOf[this.type])
   }
diff --git a/src/main/scala/util/z3/z3process.scala b/src/main/scala/util/z3/z3process.scala
index cda2f97ad..fa6f927f1 100644
--- a/src/main/scala/util/z3/z3process.scala
+++ b/src/main/scala/util/z3/z3process.scala
@@ -9,10 +9,10 @@ enum SatResult {
   case Unknown(s: String)
 }
 
-
-def checkSATSMT2(smt: String, softTimeoutMillis: Option[Int] = None) : SatResult = {
-  val cmd = Seq("z3", "-smt2", "-in") ++ (if (softTimeoutMillis.isDefined) then Seq(s"-t:${softTimeoutMillis.get}") else Seq())
-  val output = (cmd  #< ByteArrayInputStream(smt.getBytes("UTF-8"))).!!
+def checkSATSMT2(smt: String, softTimeoutMillis: Option[Int] = None): SatResult = {
+  val cmd =
+    Seq("z3", "-smt2", "-in") ++ (if (softTimeoutMillis.isDefined) then Seq(s"-t:${softTimeoutMillis.get}") else Seq())
+  val output = (cmd #< ByteArrayInputStream(smt.getBytes("UTF-8"))).!!
   if (output == "sat\n") {
     SatResult.SAT
   } else if (output == "unsat\n") {

From e71c1fca9dc13318f0f96f1cdb6c1e9540fe0b9d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 13:32:03 +1000
Subject: [PATCH 111/127] add back initialMemory

---
 src/main/scala/Main.scala                   |   2 +
 src/main/scala/ir/Program.scala             |   4 +-
 src/main/scala/ir/Visitor.scala             |   4 +-
 src/main/scala/translating/IRToBoogie.scala | 570 +++++++++++++-------
 src/main/scala/util/PerformanceTimer.scala  |  23 +-
 5 files changed, 385 insertions(+), 218 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index d7f3a8d95..049962577 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -244,7 +244,9 @@ object Main {
     RunUtils.run(q)
     if (conf.verify.value) {
       Logger.info("Running boogie")
+      val timer = PerformanceTimer("Verify", LogLevel.INFO)
       Seq("boogie", "/useArrayAxioms", q.outputPrefix).!
+      timer.checkPoint("Finish")
     }
   }
 
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index bf69019a0..b9c10ca5f 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -74,8 +74,8 @@ class Program(val procedures: ArrayBuffer[Procedure],
     }
 
     for (p <- procedures) {
-      if (specModifies.contains(p.name)) {
-        p.modifies.addAll(specModifies(p.name).map(nameToGlobal))
+      if (specModifies.contains(p.procName)) {
+        p.modifies.addAll(specModifies(p.procName).map(nameToGlobal))
       }
     }
 
diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala
index f07c3d266..5bae3fccd 100644
--- a/src/main/scala/ir/Visitor.scala
+++ b/src/main/scala/ir/Visitor.scala
@@ -399,8 +399,8 @@ class Renamer(reserved: Set[String]) extends Visitor {
   }
 
   override def visitProcedure(node: Procedure): Procedure = {
-    if (reserved.contains(node.name)) {
-      node.procName = s"#${node.name}"
+    if (reserved.contains(node.procName)) {
+      node.procName = s"#${node.procName}"
     }
     super.visitProcedure(node)
   }
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index feb34d6d6..45bd28f06 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -8,7 +8,14 @@ import util.{BoogieGeneratorConfig, BoogieMemoryAccessMode, ProcRelyVersion, Log
 import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 
-class IRToBoogie(var program: Program, var spec: Specification, var thread: Option[ProgramThread], val filename: String, val regionInjector: Option[RegionInjector], val config: BoogieGeneratorConfig) {
+class IRToBoogie(
+  var program: Program,
+  var spec: Specification,
+  var thread: Option[ProgramThread],
+  val filename: String,
+  val regionInjector: Option[RegionInjector],
+  val config: BoogieGeneratorConfig
+) {
   private val externAttr = BAttribute("extern")
   private val inlineAttr = BAttribute("inline")
   private val globals = spec.globals
@@ -40,11 +47,14 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
   private val LArgs = lArgs
 
   private val memoriesToGamma = if (regionInjector.isDefined) {
-    regionInjector.get.sharedRegions().map { region =>
-      val memory = BMapVar(region.name, MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
-      val gamma = BMapVar(s"Gamma_${region.name}", MapBType(BitVecBType(64), BoolBType), Scope.Global)
-      memory -> gamma
-    }.toMap
+    regionInjector.get
+      .sharedRegions()
+      .map { region =>
+        val memory = BMapVar(region.name, MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
+        val gamma = BMapVar(s"Gamma_${region.name}", MapBType(BitVecBType(64), BoolBType), Scope.Global)
+        memory -> gamma
+      }
+      .toMap
   } else {
     Map(mem -> Gamma_mem)
   }
@@ -70,12 +80,17 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
   def lArgs: List[BMapVar] = {
     if (regionInjector.isDefined) {
-      spec.LPreds.values.flatMap(_.specGlobals).toSet.map { g =>
-        regionInjector.get.getMergedRegion(g.address, g.size) match {
-          case Some(region) => BMapVar(s"${region.name}", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
-          case None => mem
+      spec.LPreds.values
+        .flatMap(_.specGlobals)
+        .toSet
+        .map { g =>
+          regionInjector.get.getMergedRegion(g.address, g.size) match {
+            case Some(region) => BMapVar(s"${region.name}", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
+            case None         => mem
+          }
         }
-      }.toList.sorted
+        .toList
+        .sorted
     } else {
       List(mem)
     }
@@ -89,10 +104,10 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
     val procedures: ArrayBuffer[BProcedure] = thread match {
       case None =>
-        program.procedures.map(f => translateProcedure(f, readOnlyMemory))
+        program.procedures.map(f => translateProcedure(f, readOnlyMemory, initialMemory))
       case Some(t) =>
         val translatedProcedures: ArrayBuffer[BProcedure] = ArrayBuffer[BProcedure]()
-        t.procedures.foreach(p => translatedProcedures.addOne(translateProcedure(p, readOnlyMemory)))
+        t.procedures.foreach(p => translatedProcedures.addOne(translateProcedure(p, readOnlyMemory, initialMemory)))
         translatedProcedures
     }
 
@@ -109,12 +124,14 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       case Some(ProcRelyVersion.Function) =>
         // if rely/guarantee lib exist, create genRelyInv, and genInv for every procedure where rely/guarantee lib exist
         if (libRelies.values.flatten.nonEmpty && libGuarantees.values.flatten.nonEmpty) {
-          List(genRelyInv) ++ libGuarantees.flatMap((k, v) => if v.nonEmpty then genInv(k) :+ genLibGuarantee(k) else Nil)
+          List(genRelyInv) ++ libGuarantees.flatMap((k, v) =>
+            if v.nonEmpty then genInv(k) :+ genLibGuarantee(k) else Nil
+          )
         } else {
           List()
         }
       case Some(ProcRelyVersion.IfCommandContradiction) => libRGFunsContradictionProof.values.flatten
-      case None => Nil
+      case None                                         => Nil
     }
 
     val functionsUsed1 = procedures.flatMap(p => p.functionOps).toSet ++
@@ -131,11 +148,15 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     val globalVars = procedures.flatMap(_.globals) ++ rgProcs.flatMap(_.globals)
     val globalDecls = globalVars.map(b => BVarDecl(b, List(externAttr))).distinct.sorted.toList
 
-    val globalConsts: List[BConstAxiomPair] = globals.map { g =>
-      BConstAxiomPair(BVarDecl(g.toAddrVar, List(externAttr)), g.toAxiom)
-    }.toList.sorted
+    val globalConsts: List[BConstAxiomPair] = globals
+      .map { g =>
+        BConstAxiomPair(BVarDecl(g.toAddrVar, List(externAttr)), g.toAxiom)
+      }
+      .toList
+      .sorted
 
-    val declarations = globalDecls ++ globalConsts ++ functionsUsed ++ rgLib ++ pushUpModifiesFixedPoint(rgProcs ++ procedures)
+    val declarations =
+      globalDecls ++ globalConsts ++ functionsUsed ++ rgLib ++ pushUpModifiesFixedPoint(rgProcs ++ procedures)
     BProgram(declarations, filename)
   }
 
@@ -153,7 +174,8 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
         val gamma = memoriesToGamma(memory)
         ForAll(
           List(i),
-          BinaryBExpr(BoolIMPLIES,
+          BinaryBExpr(
+            BoolIMPLIES,
             BinaryBExpr(BVEQ, MapAccess(memory, i), Old(MapAccess(memory, i))),
             BinaryBExpr(BVEQ, MapAccess(gamma, i), Old(MapAccess(gamma, i)))
           )
@@ -163,10 +185,22 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     } else {
       reliesUsed
     }
-    val relyProc = BProcedure("rely", ensures = relyEnsures, freeEnsures = readOnlyMemory, modifies = memoriesAndGammas, attributes = List(externAttr))
-    val relyTransitive = BProcedure("rely_transitive", ensures = reliesUsed, modifies = memoriesAndGammas, body = List(BProcedureCall("rely"), BProcedureCall("rely")),
-      attributes = List(externAttr))
-    val relyReflexive = BProcedure("rely_reflexive", body = reliesReflexive.map(r => BAssert(r)), attributes = List(externAttr))
+    val relyProc = BProcedure(
+      "rely",
+      ensures = relyEnsures,
+      freeEnsures = readOnlyMemory,
+      modifies = memoriesAndGammas,
+      attributes = List(externAttr)
+    )
+    val relyTransitive = BProcedure(
+      "rely_transitive",
+      ensures = reliesUsed,
+      modifies = memoriesAndGammas,
+      body = List(BProcedureCall("rely"), BProcedureCall("rely")),
+      attributes = List(externAttr)
+    )
+    val relyReflexive =
+      BProcedure("rely_reflexive", body = reliesReflexive.map(r => BAssert(r)), attributes = List(externAttr))
     List(relyProc, relyTransitive, relyReflexive)
   }
 
@@ -179,12 +213,25 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     }
     val relyEnsures = if (reliesParam.nonEmpty) {
       val i = BVariable("i", BitVecBType(64), Scope.Local)
-      val rely2 = ForAll(List(i), BinaryBExpr(BoolIMPLIES, BinaryBExpr(BVEQ, MapAccess(mem_out, i), MapAccess(mem_in, i)), BinaryBExpr(BVEQ, MapAccess(Gamma_mem_out, i), MapAccess(Gamma_mem_in, i))))
+      val rely2 = ForAll(
+        List(i),
+        BinaryBExpr(
+          BoolIMPLIES,
+          BinaryBExpr(BVEQ, MapAccess(mem_out, i), MapAccess(mem_in, i)),
+          BinaryBExpr(BVEQ, MapAccess(Gamma_mem_out, i), MapAccess(Gamma_mem_in, i))
+        )
+      )
       List(rely2) ++ reliesUsed
     } else {
       reliesUsed
     }
-    BProcedure("rely$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), relyEnsures, attributes = List(externAttr))
+    BProcedure(
+      "rely$inv",
+      List(mem_in, Gamma_mem_in),
+      List(mem_out, Gamma_mem_out),
+      relyEnsures,
+      attributes = List(externAttr)
+    )
   }
 
   def genInv(name: String): List[BProcedure] = {
@@ -198,7 +245,14 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     }
     val relyEnsures = if (reliesParam.nonEmpty) {
       val i = BVariable("i", BitVecBType(64), Scope.Local)
-      val rely2 = ForAll(List(i), BinaryBExpr(BoolIMPLIES, BinaryBExpr(BVEQ, MapAccess(mem_out, i), MapAccess(mem_in, i)), BinaryBExpr(BVEQ, MapAccess(Gamma_mem_out, i), MapAccess(Gamma_mem_in, i))))
+      val rely2 = ForAll(
+        List(i),
+        BinaryBExpr(
+          BoolIMPLIES,
+          BinaryBExpr(BVEQ, MapAccess(mem_out, i), MapAccess(mem_in, i)),
+          BinaryBExpr(BVEQ, MapAccess(Gamma_mem_out, i), MapAccess(Gamma_mem_in, i))
+        )
+      )
       List(rely2) ++ reliesUsed
     } else {
       reliesUsed
@@ -211,20 +265,34 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
     val guaranteeEnsures = libGuarantees(name).map(ResolveSpecParam.visitBExpr)
     val guaranteeOneLine = if (guaranteeEnsures.size > 1) {
-      guaranteeEnsures.tail.foldLeft(guaranteeEnsures.head)((ands: BExpr, next: BExpr) => BinaryBExpr(BoolAND, ands, next))
+      guaranteeEnsures.tail.foldLeft(guaranteeEnsures.head)((ands: BExpr, next: BExpr) =>
+        BinaryBExpr(BoolAND, ands, next)
+      )
     } else {
       guaranteeEnsures.head
     }
 
     val invEnsures = List(BinaryBExpr(BoolOR, relyOneLine, guaranteeOneLine))
 
-    val invProc = BProcedure(name + "$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), invEnsures,
-      attributes = List(externAttr))
+    val invProc = BProcedure(
+      name + "$inv",
+      List(mem_in, Gamma_mem_in),
+      List(mem_out, Gamma_mem_out),
+      invEnsures,
+      attributes = List(externAttr)
+    )
 
-    val invTransitive = BProcedure(name + "$inv_transitive", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out),
-      invEnsures, body = List(BProcedureCall(name + "$inv", List(mem_out, Gamma_mem_out), List(mem_in, Gamma_mem_in)),
+    val invTransitive = BProcedure(
+      name + "$inv_transitive",
+      List(mem_in, Gamma_mem_in),
+      List(mem_out, Gamma_mem_out),
+      invEnsures,
+      body = List(
+        BProcedureCall(name + "$inv", List(mem_out, Gamma_mem_out), List(mem_in, Gamma_mem_in)),
         BProcedureCall(name + "$inv", List(mem_out, Gamma_mem_out), List(mem_out, Gamma_mem_out))
-      ), attributes = List(externAttr))
+      ),
+      attributes = List(externAttr)
+    )
 
     List(invProc, invTransitive)
   }
@@ -240,28 +308,38 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     val guaranteeAssume = BAssume(guaranteeOneLine)
 
     // G_c is ensures clause
-    BProcedure(name + "$guarantee", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), guaranteesParam,
-      body = List(guaranteeAssume), attributes = List(externAttr))
+    BProcedure(
+      name + "$guarantee",
+      List(mem_in, Gamma_mem_in),
+      List(mem_out, Gamma_mem_out),
+      guaranteesParam,
+      body = List(guaranteeAssume),
+      attributes = List(externAttr)
+    )
   }
 
-  /**
-   * A predicate used to assert the value of all readonly memory.
-   * (Boogie does not like this it if it is too large due to it being a single expression)
-   *
-   * E.g.
-   *  val readOnlyMemoryFunction = readOnlyMemoryPredicate(memoryToCondition(program.readOnlyMemory), mem)
-   *  val readOnlyMemory = List(BFunctionCall(readOnlyMemoryFunction.name, List(mem), BoolBType))
-   */
-  private def readOnlyMemoryPredicate(readonly: List[BExpr], mem: BVar) : BFunction = {
-    BFunction("readonly_memory", List(BParam("mem", mem.bType)), BParam(BoolBType), Some(readonly.reduce((a, b) => BinaryBExpr(BoolAND, a, b))), List(externAttr))
+  /** A predicate used to assert the value of all readonly memory. (Boogie does not like this it if it is too large due
+    * to it being a single expression)
+    *
+    * E.g. val readOnlyMemoryFunction = readOnlyMemoryPredicate(memoryToCondition(program.readOnlyMemory), mem) val
+    * readOnlyMemory = List(BFunctionCall(readOnlyMemoryFunction.name, List(mem), BoolBType))
+    */
+  private def readOnlyMemoryPredicate(readonly: List[BExpr], mem: BVar): BFunction = {
+    BFunction(
+      "readonly_memory",
+      List(BParam("mem", mem.bType)),
+      BParam(BoolBType),
+      Some(readonly.reduce((a, b) => BinaryBExpr(BoolAND, a, b))),
+      List(externAttr)
+    )
   }
 
   def functionOpToDefinition(f: FunctionOp): BFunction = {
     f match {
-      case b @ BoolToBV1Op(arg) =>  {
+      case b @ BoolToBV1Op(arg) => {
         val invar = BParam("arg", BoolBType)
         val outvar = BParam(BitVecBType(1))
-        val body = IfThenElse(invar, BitVecBLiteral(1,1), BitVecBLiteral(0, 1))
+        val body = IfThenElse(invar, BitVecBLiteral(1, 1), BitVecBLiteral(0, 1))
         BFunction(b.fnName, List(invar), outvar, Some(body), List(externAttr))
       }
       case b: BVFunctionOp => BFunction(b.name, b.in, b.out, None, List(externAttr, b.attribute))
@@ -283,10 +361,11 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
         }
 
         val body: BExpr = accessesEndian.toList match {
-          case h::Nil => h
-          case h::tail =>  tail.foldLeft(h) {
-            (concat: BExpr, next: MapAccess) => BinaryBExpr(BVCONCAT, next, concat)
-          }
+          case h :: Nil => h
+          case h :: tail =>
+            tail.foldLeft(h) { (concat: BExpr, next: MapAccess) =>
+              BinaryBExpr(BVCONCAT, next, concat)
+            }
           case Nil => throw Exception(s"Zero byte access: $f")
         }
 
@@ -329,7 +408,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
               BVExtract((i + 1) * m.valueSize, i * m.valueSize, valueVar)
             }
             val valuesEndian = m.endian match {
-              case Endian.BigEndian => values.reverse
+              case Endian.BigEndian    => values.reverse
               case Endian.LittleEndian => values
             }
             val indiceValues = for (i <- 0 until m.accesses) yield {
@@ -345,10 +424,13 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
               MapUpdate(memVar, indexVar, valueVar)
             } else {
               val i = BVariable("i", BitVecBType(m.addressSize), Scope.Local)
-              Lambda(List(i), IfThenElse(
-                BInBounds(indexVar, BitVecBLiteral(m.accesses, m.addressSize), m.endian, i),
-                BByteExtract(valueVar, BinaryBExpr(BVSUB, i, indexVar)),
-                MapAccess(memVar, i))
+              Lambda(
+                List(i),
+                IfThenElse(
+                  BInBounds(indexVar, BitVecBLiteral(m.accesses, m.addressSize), m.endian, i),
+                  BByteExtract(valueVar, BinaryBExpr(BVSUB, i, indexVar)),
+                  MapAccess(memVar, i)
+                )
               )
             }
         }
@@ -364,14 +446,16 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
         val body: BExpr = config.memoryFunctionType match {
           case BoogieMemoryAccessMode.LambdaStoreSelect =>
-            if g.accesses == 1 then
-              MapUpdate(gammaMapVar, indexVar, valueVar)
+            if g.accesses == 1 then MapUpdate(gammaMapVar, indexVar, valueVar)
             else {
               val i = BVariable("i", BitVecBType(g.addressSize), Scope.Local)
-              Lambda(List(i), IfThenElse(
-                BInBounds(indexVar, BitVecBLiteral(g.accesses, g.addressSize), Endian.LittleEndian, i),
-                valueVar,
-                MapAccess(gammaMapVar, i))
+              Lambda(
+                List(i),
+                IfThenElse(
+                  BInBounds(indexVar, BitVecBLiteral(g.accesses, g.addressSize), Endian.LittleEndian, i),
+                  valueVar,
+                  MapAccess(gammaMapVar, i)
+                )
               )
             }
           case BoogieMemoryAccessMode.SuccessiveStoreSelect =>
@@ -444,11 +528,11 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
         val out = BParam(BoolBType)
         val begin = b.endian match {
           case Endian.LittleEndian => baseVar
-          case Endian.BigEndian => BinaryBExpr(BVSUB, baseVar, lenVar)
+          case Endian.BigEndian    => BinaryBExpr(BVSUB, baseVar, lenVar)
         }
         val end = b.endian match {
           case Endian.LittleEndian => BinaryBExpr(BVADD, baseVar, lenVar)
-          case Endian.BigEndian => baseVar
+          case Endian.BigEndian    => baseVar
         }
 
         val above = BinaryBExpr(BVULE, begin, iVar)
@@ -471,7 +555,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       proceduresUpdated = proceduresUpdated.map { procedure =>
         val cmds: List[BCmd] = procedure.body.flatten {
           case b: BBlock => b.body
-          case c: BCmd => Seq(c)
+          case c: BCmd   => Seq(c)
         }
         val callModifies = cmds.collect { case c: BProcedureCall => nameToProcedure(c.name) }.flatMap(_.modifies)
         val modifiesUpdate = procedure.modifies ++ callModifies
@@ -485,14 +569,19 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     proceduresUpdated
   }
 
+  def translateProcedure(p: Procedure, readOnlyMemory: List[BExpr], initialMemory: List[BExpr]): BProcedure = {
+    val body = (p.entryBlock.view ++
+      ArrayBuffer.from(p.blocks).sortBy(x => -x.rpoOrder).filterNot(x => p.entryBlock.contains(x)))
+      .map(translateBlock)
+      .toList
 
-  def translateProcedure(p: Procedure, readOnlyMemory: List[BExpr]): BProcedure = {
-    val body = (p.entryBlock.view ++ ArrayBuffer.from(p.blocks).sortBy( x => -x.rpoOrder).filterNot(x => p.entryBlock.contains(x))).map(translateBlock).toList
-
-    val modifies: Seq[BVar] = p.modifies.toSeq.flatMap {
+    val modifies: Seq[BVar] = p.modifies.toSeq
+      .flatMap {
         case m: Memory   => Seq(m.toBoogie, m.toGamma)
         case r: Register => Seq(r.toBoogie, r.toGamma)
-      }.distinct.sorted
+      }
+      .distinct
+      .sorted
 
     val modifiedPreserve = modifies.collect { case m: BVar if modifiedCheck.contains(m) => m }
     val modifiedPreserveEnsures: List[BExpr] = modifiedPreserve.map(m => BinaryBExpr(BoolEQ, m, Old(m))).toList
@@ -504,7 +593,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
     val procEnsuresDirect: List[String] = ensuresDirect.getOrElse(p.procName, List())
 
     val freeRequires: List[BExpr] = if (p == program.mainProcedure) {
-      memoryToCondition(program.initialMemory.values) ++ readOnlyMemory
+      initialMemory ++ readOnlyMemory
     } else {
       readOnlyMemory
     }
@@ -532,82 +621,85 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
   private def memoryToCondition(memorySections: Iterable[MemorySection]): List[BExpr] = {
 
     def coalesced: List[BExpr] = {
-      val sections = memorySections.filter(_.size >= 8)
+      val sections = memorySections
+        .filter(_.size >= 8)
         .flatMap { s =>
-        // Phrase the memory condition in terms of 64-bit operations, as long as the memory
-        // section's size is a multiple of 64-bits and 64-bits (8 bytes) aligned
-        // If the memory section is not aligned, the initial unaligned part of it will not be coalesced into a 64-bit
-        // representations and remain as an 8-bit representations
-        // If the memory section's size is not a multiple of 64-bits, the last part of it that cannot be coalesced into
-        // a 64-bit representation will remain as an 8-bit representation
-
-        val memory = s.region match {
-          case Some(region) => BMapVar(region.name, MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
-          case None => mem
-        }
-
-        if (s.bytes.size <= 8) {
-          // if section is less than 8 bytes, just represent it with one access
-          val combined = s.bytes.indices.foldLeft(BigInt(0))((x, y) => x + (s.bytes(y).value * BigInt(2).pow(y * 8)))
-          val bits = s.bytes.size * 8
-          Seq(BinaryBExpr(
-            BVEQ,
-            BMemoryLoad(memory, BitVecBLiteral(s.address, 64), Endian.LittleEndian, bits),
-            BitVecBLiteral(combined, bits)
-          ))
-        } else {
-          val aligned: Int = (s.address % 8).toInt
-
-          val alignedSizeMultiple = (s.bytes.size - aligned) % 8
-          // index of the byte that marks the end of the part that is a multiple of 64-bits
-          val alignedEnd = s.bytes.size - alignedSizeMultiple
-
-          // Aligned section that is safe to convert to 64-bit values
-          val alignedSection = for (b <- aligned until alignedEnd by 8) yield {
-            // Combine the byte constants into a 64-bit value
-            val combined: BigInt =
-              (0 until 8).foldLeft(BigInt(0))((x, y) => x + (s.bytes(b + y).value * BigInt(2).pow(y * 8)))
-            BinaryBExpr(
-              BVEQ,
-              BMemoryLoad(memory, BitVecBLiteral(s.address + b, 64), Endian.LittleEndian, 64),
-              BitVecBLiteral(combined, 64)
-            )
+          // Phrase the memory condition in terms of 64-bit operations, as long as the memory
+          // section's size is a multiple of 64-bits and 64-bits (8 bytes) aligned
+          // If the memory section is not aligned, the initial unaligned part of it will not be coalesced into a 64-bit
+          // representations and remain as an 8-bit representations
+          // If the memory section's size is not a multiple of 64-bits, the last part of it that cannot be coalesced into
+          // a 64-bit representation will remain as an 8-bit representation
+
+          val memory = s.region match {
+            case Some(region) => BMapVar(region.name, MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
+            case None         => mem
           }
 
-          // If memory section is somehow not aligned (is this possible?) then don't convert the initial non-aligned
-          // section to 64-bit operations, just the rest
-          val unalignedStartSection = if (aligned == 0) {
-            Seq()
-          } else {
-            for (b <- 0 until aligned) yield {
+          if (s.bytes.size <= 8) {
+            // if section is less than 8 bytes, just represent it with one access
+            val combined = s.bytes.indices.foldLeft(BigInt(0))((x, y) => x + (s.bytes(y).value * BigInt(2).pow(y * 8)))
+            val bits = s.bytes.size * 8
+            Seq(
               BinaryBExpr(
                 BVEQ,
-                BMemoryLoad(memory, BitVecBLiteral(s.address + b, 64), Endian.LittleEndian, 8),
-                s.bytes(b).toBoogie
+                BMemoryLoad(memory, BitVecBLiteral(s.address, 64), Endian.LittleEndian, bits),
+                BitVecBLiteral(combined, bits)
               )
-            }
-          }
-
-          // If the memory section is not a multiple of 64-bits then don't convert the last section to 64-bits
-          // This is not ideal but will do for now
-          // Ideal solution is to match the sizes based on the sizes listed in the symbol table, dividing further
-          // for values greater than 64-bit as much as possible
-          // But that requires more work
-          // Combine the byte constants into a 64-bit value
-          val unalignedEndSection = if (alignedSizeMultiple == 0) {
-            Seq()
+            )
           } else {
-            for (b <- alignedEnd until s.bytes.size) yield {
+            val aligned: Int = (s.address % 8).toInt
+
+            val alignedSizeMultiple = (s.bytes.size - aligned) % 8
+            // index of the byte that marks the end of the part that is a multiple of 64-bits
+            val alignedEnd = s.bytes.size - alignedSizeMultiple
+
+            // Aligned section that is safe to convert to 64-bit values
+            val alignedSection = for (b <- aligned until alignedEnd by 8) yield {
+              // Combine the byte constants into a 64-bit value
+              val combined: BigInt =
+                (0 until 8).foldLeft(BigInt(0))((x, y) => x + (s.bytes(b + y).value * BigInt(2).pow(y * 8)))
               BinaryBExpr(
                 BVEQ,
-                BMemoryLoad(memory, BitVecBLiteral(s.address + b, 64), Endian.LittleEndian, 8),
-                s.bytes(b).toBoogie
+                BMemoryLoad(memory, BitVecBLiteral(s.address + b, 64), Endian.LittleEndian, 64),
+                BitVecBLiteral(combined, 64)
               )
             }
+
+            // If memory section is somehow not aligned (is this possible?) then don't convert the initial non-aligned
+            // section to 64-bit operations, just the rest
+            val unalignedStartSection = if (aligned == 0) {
+              Seq()
+            } else {
+              for (b <- 0 until aligned) yield {
+                BinaryBExpr(
+                  BVEQ,
+                  BMemoryLoad(memory, BitVecBLiteral(s.address + b, 64), Endian.LittleEndian, 8),
+                  s.bytes(b).toBoogie
+                )
+              }
+            }
+
+            // If the memory section is not a multiple of 64-bits then don't convert the last section to 64-bits
+            // This is not ideal but will do for now
+            // Ideal solution is to match the sizes based on the sizes listed in the symbol table, dividing further
+            // for values greater than 64-bit as much as possible
+            // But that requires more work
+            // Combine the byte constants into a 64-bit value
+            val unalignedEndSection = if (alignedSizeMultiple == 0) {
+              Seq()
+            } else {
+              for (b <- alignedEnd until s.bytes.size) yield {
+                BinaryBExpr(
+                  BVEQ,
+                  BMemoryLoad(memory, BitVecBLiteral(s.address + b, 64), Endian.LittleEndian, 8),
+                  s.bytes(b).toBoogie
+                )
+              }
+            }
+            unalignedStartSection ++ alignedSection ++ unalignedEndSection
           }
-          unalignedStartSection ++ alignedSection ++ unalignedEndSection
         }
-      }
       sections.toList
     }
 
@@ -615,7 +707,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val sections = memorySections.flatMap { s =>
         val memory = s.region match {
           case Some(region) => BMapVar(region.name, MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
-          case None => mem
+          case None         => mem
         }
         for (b <- s.bytes.indices) yield {
           BinaryBExpr(
@@ -637,69 +729,123 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
 
   def translateBlock(b: Block): BBlock = {
     val captureState = captureStateStatement(s"${b.label}")
-    val cmds = List() ++ b.statements.flatMap(s => translate(s)) ++ translate(b.jump)
+    val cmds = List(captureState) ++ b.statements.flatMap(s => translate(s)) ++ translate(b.jump)
 
     BBlock(b.label, cmds)
   }
 
   private val libRGFunsContradictionProof: Map[String, Seq[BProcedure]] = {
-    /**
-     * Generate proof obligations for the library procedure rely/guarantee check.
-     *
-     *    1. \forall v' . Rc \/ Rv => (\forall v'' . (Rc => Rf) [(v, v')\ (v', v"))
-     *    2. Rc \/ Rv transitive
-     *    3. Gf => Gc
-     *
-     *  (1.) is checked by an inline if block which c
-     *
-     *      if (*)  {
-     *        assume (Rc \/ Rf) // v -> v'
-     *        assume not(Rc => Rf) // v' -> v"
-     *        assert false;
-     *      }
-     *
-     *   Procedures with no precond and the predicate as their postcond are generated to encode two-state assumptions.
-     *
-     */
-    (libRelies.keySet ++ libGuarantees.keySet).filter(x => libRelies(x).nonEmpty && libGuarantees(x).nonEmpty).map { targetName =>
-      val Rc: BExpr = resolveSpec.visitBExpr(spec.relies.reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
-      val Gc: BExpr = resolveSpec.visitBExpr(spec.guarantees.reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
-
-      val Rf: BExpr = resolveSpec.visitBExpr(libRelies(targetName).reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
-      val Gf: BExpr = resolveSpec.visitBExpr(libGuarantees(targetName).reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
-
-      val inv = BinaryBExpr(BoolOR, Rc, Gf)
-      val conseq = BinaryBExpr(BoolIMPLIES, Rc, Rf)
-
-      val procInv = BProcedure(targetName + "$InlineInv", List(), List(), List(inv), List(), List(), List(), List(), List(),
-        inv.globals, List(), List())
-
-      val proc2 = BProcedure(targetName + "$notRcimpliesRf", List(), List(), List(UnaryBExpr(BoolNOT, conseq)), List(), List(), List(), List(),
-        List(), conseq.globals, List(), List())
-
-      val procGf = BProcedure(targetName + "$Gf", List(), List(), List(Gf), List(), List(), List(), List(),
-        List(), Gf.globals, List(), List())
-
-      val proc4 = BProcedure(targetName + "$GfimpliesGc", List(), List(), List(Gc), List(), List(), List(), List(),
-        List(), Gc.globals, List(BProcedureCall(procGf.name, List(), List())))
-
-      val proc5 = BProcedure(targetName + "$InlineInvTransitive", List(), List(), List(inv), List(), List(), List(), List(), List(),
-        inv.globals, List(
-          BProcedureCall(procInv.name, List(), List()),
-          BProcedureCall(procInv.name, List(), List())
-        ))
-
-      targetName -> Seq(procInv, proc2, procGf, proc4, proc5)
-    }.toMap
+
+    /** Generate proof obligations for the library procedure rely/guarantee check.
+      *
+      *   1. \forall v' . Rc \/ Rv => (\forall v'' . (Rc => Rf) [(v, v')\ (v', v")) 2. Rc \/ Rv transitive 3. Gf => Gc
+      *
+      * (1.) is checked by an inline if block which c
+      *
+      * if (*) { assume (Rc \/ Rf) // v -> v' assume not(Rc => Rf) // v' -> v" assert false; }
+      *
+      * Procedures with no precond and the predicate as their postcond are generated to encode two-state assumptions.
+      */
+    (libRelies.keySet ++ libGuarantees.keySet)
+      .filter(x => libRelies(x).nonEmpty && libGuarantees(x).nonEmpty)
+      .map { targetName =>
+        val Rc: BExpr = resolveSpec.visitBExpr(spec.relies.reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
+        val Gc: BExpr = resolveSpec.visitBExpr(spec.guarantees.reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
+
+        val Rf: BExpr = resolveSpec.visitBExpr(libRelies(targetName).reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
+        val Gf: BExpr = resolveSpec.visitBExpr(libGuarantees(targetName).reduce((a, b) => BinaryBExpr(BoolAND, a, b)))
+
+        val inv = BinaryBExpr(BoolOR, Rc, Gf)
+        val conseq = BinaryBExpr(BoolIMPLIES, Rc, Rf)
+
+        val procInv = BProcedure(
+          targetName + "$InlineInv",
+          List(),
+          List(),
+          List(inv),
+          List(),
+          List(),
+          List(),
+          List(),
+          List(),
+          inv.globals,
+          List(),
+          List()
+        )
+
+        val proc2 = BProcedure(
+          targetName + "$notRcimpliesRf",
+          List(),
+          List(),
+          List(UnaryBExpr(BoolNOT, conseq)),
+          List(),
+          List(),
+          List(),
+          List(),
+          List(),
+          conseq.globals,
+          List(),
+          List()
+        )
+
+        val procGf = BProcedure(
+          targetName + "$Gf",
+          List(),
+          List(),
+          List(Gf),
+          List(),
+          List(),
+          List(),
+          List(),
+          List(),
+          Gf.globals,
+          List(),
+          List()
+        )
+
+        val proc4 = BProcedure(
+          targetName + "$GfimpliesGc",
+          List(),
+          List(),
+          List(Gc),
+          List(),
+          List(),
+          List(),
+          List(),
+          List(),
+          Gc.globals,
+          List(BProcedureCall(procGf.name, List(), List()))
+        )
+
+        val proc5 = BProcedure(
+          targetName + "$InlineInvTransitive",
+          List(),
+          List(),
+          List(inv),
+          List(),
+          List(),
+          List(),
+          List(),
+          List(),
+          inv.globals,
+          List(BProcedureCall(procInv.name, List(), List()), BProcedureCall(procInv.name, List(), List()))
+        )
+
+        targetName -> Seq(procInv, proc2, procGf, proc4, proc5)
+      }
+      .toMap
   }
 
   def relyfun(targetName: String): Option[IfCmd] = {
     libRGFunsContradictionProof.get(targetName).map { proc =>
-      IfCmd(StarBLiteral, List(
-        BProcedureCall(proc(0).name, Seq(), Seq()),
-        BProcedureCall(proc(1).name, Seq(), Seq()),
-        BAssert(FalseBLiteral)
-      ))
+      IfCmd(
+        StarBLiteral,
+        List(
+          BProcedureCall(proc(0).name, Seq(), Seq()),
+          BProcedureCall(proc(1).name, Seq(), Seq()),
+          BAssert(FalseBLiteral)
+        )
+      )
     }
   }
 
@@ -711,7 +857,8 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       val conditionVariables = conditions.flatMap(_.body.variables)
       val gammas = conditionVariables.map(_.toGamma).toList.sorted
       val conditionAssert: List[BCmd] = if (gammas.size > 1) {
-        val andedConditions = gammas.tail.foldLeft(gammas.head)((ands: BExpr, next: BExpr) => BinaryBExpr(BoolAND, ands, next))
+        val andedConditions =
+          gammas.tail.foldLeft(gammas.head)((ands: BExpr, next: BExpr) => BinaryBExpr(BoolAND, ands, next))
         List(BAssert(andedConditions))
       } else if (gammas.size == 1) {
         List(BAssert(gammas.head))
@@ -722,24 +869,31 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
       conditionAssert :+ jump
     case r: Return => {
       val out = r.outParams.toList
-      if (out.nonEmpty) then List(
-        AssignCmd(out.map(_._1.toBoogie), out.map(_._2.toBoogie)),
-        AssignCmd(out.map(_._1.toGamma), out.map(c => exprToGamma(c._2))),
-        ReturnCmd) else List(ReturnCmd)
+      if (out.nonEmpty) then
+        List(
+          AssignCmd(out.map(_._1.toBoogie), out.map(_._2.toBoogie)),
+          AssignCmd(out.map(_._1.toGamma), out.map(c => exprToGamma(c._2))),
+          ReturnCmd
+        )
+      else List(ReturnCmd)
     }
     case _: Unreachable => List(BAssume(FalseBLiteral))
   }
 
   def translate(j: Call): List[BCmd] = j match {
     case d: DirectCall =>
-      val call = BProcedureCall(d.target.name, 
+      val call = BProcedureCall(
+        d.target.name,
         d.outParams.toList.flatMap(c => Seq(c._2.toBoogie, c._2.gammas.head.toGamma)),
         d.actualParams.toList.flatMap(c => Seq(c._2.toBoogie, exprToGamma(c._2)))
       )
 
       (config.procedureRely match {
         case Some(ProcRelyVersion.Function) =>
-          if (libRelies.contains(d.target.name) && libGuarantees.contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) {
+          if (
+            libRelies.contains(d.target.name) && libGuarantees
+              .contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty
+          ) {
             val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem))
             val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1))
             val libRGAssert = libRelies(d.target.name).map(r => BAssert(ResolveSpecInv.visitBExpr(r)))
@@ -748,26 +902,25 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
             List()
           }
         case Some(ProcRelyVersion.IfCommandContradiction) => relyfun(d.target.name).toList
-        case None => List()
+        case None                                         => List()
       }) ++ List(call)
     case i: IndirectCall => List(Comment(s"UNRESOLVED: call ${i.target.name}"), BAssert(FalseBLiteral))
   }
 
   def translate(s: Statement): List[BCmd] = s match {
     case d: Call => translate(d)
-    case _: NOP => List.empty
+    case _: NOP  => List.empty
     case m: MemoryStore =>
       val lhs = m.mem.toBoogie
       val rhs = BMemoryStore(m.mem.toBoogie, m.index.toBoogie, m.value.toBoogie, m.endian, m.size)
       val lhsGamma = m.mem.toGamma
       val rhsGamma = GammaStore(m.mem.toGamma, m.index.toBoogie, exprToGamma(m.value), m.size, m.size / m.mem.valueSize)
       val store = AssignCmd(List(lhs, lhsGamma), List(rhs, rhsGamma))
-      val stateSplit = List.empty /*s match {
       val stateSplit = s match {
         case MemoryStore(_, _, _, _, _, Some(label)) => List(captureStateStatement(s"$label"))
-        case LocalAssign(_, _, Some(label)) => List(captureStateStatement(s"$label"))
-        case _ => List.empty
-      } */
+        case LocalAssign(_, _, Some(label))          => List(captureStateStatement(s"$label"))
+        case _                                       => List.empty
+      }
       m.mem match {
         case _: StackMemory =>
           List(store) ++ stateSplit
@@ -785,7 +938,7 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
             val memory = if (regionInjector.isDefined) {
               regionInjector.get.getMergedRegion(g.address, g.size) match {
                 case Some(region) => BMapVar(region.name, MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global)
-                case None => mem
+                case None         => mem
               }
             } else {
               mem
@@ -805,7 +958,11 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
             }
             AssignCmd(
               g.toOldGamma,
-              BinaryBExpr(BoolOR, GammaLoad(gamma, g.toAddrVar, g.size, g.size / m.mem.valueSize), L(LArgs, g.toAddrVar))
+              BinaryBExpr(
+                BoolOR,
+                GammaLoad(gamma, g.toAddrVar, g.size, g.size / m.mem.valueSize),
+                L(LArgs, g.toAddrVar)
+              )
             )
           }
           val secureUpdate = for (c <- controls.keys.view.toSeq.sorted) yield {
@@ -823,7 +980,10 @@ class IRToBoogie(var program: Program, var spec: Specification, var thread: Opti
           val guaranteeChecks = guarantees.keys.collect {
             case g if guaranteeRegions(g).contains(lhs) => BAssert(g)
           }
-          (List(rely, gammaValueCheck) ++ oldAssigns ++ oldGammaAssigns :+ store) ++ secureUpdate ++ guaranteeChecks ++ stateSplit
+          (List(
+            rely,
+            gammaValueCheck
+          ) ++ oldAssigns ++ oldGammaAssigns :+ store) ++ secureUpdate ++ guaranteeChecks ++ stateSplit
       }
     case l: LocalAssign =>
       val lhs = l.lhs.toBoogie
diff --git a/src/main/scala/util/PerformanceTimer.scala b/src/main/scala/util/PerformanceTimer.scala
index 50b106e37..6146563a0 100644
--- a/src/main/scala/util/PerformanceTimer.scala
+++ b/src/main/scala/util/PerformanceTimer.scala
@@ -2,21 +2,26 @@ package util
 import scala.collection.mutable
 import scala.collection
 
-
-case class PerformanceTimer(timerName: String = "") {
+case class PerformanceTimer(timerName: String = "", logLevel: LogLevel = LogLevel.DEBUG) {
   private var lastCheckpoint: Long = System.currentTimeMillis()
   private var end: Long = 0
   private val checkpoints: mutable.Map[String, Long] = mutable.HashMap()
 
   def checkPoint(name: String): Long = {
-      val delta = elapsed()
-      lastCheckpoint = System.currentTimeMillis()
-      checkpoints.put(name, delta)
-      // Logger.debug(s"PerformanceTimer $timerName [$name]: ${delta}ms")
-      delta
+    val delta = elapsed()
+    lastCheckpoint = System.currentTimeMillis()
+    checkpoints.put(name, delta)
+    logLevel match {
+      case LogLevel.DEBUG => Logger.debug(s"PerformanceTimer $timerName [$name]: ${delta}ms")
+      case LogLevel.INFO  => Logger.info(s"PerformanceTimer $timerName [$name]: ${delta}ms")
+      case LogLevel.WARN  => Logger.warn(s"PerformanceTimer $timerName [$name]: ${delta}ms")
+      case LogLevel.ERROR => Logger.error(s"PerformanceTimer $timerName [$name]: ${delta}ms")
+      case _              => ???
+    }
+    delta
   }
-  def elapsed() :  Long = {
-      System.currentTimeMillis() - lastCheckpoint
+  def elapsed(): Long = {
+    System.currentTimeMillis() - lastCheckpoint
   }
 
   def checkPoints(): scala.collection.Map[String, Long] = checkpoints

From d5a744bad87b7067e1f2e52a18c18fd80328917d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 13:40:48 +1000
Subject: [PATCH 112/127] tweak prettyprinter

---
 src/main/scala/translating/PrettyPrinter.scala | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
index 747459006..145beb6e1 100644
--- a/src/main/scala/translating/PrettyPrinter.scala
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -253,15 +253,15 @@ class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
     val name = p.name
     val inParams = p.formalInParam.toList.map(vparam)
     val outParams = p.formalOutParam.toList.map(vparam)
-    val entryBlock = p.entryBlock.map(vblock)
+    val entryBlock = p.entryBlock
     val middleBlocks =
-      (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy(x => -x.rpoOrder).map(vblock)
+      (p.entryBlock.toList ++ (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy(x => -x.rpoOrder)
+      ++ p.returnBlock).map(vblock)
     val returnBlock = p.returnBlock.map(vblock)
 
     val localDecls = decls.toList.sorted
 
-    val iblocks = entryBlock.map(b => (s"  entry = ${indent(b.toString)}")).toList
-      ++ returnBlock.map(b => (s"  exit = ${indent(b.toString)}")).toList
+    val iblocks = p.entryBlock.map(b => (s"  entry_block = " + '"' + b.label + '"')).toList
 
     val addr = p.address.map(l => vaddress(l).toString).map("  address = " + _).toList
 

From ef7330a94ad94f8e8c7b4f09b1827c5118398a6e Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Mon, 6 Jan 2025 14:13:39 +1000
Subject: [PATCH 113/127] fix args

---
 src/main/scala/Main.scala | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 049962577..de4b9a13b 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -53,13 +53,11 @@ object Main {
   case class Config(
     @arg(
       name = "load-directory-bap",
-      short = 'd',
       doc = "Load relf, adt, and bir from directory (and spec from parent directory)"
     )
     bapInputDirName: Option[String],
     @arg(
       name = "load-directory-gtirb",
-      short = 'd',
       doc = "Load relf, gts, and bir from directory (and spec from parent directory)"
     )
     gtirbInputDirName: Option[String],

From fa73de27018b1e8080ef74977536f91aa9392a8d Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 14 Jan 2025 15:26:21 +1000
Subject: [PATCH 114/127] fix

---
 src/main/scala/boogie/BCmd.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/scala/boogie/BCmd.scala b/src/main/scala/boogie/BCmd.scala
index cc1b4b929..1a3aa57e4 100644
--- a/src/main/scala/boogie/BCmd.scala
+++ b/src/main/scala/boogie/BCmd.scala
@@ -44,7 +44,7 @@ case class BAssume(body: BExpr, comment: Option[String] = None, override val att
 case class BProcedureCall(name: String, lhss: Seq[BVar] = Seq(), params: Seq[BExpr] = Seq(), comment: Option[String] = None) extends BCmd {
   override def toString: String = {
     if (lhss.isEmpty) {
-      s"call $attrString$name();"
+      s"call $attrString$name(${params.mkString(", ")});"
     } else {
       s"call $attrString${lhss.mkString(", ")} := $name(${params.mkString(", ")});"
     }

From 827946c84dfae96ca106dacdd61b504cec58e1d5 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 14 Jan 2025 16:40:50 +1000
Subject: [PATCH 115/127] basic exit call identification

in the main procedure, add return statements after all
calls functions which exit on all paths, this
gives the ide solver a return point to attach
summaries to
---
 .../ir/transforms/ProcedureParameters.scala   | 25 ++++----
 src/main/scala/ir/transforms/Simp.scala       | 58 +++++++++++++++++++
 src/main/scala/translating/IRToBoogie.scala   |  1 -
 src/main/scala/util/RunUtils.scala            | 10 +++-
 4 files changed, 81 insertions(+), 13 deletions(-)

diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index bb76765ed..a6e4db2e2 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -7,6 +7,7 @@ import collection.immutable.SortedMap
 import specification.Specification
 import analysis.{TwoElement, TwoElementTop, TwoElementBottom}
 import ir.CallGraph
+import util.Logger
 
 case class FunSig(inArgs: List[Register], outArgs: List[Register])
 
@@ -30,14 +31,18 @@ def fnsigToBinding(f: FunSig) = (
 
 def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
 
-  val liveVars =
-    if (
-      ctx.program.mainProcedure.blocks.nonEmpty && ctx.program.mainProcedure.returnBlock.isDefined && ctx.program.mainProcedure.entryBlock.isDefined
-    ) {
-      analysis.InterLiveVarsAnalysis(ctx.program).analyze()
-    } else {
-      Map.empty
-    }
+  val mainNonEmpty = ctx.program.mainProcedure.blocks.nonEmpty
+  val mainHasReturn = ctx.program.mainProcedure.returnBlock.isDefined
+  val mainHasEntry = ctx.program.mainProcedure.entryBlock.isDefined
+
+  val liveVars = if (mainNonEmpty && mainHasEntry && mainHasReturn) {
+    analysis.InterLiveVarsAnalysis(ctx.program).analyze()
+  } else {
+    Logger.error(s"Empty live vars $mainNonEmpty $mainHasReturn $mainHasEntry")
+    Map.empty
+  }
+
+  transforms.applyRPO(ctx.program)
 
   val params = inOutParams(ctx.program, liveVars)
 
@@ -337,8 +342,8 @@ class SetActualParams(
       //   }
       // }
       case d: DirectCall => {
-        d.actualParams = SortedMap.from(d.target.inParamDefaultBinding)
-        d.outParams = SortedMap.from(d.target.outParamDefaultBinding)
+        d.actualParams = SortedMap.from(inBinding(d.target))
+        d.outParams = SortedMap.from(outBinding(d.target))
       }
       case _ => ()
     }
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 62deadab7..4daa3f8e3 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -878,7 +878,65 @@ class Substitute(val res: Variable => Option[Expr], val recurse: Boolean = true,
       None
     }
   }
+}
+
+enum PathExit:
+  case Maybe
+  case Return
+  case NoReturn
+  case Bot
+
+class ProcExitsDomain(is_nonreturning: String => Boolean) extends AbstractDomain[PathExit] {
+  /* backwards analysis to identify non-returning function */
+
+  override def transfer(s: PathExit, b: Command) = {
+    b match {
+      case d: DirectCall if is_nonreturning(d.target.name) => PathExit.NoReturn
+      case r: Return                                       => PathExit.Maybe
+      case _                                               => s
+    }
+  }
+  override def top = PathExit.Maybe
+  def bot = PathExit.Bot
+  def join(l: PathExit, r: PathExit, pos: Block) = (l, r) match {
+    case (PathExit.Return, PathExit.Return)     => PathExit.Return
+    case (PathExit.NoReturn, PathExit.NoReturn) => PathExit.NoReturn
+    case (PathExit.Return, PathExit.NoReturn)   => PathExit.Maybe
+    case (PathExit.NoReturn, PathExit.Return)   => PathExit.Maybe
+    case (PathExit.Maybe, x)                    => PathExit.Maybe
+    case (x, PathExit.Maybe)                    => PathExit.Maybe
+    case (PathExit.Bot, x)                      => x
+    case (x, PathExit.Bot)                      => x
+  }
+}
+
+case class ProcReturnInfo(returning: Set[Procedure], nonreturning: Set[Procedure])
 
+def findNonReturningFunctionsSaturating(p: Program) = {
+  var returning = Set[String]()
+  var old_nonreturning = Set[String]()
+
+  val exit = p.procedures.find(p => p.procName == "exit").map(_.name)
+  var nonreturning = exit.toSet ++ Set("exit")
+
+  while (nonreturning != old_nonreturning) {
+    old_nonreturning = nonreturning
+
+    for (p <- p.procedures.filterNot(p => nonreturning.contains(p.name) || returning.contains(p.name))) {
+      val solver = worklistSolver(ProcExitsDomain(s => nonreturning.contains(s)))
+      val (beforeBlocks, afterBlocks) = solver.solveProc(p, true)
+      p.entryBlock.flatMap(beforeBlocks.get) match {
+        case Some(PathExit.NoReturn) => nonreturning = nonreturning + p.name
+        case Some(PathExit.Return)   => returning = returning + p.name
+        case _                       => ()
+      }
+    }
+  }
+
+  ProcReturnInfo(
+    returning.flatMap(pn => p.procedures.find(_.name == pn).toSet),
+    nonreturning.flatMap(pn => p.procedures.find(_.name == pn).toSet)
+  )
 }
 
 class Simplify(val res: Variable => Option[Expr], val initialBlock: Block = null) extends CILVisitor {
diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala
index 45bd28f06..e0b2215e9 100644
--- a/src/main/scala/translating/IRToBoogie.scala
+++ b/src/main/scala/translating/IRToBoogie.scala
@@ -757,7 +757,6 @@ class IRToBoogie(
 
         val inv = BinaryBExpr(BoolOR, Rc, Gf)
         val conseq = BinaryBExpr(BoolIMPLIES, Rc, Rf)
-
         val procInv = BProcedure(
           targetName + "$InlineInv",
           List(),
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 7f3a1b950..c49d3084f 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -205,6 +205,13 @@ object IRTransform {
       }
     }
 
+    transforms.applyRPO(ctx.program)
+    val nonReturning = transforms.findNonReturningFunctionsSaturating(ctx.program)
+    ctx.program.mainProcedure.foreach(s => s match {
+      case d : DirectCall if nonReturning.nonreturning.contains(d.target) => d.parent.replaceJump(Return())
+      case _ => ()
+    })
+
     cilvisitor.visit_prog(transforms.ReplaceReturns(), ctx.program)
     transforms.addReturnBlocks(ctx.program)
     cilvisitor.visit_prog(transforms.ConvertSingleReturn(), ctx.program)
@@ -550,7 +557,6 @@ object RunUtils {
 
     DebugDumpIRLogger.writeToFile(File("blockgraph-before-dsa.dot"), dotBlockGraph(ctx.program.mainProcedure))
     
-    Logger.info(s"RPO ${timer.checkPoint("RPO")} ms ")
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
     DebugDumpIRLogger.writeToFile(File("il-before-dsa.il"), serialiseIL(ctx.program))
 
@@ -587,7 +593,7 @@ object RunUtils {
     // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
 
     assert(invariant.blockUniqueLabels(ctx.program))
-    Logger.info(s"CopyProp ${timer.checkPoint("CopyProp")} ms ")
+    Logger.info(s"CopyProp ${timer.checkPoint("Simplify")} ms ")
     DebugDumpIRLogger.writeToFile(File("il-after-copyprop.il"), pp_prog(ctx.program))
 
 

From d72b9876c50d7e98aca082798dcb78ac7105cc9f Mon Sep 17 00:00:00 2001
From: Sadra Bayat Tork <sbayattork@gmail.com>
Date: Wed, 15 Jan 2025 11:03:08 +1000
Subject: [PATCH 116/127] allow custom initial state in AbstractDomain

---
 src/main/scala/ir/transforms/AbsInt.scala | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/scala/ir/transforms/AbsInt.scala b/src/main/scala/ir/transforms/AbsInt.scala
index 32f06de3a..218327c34 100644
--- a/src/main/scala/ir/transforms/AbsInt.scala
+++ b/src/main/scala/ir/transforms/AbsInt.scala
@@ -20,6 +20,7 @@ trait AbstractDomain[L] {
   def widen(a: L, b: L, pos: Block): L = join(a, b, pos) /* not used */
   def narrow(a: L, b: L): L = a
   def transfer(a: L, b: Command): L
+  def init(b: Block): L = bot
 
   def isFixed(prev: L, next: L) : Boolean = (prev == next)
 
@@ -137,7 +138,7 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
       val prev = savedAfter.get(b)
       val x = {
         predecessors(b).toList.flatMap(b => savedAfter.get(b).toList) match {
-          case Nil      => domain.bot
+          case Nil      => domain.init(b)
           case h :: Nil => h
           case h :: tl  => tl.foldLeft(h)((acc, nb) => domain.join(acc, nb, b))
         }

From 589a9ee43eb7856fc87ef4636e9d3b5796a561a1 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 16 Jan 2025 09:51:09 +1000
Subject: [PATCH 117/127] load dir update readme

---
 readme.md                 | 44 +++++++++++++++++++++++++++------------
 src/main/scala/Main.scala | 43 ++++++++++++++++++++++----------------
 2 files changed, 56 insertions(+), 31 deletions(-)

diff --git a/readme.md b/readme.md
index 78dba3915..8729d1b62 100644
--- a/readme.md
+++ b/readme.md
@@ -59,27 +59,45 @@ Other flags are listed below:
 
 ```
 BASIL
-  --analyse                       Run static analysis pass.
-  --analysis-results <str>        Log analysis results in files at specified path.
-  --analysis-results-dot <str>    Log analysis results in .dot form at specified path.
+  --load-directory-bap <str>      Load relf, adt, and bir from directory (and spec from parent
+                                  directory)
+  --load-directory-gtirb <str>    Load relf, gts, and bir from directory (and spec from parent
+                                  directory)
+  -i --input <str>                BAP .adt file or GTIRB/ASLi .gts file
+  -r --relf <str>                 Name of the file containing the output of 'readelf -s -r -W'.
+  -s --spec <str>                 BASIL specification file.
+  -o --output <str>               Boogie output destination file.
+  --boogie-use-lambda-stores      Use lambda representation of store operations.
   --boogie-procedure-rg <str>     Switch version of procedure rely/guarantee checks to emit.
                                   (function|ifblock)
-  --boogie-use-lambda-stores      Use lambda representation of store operations.
-  --dump-il <str>                 Dump the Intermediate Language to text.
-  -h --help                       Show this help message.
-  -i --input <str>                BAP .adt file or GTIRB/ASLi .gts file
+  -v --verbose                    Show extra debugging logs (the same as -vl log)
+  --vl <str>                      Show extra debugging logs for a specific logger (log.debugdumpir,
+                                  log.analysis.vsa, log.simplify, log, log.analysis,
+                                  log.analysis.steensgaard, log.analysis.mra).
+  --analyse                       Run static analysis pass.
   --interpret                     Run BASIL IL interpreter.
+  --dump-il <str>                 Dump the Intermediate Language to text.
   -m --main-procedure-name <str>  Name of the main procedure to begin analysis at.
-  -o --output <str>               Boogie output destination file.
   --procedure-call-depth <int>    Cull procedures beyond this call depth from the main function
                                   (defaults to Int.MaxValue)
-  -r --relf <str>                 Name of the file containing the output of 'readelf -s -r -W'.
-  -s --spec <str>                 BASIL specification file.
-  --summarise-procedures          Generates summaries of procedures which are used in
-                                  pre/post-conditions (requires --analyse flag)
+  --trim-early                    Cull procedures BEFORE running analysis
+  -h --help                       Show this help message.
+  --analysis-results <str>        Log analysis results in files at specified path.
+  --analysis-results-dot <str>    Log analysis results in .dot form at specified path.
   -t --threads                    Separates threads into multiple .bpl files with given output
                                   filename as prefix (requires --analyse flag)
-  -v --verbose                    Show extra debugging logs.
+  --parameter-form                Lift registers to local variables passed by parameter
+  --summarise-procedures          Generates summaries of procedures which are used in
+                                  pre/post-conditions (requires --analyse flag)
+  --simplify                      Partial evaluate / simplify BASIL IR before output (requires
+                                  --analyse flag)
+  --validate-simplify             Emit SMT2 check for algebraic simplification translation
+                                  validation to 'rewrites.smt2'
+  --verify                        Run boogie on the resulting file
+  --memory-regions <str>          Performs static analysis to separate memory into discrete regions
+                                  in Boogie output (requires --analyse flag) (mra|dsa)
+  --no-irreducible-loops          Disable producing irreducible loops when --analyse is passed (does
+                                  nothing without --analyse)
 ```
 
 For more information see [docs/usage](docs/usage.md).
diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index de4b9a13b..cd37f00d1 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -23,30 +23,37 @@ object Main {
 
   def loadDirectory(i: ChooseInput = ChooseInput.Gtirb, d: String): ILLoadingConfig = {
     val p = d.split("/")
-    val name = p.dropRight(1).last
+    val tryName = Seq(p.last, p.dropRight(1).last)
 
-    val trySpec = Seq((p ++ Seq(s"$name.spec")).mkString("/"), (p.dropRight(1) ++ Seq(s"$name.spec")).mkString("/"))
-    val adt = (p ++ Seq(s"$name.adt")).mkString("/")
-    val relf = (p ++ Seq(s"$name.relf")).mkString("/")
-    val gtirb = (p ++ Seq(s"$name.gts")).mkString("/")
+    tryName.flatMap(name =>  {
+      val trySpec = Seq((p ++ Seq(s"$name.spec")).mkString("/"), (p.dropRight(1) ++ Seq(s"$name.spec")).mkString("/"))
+      val adt = (p ++ Seq(s"$name.adt")).mkString("/")
+      val relf = (p ++ Seq(s"$name.relf")).mkString("/")
+      val gtirb = (p ++ Seq(s"$name.gts")).mkString("/")
 
-    val spec = trySpec
-      .flatMap(s => {
-        if (File(s).exists) {
-          Seq(s)
+
+      val spec = trySpec
+        .flatMap(s => {
+          if (File(s).exists) {
+            Seq(s)
+          } else {
+            Seq()
+          }
+        })
+        .headOption
+
+      val input = i match
+        case ChooseInput.Gtirb => gtirb
+        case ChooseInput.Bap   => adt
+
+        if (File(input).exists() && File(relf).exists()) {
+          Logger.info(s"Found $input $relf ${spec.getOrElse("")}")
+          Seq(ILLoadingConfig(input, relf, spec))
         } else {
           Seq()
         }
-      })
-      .headOption
-
-    val input = i match
-      case ChooseInput.Gtirb => gtirb
-      case ChooseInput.Bap   => adt
+    }).head
 
-    Logger.info(s"Loading $input $relf ${spec.getOrElse("")}")
-    val x = ILLoadingConfig(input, relf, spec)
-    x
   }
 
   @main(name = "BASIL")

From f6e1a16cbe90fae5153625eabcdadf4f1767d4d6 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 16 Jan 2025 10:52:58 +1000
Subject: [PATCH 118/127] tweak messages and readme

---
 readme.md                          | 77 ++++++++++++++++++++++++------
 src/main/scala/Main.scala          |  4 +-
 src/main/scala/util/RunUtils.scala |  2 +-
 3 files changed, 65 insertions(+), 18 deletions(-)

diff --git a/readme.md b/readme.md
index 8729d1b62..e3144a489 100644
--- a/readme.md
+++ b/readme.md
@@ -7,29 +7,76 @@ binaries that have been lifted to intermediate formats. Supported input formats
 
 ### Example
 
+Example of a direct translation:
+
 ```sh
-$ ./mill run --input src/test/correct/secret_write/clang/secret_write.adt --relf src/test/correct/secret_write/clang/secret_write.relf --spec src/test/correct/secret_write/secret_write.spec --output boogie_out.bpl
+$ mill run --load-directory-bap src/test/correct/secret_write/gcc -o test.bpl --verify 
+[70/70] run 
+[INFO]   Found src/test/correct/secret_write/gcc/secret_write.adt src/test/correct/secret_write/gcc/secret_write.relf src/test/correct/secret_write/secret_write.spec
 [INFO]   [!] Loading Program
 [INFO]   [!] Removing external function calls
 [INFO]   [!] Stripping unreachable
 [INFO]   [!] Removed 11 functions (1 remaining)
 [INFO]   [!] Translating to Boogie
-[INFO]   [!] Writing file...
-$ tail boogie_out.bpl 
-    mem, Gamma_mem := memory_store32_le(mem, bvadd64(R9, 52bv64), R8[32:0]), gamma_store32(Gamma_mem, bvadd64(R9, 52bv64), Gamma_R8);
-    assert ((bvadd64(R9, 52bv64) == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
+[INFO]   Writing output
+[INFO]   Running boogie
+
+Boogie program verifier finished with 4 verified, 0 errors
+[INFO]   PerformanceTimer Verify [Finish]: 816ms
+$ tail test.bpl 
+    assert ((R0 == $z_addr) ==> (L(mem, $x_addr) ==> Gamma_x_old));
     assert bvsge32(memory_load32_le(mem, $z_addr), z_old);
-    assume {:captureState "%0000033f"} true;
-    goto main_basil_return;
-  main_basil_return:
-    assume {:captureState "main_basil_return"} true;
+    assume {:captureState "%000003b7"} true;
+    R0, Gamma_R0 := 0bv64, true;
+    goto main_1812_basil_return;
+  main_1812_basil_return:
+    assume {:captureState "main_1812_basil_return"} true;
     return;
 }
+```
 
-$ boogie boogie_out.bpl 
+Example using analysis:
+
+- Infer separate stack/memory variables (--analyse)
+- Resolve indirect calls (--memory-regions dsa)
+- Simplify code: (--simplify)
+  - Fold constant expressions
+  - Simplify branch flag calculations to (in)equality conditions
+  - Remove dead code
 
-Boogie program verifier finished with 4 verified, 0 errors
 ```
+$ mill run --load-directory-gtirb src/test/correct/functionpointer/clang --simplify --analyse --memory-regions mra --verify
+[INFO]   Found src/test/correct/functionpointer/clang/functionpointer.gts src/test/correct/functionpointer/clang/functionpointer.relf src/test/correct/functionpointer/functionpointer.spec
+[INFO]   [!] Loading Program
+[INFO]   [!] Removing external function calls
+[INFO]   [!] Running Static Analysis
+[INFO]   [!] Replacing Indirect Calls
+[INFO]   [!] Generating Procedure Summaries
+[INFO]   [!] Running Static Analysis
+[INFO]   [!] Replacing Indirect Calls
+[INFO]   [!] Generating Procedure Summaries
+[INFO]   [!] Running Writes To
+[INFO]   [!] Running Symbolic Access Analysis
+[INFO]   [!] Running DSA Analysis
+[INFO]   [!] Finished indirect call resolution after 1 iterations
+[INFO]   [!] Running Simplify
+[INFO]   [!] Simplify :: DynamicSingleAssignment
+[INFO]   DSA 29 ms 
+[INFO]   [!] Simplify :: Expr/Copy-prop Transform
+[INFO]   [!] Simplify :: Dead variable elimination
+[INFO]   [!] Simplify :: Merge empty blocks
+[INFO]   CopyProp 72 ms 
+[INFO]   [!] Simplify :: finished
+[INFO]   [!] Stripping unreachable
+[INFO]   [!] Removed 17 functions (4 remaining)
+[INFO]   [!] Translating to Boogie
+[INFO]   Writing output
+[INFO]   Running boogie
+
+Boogie program verifier finished with 5 verified, 0 errors
+[INFO]   PerformanceTimer Verify [Finish]: 622ms
+```
+
 
 ---
 
@@ -89,10 +136,10 @@ BASIL
   --parameter-form                Lift registers to local variables passed by parameter
   --summarise-procedures          Generates summaries of procedures which are used in
                                   pre/post-conditions (requires --analyse flag)
-  --simplify                      Partial evaluate / simplify BASIL IR before output (requires
-                                  --analyse flag)
-  --validate-simplify             Emit SMT2 check for algebraic simplification translation
-                                  validation to 'rewrites.smt2'
+  --simplify                      Partial evaluate / simplify BASIL IR before output (implies
+                                  --parameter-form)
+  --validate-simplify             Emit SMT2 check for validation of simplification expression
+                                  rewrites 'rewrites.smt2'
   --verify                        Run boogie on the resulting file
   --memory-regions <str>          Performs static analysis to separate memory into discrete regions
                                   in Boogie output (requires --analyse flag) (mra|dsa)
diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index cd37f00d1..6ecf8002d 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -124,11 +124,11 @@ object Main {
       doc = "Generates summaries of procedures which are used in pre/post-conditions (requires --analyse flag)"
     )
     summariseProcedures: Flag,
-    @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (requires --analyse flag)")
+    @arg(name = "simplify", doc = "Partial evaluate / simplify BASIL IR before output (implies --parameter-form)")
     simplify: Flag,
     @arg(
       name = "validate-simplify",
-      doc = "Emit SMT2 check for algebraic simplification translation validation to 'rewrites.smt2'"
+      doc = "Emit SMT2 check for validation of simplification expression rewrites 'rewrites.smt2'"
     )
     validateSimplify: Flag,
     @arg(name = "verify", doc = "Run boogie on the resulting file")
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index c49d3084f..6ff8bd221 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -603,7 +603,7 @@ object RunUtils {
       Logger.info("DSA Check (after transform)")
       val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
       assert(x)
-      Logger.info("passed")
+      Logger.info("DSA Check succeeded")
     }
 
     // run this after cond recovery because sign bit calculations often need high bits

From c8a208e4bfb8c7341afc5ee9d6883f9b6ac61ceb Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 16 Jan 2025 10:53:27 +1000
Subject: [PATCH 119/127] disable spec param conversion on procedures with no
 spec

---
 .../scala/ir/transforms/ProcedureParameters.scala  | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index a6e4db2e2..8ebe9d56d 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -423,10 +423,16 @@ def specToProcForm(
   }
 
   val ns = spec.copy(subroutines = spec.subroutines.map(s => {
-    s.copy(
-      requires = s.requires.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), false)),
-      ensures = s.ensures.map(convVarToOld(varToInVar(s.name), varToOutVar(s.name), true))
-    )
+    if (s.requires.nonEmpty || s.ensures.nonEmpty) {
+      val in = varToInVar(s.name)
+      val out = varToOutVar(s.name)
+      s.copy(
+        requires = s.requires.map(convVarToOld(in, out, false)),
+        ensures = s.ensures.map(convVarToOld(in, out, true))
+      )
+    } else {
+      s
+    }
   }))
   ns
 }

From fb808f6dae00c82a6e06f2fcc0e13e9b97f49eb3 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Tue, 21 Jan 2025 17:07:39 +1000
Subject: [PATCH 120/127] add interproc solver to absint, analysis result
 printer

---
 .../scala/analysis/IrreducibleLoops.scala     |   9 ++
 src/main/scala/ir/Program.scala               |   6 +-
 src/main/scala/ir/transforms/AbsInt.scala     | 151 +++++++++++-------
 src/main/scala/ir/transforms/Simp.scala       |  96 ++++++-----
 .../scala/translating/PrettyPrinter.scala     |  90 ++++++-----
 src/main/scala/util/RunUtils.scala            |  13 +-
 6 files changed, 227 insertions(+), 138 deletions(-)

diff --git a/src/main/scala/analysis/IrreducibleLoops.scala b/src/main/scala/analysis/IrreducibleLoops.scala
index a7d19ac08..2c622cdba 100644
--- a/src/main/scala/analysis/IrreducibleLoops.scala
+++ b/src/main/scala/analysis/IrreducibleLoops.scala
@@ -71,6 +71,15 @@ object LoopDetector {
     def reducibleTransformIR(): State = {
       this.copy(loops = LoopTransform.llvm_transform(loops.values).map(l => l.header -> l).toMap)
     }
+
+    def updateIrWithLoops() = {
+      for ((hd, l) <- loops) {
+        hd.inLoop = Set(l)
+        for (participant <- l.nodes) {
+          participant.inLoop = participant.inLoop + l
+        }
+      }
+    }
   }
 
   def identify_loops(entryBlock: Block): State = {
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index b9c10ca5f..fd03b29df 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -3,7 +3,7 @@ package ir
 import scala.collection.mutable.ArrayBuffer
 import scala.collection.{IterableOnceExtensionMethods, View, immutable, mutable}
 import boogie.*
-import analysis.{MergedRegion}
+import analysis.{MergedRegion, Loop}
 import util.intrusive_list.*
 import translating.serialiseIL
 import eval.BitVectorEval
@@ -399,6 +399,10 @@ class Block private (
   def isReturn: Boolean = parent.returnBlock.contains(this)
   def isEntry: Boolean = parent.entryBlock.contains(this)
 
+  var inLoop: Set[Loop] = Set()
+  def isLoopHeader () = inLoop.exists(x => x.header == this)
+  def isLoopParticipant () = inLoop.nonEmpty
+
   def jump: Jump = _jump
 
   var rpoOrder : Long = -1
diff --git a/src/main/scala/ir/transforms/AbsInt.scala b/src/main/scala/ir/transforms/AbsInt.scala
index 218327c34..93f518c60 100644
--- a/src/main/scala/ir/transforms/AbsInt.scala
+++ b/src/main/scala/ir/transforms/AbsInt.scala
@@ -15,95 +15,101 @@ import scala.util.{Failure, Success}
 import ExecutionContext.Implicits.global
 
 
-trait AbstractDomain[L] {
-  def join(a: L, b: L, pos: Block): L
-  def widen(a: L, b: L, pos: Block): L = join(a, b, pos) /* not used */
+
+trait GenericAbstractDomain[Location, Code, L] {
+  def join(a: L, b: L, pos: Location): L
+  def widen(a: L, b: L, pos: Location): L = join(a, b, pos) /* not used */
   def narrow(a: L, b: L): L = a
-  def transfer(a: L, b: Command): L
-  def init(b: Block): L = bot
+  def transfer(a: L, b: Code): L
+  def init(b: Location): L = bot
+
+  def isFixed(prev: L, next: L): Boolean = (prev == next)
 
-  def isFixed(prev: L, next: L) : Boolean = (prev == next)
+  def top: L
+  def bot: L
+}
 
+
+trait AbstractDomain[L] extends GenericAbstractDomain[Block, Command, L] {
   def transferBlockFwd(a: L, b: Block): L = {
     transfer(b.statements.foldLeft(a)(transfer), b.jump)
   }
   def transferBlockBwd(a: L, b: Block): L = {
     b.statements.toList.reverse.foldLeft(transfer(a, b.jump))(transfer)
   }
-
-  def top: L
-  def bot: L
 }
 
+
 trait PowerSetDomain[T] extends AbstractDomain[Set[T]] {
   def bot = Set()
   def top = ???
   def join(a: Set[T], b: Set[T], pos: Block) = a.union(b)
 }
 
-
 def onePassForwardGlobalStateSolver[L, D <: AbstractDomain[L]](initial: Iterable[Block], domain: D) = {
-    val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
-    worklist.addAll(initial)
-    var state = domain.bot
+  val worklist = mutable.PriorityQueue[Block]()(Ordering.by(_.rpoOrder))
+  worklist.addAll(initial)
+  var state = domain.bot
+
+  while (worklist.nonEmpty) {
+    val b: Block = worklist.dequeue
+    val p = state
+
+    for (l <- b.statements) {
+      state = domain.transfer(state, l)
+    }
+    state = domain.transfer(state, b.jump)
+  }
+}
 
-    while (worklist.nonEmpty) {
-      val b: Block = worklist.dequeue
-      val p = state
 
-      for (l <- b.statements) {
-        state = domain.transfer(state, l)
+trait ProcAbstractDomain[L] extends GenericAbstractDomain[Procedure, Procedure, L]
+
+class DomainWithFunctionSummaries[L, Summary](d: AbstractDomain[L], 
+  procSummary: Procedure => Summary,
+  transferCallSummary: (L, Summary, DirectCall) => L
+  ) extends AbstractDomain[L]  {
+    def join(a: L, b: L, pos: Block): L = d.join(a,b,pos)
+    override def widen(a: L, b: L, pos: Block): L = d.widen(a,b, pos)
+    override def narrow(a: L, b: L): L = d.narrow(a, b)
+    override def init(b: Block): L = d.init(b)
+    override def isFixed(prev: L, next: L): Boolean = d.isFixed(prev, next)
+    def top: L = d.top
+    def bot: L = d.bot
+
+    def transfer(a: L, b: Command): L = b match {
+      case call: DirectCall => {
+        transferCallSummary(a, procSummary(call.target), call)
       }
-      state = domain.transfer(state, b.jump)
+      case o => d.transfer(a, b)
     }
+}
 
+trait ProcedureSummaryGenerator[L, LocalDomain] extends GenericAbstractDomain[Procedure, Procedure, L] {
+  def localTransferCall(l: LocalDomain, summaryForTarget: L, p: DirectCall) : LocalDomain
+  def updateSummary(prevSummary: L, p: Procedure,  resBefore: Map[Block, LocalDomain], resAfter: Map[Block, LocalDomain]) : L
 }
 
+
+
 class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
 
-  def solveProc(p: Procedure, backwards: Boolean = false) = {
-    solve(p.blocks, Set(), Set(), backwards)
+  def solveProc(p: Procedure, backwards: Boolean = false) : (Map[Block, L], Map[Block, L]) = {
+    solve(p.blocks, backwards)
   }
 
-  def solveProg(
-      p: Program,
-      widenpoints: Set[Block], // set of loop heads
-      narrowpoints: Set[Block] // set of conditions
-  ): Map[Procedure, Map[Block, L]] = {
-    val initDom = p.procedures.map(p => (p, p.blocks))
-
-    val work = initDom.map(d => {
-      (
-        d._1,
-        Future {
-          val t = util.PerformanceTimer(s"solve ${d._1.name}")
-          Logger.info(s"begin ${t.timerName}")
-          val r = solve(d._2, Set(), Set())
-          t.checkPoint("finished")
-          r
-        }
-      )
-    })
-    work
-      .map((prog, x) =>
-        try {
-          (prog, Await.result(x, 10000.millis)._2)
-        } catch {
-          case t: Exception => {
-            Logger.error(s"${prog.name} : $t")
-            (prog, Map())
-          }
-        }
-      )
-      .toMap
-    // Await.result(Future.sequence(work), Duration.Inf).toMap
+  def solveProgIntraProc(p: Program, backwards: Boolean = false): (Map[Block, L], Map[Block, L]) = {
+    def foldfun(acc: (Map[Block, L], Map[Block, L]), l: (Map[Block, L], Map[Block, L])) = {
+        val (accl, accr) = acc
+        val (vl, vr) = l
+        ((accl ++ vl), (accr ++ vr))
+    }
+    p.procedures.map(p => solve(p.blocks, backwards)).foldLeft(Map[Block, L](), Map[Block, L]())(foldfun)
   }
 
   def solve(
-      initial: IterableOnce[Block],
-      widenpoints: Set[Block], // set of loop heads
-      narrowpoints: Set[Block], // set of conditions
-      backwards: Boolean = false
+    initial: IterableOnce[Block],
+    backwards: Boolean = false
   ): (Map[Block, L], Map[Block, L]) = {
     val savedAfter: mutable.HashMap[Block, L] = mutable.HashMap()
     val savedBefore: mutable.HashMap[Block, L] = mutable.HashMap()
@@ -172,3 +178,34 @@ class worklistSolver[L, A <: AbstractDomain[L]](domain: A) {
     if backwards then (savedAfter.toMap, savedBefore.toMap) else (savedBefore.toMap, savedAfter.toMap)
   }
 }
+
+
+
+class interprocSummaryFixpointSolver[SummaryAbsVal, LocalAbsVal, 
+  A <: AbstractDomain[LocalAbsVal]](localDomain : A, 
+    sg: ProcedureSummaryGenerator[SummaryAbsVal, LocalAbsVal]) {
+
+  def transferProcedure(a: SummaryAbsVal, b: Procedure, getSummary: Procedure => SummaryAbsVal, backwards: Boolean): SummaryAbsVal = {
+    val domain = DomainWithFunctionSummaries(localDomain, getSummary, sg.localTransferCall)
+    val solver = worklistSolver(domain)
+    val (beforeRes, afterRes) = solver.solveProc(b, backwards)
+    sg.updateSummary(a, b, beforeRes, afterRes)
+  }
+
+  def solveProgInterProc(p: Program, backwards : Boolean = false) = {
+    var old_summaries = Map[Procedure, SummaryAbsVal]()
+    var summaries = Map[Procedure, SummaryAbsVal]()
+    var first = true
+    while (first || summaries != old_summaries) {
+      first = false
+      old_summaries = summaries
+
+      for (p <- p.procedures) {
+        def getSummary(p: Procedure) = old_summaries.get(p).getOrElse(sg.init(p))
+        val r = transferProcedure(getSummary(p), p, getSummary, backwards)
+        summaries = summaries.updated(p, r)
+      }
+    }
+    summaries
+  }
+}
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 4daa3f8e3..a38d70e4b 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -589,13 +589,6 @@ object CCP {
 
 object CopyProp {
 
-  def forwardFlagCalc(p: Procedure) = {
-    val (beforeLive, afterLive) = getLiveVars(p)
-    val dom = DefUseDomain(beforeLive)
-    val solver = worklistSolver(dom)
-    val (beforeRes, afterRes) = solver.solveProc(p)
-
-  }
 
   def isFlagVar(l: Variable) = {
     val flagNames = Set("ZF", "VF", "CF", "NF")
@@ -886,6 +879,18 @@ enum PathExit:
   case NoReturn
   case Bot
 
+object PathExit:
+  def join(l: PathExit, r: PathExit) = (l, r) match {
+    case (PathExit.Return, PathExit.Return)     => PathExit.Return
+    case (PathExit.NoReturn, PathExit.NoReturn) => PathExit.NoReturn
+    case (PathExit.Return, PathExit.NoReturn)   => PathExit.Maybe
+    case (PathExit.NoReturn, PathExit.Return)   => PathExit.Maybe
+    case (PathExit.Maybe, x)                    => PathExit.Maybe
+    case (x, PathExit.Maybe)                    => PathExit.Maybe
+    case (PathExit.Bot, x)                      => x
+    case (x, PathExit.Bot)                      => x
+  }
+
 class ProcExitsDomain(is_nonreturning: String => Boolean) extends AbstractDomain[PathExit] {
   /* backwards analysis to identify non-returning function */
 
@@ -898,45 +903,58 @@ class ProcExitsDomain(is_nonreturning: String => Boolean) extends AbstractDomain
   }
   override def top = PathExit.Maybe
   def bot = PathExit.Bot
-  def join(l: PathExit, r: PathExit, pos: Block) = (l, r) match {
-    case (PathExit.Return, PathExit.Return)     => PathExit.Return
-    case (PathExit.NoReturn, PathExit.NoReturn) => PathExit.NoReturn
-    case (PathExit.Return, PathExit.NoReturn)   => PathExit.Maybe
-    case (PathExit.NoReturn, PathExit.Return)   => PathExit.Maybe
-    case (PathExit.Maybe, x)                    => PathExit.Maybe
-    case (x, PathExit.Maybe)                    => PathExit.Maybe
-    case (PathExit.Bot, x)                      => x
-    case (x, PathExit.Bot)                      => x
-  }
+  def join(l: PathExit, r: PathExit, pos: Block) = PathExit.join(l,r)
 }
 
-case class ProcReturnInfo(returning: Set[Procedure], nonreturning: Set[Procedure])
-
-def findNonReturningFunctionsSaturating(p: Program) = {
-  var returning = Set[String]()
-  var old_nonreturning = Set[String]()
-
-  val exit = p.procedures.find(p => p.procName == "exit").map(_.name)
-  var nonreturning = exit.toSet ++ Set("exit")
-
-  while (nonreturning != old_nonreturning) {
-    old_nonreturning = nonreturning
+case class ProcReturnInfo(returning: Set[Procedure], nonreturning: Set[Procedure]) {
+  override def toString = s"returning : ${returning.map(_.name).toList.sorted}\nnonretruning: ${nonreturning.map(_.name).toList.sorted}"
+}
 
-    for (p <- p.procedures.filterNot(p => nonreturning.contains(p.name) || returning.contains(p.name))) {
-      val solver = worklistSolver(ProcExitsDomain(s => nonreturning.contains(s)))
-      val (beforeBlocks, afterBlocks) = solver.solveProc(p, true)
-      p.entryBlock.flatMap(beforeBlocks.get) match {
-        case Some(PathExit.NoReturn) => nonreturning = nonreturning + p.name
-        case Some(PathExit.Return)   => returning = returning + p.name
-        case _                       => ()
-      }
+class DefinitelyExits(knownExit: Set[Procedure]) extends ProcedureSummaryGenerator[PathExit, PathExit] {
+  def top: ir.transforms.PathExit = ???
+  def bot: ir.transforms.PathExit = PathExit.Bot
+  override def init (p: Procedure) = if p.procName == "exit" then PathExit.NoReturn else PathExit.Bot
+  def join(l: PathExit, r: PathExit, p: Procedure) = PathExit.join(l,r)
+
+  def transfer
+  (a: ir.transforms.PathExit, b: ir.Procedure):
+    ir.transforms.PathExit = ???
+  
+  def localTransferCall
+  (l: ir.transforms.PathExit, summaryForTarget: ir.transforms.PathExit, p: ir.DirectCall)
+    : ir.transforms.PathExit = (l, summaryForTarget) match {
+      case (PathExit.Return, PathExit.Return)  => PathExit.Return
+      case (_, PathExit.NoReturn) => PathExit.NoReturn
+      case (o, _)  => o
+  }
+
+  def updateSummary
+  (prevSummary: ir.transforms.PathExit, p: ir.Procedure,
+    resBefore: Map[ir.Block, ir.transforms.PathExit], resAfter:
+    Map[ir.Block, ir.transforms.PathExit]): ir.transforms.PathExit = {
+      p.entryBlock.flatMap(resBefore.get) match {
+        case Some(PathExit.NoReturn) => PathExit.NoReturn
+        case Some(PathExit.Return)   => PathExit.Return
+        case Some(PathExit.Maybe)    => PathExit.Maybe
+        case  _                      => prevSummary
     }
   }
+}
 
-  ProcReturnInfo(
-    returning.flatMap(pn => p.procedures.find(_.name == pn).toSet),
-    nonreturning.flatMap(pn => p.procedures.find(_.name == pn).toSet)
+def findDefinitelyExits(p: Program) = {
+  val exit = p.procedures.filter(p => p.procName == "exit").toSet
+  val dom = DefinitelyExits(exit)
+  val ldom = ProcExitsDomain(x => false)
+  val solve = interprocSummaryFixpointSolver(ldom, dom)
+  val res = solve.solveProgInterProc(p, true)
+  ProcReturnInfo(res.collect {
+    case (p, PathExit.Return) => p
+  }.toSet, 
+  res.collect {
+    case (p, PathExit.NoReturn) => p
+  }.toSet
   )
+
 }
 
 class Simplify(val res: Variable => Option[Expr], val initialBlock: Block = null) extends CILVisitor {
diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
index 145beb6e1..3be0e8e54 100644
--- a/src/main/scala/translating/PrettyPrinter.scala
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -15,8 +15,12 @@ object PrettyPrinter {
   def pp_jump(s: Jump) = BasilIRPrettyPrinter()(s)
   def pp_prog(s: Program) = BasilIRPrettyPrinter()(s)
   def pp_proc(s: Procedure) = BasilIRPrettyPrinter()(s)
-}
 
+  def pp_prog_with_analysis_results[T](before: Map[Block, T], after: Map[Block, T], p: Program, resultPrinter: T => String = ((x : T) => x.toString)) = {
+    BasilIRPrettyPrinter(with_analysis_results_begin=block => before.get(block).map(resultPrinter), block => after.get(block).map(resultPrinter))(p)
+  }
+
+}
 
 def indent(s: String, indent: String = "  "): String = {
   s.flatMap(c =>
@@ -34,14 +38,11 @@ case class BST[T <: Expr | Command](v: String) extends PPProg[T] {
 }
 
 case class Prog(mainProc: String, globalDecls: List[String], procedures: List[Proc]) extends PPProg[Program] {
-  override def toString = globalDecls.map(_ + ";").mkString("\n") + "\n\n" + procedures.map(_.toString + ";\n").mkString("")
+  override def toString =
+    globalDecls.map(_ + ";").mkString("\n") + "\n\n" + procedures.map(_.toString + ";\n").mkString("")
 }
 
-case class Proc(
-    signature: String,
-    localDecls: List[String],
-    blocks: String
-) extends PPProg[Procedure] {
+case class Proc(signature: String, localDecls: List[String], blocks: String) extends PPProg[Procedure] {
   override def toString = {
     if (blocks.size > 0) {
       signature + "\n{" + "\n" + blocks + "\n}"
@@ -51,13 +52,15 @@ case class Proc(
   }
 }
 
-case class PBlock(label: String, address: Option[String], commands: List[String]) extends PPProg[Block] {
+case class PBlock(label: String, address: Option[String], commands: List[String], entryComment: Option[String]= None, exitComment: Option[String]=None) extends PPProg[Block] {
   override def toString = {
     val indent = "  "
     val addr = address.map(" " + _).getOrElse("")
-    s"block ${label}${addr} [\n"
+    val comment = entryComment.map(c => c + "\n").getOrElse("") 
+    val excomment = exitComment.map(c => "\n" + c).getOrElse("")
+    s"block ${label}${addr} [\n${comment}"
       ++ commands.map("  " + _).mkString(";\n")
-      ++ "\n]"
+      ++ s"${excomment}\n]"
   }
 }
 
@@ -66,7 +69,8 @@ case class PBlock(label: String, address: Option[String], commands: List[String]
 //   override def toString = v
 // }
 
-class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
+class BasilIRPrettyPrinter(with_analysis_results_begin: Block => Option[String] = _ => None, 
+  with_analysis_results_end: Block => Option[String] = _ => None) extends BasilIR[PPProg] {
   val blockIndent = "  "
   val statementIndent = "    "
   val seenVars = mutable.HashSet[Variable]()
@@ -139,8 +143,8 @@ class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
       memoryRegions(p).toList.sortBy(_.name).map(memdecl) ++
         globals(p).toList.sorted.map(vardecl)
         ++ List("\nlet entry_procedure = " + p.mainProcedure.name)
-        // ++ List(initialMemory(p.initialMemory.values))
-        ,
+      // ++ List(initialMemory(p.initialMemory.values))
+      ,
       p.procedures.toList.map(vproc).collect {
         case p: Proc => p
         case _       => ???
@@ -153,14 +157,24 @@ class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
     assert(false)
   }
 
+  override def vblock(b: Block): PPProg[Block] = {
+    val label = b.label 
+    val address = b.address 
+    val statements =  b.statements.toList.map(vstmt)
+    val terminator = vjump(b.jump)
+    val entryComent = with_analysis_results_begin(b).map(c => s"${blockIndent}// ${c}")
+    val exitComment = with_analysis_results_end(b).map(c => s"${blockIndent}// ${c}")
+    val addr = address.map(a => s"{address = ${vaddress(a)}}")
+    PBlock(label, addr, statements.map(_.toString) ++ Seq(terminator.toString), entryComent, exitComment)
+  }
+
   override def vblock(
       label: String,
       address: Option[BigInt],
       statements: List[PPProg[Statement]],
       terminator: PPProg[Jump]
   ): PPProg[Block] = {
-    val addr = address.map(a => s"{address = ${vaddress(a)}}")
-    PBlock(label, addr, statements.map(_.toString) ++ Seq(terminator.toString))
+    assert(false)
   }
 
   def vardecl(v: Variable): String = {
@@ -241,22 +255,23 @@ class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
 
   def vaddress(a: BigInt) = vintlit(a)
 
-  def vparam(l: Variable) : String = {
-    s"${l.name}:${vtype{l.getType}}"
+  def vparam(l: Variable): String = {
+    s"${l.name}:${vtype { l.getType }}"
   }
 
   override def vproc(p: Procedure): PPProg[Procedure] = {
     seenVars.clear()
     val decls = locals(p).map(vardecl)
 
-
     val name = p.name
     val inParams = p.formalInParam.toList.map(vparam)
     val outParams = p.formalOutParam.toList.map(vparam)
     val entryBlock = p.entryBlock
     val middleBlocks =
-      (p.entryBlock.toList ++ (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy(x => -x.rpoOrder)
-      ++ p.returnBlock).map(vblock)
+      (p.entryBlock.toList ++ (p.blocks.toSet -- p.entryBlock.toSet -- p.returnBlock.toSet).toList.sortBy(x =>
+        -x.rpoOrder
+      )
+        ++ p.returnBlock).map(vblock)
     val returnBlock = p.returnBlock.map(vblock)
 
     val localDecls = decls.toList.sorted
@@ -275,30 +290,26 @@ class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
 
     val blocks = (pname ++ addr ++ iblocks ++ mblocks.toList).map(_ + ";").mkString("\n")
 
-    Proc(
-      s"proc $name(${inParams.mkString(", ")}) -> (${outParams.mkString(", ")})",
-      localDecls,
-      blocks
-    )
+    Proc(s"proc $name(${inParams.mkString(", ")}) -> (${outParams.mkString(", ")})", localDecls, blocks)
   }
 
   def vproc(
-      name: String,
-      inParams: List[PPProg[Variable]],
-      outParams: List[PPProg[Variable]],
-      entryBlock: Option[PPProg[Block]],
-      middleBlocks: List[PPProg[Block]],
-      returnBlock: Option[PPProg[Block]]
+    name: String,
+    inParams: List[PPProg[Variable]],
+    outParams: List[PPProg[Variable]],
+    entryBlock: Option[PPProg[Block]],
+    middleBlocks: List[PPProg[Block]],
+    returnBlock: Option[PPProg[Block]]
   ): PPProg[Procedure] = ???
 
   override def vassign(lhs: PPProg[Variable], rhs: PPProg[Expr]): PPProg[LocalAssign] = BST(s"${lhs} := ${rhs}")
 
   override def vstore(
-      mem: String,
-      index: PPProg[Expr],
-      value: PPProg[Expr],
-      endian: Endian,
-      size: Int
+    mem: String,
+    index: PPProg[Expr],
+    value: PPProg[Expr],
+    endian: Endian,
+    size: Int
   ): BST[MemoryStore] = {
     val le = if endian == Endian.LittleEndian then "le" else "be"
     BST(s"store $le ${mem} ${index} ${value} ${size}")
@@ -310,12 +321,11 @@ class BasilIRPrettyPrinter() extends BasilIR[PPProg] {
   }
 
   override def vcall(
-      outParams: List[(Variable, PPProg[Expr])],
-      procname: String,
-      inparams: List[(Variable, PPProg[Expr])]
+    outParams: List[(Variable, PPProg[Expr])],
+    procname: String,
+    inparams: List[(Variable, PPProg[Expr])]
   ): PPProg[DirectCall] = {
 
-
     val op = {
       if (outParams.forall(_._1.isInstanceOf[LocalVar])) {
         "var (" + outParams.map((l, r) => vparam(l)).mkString(", ") + ")"
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 6ff8bd221..004e822a9 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -206,7 +206,7 @@ object IRTransform {
     }
 
     transforms.applyRPO(ctx.program)
-    val nonReturning = transforms.findNonReturningFunctionsSaturating(ctx.program)
+    val nonReturning = transforms.findDefinitelyExits(ctx.program)
     ctx.program.mainProcedure.foreach(s => s match {
       case d : DirectCall if nonReturning.nonreturning.contains(d.target) => d.parent.replaceJump(Return())
       case _ => ()
@@ -338,6 +338,8 @@ object StaticAnalysis {
       val newLoops = foundLoops.reducibleTransformIR().identifiedLoops
       newLoops.foreach(l => StaticAnalysisLogger.debug(s"Loop found: ${l.name}"))
 
+      foundLoops.updateIrWithLoops()
+
       config.analysisDotPath.foreach { s =>
         DebugDumpIRLogger.writeToFile(File(s"${s}_graph-after-loop-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap))
         DebugDumpIRLogger.writeToFile(File(s"${s}_blockgraph-after-loop-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap))
@@ -545,12 +547,21 @@ object RunUtils {
 
   def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
 
+
     // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
 
     transforms.applyRPO(ctx.program)
 
+    // example of printing a simple analysis
+    val liveVarsDom = transforms.IntraLiveVarsDomain()
+    val liveVarsSolver = transforms.worklistSolver(liveVarsDom)
+    val (beforeLive, afterLive) = liveVarsSolver.solveProgIntraProc(ctx.program, backwards = true)
+
+    writeToFile(pp_prog_with_analysis_results(beforeLive, afterLive, ctx.program, x => s"Live vars: ${x.map(_.name).toList.sorted.mkString(", ")}"), s"live-vars.il")
+
+
     transforms.removeEmptyBlocks(ctx.program)
     transforms.coalesceBlocks(ctx.program)
     transforms.removeEmptyBlocks(ctx.program)

From 059807c209a99914088549e0778b5ca5234ed5ac Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Wed, 22 Jan 2025 10:16:40 +1000
Subject: [PATCH 121/127] fixes

---
 src/main/scala/Main.scala                 |  7 ++---
 src/main/scala/ir/transforms/AbsInt.scala |  2 +-
 src/main/scala/util/Logging.scala         | 12 ++++-----
 src/main/scala/util/RunUtils.scala        | 33 +++++++++++------------
 4 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 6ecf8002d..472b2bfe5 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -173,10 +173,11 @@ object Main {
       }
     }
 
-    if (conf.analysisResults.isDefined || conf.analysisResultsDot.isDefined) {
+    if (conf.analysisResults.isDefined || conf.dumpIL.isDefined) {
       DebugDumpIRLogger.setLevel(LogLevel.INFO)
-    } else {
-      DebugDumpIRLogger.setLevel(LogLevel.OFF)
+    }
+    if (conf.analysisResultsDot.isDefined) {
+      AnalysisResultDotLogger.setLevel(LogLevel.INFO)
     }
 
     val rely = conf.procedureRG match {
diff --git a/src/main/scala/ir/transforms/AbsInt.scala b/src/main/scala/ir/transforms/AbsInt.scala
index 93f518c60..6fc67ba92 100644
--- a/src/main/scala/ir/transforms/AbsInt.scala
+++ b/src/main/scala/ir/transforms/AbsInt.scala
@@ -85,7 +85,7 @@ class DomainWithFunctionSummaries[L, Summary](d: AbstractDomain[L],
     }
 }
 
-trait ProcedureSummaryGenerator[L, LocalDomain] extends GenericAbstractDomain[Procedure, Procedure, L] {
+trait ProcedureSummaryGenerator[L, LocalDomain] extends ProcAbstractDomain[L] {
   def localTransferCall(l: LocalDomain, summaryForTarget: L, p: DirectCall) : LocalDomain
   def updateSummary(prevSummary: L, p: Procedure,  resBefore: Map[Block, LocalDomain], resAfter: Map[Block, LocalDomain]) : L
 }
diff --git a/src/main/scala/util/Logging.scala b/src/main/scala/util/Logging.scala
index 3333d28af..e0bc3f426 100644
--- a/src/main/scala/util/Logging.scala
+++ b/src/main/scala/util/Logging.scala
@@ -52,6 +52,7 @@ class GenericLogger(
 
   def writeToFile(file: File, content: => String) = {
     if (level.id < LogLevel.OFF.id) {
+      this.debug(s"Writing $file")
       val l = deriveLogger(file.getName(), file)
       l.print(content)
       l.close()
@@ -132,13 +133,15 @@ class GenericLogger(
     writeLog(LogLevel.INFO, arg, line, file, name)
   }
 
-  def setLevel(logLevel: LogLevel, setChildren: Boolean = true): Unit = {
+  def setLevel(logLevel: LogLevel, setChildren: Boolean = true) : GenericLogger = {
+    println(s"Set level $name $logLevel")
     level = logLevel
     if (setChildren) {
       for (c <- children) {
         c.setLevel(logLevel, setChildren)
       }
     }
+    this
   }
 
   def findLoggerByName(s: String): Option[GenericLogger] = allLoggers.find(_.name == s)
@@ -159,11 +162,8 @@ def isAConsole = System.console() != null
 val Logger = GenericLogger("log", LogLevel.DEBUG, System.out, isAConsole)
 val StaticAnalysisLogger = Logger.deriveLogger("analysis", System.out)
 val SimplifyLogger = Logger.deriveLogger("simplify", System.out)
-val DebugDumpIRLogger = {
-  val l = Logger.deriveLogger("debugdumpir")
-  l.setLevel(LogLevel.OFF)
-  l
-}
+val DebugDumpIRLogger = Logger.deriveLogger("debugdumpir").setLevel(LogLevel.OFF)
+val AnalysisResultDotLogger = Logger.deriveLogger("analysis-results-dot").setLevel(LogLevel.OFF)
 val VSALogger = StaticAnalysisLogger.deriveLogger("vsa")
 val MRALogger = StaticAnalysisLogger.deriveLogger("mra")
 val SteensLogger = StaticAnalysisLogger.deriveLogger("steensgaard")
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 004e822a9..d19ac619c 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -341,8 +341,8 @@ object StaticAnalysis {
       foundLoops.updateIrWithLoops()
 
       config.analysisDotPath.foreach { s =>
-        DebugDumpIRLogger.writeToFile(File(s"${s}_graph-after-loop-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap))
-        DebugDumpIRLogger.writeToFile(File(s"${s}_blockgraph-after-loop-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap))
+        AnalysisResultDotLogger.writeToFile(File(s"${s}_graph-after-loop-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.map(b => b -> b.toString).toMap))
+        AnalysisResultDotLogger.writeToFile(File(s"${s}_blockgraph-after-loop-reduce-$iteration.dot"), dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap))
       }
     }
 
@@ -381,14 +381,14 @@ object StaticAnalysis {
 
     config.analysisDotPath.foreach { f =>
       val dumpdomain = computeDomain[CFGPosition, CFGPosition](InterProcIRCursor, IRProgram.procedures)
-       DebugDumpIRLogger.writeToFile(File(s"${f}_new_ir_intercfg$iteration.dot"), toDot(dumpdomain.toSet, InterProcIRCursor, Map.empty))
+       AnalysisResultDotLogger.writeToFile(File(s"${f}_new_ir_intercfg$iteration.dot"), toDot(dumpdomain.toSet, InterProcIRCursor, Map.empty))
     }
 
     val reachingDefinitionsAnalysisSolver = InterprocReachingDefinitionsAnalysisSolver(IRProgram)
     val reachingDefinitionsAnalysisResults = reachingDefinitionsAnalysisSolver.analyze()
 
     config.analysisDotPath.foreach { s =>
-      DebugDumpIRLogger.writeToFile(
+      AnalysisResultDotLogger.writeToFile(
         File(s"${s}_reachingDefinitions$iteration.dot"),
         toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> reachingDefinitionsAnalysisResults(b).toString).toMap, true)
       )
@@ -412,23 +412,23 @@ object StaticAnalysis {
     val mraResult = mraSolver.analyze()
 
     config.analysisDotPath.foreach { s =>
-      DebugDumpIRLogger.writeToFile(File(s"${s}_callgraph$iteration.dot"), dotCallGraph(IRProgram))
-      DebugDumpIRLogger.writeToFile(
+      AnalysisResultDotLogger.writeToFile(File(s"${s}_callgraph$iteration.dot"), dotCallGraph(IRProgram))
+      AnalysisResultDotLogger.writeToFile(
         File(s"${s}_blockgraph$iteration.dot"),
         dotBlockGraph(IRProgram, IRProgram.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap)
       )
 
-      DebugDumpIRLogger.writeToFile(
+      AnalysisResultDotLogger.writeToFile(
         File(s"${s}_new_ir_constprop$iteration.dot"),
         toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> intraProcConstPropResult(b).toString).toMap)
       )
 
-      DebugDumpIRLogger.writeToFile(
+      AnalysisResultDotLogger.writeToFile(
         File(s"${s}_MRA$iteration.dot"),
         toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> mraResult(b).toString).toMap)
       )
 
-      DebugDumpIRLogger.writeToFile(
+      AnalysisResultDotLogger.writeToFile(
         File(s"${s}_GRA$iteration.dot"),
         toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> graResult(b).toString).toMap)
       )
@@ -448,7 +448,7 @@ object StaticAnalysis {
     val vsaResult: Map[CFGPosition, LiftedElement[Map[Variable | MemoryRegion, Set[Value]]]] = vsaSolver.analyze()
 
     config.analysisDotPath.foreach { s =>
-      DebugDumpIRLogger.writeToFile(
+      AnalysisResultDotLogger.writeToFile(
         File(s"${s}_VSA$iteration.dot"),
         toDot(IRProgram, IRProgram.filter(_.isInstanceOf[Command]).map(b => b -> vsaResult(b).toString).toMap)
       )
@@ -558,9 +558,8 @@ object RunUtils {
     val liveVarsDom = transforms.IntraLiveVarsDomain()
     val liveVarsSolver = transforms.worklistSolver(liveVarsDom)
     val (beforeLive, afterLive) = liveVarsSolver.solveProgIntraProc(ctx.program, backwards = true)
-
-    writeToFile(pp_prog_with_analysis_results(beforeLive, afterLive, ctx.program, x => s"Live vars: ${x.map(_.name).toList.sorted.mkString(", ")}"), s"live-vars.il")
-
+    DebugDumpIRLogger.writeToFile(File(s"live-vars.il"), 
+      pp_prog_with_analysis_results(beforeLive, afterLive, ctx.program, x => s"Live vars: ${x.map(_.name).toList.sorted.mkString(", ")}"))
 
     transforms.removeEmptyBlocks(ctx.program)
     transforms.coalesceBlocks(ctx.program)
@@ -575,7 +574,7 @@ object RunUtils {
     transforms.OnePassDSA().applyTransform(ctx.program)
     Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
 
-    DebugDumpIRLogger.writeToFile(File(s"blockgraph-after-dsa.dot"), 
+    AnalysisResultDotLogger.writeToFile(File(s"blockgraph-after-dsa.dot"), 
       dotBlockGraph(ctx.program, (ctx.program.collect {
       case b : Block => b -> pp_block(b)
     }).toMap))
@@ -599,7 +598,7 @@ object RunUtils {
     // brute force run the analysis twice because it cleans up more stuff
     //assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
     transforms.doCopyPropTransform(ctx.program)
-    DebugDumpIRLogger.writeToFile(File("blockgraph-after-simp.dot"), dotBlockGraph(ctx.program.mainProcedure))
+    AnalysisResultDotLogger.writeToFile(File("blockgraph-after-simp.dot"), dotBlockGraph(ctx.program.mainProcedure))
 
     // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
 
@@ -782,7 +781,7 @@ object RunUtils {
     val writesTo = WriteToAnalysis(ctx.program).analyze()
     val reachingDefs = ReachingDefsAnalysis(ctx.program, writesTo).analyze()
     config.analysisDotPath.foreach { s =>
-      DebugDumpIRLogger.writeToFile(File(s"${s}_ct.dot"), toDot(ctx.program))
+      AnalysisResultDotLogger.writeToFile(File(s"${s}_ct.dot"), toDot(ctx.program))
     }
 
     StaticAnalysisLogger.info("[!] Running Symbolic Access Analysis")
@@ -790,7 +789,7 @@ object RunUtils {
       SymbolicAddressAnalysis(ctx.program, analysisResult.last.interProcConstProp).analyze()
     config.analysisDotPath.foreach { s =>
       val labels = symResults.map { (k, v) => k -> v.toString }
-      DebugDumpIRLogger.writeToFile(File(s"${s}_saa.dot"), toDot(ctx.program, labels))
+      AnalysisResultDotLogger.writeToFile(File(s"${s}_saa.dot"), toDot(ctx.program, labels))
     }
 
     StaticAnalysisLogger.info("[!] Running DSA Analysis")

From 7544b659fa130376518b30170d52a2d7979552ff Mon Sep 17 00:00:00 2001
From: ailrst <alistair.michael@uq.edu.au>
Date: Thu, 23 Jan 2025 11:28:27 +1000
Subject: [PATCH 122/127] Simplify fixes (#302)

* fix dsa, copyprop

* fix clobber reasoning

* intrablock copyprop

* default external fun params

* interproc liveness use default for external funs
---
 src/main/scala/Main.scala                     |   2 +-
 .../analysis/InterLiveVarsAnalysis.scala      |  30 ++++
 src/main/scala/ir/IRCursor.scala              |   2 +-
 src/main/scala/ir/Program.scala               |   2 +
 src/main/scala/ir/Statement.scala             |   1 +
 src/main/scala/ir/eval/SimplifyExpr.scala     |   4 +-
 .../transforms/DynamicSingleAssignment.scala  |  28 +++-
 .../ir/transforms/ProcedureParameters.scala   | 117 +++++++++++----
 .../scala/ir/transforms/ReplaceReturn.scala   |  40 +++++-
 src/main/scala/ir/transforms/Simp.scala       | 135 +++++++++++++-----
 src/main/scala/translating/IRExpToSMT2.scala  |   4 +-
 .../scala/translating/PrettyPrinter.scala     |  12 +-
 src/main/scala/util/Logging.scala             |   1 -
 src/main/scala/util/RunUtils.scala            |  75 +++++-----
 src/test/scala/SATTest.scala                  |   2 +-
 src/test/scala/SystemTests.scala              |   2 +
 16 files changed, 345 insertions(+), 112 deletions(-)

diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala
index 472b2bfe5..aff18928c 100644
--- a/src/main/scala/Main.scala
+++ b/src/main/scala/Main.scala
@@ -173,7 +173,7 @@ object Main {
       }
     }
 
-    if (conf.analysisResults.isDefined || conf.dumpIL.isDefined) {
+    if (conf.analysisResults.isDefined) {
       DebugDumpIRLogger.setLevel(LogLevel.INFO)
     }
     if (conf.analysisResultsDot.isDefined) {
diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index ef9173a65..72af0398c 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -88,6 +88,36 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
           case Left(value) => if value != variable then Map(d -> IdEdge()) else Map()
           case Right(_) => Map(d -> IdEdge(), Left(variable) -> ConstEdge(TwoElementTop))
         }
+      case c: DirectCall if (c.target.isExternal.contains(true) || c.target.blocks.isEmpty) => {
+        val writes = ir.transforms.externalCallWrites(c.target.procName).toSet[Variable]
+        val reads = ir.transforms.externalCallReads(c.target.procName).toSet[Variable]
+        d match {
+          case Left(value) =>
+            if reads.contains(value) then
+              Map()
+            else
+              Map(d -> IdEdge())
+          case Right(_) =>
+            reads.foldLeft(Map[DL, EdgeFunction[TwoElement]](d -> IdEdge())) {
+              (mp, expVar) => mp + (Left(expVar) -> ConstEdge(TwoElementTop))
+            }
+        }
+      } 
+      case c: DirectCall  => {
+        val writes = c.outParams.map(_._2).toSet
+        val reads = c.actualParams.flatMap(_._2.variables).toSet
+        d match {
+          case Left(value) =>
+            if reads.contains(value) then
+              Map()
+            else
+              Map(d -> IdEdge())
+          case Right(_) =>
+            reads.foldLeft(Map[DL, EdgeFunction[TwoElement]](d -> IdEdge())) {
+              (mp, expVar) => mp + (Left(expVar) -> ConstEdge(TwoElementTop))
+            }
+        }
+      }
       case _ => Map(d -> IdEdge())
     }
   }
diff --git a/src/main/scala/ir/IRCursor.scala b/src/main/scala/ir/IRCursor.scala
index b61f7a9d1..c0378780e 100644
--- a/src/main/scala/ir/IRCursor.scala
+++ b/src/main/scala/ir/IRCursor.scala
@@ -318,7 +318,7 @@ def toDot[T <: CFGPosition](
 
   def nodeText(node: CFGPosition): String = {
     var text = node match {
-      case s: Block => f"[Block] ${s.label}"
+      case s: Block => f"[Block] ${s.label} ${s.rpoOrder}"
       case s        => s.toString
     }
     if (labels.contains(node)) {
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index fd03b29df..a0bdf3b2b 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -221,6 +221,8 @@ class Procedure private (
 
   def makeCall(label: Option[String] = None) = DirectCall(this, label, outParamDefaultBinding, inParamDefaultBinding)
 
+  var isExternal : Option[Boolean] = None
+
   def iterator: Iterator[CFGPosition] = {
     ILUnorderedIterator(Seq(this))
   }
diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala
index a4ae4e1a8..005bd1e34 100644
--- a/src/main/scala/ir/Statement.scala
+++ b/src/main/scala/ir/Statement.scala
@@ -29,6 +29,7 @@ sealed trait Statement extends Command, IntrusiveListElement[Statement] {
   def acceptVisit(visitor: Visitor): Statement = throw new Exception(
     "visitor " + visitor + " unimplemented for: " + this
   )
+  def predecessor : Option[Command] = parent.statements.prevOption(this)
   def successor: Command = parent.statements.nextOption(this).getOrElse(parent.jump)
 }
 
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 08d297301..e890d8561 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -82,8 +82,8 @@ def simplifyCondVis = SimpExpr(
     sequenceSimp(simpFixedPoint(SimpExpr(simpFixedPoint(simplifyCmpInequalities)).apply), simplifyExprVis.apply)
   )
 )
-def simplifyExprFixpoint = simplifyExprVis.apply
-def simplifyCondFixpoint = simplifyCondVis.apply
+def simplifyExprFixpoint = simpFixedPoint(simplifyExprVis.apply)
+def simplifyCondFixpoint = simpFixedPoint(simplifyCondVis.apply)
 
 object AssumeConditionSimplifications extends CILVisitor {
   override def vstmt(s: Statement) = s match {
diff --git a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
index 05678feaa..a7abda8c9 100644
--- a/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
+++ b/src/main/scala/ir/transforms/DynamicSingleAssignment.scala
@@ -191,8 +191,10 @@ class OnePassDSA(
     def state(b: Block) = withDefault(_st)(b)
 
     val next = block.nextBlocks.toList
-    val anyNextFilled = next.exists(state(_).filled)
+    // any next not completed
     val anyNextPrevNotFilled = next.exists(_.prevBlocks.exists(b => !state(b).filled))
+    val incompleteSuccessor = next.exists(b => !(state(b).completed))
+    assert(anyNextPrevNotFilled == incompleteSuccessor)
     for (b <- next) {
       val definedVars = state(block).renamesAfter.keySet.intersect(liveAfter(block))
 
@@ -219,8 +221,30 @@ class OnePassDSA(
         }
         state(nb).filled = true
         state(nb).isPhi = true
-        liveBefore(nb) = liveBefore(b)
+        liveBefore(nb) = liveAfter(block)
         liveAfter(nb) = liveBefore(b)
+      } else if (definedVars.size > 0 && !incompleteSuccessor) {
+        val renamesOut = state(block).renamesAfter
+        val toCorrect = state(b).renamesBefore.filter(rn => renamesOut.get(rn._1).map(_ != rn._2).getOrElse(false))
+        if (toCorrect.nonEmpty) {
+
+          val nb = createBlockBetween(block, b, "_phi_forward_")
+          nb.rpoOrder = -1
+          state(nb).renamesBefore.addAll(state(block).renamesAfter)
+          state(nb).renamesAfter.addAll(state(b).renamesBefore)
+
+          for ((v, rn) <- toCorrect) {
+            val assign = LocalAssign(v, v, phiAssignLabel)
+            appendAssign(nb, assign)
+            renameLHS(assign, v, state(nb).renamesAfter(v))
+            renameRHS(assign, v, state(nb).renamesBefore(v))
+          }
+          state(nb).filled = true
+          state(nb).isPhi = true
+          liveBefore(nb) = liveAfter(block)
+          liveAfter(nb) = liveBefore(b)
+        }
+
       }
     }
   }
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index 8ebe9d56d..bff0d7399 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -15,20 +15,89 @@ def R(n: Int) = {
   Register(s"R$n", 64)
 }
 
+
 val builtinSigs: Map[String, FunSig] = Map(
-  "#free" -> FunSig(List(R(0)), List(R(0))),
+  "free" -> FunSig(List(R(0)), List()),
+  "#free" -> FunSig(List(R(0)), List()),
   "malloc" -> FunSig(List(R(0)), List(R(0))),
+  "calloc" -> FunSig(List(R(0), R(1)), List(R(0))),
+  "realloc" -> FunSig(List(R(0), R(1)), List(R(0))),
+  "reallocarray" -> FunSig(List(R(0), R(1), R(2)), List(R(0))),
   "strlen" -> FunSig(List(R(0)), List(R(0))),
   "strchr" -> FunSig(List(R(0), R(1)), List(R(0))),
   "strlcpy" -> FunSig(List(R(0), R(1), R(2)), List(R(0))),
-  "strlcat" -> FunSig(List(R(0), R(1), R(2)), List(R(0)))
+  "strlcat" -> FunSig(List(R(0), R(1), R(2)), List(R(0))),
+  "strdup" -> FunSig(List(R(0)), List(R(0))),
+  "strndup" -> FunSig(List(R(0), R(1)), List(R(0))),
+  "assert" -> FunSig(List(R(0)), List()),
+  "__stack_chk_fail_16432" -> FunSig(List(), List()),
+  "__printf_chk" -> FunSig(List(R(0), R(1)), List(R(0))),
+  "__syslog_chk" -> FunSig(List(R(0)), List()),
 )
 
+
+
 def fnsigToBinding(f: FunSig) = (
   f.inArgs.map(a => LocalVar(a.name + "_in", a.getType) -> LocalVar(a.name, a.getType)),
   f.outArgs.map(a => LocalVar(a.name + "_out", a.getType) -> LocalVar(a.name, a.getType))
 )
 
+def externalIn(name: String): Map[LocalVar, Variable] = {
+  (builtinSigs.get(name)).map(fnsigToBinding).map(_._1) match  {
+    case Some(x) => x.toMap
+    case None => ((0 to 30).toSet -- (19 to 28).toSet).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
+  }
+}
+def externalOut(name: String): Map[LocalVar, Variable] = {
+  (builtinSigs.get(name)).map(fnsigToBinding).map(_._2) match  {
+    case Some(x) => x.toMap
+    case None => ((0 to 30).toSet -- (19 to 28).toSet).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
+  }
+}
+
+def externalCallReads(name: String) = {
+  externalIn(name).map(_._2).map { case (l: LocalVar) => Register(l.name, 64)
+    case r : Register => r
+  }
+}
+
+def externalCallWrites(name: String) = {
+  externalIn(name).map(_._2).map { case (l: LocalVar) => Register(l.name, 64)
+    case r : Register => r
+  }
+}
+
+
+object DefinedOnAllPaths {
+
+  class DefinitelyDefined extends AbstractDomain[Set[Variable]] {
+
+    def bot = Set() 
+    def top = ???
+
+    def join(a: Set[Variable], b: Set[Variable], c: Block) = {
+      a.intersect(b)
+    }
+
+    override def init(b: Block): Set[Variable] = if (b.parent.entryBlock.contains(b)) then b.parent.formalInParam.toSet else bot
+
+    def transfer(st: Set[Variable], c: Command) = c match {
+      case a : Assign => st ++ a.assignees
+      case _ => st
+    }
+  }
+
+  def proc(p: Procedure) = {
+    p.returnBlock.toSet.flatMap(rb => {
+      val s = transforms.worklistSolver(DefinitelyDefined())
+      val (beforeblock,afterblock) = s.solveProc(p, false)
+      afterblock(rb)
+    })
+  }
+
+}
+
+
 def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
 
   val mainNonEmpty = ctx.program.mainProcedure.blocks.nonEmpty
@@ -41,6 +110,13 @@ def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
     Logger.error(s"Empty live vars $mainNonEmpty $mainHasReturn $mainHasEntry")
     Map.empty
   }
+  println(liveVars)
+  util.writeToFile(translating.PrettyPrinter.pp_prog_with_analysis_results(liveVars.collect {case (b: Block, r) => (b,r)}, Map(), ctx.program, x => x.toString), "live.il")
+
+
+  util.writeToFile(
+    dotBlockGraph(ctx.program, (liveVars.collect {case (b: Block, r) => (b,r)}).map((b, l) => (b, translating.PrettyPrinter.pp_block_with_analysis_results(Map((b, l)), Map(), b, _.collect {case (l, TwoElementTop) => l}.toString ))))
+  , "livegraph.dot")
 
   transforms.applyRPO(ctx.program)
 
@@ -122,22 +198,15 @@ class SetFormalParams(
   var mappingOutparam = Map[Procedure, Map[LocalVar, Variable]]()
   var mappingInparam = Map[Procedure, Map[LocalVar, Variable]]()
 
-  def externalIn: Map[LocalVar, Variable] = {
-    (0 to 31).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
-  }
-  def externalOut: Map[LocalVar, Variable] = {
-    (0 to 31).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
-  }
 
   override def vproc(p: Procedure) = {
     if (externalFunctions.contains(p.name)) {
-
-      p.formalInParam = mutable.SortedSet.from(externalIn.map(_._1))
-      p.formalOutParam = mutable.SortedSet.from(externalOut.map(_._1))
-      p.inParamDefaultBinding = immutable.SortedMap.from(externalIn)
-      p.outParamDefaultBinding = immutable.SortedMap.from(externalOut)
-      mappingInparam = mappingInparam.updated(p, externalIn)
-      mappingOutparam = mappingOutparam.updated(p, externalOut)
+      p.formalInParam = mutable.SortedSet.from(externalIn(p.procName).map(_._1))
+      p.formalOutParam = mutable.SortedSet.from(externalOut(p.procName).map(_._1))
+      p.inParamDefaultBinding = immutable.SortedMap.from(externalIn(p.procName))
+      p.outParamDefaultBinding = immutable.SortedMap.from(externalOut(p.procName))
+      mappingInparam = mappingInparam.updated(p, externalIn(p.procName))
+      mappingOutparam = mappingOutparam.updated(p, externalOut(p.procName))
       SkipChildren()
     } else {
       val (lvars, rvars) = collectVariables(p)
@@ -150,7 +219,6 @@ class SetFormalParams(
         p.inParamDefaultBinding = immutable.SortedMap.from(inparams)
       }
 
-      // outparams is everything touched
       val outparams = inoutparams(p)._2.map(v => LocalVar(v.name + "_out", v.getType) -> LocalVar(v.name, v.getType))
       p.formalOutParam = mutable.SortedSet.from(outparams.map(_._1))
       mappingOutparam = mappingOutparam.updated(p, outparams.toMap)
@@ -176,6 +244,8 @@ object ReadWriteAnalysis {
   case class RWSet(reads: Set[Variable], writes: Set[Variable]) extends RW
   case object Top extends RW
 
+  def onlyGlobal(r: RWSet) = r.copy(reads = r.reads.filterNot(_.isInstanceOf[LocalVar]), writes = r.writes.filterNot(_.isInstanceOf[LocalVar]))
+
   type st = Map[Procedure, RW]
 
   def addReads(r: Iterable[Variable])(i: RW) = {
@@ -256,12 +326,12 @@ def inOutParams(
   p: Program,
   interLiveVarsResults: Map[CFGPosition, Map[Variable, TwoElement]]
 ): Map[Procedure, (Set[Variable], Set[Variable])] = {
-  val overapprox = ((0 to 31).toSet -- (19 to 28).toSet).map(i => Register(s"R${i}", 64)).toSet[Variable]
+  val overapprox = ((0 to 30).toSet -- (19 to 28).toSet).map(i => Register(s"R${i}", 64)).toSet[Variable]
   // in: live at entry & in procedure read set
 
   val readWrites = ReadWriteAnalysis.readWriteSets(p: Program).collect {
     case (p, None)    => (p, ReadWriteAnalysis.RWSet(overapprox, overapprox))
-    case (p, Some(x)) => (p, x)
+    case (p, Some(x)) => (p, ReadWriteAnalysis.onlyGlobal(x))
   }
 
   val procEnd = p.procedures.map { case p =>
@@ -288,7 +358,7 @@ def inOutParams(
     case (proc, rws) if p.mainProcedure == proc => {
       // no callers of main procedure so keep the whole read/write set
       // of registers
-      proc -> ((lives(proc)._1.intersect(rws.reads)), (overapprox.intersect(rws.writes)))
+      proc -> ((lives(proc)._1.intersect(rws.reads)), (overapprox.intersect(DefinedOnAllPaths.proc(proc))))
     }
     case (proc, rws) => {
       val liveStart = lives(proc)._1
@@ -309,13 +379,6 @@ class SetActualParams(
   // expects programs to be in single return form
   var currStmt: Option[Statement] = None
 
-  def externalIn: Map[LocalVar, Variable] = {
-    (0 to 31).map(i => LocalVar(s"R${i}_in", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
-  }
-  def externalOut: Map[LocalVar, Variable] = {
-    (0 to 31).map(i => LocalVar(s"R${i}_out", BitVecType(64)) -> LocalVar(s"R$i", BitVecType(64))).toMap
-  }
-
   override def vproc(p: Procedure) = {
     val incoming =
       p.formalInParam.toList.flatMap(param =>
@@ -353,7 +416,7 @@ class SetActualParams(
   override def vjump(j: Jump) = {
     j match {
       case r: Return => {
-        r.outParams = SortedMap.from(r.parent.parent.outParamDefaultBinding)
+        r.outParams = SortedMap.from(outBinding(r.parent.parent))
         DoChildren()
       }
       case _ => DoChildren()
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index 79aafc9ff..d83c55610 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -4,20 +4,50 @@ import util.Logger
 import ir.cilvisitor.*
 import ir.*
 
-class ReplaceReturns extends CILVisitor {
+class ReplaceReturns(assertR30Addr : Boolean = true) extends CILVisitor {
 
   /** Assumes IR with 1 call per block which appears as the last statement.
     */
   override def vstmt(j: Statement): VisitAction[List[Statement]] = {
     j match {
-      case IndirectCall(Register("R30", _), _) => {
+      case IndirectCall(r30 @ Register("R30", rt), _) => {
         assert(j.parent.statements.lastOption.contains(j))
         if (j.parent.jump.isInstanceOf[Unreachable | Return]) {
           j.parent.replaceJump(Return())
-          ChangeTo(List())
+          val R30Begin = LocalVar("R30_begin", BitVecType(64))
+          if (assertR30Addr) {
+            ChangeTo(List(Assert(BinaryExpr(BVEQ, r30, R30Begin), Some("is returning to caller-set R30"))))
+          } else {
+            ChangeTo(List())
+          }
         } else {
           SkipChildren()
         }
+      }
+      case d : DirectCall  => {
+        (d.predecessor, d.parent.jump) match {
+          case (Some(l : LocalAssign), _) if l.lhs.name == "R30" => SkipChildren()
+          case (Some(_), _: Unreachable) if d.target == d.parent.parent => {
+            // recursive tailcall
+            val R30Begin = LocalVar("R30_begin", BitVecType(64))
+            d.parent.replaceJump(GoTo((d.parent.parent.entryBlock.get)))
+            ChangeTo(List(
+              Assert(BinaryExpr(BVEQ, Register("R30", 64), R30Begin)),
+              d
+            ))
+          }
+          case (_, _: Unreachable) => {
+            val R30Begin = LocalVar("R30_begin", BitVecType(64))
+            d.parent.replaceJump(Return())
+            ChangeTo(List(
+              Assert(BinaryExpr(BVEQ, Register("R30", 64), R30Begin)),
+              d
+            ))
+          }
+          case _ => SkipChildren()
+        }
+
+
       }
       case _ => SkipChildren()
     }
@@ -35,6 +65,10 @@ def addReturnBlocks(p: Program, toAll: Boolean = false) = {
     } else if (p.returnBlock.isEmpty && (toAll || containsReturn)) {
       p.returnBlock = p.addBlocks(Block(label = p.name + "_basil_return", jump = Return()))
     }
+    for (eb <- p.entryBlock) {
+      val R30Begin = LocalVar("R30_begin", BitVecType(64))
+      p.entryBlock.get.statements.prepend(LocalAssign(R30Begin, Register("R30", 64)))
+    }
   })
 }
 
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index a38d70e4b..c874d2863 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -360,6 +360,7 @@ class CleanupAssignments() extends CILVisitor {
 
 }
 
+
 def copypropTransform(p: Procedure) = {
   val t = util.PerformanceTimer(s"simplify ${p.name} (${p.blocks.size} blocks)")
   // val dom = ConstCopyProp()
@@ -371,6 +372,7 @@ def copypropTransform(p: Procedure) = {
   val solve = t.checkPoint("Solve CopyProp")
 
   if (result.nonEmpty) {
+    val r = CopyProp.toResult(result, true)
     val vis = Simplify(CopyProp.toResult(result, true))
     visit_proc(vis, p)
 
@@ -379,6 +381,7 @@ def copypropTransform(p: Procedure) = {
     visit_proc(condVis, p)
 
   }
+  // visit_proc(CopyProp.BlockyProp(), p)
 
   val xf = t.checkPoint("transform")
   // SimplifyLogger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
@@ -496,7 +499,7 @@ def doCopyPropTransform(p: Program) = {
   SimplifyLogger.info("[!] Simplify :: Dead variable elimination")
 
   // cleanup
-  visit_prog(CleanupAssignments(), p)
+   visit_prog(CleanupAssignments(), p)
   SimplifyLogger.info("[!] Simplify :: Merge empty blocks")
 
   removeEmptyBlocks(p)
@@ -589,6 +592,65 @@ object CCP {
 
 object CopyProp {
 
+  class BlockyProp() extends CILVisitor {
+    /* Flow-sensitive intra-block copyprop */
+
+    var st = Map[Variable, Expr]()
+
+    def subst(e: Expr) : Expr = {
+      simplifyExprFixpoint(Substitute(
+        v =>  st.get(v).filter(isTrivial),
+        true
+      )(e).getOrElse(e))(0)
+    }
+
+    override def vblock(b: Block) = {
+      st = Map()
+      DoChildren()
+    }
+
+    override def vstmt(s: Statement) = {
+      s match {
+        case l : LocalAssign => {
+          val nrhs = subst(l.rhs)
+          st = st.removedAll(st.keys)
+          st = st.updated(l.lhs, nrhs)
+          l.rhs = nrhs 
+          SkipChildren()
+        }
+        case x : Assert => {
+          x.body = subst(x.body)
+          SkipChildren()
+        }
+        case x : Assume => {
+          x.body = subst(x.body)
+          SkipChildren()
+        }
+        case x: DirectCall => {
+          x.actualParams = x.actualParams.map((l,r) => (l, subst(r)))
+          val lhs = x.outParams.map(_._2)
+          st = st.removedAll(lhs)
+          SkipChildren()
+        }
+        case d : MemoryLoad => {
+          d.index = subst(d.index)
+          st = st.removed(d.lhs)
+          SkipChildren()
+        }
+        case d : MemoryStore => {
+          d.index = subst(d.index)
+          d.value = subst(d.value)
+          SkipChildren()
+        } 
+        case x: IndirectCall => {
+          st = Map()
+          SkipChildren()
+        }
+        case _ : NOP => SkipChildren()
+      }
+    }
+  }
+
 
   def isFlagVar(l: Variable) = {
     val flagNames = Set("ZF", "VF", "CF", "NF")
@@ -621,7 +683,7 @@ object CopyProp {
       s match {
         case a: MemoryLoad => clobberFull(state, a.lhs)
         case a: LocalAssign if !state.contains(a.lhs) && flagDeps.contains(a.lhs) => {
-          val r = canPropTo(state, a.rhs, true).get
+          val (r,deps) = canPropTo(state, a.rhs, true).get
           state(a.lhs) = PropState(r, mutable.Set.from(r.variables), false, 0, true)
         }
         case a: LocalAssign if state.contains(a.lhs) && state(a.lhs).clobbered => {
@@ -636,7 +698,9 @@ object CopyProp {
           clobberFull(state, a.lhs)
         }
         case a: LocalAssign if state.contains(a.lhs) => {
-          state(a.lhs) = state(a.lhs).copy(e = canPropTo(state, a.rhs, true).get)
+          val (ne, deps) = canPropTo(state, a.rhs, true).get
+          state(a.lhs).e = ne
+          state(a.lhs).deps.addAll(deps)
         }
         case i: IndirectCall => {
           poisoned = true
@@ -657,13 +721,23 @@ object CopyProp {
         transfer(l)
       }
     }
-    if (poisoned) then mutable.HashMap() else state
+    if (poisoned) then mutable.HashMap() else 
+    state
   }
 
   def clobberFull(c: mutable.HashMap[Variable, PropState], l: Variable): Unit = {
-    if (c.contains(l)) {
+    clobberOne(c, l)
+    for (v <- c.keys) {
+      if (c(v).deps.contains(l)) {
+        clobberOne(c, v)
+      }
+    }
+  }
+
+  def clobberOne(c: mutable.HashMap[Variable, PropState], l: Variable): Unit = {
+    if (c.contains(l) && !c(l).clobbered) {
       c(l).clobbered = true
-    } else {
+    } else if (!c.contains(l)) {
       c(l) = PropState(FalseLiteral, mutable.Set(), true, 0, false)
     }
   }
@@ -679,16 +753,20 @@ object CopyProp {
     case _                                       => false
   }
 
-  def canPropTo(s: mutable.HashMap[Variable, PropState], e: Expr, isFlag: Boolean = false): Option[Expr] = {
+  def canPropTo(s: mutable.HashMap[Variable, PropState], e: Expr, isFlag: Boolean = false): Option[(Expr, Set[Variable])] = {
 
     def proped(e: Expr) = {
+      var deps = Set[Variable]() ++ e.variables
       val ne =
         if e.variables.size > 1 && !isFlag then Some(e)
         else
           Substitute(
             v => {
               s.get(v) match {
-                case Some(vs) if !vs.clobbered => Some(vs.e)
+                case Some(vs) if !vs.clobbered => {
+                  deps = deps ++ vs.deps + v
+                  Some(vs.e)
+                }
                 case _                         => None
               }
             },
@@ -696,31 +774,23 @@ object CopyProp {
           )(e)
 
       // partial eval after prop
-      simplifyExprFixpoint(ne.getOrElse(e))._1
+      (simplifyExprFixpoint(ne.getOrElse(e))._1, deps)
     }
 
-    def propfp(e: Expr) = {
-      var o = e
-      var p = proped(e)
-
-      while (o != p) {
-        o = p
-        p = proped(o)
-      }
-      p
-    }
 
-    proped(e) match {
-      case l: Literal                                 => Some(l)
-      case l: Variable                                => Some(l)
-      case e @ BinaryExpr(o, v: Variable, c: Literal) => Some(e)
-      case e: Expr if isFlag || e.variables.size <= 1 => Some(e)
+    val (p, deps) = proped(e)
+    p match {
+      case l: Literal                                 => Some(l, deps)
+      case l: Variable                                => Some(l, deps)
+      case e @ BinaryExpr(o, v: Variable, c: Literal) => Some(e, deps)
+      case e: Expr if isFlag || e.variables.size <= 1 => Some(e, deps)
       case e                                          => None
     }
   }
 
   def DSACopyProp(p: Procedure) = {
 
+    val updated = false
     val state = mutable.HashMap[Variable, PropState]()
     var poisoned = false // we have an indirect call
 
@@ -742,18 +812,15 @@ object CopyProp {
           val existing = c.get(l)
 
           (prop, existing) match {
-            case (Some(evaled), None) => {
-              c(l) = PropState(evaled, mutable.Set.from(evaled.variables), false, 0, isFlagDep)
+            case (Some(evaled, deps), None) => {
+              c(l) = PropState(evaled, mutable.Set.from(deps), false, 0, isFlagDep)
             }
             case (_, Some(ps)) if ps.clobbered => {
               ()
             }
-            case (Some(evaled), Some(ps))
-                if ps.e == r || ps.e == evaled || (canPropTo(c, ps.e, isFlagDep).contains(evaled)) => {
-              c(l) = c(l).copy(e = evaled)
-            }
-            case (Some(evaled), Some(ps)) => {
-              clobberFull(c, l)
+            case (Some(evaled, deps), Some(ps))  if ps.e == r || ps.e == evaled || (canPropTo(c, ps.e, isFlagDep).contains(evaled)) => {
+                c(l).e = evaled
+                c(l).deps.addAll(deps)
             }
             case _ => {
               // ps.e != evaled and have prop
@@ -784,7 +851,6 @@ object CopyProp {
 
     while (worklist.nonEmpty && !poisoned) {
       val b: Block = worklist.dequeue
-
       for (l <- b.statements) {
         transfer(state, l)
       }
@@ -797,7 +863,7 @@ object CopyProp {
 
   def toResult(s: mutable.Map[Variable, PropState], trivialOnly: Boolean = true)(v: Variable): Option[Expr] = {
     s.get(v) match {
-      case Some(c) if !c.clobbered && (!trivialOnly || isTrivial(c.e)) => Some(c.e)
+      case Some(c) if !c.clobbered && (!trivialOnly || isTrivial(c.e))  => Some(c.e)
       case _                                                           => None
     }
   }
@@ -989,3 +1055,4 @@ class Simplify(val res: Variable => Option[Expr], val initialBlock: Block = null
     DoChildren()
   }
 }
+
diff --git a/src/main/scala/translating/IRExpToSMT2.scala b/src/main/scala/translating/IRExpToSMT2.scala
index 45a8628c0..42c3b0f87 100644
--- a/src/main/scala/translating/IRExpToSMT2.scala
+++ b/src/main/scala/translating/IRExpToSMT2.scala
@@ -16,7 +16,7 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
       case m: MemoryStore => vstore(m.mem.name, vexpr(m.index), vexpr(m.value), m.endian, m.size)
       case c: DirectCall =>
         vcall(
-          c.outParams.toList.map((l, r) => (l, vexpr(r))),
+          c.outParams.toList.map((l, r) => (l, r)),
           c.target.name,
           c.actualParams.toList.map((l, r) => (l, vexpr(r)))
         )
@@ -82,7 +82,7 @@ trait BasilIR[Repr[+_]] extends BasilIRExp[Repr] {
   def vload(lhs: Repr[Variable], mem: String, index: Repr[Expr], endian: Endian, size: Int): Repr[MemoryLoad]
   def vstore(mem: String, index: Repr[Expr], value: Repr[Expr], endian: Endian, size: Int): Repr[MemoryStore]
   def vcall(
-    outParams: List[(Variable, Repr[Expr])],
+    outParams: List[(Variable, Variable)],
     procname: String,
     inparams: List[(Variable, Repr[Expr])]
   ): Repr[DirectCall]
diff --git a/src/main/scala/translating/PrettyPrinter.scala b/src/main/scala/translating/PrettyPrinter.scala
index 3be0e8e54..91e129297 100644
--- a/src/main/scala/translating/PrettyPrinter.scala
+++ b/src/main/scala/translating/PrettyPrinter.scala
@@ -20,6 +20,10 @@ object PrettyPrinter {
     BasilIRPrettyPrinter(with_analysis_results_begin=block => before.get(block).map(resultPrinter), block => after.get(block).map(resultPrinter))(p)
   }
 
+  def pp_block_with_analysis_results[T](before: Map[Block, T], after: Map[Block, T], p: Block, resultPrinter: T => String = ((x : T) => x.toString)) = {
+    BasilIRPrettyPrinter(with_analysis_results_begin=block => before.get(block).map(resultPrinter), block => after.get(block).map(resultPrinter))(p)
+  }
+
 }
 
 def indent(s: String, indent: String = "  "): String = {
@@ -321,16 +325,16 @@ class BasilIRPrettyPrinter(with_analysis_results_begin: Block => Option[String]
   }
 
   override def vcall(
-    outParams: List[(Variable, PPProg[Expr])],
+    outParams: List[(Variable, Variable)],
     procname: String,
     inparams: List[(Variable, PPProg[Expr])]
   ): PPProg[DirectCall] = {
 
     val op = {
-      if (outParams.forall(_._1.isInstanceOf[LocalVar])) {
-        "var (" + outParams.map((l, r) => vparam(l)).mkString(", ") + ")"
+      if (outParams.forall(_._2.isInstanceOf[LocalVar])) {
+        "var (" + outParams.map((l, r) => vparam(r)).mkString(", ") + ")"
       } else {
-        "(" + outParams.map((l, r) => vlvar(l)).mkString(", ") + ")"
+        "(" + outParams.map((l, r) => vlvar(r)).mkString(", ") + ")"
       }
     }
 
diff --git a/src/main/scala/util/Logging.scala b/src/main/scala/util/Logging.scala
index e0bc3f426..2e52fd67b 100644
--- a/src/main/scala/util/Logging.scala
+++ b/src/main/scala/util/Logging.scala
@@ -134,7 +134,6 @@ class GenericLogger(
   }
 
   def setLevel(logLevel: LogLevel, setChildren: Boolean = true) : GenericLogger = {
-    println(s"Set level $name $logLevel")
     level = logLevel
     if (setChildren) {
       for (c <- children) {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index d19ac619c..1086b5e20 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -8,6 +8,7 @@ import spray.json.*
 import ir.eval
 import gtirb.*
 import translating.PrettyPrinter.*
+import ir.dsl.*
 
 import scala.collection.mutable.ListBuffer
 import scala.collection.mutable.ArrayBuffer
@@ -75,6 +76,7 @@ case class StaticAnalysisContext(
   */
 case class BASILResult(ir: IRContext, analysis: Option[StaticAnalysisContext], boogie: ArrayBuffer[BProgram])
 
+
 /** Tools for loading the IR program into an IRContext.
   */
 object IRLoading {
@@ -218,6 +220,9 @@ object IRTransform {
 
     val externalRemover = ExternalRemover(externalNamesLibRemoved.toSet)
     externalRemover.visitProgram(ctx.program)
+    for (p <- ctx.program.procedures) {
+      p.isExternal = Some(ctx.externalFunctions.find(e => e.name == p.procName || p.address.contains(e.offset)).isDefined)
+    }
 
     assert(invariant.singleCallBlockEnd(ctx.program))
     assert(invariant.cfgCorrect(ctx.program))
@@ -527,7 +532,6 @@ object StaticAnalysis {
   }
 
 }
-
 object RunUtils {
 
   def run(q: BASILConfig): Unit = {
@@ -545,83 +549,85 @@ object RunUtils {
     }
   }
 
-  def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
-
-
-    // writeToFile(dotBlockGraph(ctx.program, ctx.program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
+  def doSimplify(program: Program, config: Option[StaticAnalysisConfig]) : Unit = {
+    // writeToFile(dotBlockGraph(program, program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
 
-    transforms.applyRPO(ctx.program)
+    transforms.applyRPO(program)
 
     // example of printing a simple analysis
     val liveVarsDom = transforms.IntraLiveVarsDomain()
     val liveVarsSolver = transforms.worklistSolver(liveVarsDom)
-    val (beforeLive, afterLive) = liveVarsSolver.solveProgIntraProc(ctx.program, backwards = true)
+    val (beforeLive, afterLive) = liveVarsSolver.solveProgIntraProc(program, backwards = true)
     DebugDumpIRLogger.writeToFile(File(s"live-vars.il"), 
-      pp_prog_with_analysis_results(beforeLive, afterLive, ctx.program, x => s"Live vars: ${x.map(_.name).toList.sorted.mkString(", ")}"))
+      pp_prog_with_analysis_results(beforeLive, afterLive, program, x => s"Live vars: ${x.map(_.name).toList.sorted.mkString(", ")}"))
 
-    transforms.removeEmptyBlocks(ctx.program)
-    transforms.coalesceBlocks(ctx.program)
-    transforms.removeEmptyBlocks(ctx.program)
+    transforms.removeEmptyBlocks(program)
+    transforms.coalesceBlocks(program)
+    transforms.removeEmptyBlocks(program)
 
-    DebugDumpIRLogger.writeToFile(File("blockgraph-before-dsa.dot"), dotBlockGraph(ctx.program.mainProcedure))
+    DebugDumpIRLogger.writeToFile(File("blockgraph-before-dsa.dot"), dotBlockGraph(program.mainProcedure))
     
     Logger.info("[!] Simplify :: DynamicSingleAssignment")
-    DebugDumpIRLogger.writeToFile(File("il-before-dsa.il"), serialiseIL(ctx.program))
+    DebugDumpIRLogger.writeToFile(File("il-before-dsa.il"), pp_prog(program))
 
-    // transforms.DynamicSingleAssignment.applyTransform(ctx.program, liveVars)
-    transforms.OnePassDSA().applyTransform(ctx.program)
+    // transforms.DynamicSingleAssignment.applyTransform(program, liveVars)
+    transforms.OnePassDSA().applyTransform(program)
     Logger.info(s"DSA ${timer.checkPoint("DSA ")} ms ")
 
+    transforms.removeEmptyBlocks(program)
+
     AnalysisResultDotLogger.writeToFile(File(s"blockgraph-after-dsa.dot"), 
-      dotBlockGraph(ctx.program, (ctx.program.collect {
+      dotBlockGraph(program, (program.collect {
       case b : Block => b -> pp_block(b)
     }).toMap))
 
     if (ir.eval.SimplifyValidation.validate) {
       // Logger.info("Live vars difftest")
-      // val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(ctx.program).analyze()
-      // assert(ctx.program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
+      // val tipLiveVars : Map[CFGPosition, Set[Variable]] = analysis.IntraLiveVarsAnalysis(program).analyze()
+      // assert(program.procedures.forall(transforms.difftestLiveVars(_, tipLiveVars)))
 
       Logger.info("DSA Check")
-      val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+      val x = program.procedures.forall(transforms.rdDSAProperty)
       assert(x)
       Logger.info("DSA Check passed")
+      assert(invariant.singleCallBlockEnd(program))
+      assert(invariant.cfgCorrect(program))
+      assert(invariant.blocksUniqueToEachProcedure(program))
     }
-    assert(invariant.singleCallBlockEnd(ctx.program))
-    assert(invariant.cfgCorrect(ctx.program))
-    assert(invariant.blocksUniqueToEachProcedure(ctx.program))
 
-    DebugDumpIRLogger.writeToFile(File("il-before-copyprop.il"), pp_prog(ctx.program))
+    DebugDumpIRLogger.writeToFile(File("il-before-copyprop.il"), pp_prog(program))
 
     // brute force run the analysis twice because it cleans up more stuff
-    //assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
-    transforms.doCopyPropTransform(ctx.program)
-    AnalysisResultDotLogger.writeToFile(File("blockgraph-after-simp.dot"), dotBlockGraph(ctx.program.mainProcedure))
+    //assert(program.procedures.forall(transforms.rdDSAProperty))
+    AnalysisResultDotLogger.writeToFile(File("blockgraph-before-copyprop.dot"), dotBlockGraph(program.mainProcedure))
+    Logger.info("Copyprop Start")
+    transforms.doCopyPropTransform(program)
+    AnalysisResultDotLogger.writeToFile(File("blockgraph-after-simp.dot"), dotBlockGraph(program.mainProcedure))
 
-    // assert(ctx.program.procedures.forall(transforms.rdDSAProperty))
+    // assert(program.procedures.forall(transforms.rdDSAProperty))
 
-    assert(invariant.blockUniqueLabels(ctx.program))
+    assert(invariant.blockUniqueLabels(program))
     Logger.info(s"CopyProp ${timer.checkPoint("Simplify")} ms ")
-    DebugDumpIRLogger.writeToFile(File("il-after-copyprop.il"), pp_prog(ctx.program))
+    DebugDumpIRLogger.writeToFile(File("il-after-copyprop.il"), pp_prog(program))
 
 
-    // val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+    // val x = program.procedures.forall(transforms.rdDSAProperty)
     //assert(x)
     if (ir.eval.SimplifyValidation.validate) {
       Logger.info("DSA Check (after transform)")
-      val x = ctx.program.procedures.forall(transforms.rdDSAProperty)
+      val x = program.procedures.forall(transforms.rdDSAProperty)
       assert(x)
       Logger.info("DSA Check succeeded")
     }
 
     // run this after cond recovery because sign bit calculations often need high bits
     // which go away in high level conss
-    DebugDumpIRLogger.writeToFile(File("il-after-slices.il"), pp_prog(ctx.program))
+    DebugDumpIRLogger.writeToFile(File("il-after-slices.il"), pp_prog(program))
 
     // re-apply dsa
-    // transforms.OnePassDSA().applyTransform(ctx.program)
+    // transforms.OnePassDSA().applyTransform(program)
 
 
     if (ir.eval.SimplifyValidation.validate) {
@@ -633,6 +639,7 @@ object RunUtils {
 
     Logger.info("[!] Simplify :: finished")
   }
+  def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = doSimplify(ctx.program, config)
 
   def loadAndTranslate(conf: BASILConfig): BASILResult = {
     Logger.info("[!] Loading Program")
@@ -682,7 +689,7 @@ object RunUtils {
         ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
       }
 
-      doSimplify(ctx, conf.staticAnalysis)
+      doSimplify(ctx.program, conf.staticAnalysis)
     }
 
     if (q.runInterpret) {
diff --git a/src/test/scala/SATTest.scala b/src/test/scala/SATTest.scala
index ff4a727b0..8a068a89c 100644
--- a/src/test/scala/SATTest.scala
+++ b/src/test/scala/SATTest.scala
@@ -10,7 +10,7 @@ import translating.BasilIRToSMT2
 
 class SATTest extends AnyFunSuite {
   test(" basic taut ") {
-    Logger.setLevel(LogLevel.DEBUG)
+    // Logger.setLevel(LogLevel.DEBUG)
     val e = BinaryExpr(BoolEQ, BinaryExpr(BVNEQ, R0, bv64(0)), BinaryExpr(BVEQ, bv64(0), R0))
     val r = BasilIRToSMT2.proveExpr(e)
     assert(r == Some(true))
diff --git a/src/test/scala/SystemTests.scala b/src/test/scala/SystemTests.scala
index 5a9798d0d..c7f5ce99b 100644
--- a/src/test/scala/SystemTests.scala
+++ b/src/test/scala/SystemTests.scala
@@ -20,6 +20,8 @@ trait SystemTests extends AnyFunSuite, BASILTest {
     val toCsv = s"$name,$passed,$verified,$shouldVerify,$hasExpected,$timedOut,$matchesExpected,$translateTime,$verifyTime"
   }
 
+  Logger.setLevel(LogLevel.WARN)
+
   object TestResult {
     val csvHeader = "testCase,passed,verified,shouldVerify,hasExpected,timedOut,matchesExpected,translateTime,verifyTime"
   }

From 95f7b8a90f99bae8dd1437469019e0e1edbfe1a4 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 23 Jan 2025 11:37:14 +1000
Subject: [PATCH 123/127] disable debug print

---
 src/main/scala/ir/transforms/ProcedureParameters.scala | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index bff0d7399..26dac74a0 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -110,14 +110,6 @@ def liftProcedureCallAbstraction(ctx: util.IRContext): util.IRContext = {
     Logger.error(s"Empty live vars $mainNonEmpty $mainHasReturn $mainHasEntry")
     Map.empty
   }
-  println(liveVars)
-  util.writeToFile(translating.PrettyPrinter.pp_prog_with_analysis_results(liveVars.collect {case (b: Block, r) => (b,r)}, Map(), ctx.program, x => x.toString), "live.il")
-
-
-  util.writeToFile(
-    dotBlockGraph(ctx.program, (liveVars.collect {case (b: Block, r) => (b,r)}).map((b, l) => (b, translating.PrettyPrinter.pp_block_with_analysis_results(Map((b, l)), Map(), b, _.collect {case (l, TwoElementTop) => l}.toString ))))
-  , "livegraph.dot")
-
   transforms.applyRPO(ctx.program)
 
   val params = inOutParams(ctx.program, liveVars)

From 8584daa8d25c60f49a219cd2561756dfbd8943db Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 23 Jan 2025 17:31:39 +1000
Subject: [PATCH 124/127] fix interlivevars return function

---
 src/main/scala/analysis/InterLiveVarsAnalysis.scala | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index 72af0398c..78cd6a8e9 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -20,7 +20,12 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
   import edgelattice.{IdEdge, ConstEdge}
 
   def edgesCallToEntry(call: Command, entry: Return)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
-    Map(d -> IdEdge())
+    d match {
+      case Left(l) => Map() // maps all variables before the call to bottom
+      case Right(_) => entry.outParams.flatMap(_._2.variables).foldLeft(Map[DL, EdgeFunction[TwoElement]](d -> IdEdge())) {
+              (mp, expVar) => mp + (Left(expVar) -> ConstEdge(TwoElementTop))
+      }
+    }
   }
 
   def edgesExitToAfterCall(exit: Procedure, aftercall: DirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {

From 2e80fcc15aef8df1dc6a31f150fa7202ccd12579 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Thu, 23 Jan 2025 17:24:50 +1000
Subject: [PATCH 125/127] wip copyprop throuh memory

---
 .../analysis/InterLiveVarsAnalysis.scala      |   7 +-
 src/main/scala/ir/Expr.scala                  |   2 +-
 src/main/scala/ir/Program.scala               |   6 +-
 src/main/scala/ir/eval/SimplifyExpr.scala     |   2 +
 .../ir/transforms/ProcedureParameters.scala   |   2 +-
 .../scala/ir/transforms/ReplaceReturn.scala   |  15 +-
 src/main/scala/ir/transforms/Simp.scala       | 162 ++++++++++++++++--
 src/main/scala/util/RunUtils.scala            |   8 +-
 8 files changed, 182 insertions(+), 22 deletions(-)

diff --git a/src/main/scala/analysis/InterLiveVarsAnalysis.scala b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
index 72af0398c..78cd6a8e9 100644
--- a/src/main/scala/analysis/InterLiveVarsAnalysis.scala
+++ b/src/main/scala/analysis/InterLiveVarsAnalysis.scala
@@ -20,7 +20,12 @@ trait LiveVarsAnalysisFunctions extends BackwardIDEAnalysis[Variable, TwoElement
   import edgelattice.{IdEdge, ConstEdge}
 
   def edgesCallToEntry(call: Command, entry: Return)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
-    Map(d -> IdEdge())
+    d match {
+      case Left(l) => Map() // maps all variables before the call to bottom
+      case Right(_) => entry.outParams.flatMap(_._2.variables).foldLeft(Map[DL, EdgeFunction[TwoElement]](d -> IdEdge())) {
+              (mp, expVar) => mp + (Left(expVar) -> ConstEdge(TwoElementTop))
+      }
+    }
   }
 
   def edgesExitToAfterCall(exit: Procedure, aftercall: DirectCall)(d: DL): Map[DL, EdgeFunction[TwoElement]] = {
diff --git a/src/main/scala/ir/Expr.scala b/src/main/scala/ir/Expr.scala
index 225663e5a..ced3760e9 100644
--- a/src/main/scala/ir/Expr.scala
+++ b/src/main/scala/ir/Expr.scala
@@ -182,7 +182,7 @@ case class BinaryExpr(op: BinOp, arg1: Expr, arg2: Expr) extends Expr {
           if (bv1.size == bv2.size) {
             bv1
           } else {
-            throw new Exception("bitvector size mismatch")
+            throw new Exception(s"bitvector size mismatch $bv1 $bv2")
           }
         case BVCOMP =>
           if (bv1.size == bv2.size) {
diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala
index a0bdf3b2b..bea5dce77 100644
--- a/src/main/scala/ir/Program.scala
+++ b/src/main/scala/ir/Program.scala
@@ -148,7 +148,7 @@ class Program(val procedures: ArrayBuffer[Procedure],
     ILUnorderedIterator(this.procedures)
   }
 
-  private def memoryLookup(memory: mutable.TreeMap[BigInt, MemorySection], address: BigInt) = {
+  def memoryLookup(memory: mutable.TreeMap[BigInt, MemorySection], address: BigInt) = {
     memory.maxBefore(address + 1) match {
       case Some(_, section) =>
         if (section.address + section.size > address) {
@@ -524,6 +524,10 @@ object Block {
   */
 case class MemorySection(name: String, address: BigInt, size: Int, bytes: Seq[BitVecLiteral], readOnly: Boolean, region: Option[MergedRegion] = None) {
 
+  def canGetBytes(addr: BigInt, num: Int) : Boolean = {
+    (addr >= address) && (addr + num < (address + size))
+  }
+
   def getBytes(addr: BigInt, num: Int): Seq[BitVecLiteral] = {
     val startIndex = (addr - address).toInt
     for (i <- 0 until num) yield {
diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index e890d8561..6bfb5cfae 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -888,6 +888,8 @@ def cleanupExtends(e: Expr): (Expr, Boolean) = {
     case Extract(ed, bg, ZeroExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
     case Extract(ed, bg, SignExtend(x, expr)) if (bg < size(expr).get) && (ed < size(expr).get) => Extract(ed, bg, expr)
 
+    case ZeroExtend(ed, Extract(hi, 0, e)) if size(e).get == hi + ed => BinaryExpr(BVAND, e, BinaryExpr(BVCONCAT, BitVecLiteral(0, ed), BitVecLiteral(BigInt(2).pow(hi)-1, hi)))
+
     case BinaryExpr(BVSHL, body, BitVecLiteral(n, _)) if size(body).get <= n => BitVecLiteral(0, size(body).get)
 
     // simplify convoluted bit test
diff --git a/src/main/scala/ir/transforms/ProcedureParameters.scala b/src/main/scala/ir/transforms/ProcedureParameters.scala
index 26dac74a0..3d23362a2 100644
--- a/src/main/scala/ir/transforms/ProcedureParameters.scala
+++ b/src/main/scala/ir/transforms/ProcedureParameters.scala
@@ -30,7 +30,7 @@ val builtinSigs: Map[String, FunSig] = Map(
   "strdup" -> FunSig(List(R(0)), List(R(0))),
   "strndup" -> FunSig(List(R(0), R(1)), List(R(0))),
   "assert" -> FunSig(List(R(0)), List()),
-  "__stack_chk_fail_16432" -> FunSig(List(), List()),
+  "__stack_chk_fail" -> FunSig(List(), List()),
   "__printf_chk" -> FunSig(List(R(0), R(1)), List(R(0))),
   "__syslog_chk" -> FunSig(List(R(0)), List()),
 )
diff --git a/src/main/scala/ir/transforms/ReplaceReturn.scala b/src/main/scala/ir/transforms/ReplaceReturn.scala
index d83c55610..6d3a60f19 100644
--- a/src/main/scala/ir/transforms/ReplaceReturn.scala
+++ b/src/main/scala/ir/transforms/ReplaceReturn.scala
@@ -24,6 +24,19 @@ class ReplaceReturns(assertR30Addr : Boolean = true) extends CILVisitor {
           SkipChildren()
         }
       }
+      case i : IndirectCall => {
+        (i.predecessor, i.parent.jump) match {
+          case (Some(l : LocalAssign), _) if l.lhs.name == "R30" => SkipChildren()
+          case (_, _) => {
+            val R30Begin = LocalVar("R30_begin", BitVecType(64))
+            i.parent.replaceJump(Return())
+            ChangeTo(List(
+              Assert(BinaryExpr(BVEQ, Register("R30", 64), R30Begin)),
+              i
+            ))
+          }
+        }
+      }
       case d : DirectCall  => {
         (d.predecessor, d.parent.jump) match {
           case (Some(l : LocalAssign), _) if l.lhs.name == "R30" => SkipChildren()
@@ -36,7 +49,7 @@ class ReplaceReturns(assertR30Addr : Boolean = true) extends CILVisitor {
               d
             ))
           }
-          case (_, _: Unreachable) => {
+          case (_, _) => {
             val R30Begin = LocalVar("R30_begin", BitVecType(64))
             d.parent.replaceJump(Return())
             ChangeTo(List(
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index c874d2863..2a28962c1 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -1,6 +1,8 @@
 package ir.transforms
 import translating.serialiseIL
+import translating.PrettyPrinter.*
 
+import boogie.FuncEntry
 import util.SimplifyLogger
 import ir.eval.AlgebraicSimplifications
 import ir.eval.AssumeConditionSimplifications
@@ -361,14 +363,14 @@ class CleanupAssignments() extends CILVisitor {
 }
 
 
-def copypropTransform(p: Procedure) = {
+def copypropTransform(p: Procedure, procFrames: Map[Procedure, Set[Memory]], funcEntries: Map[BigInt, Procedure], constRead: (BigInt, Int) => Option[BitVecLiteral]) = {
   val t = util.PerformanceTimer(s"simplify ${p.name} (${p.blocks.size} blocks)")
   // val dom = ConstCopyProp()
   // val solver = worklistSolver(dom)
 
   // SimplifyLogger.info(s"${p.name} ExprComplexity ${ExprComplexity()(p)}")
   // val result = solver.solveProc(p, true).withDefaultValue(dom.bot)
-  val result = CopyProp.DSACopyProp(p)
+  val result = CopyProp.DSACopyProp(p, procFrames, funcEntries, constRead)
   val solve = t.checkPoint("Solve CopyProp")
 
   if (result.nonEmpty) {
@@ -381,7 +383,7 @@ def copypropTransform(p: Procedure) = {
     visit_proc(condVis, p)
 
   }
-  // visit_proc(CopyProp.BlockyProp(), p)
+  visit_proc(CopyProp.BlockyProp(), p)
 
   val xf = t.checkPoint("transform")
   // SimplifyLogger.info(s"    ${p.name} after transform expr complexity ${ExprComplexity()(p)}")
@@ -469,10 +471,38 @@ def coalesceBlocks(p: Program) = {
   didAny
 }
 
-def doCopyPropTransform(p: Program) = {
+def doCopyPropTransform(p: Program, rela: Map[BigInt, BigInt]) = {
 
   applyRPO(p)
 
+  def isExternal(p: Procedure) = p.isExternal.contains(true) || p.blocks.isEmpty
+  // assume some functions modify nothing 
+  def noModifies(p: Procedure) = 
+    p.procName match {
+    case "strlen" | "assert" | "printf"  | "__stack_chk_fail" | "__printf_chk" | "__syslog_chk" => true
+    case _ => false
+  }
+
+  val procFrames = p.procedures.filterNot(p => (isExternal(p) && !(noModifies(p))))
+    .map(p => (p, getProcFrame.apply(p))).toMap
+
+  val addrToProc = p.procedures.toSeq.flatMap(p => p.address.map(addr => addr -> p).toSeq).toMap
+
+  def read(addr: BigInt, size: Int) : Option[BitVecLiteral] = {
+    val rodata = p.initialMemory.filter((_, s) => s.readOnly)
+    rodata.maxBefore(addr + 1) match {
+      case None => None
+      case (Some((k, s))) if s.canGetBytes(addr, size / 8) => {
+        SimplifyLogger.debug(s"got [$addr..${addr + size}] from ${s.name} [${s.address}..${s.address + s.size}]")
+        Some(s.getBytes(addr, size / 8).reverse.foldLeft(BitVecLiteral(0,0))((acc, r) => ir.eval.BitVectorEval.smt_concat(acc, r)))
+      }
+      case (Some((k,s))) => {
+        SimplifyLogger.debug(s"Cannot get [$addr..${addr + size}] from ${s.name} [${s.address}..${s.address + s.size}]")
+        None
+      }
+    }
+  }
+
   SimplifyLogger.info("[!] Simplify :: Expr/Copy-prop Transform")
   val work = p.procedures
     .filter(_.blocks.size > 0)
@@ -481,7 +511,7 @@ def doCopyPropTransform(p: Program) = {
         {
           SimplifyLogger
             .debug(s"CopyProp Transform ${p.name} (${p.blocks.size} blocks, expr complexity ${ExprComplexity()(p)})")
-          copypropTransform(p)
+          copypropTransform(p, procFrames, addrToProc, read)
         }
     )
 
@@ -563,6 +593,26 @@ enum CopyProp {
 
 case class CCP(val state: Map[Variable, CopyProp] = Map())
 
+
+object getProcFrame {
+  class GetProcFrame extends CILVisitor  {
+    var modifies = Set[Memory]()
+
+    override def vstmt(e: Statement) = e match {
+      case s : MemoryStore => modifies = modifies + s.mem; SkipChildren()
+      case _ => SkipChildren()
+    }
+
+  }
+
+  def apply(p: Procedure): Set[Memory] = {
+    val v = GetProcFrame()
+    visit_proc(v, p)
+    v.modifies
+  }
+}
+
+
 object CCP {
 
   def toSubstitutions(c: CCP): Map[Variable, Expr] = {
@@ -788,8 +838,17 @@ object CopyProp {
     }
   }
 
-  def DSACopyProp(p: Procedure) = {
+  def varForMem(m: Memory) = Register("symbolic_memory_var" + m.name, 1)
+  def isMemVar(v: Variable) = v.name.startsWith("symbolic_memory_var")
+  def varForLoadStore(m: Memory, addr: Expr , sz: Int) = {
+    Register(m.name + "_symbolic_store_" + translating.PrettyPrinter.pp_expr(addr), sz)
+  }
+
+  def clobberAllMemory(c: mutable.HashMap[Variable, PropState]) = {
+    c.keys.filter(isMemVar).foreach(v => clobberFull(c, v))
+  }
 
+  def DSACopyProp(p: Procedure, procFrames: Map[Procedure, Set[Memory]], funcEntries: Map[BigInt, Procedure], constRead: (BigInt, Int) => Option[BitVecLiteral]) = {
     val updated = false
     val state = mutable.HashMap[Variable, PropState]()
     var poisoned = false // we have an indirect call
@@ -797,8 +856,60 @@ object CopyProp {
     def transfer(c: mutable.HashMap[Variable, PropState], s: Statement): Unit = {
       // val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
       s match {
-        case l: MemoryLoad =>
-          clobberFull(c, l.lhs)
+        case l : MemoryStore => {
+          val mvar = varForMem(l.mem)
+          val existing = c.get(mvar).isDefined
+
+          if (existing) {
+            clobberFull(c, varForMem(l.mem))
+          } else {
+            c(mvar) = PropState(FalseLiteral, mutable.Set.empty, false, 0, false)
+
+            val store = canPropTo(c, l.index) 
+            
+            store match {
+              case (Some((addr),deps)) => {
+                val storeVar = varForLoadStore(l.mem, addr, l.size)
+                if (c.get(storeVar).isDefined) {
+                  clobberFull(c, storeVar)
+                } else {
+                  val value = canPropTo(c, l.value) 
+                  value match {
+                    case Some(value, deps) => {
+                      c(storeVar) = PropState(value, mutable.Set.from(deps + mvar), false, 0, false)
+                    }
+                    case _ =>  clobberFull(c, storeVar)
+                  }
+                }
+              }
+              case _ => ()
+            }
+          }
+        }
+        case l: MemoryLoad => {
+          val loadprop = canPropTo(c, l.index)
+          val loaded = for {
+            (addr, deps) <-  loadprop
+            loadvar = varForLoadStore(l.mem, addr, l.size)
+            loadval = canPropTo(c, loadvar).filterNot((v, _) => v == loadvar)
+            (value, ndeps) <- loadval.orElse(addr match {
+              case b : BitVecLiteral => {
+                val r = constRead(b.value, l.size)
+                r.map(v => (v, Set[Variable]()))
+              }
+              case r => {
+                None
+              }
+            })
+          } yield (value, deps ++ ndeps)
+          loaded match {
+            case (Some(value, deps)) => 
+              c(l.lhs) = PropState(value, mutable.Set.from(deps), false, 0, false)
+          case _ => {
+            clobberFull(c, l.lhs)
+          }
+          }
+        }
         case LocalAssign(l, r, lb) => {
           val isFlag = isFlagVar(l) || r.variables.exists(isFlagVar)
           val isFlagDep = isFlag || c.get(l).map(v => v.isFlagDep).getOrElse(false)
@@ -829,17 +940,42 @@ object CopyProp {
           }
         }
         case x: DirectCall => {
+          procFrames.get(x.target) match {
+            case Some(f) => for (mem <- f) {
+              clobberFull(c, varForMem(mem))
+            }
+            case _ => clobberAllMemory(c)
+          }
+
           val lhs = x.outParams.map(_._2)
           for (l <- lhs) {
             clobberFull(c, l)
           }
         }
         case x: IndirectCall => {
-          // not really correct
-          poisoned = true
-          for ((i, v) <- c) {
-            v.clobbered = true
+          // need a reaching-defs to get inout args (just assume register name matches?)
+          // this reduce we have to clobber with the indirect call this round
+          val r = for {
+            (addr, deps) <- canPropTo(c, x.target)
+            addr <- addr match {
+              case b : BitVecLiteral => Some(b.value)
+              case _ => None
+            }
+            proc <- funcEntries.get(addr)
+          } yield (proc, deps)
+
+          r match {
+            case Some(target, deps) => {
+              SimplifyLogger.info("Resolved indirect call")
+            }
+            case None => {
+              for ((i, v) <- c) {
+                v.clobbered = true
+              }
+              poisoned = true
+            }
           }
+
         }
         case _ => ()
       }
@@ -858,7 +994,7 @@ object CopyProp {
 
     val trivialOnly = false
 
-    if poisoned then mutable.HashMap() else state
+    state
   }
 
   def toResult(s: mutable.Map[Variable, PropState], trivialOnly: Boolean = true)(v: Variable): Option[Expr] = {
diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala
index 1086b5e20..0aadd2180 100644
--- a/src/main/scala/util/RunUtils.scala
+++ b/src/main/scala/util/RunUtils.scala
@@ -549,10 +549,11 @@ object RunUtils {
     }
   }
 
-  def doSimplify(program: Program, config: Option[StaticAnalysisConfig]) : Unit = {
+  def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = {
     // writeToFile(dotBlockGraph(program, program.filter(_.isInstanceOf[Block]).map(b => b -> b.toString).toMap), s"blockgraph-before-simp.dot")
     Logger.info("[!] Running Simplify")
     val timer = PerformanceTimer("Simplify")
+    val program = ctx.program
 
     transforms.applyRPO(program)
 
@@ -603,7 +604,7 @@ object RunUtils {
     //assert(program.procedures.forall(transforms.rdDSAProperty))
     AnalysisResultDotLogger.writeToFile(File("blockgraph-before-copyprop.dot"), dotBlockGraph(program.mainProcedure))
     Logger.info("Copyprop Start")
-    transforms.doCopyPropTransform(program)
+    transforms.doCopyPropTransform(program, ctx.globalOffsets)
     AnalysisResultDotLogger.writeToFile(File("blockgraph-after-simp.dot"), dotBlockGraph(program.mainProcedure))
 
     // assert(program.procedures.forall(transforms.rdDSAProperty))
@@ -639,7 +640,6 @@ object RunUtils {
 
     Logger.info("[!] Simplify :: finished")
   }
-  def doSimplify(ctx: IRContext, config: Option[StaticAnalysisConfig]) : Unit = doSimplify(ctx.program, config)
 
   def loadAndTranslate(conf: BASILConfig): BASILResult = {
     Logger.info("[!] Loading Program")
@@ -689,7 +689,7 @@ object RunUtils {
         ctx = ir.transforms.liftProcedureCallAbstraction(ctx)
       }
 
-      doSimplify(ctx.program, conf.staticAnalysis)
+      doSimplify(ctx, conf.staticAnalysis)
     }
 
     if (q.runInterpret) {

From d51dc93acd8cae75c04d06d5ccf7d8c2b0b41636 Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 24 Jan 2025 12:11:02 +1000
Subject: [PATCH 126/127] minor simplifyexpr improvement

---
 src/main/scala/ir/eval/SimplifyExpr.scala | 4 ++++
 src/main/scala/ir/transforms/Simp.scala   | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/scala/ir/eval/SimplifyExpr.scala b/src/main/scala/ir/eval/SimplifyExpr.scala
index 6bfb5cfae..c6b305b72 100644
--- a/src/main/scala/ir/eval/SimplifyExpr.scala
+++ b/src/main/scala/ir/eval/SimplifyExpr.scala
@@ -955,6 +955,10 @@ def simplifyExpr(e: Expr): (Expr, Boolean) = {
           BitVecLiteral(1, 1)
         ) =>
       logSimp(e, BinaryExpr(BVEQ, (body), BitVecLiteral(0, 1)))
+    case BinaryExpr(BVEQ, ZeroExtend(hi, Extract(ehi, 0, expr)), BitVecLiteral(0, _)) => {
+      val x = BinaryExpr(BVEQ, Extract(ehi, 0, expr), BitVecLiteral(0, ehi))
+      logSimp(e, x)
+    }
 
     case BinaryExpr(BVEQ, BinaryExpr(BVCOMP, e1: Expr, e2: Expr), BitVecLiteral(0, 1)) =>
       logSimp(e, UnaryExpr(BoolNOT, BinaryExpr(BVEQ, (e1), (e2))))
diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index 2a28962c1..f61246d43 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -541,6 +541,8 @@ def doCopyPropTransform(p: Program, rela: Map[BigInt, BigInt]) = {
   removeEmptyBlocks(p)
   coalesceBlocks(p)
   removeEmptyBlocks(p)
+  visit_prog(CopyProp.BlockyProp(), p)
+  visit_prog(CleanupAssignments(), p)
 
 }
 
@@ -994,7 +996,7 @@ object CopyProp {
 
     val trivialOnly = false
 
-    state
+    if (!poisoned) state else mutable.HashMap()
   }
 
   def toResult(s: mutable.Map[Variable, PropState], trivialOnly: Boolean = true)(v: Variable): Option[Expr] = {

From 276af6607ed63587920a27c916a46e186336200b Mon Sep 17 00:00:00 2001
From: Alistair Michael <alistair.michael@uq.edu.au>
Date: Fri, 24 Jan 2025 12:27:27 +1000
Subject: [PATCH 127/127] disable load prop

---
 src/main/scala/ir/transforms/Simp.scala | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/main/scala/ir/transforms/Simp.scala b/src/main/scala/ir/transforms/Simp.scala
index f61246d43..dfc85b204 100644
--- a/src/main/scala/ir/transforms/Simp.scala
+++ b/src/main/scala/ir/transforms/Simp.scala
@@ -855,10 +855,12 @@ object CopyProp {
     val state = mutable.HashMap[Variable, PropState]()
     var poisoned = false // we have an indirect call
 
+    val doLoadReasoning = false
+
     def transfer(c: mutable.HashMap[Variable, PropState], s: Statement): Unit = {
       // val callClobbers = ((0 to 7) ++ (19 to 30)).map("R" + _).map(c => Register(c, 64))
       s match {
-        case l : MemoryStore => {
+        case l : MemoryStore if doLoadReasoning => {
           val mvar = varForMem(l.mem)
           val existing = c.get(mvar).isDefined
 
@@ -888,7 +890,7 @@ object CopyProp {
             }
           }
         }
-        case l: MemoryLoad => {
+        case l: MemoryLoad if doLoadReasoning => {
           val loadprop = canPropTo(c, l.index)
           val loaded = for {
             (addr, deps) <-  loadprop
@@ -912,6 +914,12 @@ object CopyProp {
           }
           }
         }
+        case l : MemoryStore  => {
+          ()
+        }
+        case l: MemoryLoad => {
+            clobberFull(c, l.lhs)
+        }
         case LocalAssign(l, r, lb) => {
           val isFlag = isFlagVar(l) || r.variables.exists(isFlagVar)
           val isFlagDep = isFlag || c.get(l).map(v => v.isFlagDep).getOrElse(false)
@@ -957,6 +965,9 @@ object CopyProp {
         case x: IndirectCall => {
           // need a reaching-defs to get inout args (just assume register name matches?)
           // this reduce we have to clobber with the indirect call this round
+          if (!doLoadReasoning) {
+              poisoned = true
+          }
           val r = for {
             (addr, deps) <- canPropTo(c, x.target)
             addr <- addr match {